My biggest issue with all the SBOM standards is the lack of a requirement to include hashes for each component/file, instead of just one big hash or signature. For forensic investigations or incident response, that level of detail is actually the most important aspect.
#sbom #dfir
@adulau@infosec.exchange