The BoM is not necessarily anymore only "the knowledge needed to recreate a particular release”.
Or, at least, in the world of DevOps, it has become something like "all of the environment information, tools, and specific branch and version of the software built, typically stored in an escrow account”.
But also, in the connected world of DevSecOps, shouldn't the BoM include the results, at a certain moment (the moment of the release), of all security results matching the state of the art?
We will discuss these aspects, and others like the purpose of the BoM, in this session open to questions, discussions and contributions.