Proposed Usage Language; soliticiting input on the proposed direction

[rjb4standards]

I took an action item to write "SBOM Usage" guidelines and would like to get your thoughts on the proposed direction, shown here. The materials below are germane to the "as distributed" package that an end consumer receives from a software vendor to be used in a "risk assessment use case". Other use cases can be addressed. The goal of this posting is to get feedback on the proposed direction of this document so that we can tweak/tack early. See attachment link below.

[rjb4standards]

SBOM PROPOSED PRACTICES.docx

[goneall]

Moving to the 3.1 milestone for consideration