1- # References
2-
3- ## Normative references
1+ # Normative references
42
53The following documents are referred to in the text in such a way that some or
64all of their content constitutes requirements of this document. For dated
@@ -145,13 +143,13 @@ Tom Preston-Werner and SemVer contributors,
145143[ https://slsa.dev/spec/v0.2/provenance ] ( https://slsa.dev/spec/v0.2/provenance ) .
146144
147145SoftWare Heritage persistent IDentifiers (SWHIDs), in
148- Draft International Standard
149- * ISO/IEC DIS 18670 Information technology — SoftWare Hash IDentifier (SWHID) Specification V1.2* [ https://www.iso.org/standard/89985.html ] ( https://www.iso.org/standard/89985.html ) ,
146+ International Standard
147+ * ISO/IEC 18670 Information technology — SoftWare Hash IDentifier (SWHID) Specification V1.2* [ https://www.iso.org/standard/89985.html ] ( https://www.iso.org/standard/89985.html ) ,
150148also available at
151- [ https://docs.softwareheritage .org/devel/swh-model/persistent-identifiers.html ] ( https://docs.softwareheritage .org/devel/swh-model/persistent-identifiers.html )
149+ [ https://www.swhid .org/swhid-specification/v1.2/ ] ( https://www.swhid .org/swhid-specification/v1.2/ )
152150
153151* SPDX and RDF Ontology* ,
154- [ http://spdx.org/rdf/ontology/spdx-3-0-1 ] ( http://spdx.org/rdf/ontology/spdx-3-0-1 )
152+ [ http://spdx.org/rdf/ontology/spdx-3-0 ] ( http://spdx.org/rdf/ontology/spdx-3-0 )
155153
156154* SPDX License List* , The Linux Foundation,
157155[ https://spdx.org/licenses/ ] ( https://spdx.org/licenses/ )
@@ -171,43 +169,3 @@ Forum of Incident Response and Security Teams, Inc (FIRST),
171169CISA,
172170[ https://www.cisa.gov/sites/default/files/2023-04/sbom-types-document-508c.pdf ] ( https://www.cisa.gov/sites/default/files/2023-04/sbom-types-document-508c.pdf ) .
173171
174- ## Non-normative references
175-
176- The following documents are referred to in the text.
177-
178- 1 . CISQ Software Bill of Materials project, * Tool-to-Tool Software Bill of
179- Materials Exchange* ,
180- [ https://www.it-cisq.org/software-bill-of-materials/ ] ( https://www.it-cisq.org/software-bill-of-materials/ )
181- 1 . Dan Geer and Joshua Corman, * Almost Too Big to Fail* ,
182- Usenix ;login: article, Vol. 39. No. 4, August 2014,
183- [ https://www.usenix.org/publications/login/august14/geer ] ( https://www.usenix.org/publications/login/august14/geer )
184- 1 . Josh Corman, testimony at the Cybersecurity of the Internet of Things
185- Hearing Before the Subcommittee on Information Technology of The Committee on
186- Oversight and Government Reform House of Representatives One Hundred
187- Fifteenth Congress First Session calling for software bill of materials in
188- pending legislation, October 3, 2017, page 38,
189- [ https://www.govinfo.gov/app/details/CHRG-115hhrg27760/CHRG-115hhrg27760 ] ( https://www.govinfo.gov/app/details/CHRG-115hhrg27760/CHRG-115hhrg27760 )
190- 1 . MITRE, * Standardizing SBOM within the SW Development Tooling Ecosystem* ,
191- Nov 2019,
192- [ https://www.mitre.org/news-insights/publication/standardizing-sbom-within-sw-development-tooling-ecosystem ] ( https://www.mitre.org/news-insights/publication/standardizing-sbom-within-sw-development-tooling-ecosystem )
193- 1 . MITRE, * Deliver Uncompromised: Securing Critical Software Supply Chains
194- Proposal to Establish an End-To-End Framework For Software Supply Chain
195- Integrity* , Jan 2021,
196- [ https://www.mitre.org/news-insights/publication/deliver-uncompromised-securing-critical-software-supply-chains ] ( https://www.mitre.org/news-insights/publication/deliver-uncompromised-securing-critical-software-supply-chains )
197- 1 . NTIA, * Notice of 07/19/18 Meeting of Multistakeholder Process on Promoting
198- Software Component Transparency* , July 2018.
199- [ https://www.ntia.gov/federal-register-notice/notice-071918-meeting-multistakeholder-process-promoting-software-component ] ( https://www.ntia.gov/federal-register-notice/notice-071918-meeting-multistakeholder-process-promoting-software-component )
200- 1 . NTIA Software Bill Of Materials web page,
201- [ https://ntia.gov/sbom/ ] ( https://ntia.gov/sbom/ )
202- 1 . Open Source Initiative (OSI) Approved Licenses;
203- [ https://opensource.org/licenses ] ( https://opensource.org/licenses )
204- 1 . Software Package Data Exchange (SPDX®) Specification Version 1.0 and 1.1,
205- 1.2, 2.0, 2.1, 2.2 and 2.3; SPDX.dev,
206- [ https://spdx.dev/specifications ] ( https://spdx.dev/specifications )
207- 1 . The United States Department of Commerce, * The Minimum Elements For a
208- Software Bill of Materials (SBOM) Pursuant to Executive Order 14028 on
209- Improving the Nation’s Cybersecurity* , Jul 2021,
210- [ https://www.ntia.gov/report/2021/minimum-elements-software-bill-materials-sbom ] ( https://www.ntia.gov/report/2021/minimum-elements-software-bill-materials-sbom )
211- 1 . White House, * Executive Order on Improving the Nation’s Cybersecurity* ,
212- May 2021,
213- [ https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ ] ( https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ )
0 commit comments