For example, everybody using a Linux kernel will have to list every device driver included in the kernel. The userland part will have to list every piece of software in userland.
-
-
I don't have a specific BOM example in mind, but software ID schemes exist (CPE, SWID) tho maybe imperfect; detection tooling exists tho imperfect; etc. Seems most parts are in place for basic (tho imperfect) exchange formats
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Hi hello I am interested in this good idea, but aren’t you supposed to be on sabbatical?
- 3 more replies
New conversation -
-
-
I believe that, much like full GDPR compliance, BOMs are something that only the biggest and most resourced companies will be able to pull off & everyone else including OSS will just be excluded from any market or industry requiring them.
-
that might actually be the case right now, Matt :( but *should* it be that way? and given the existence of tooling for ID'ing 3rd-party components, seems to me the tech challenge is 80% solved(ish), tho adoption is slow. Small co's w/limited product lines may be more nimble
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.