Skip to main content

Telco Work Group – Morning and Afternoon – 2023-04-06

By 2023-04-12News

Summary of Meetings from the Chair (Marc-Etienne)

Meeting 2023-04-06 morning


  • Stephen Kilbane, Analog Devices Inc.
  • Nikola Babadzhanov, Bosch
  • Anton Bashlykov, MBition
  • Marc-Etienne Vargenau, Nokia

We reviewed the pull requests and merged them:

  • added the definition of “SBOM Type” from CISA and used it in section 3.7 “SBOM Build information”
  • updated section “3.13 SBOM Verification”, added recommendation to provide a digital signature of the SBOM
  • updated section 3.5.2, added rationale for the tag:value format, indicating it is the most human-readable format
  • updated several “Verification and reference material” and “Rationale” sections
  • added “5. References” section, providing references for SPDX, OpenChain and “NTIA minimum elements”

Meeting 2023-04-06 afternoon


  • Alfred Strauch, SmartTalk Security Inc.
  • Chris
  • Marc-Etienne Vargenau, Nokia

We review the pull requests that were merged in the morning meeting.

Alfred points out the use case of a software that has its name changed and asks how this should be handled.

Alfred suggests that I join the SBOM Forum. He will introduce me to Tom Alrich. The forum groups several companies including Red Hat, Oracle, Microsoft and companies producing medical devices. One of the creators of CycloneDX is a member.


The draft document is now complete. Please review it and share you comments and suggestions in the mailing list or on GitHub by creating issues or pull requests.

Morning Meeting Recording

Afternoon Meeting Recording