%% You should probably cite rfc9472 instead of this I-D. @techreport{ietf-opsawg-sbom-access-02, number = {draft-ietf-opsawg-sbom-access-02}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-opsawg-sbom-access/02/}, author = {Eliot Lear and Scott Rose}, title = {{Discovering and Retrieving Software Transparency and Vulnerability Information}}, pagetotal = 20, year = 2021, month = jul, day = 9, abstract = {To improve cybersecurity posture, automation is necessary to locate what software is running on a device, whether that software has known vulnerabilities, and what, if any recommendations suppliers may have. This memo specifies a model to provide access this information. It may optionally be discovered through manufacturer usage descriptions.}, }