S3E22: Steve Springett - Navigating the Digital Supply Chain

Chris: Before we dive into too many specific topics, one thing I wanted to ask is, you've been working in/around the topic of SBOM and Software Supply Chain for sometime via NTIA, CycloneDX, SCVS etc. How did you have the foresight or what drove you to focus on this topic well before many others in the industry?Nikki: You mentioned recently about the SBOM Forum and their recommendation of the NVD adopt Package URL. I think the recommendations are great for NVD, because the NVD, CVE ID mechani...