Thanks Philippe – having these organized in a table really helps. BTW – the generated 3T-SBOM-EMS file on the Google Drive looks like it may be an old version. The modification history in Google Docs doesn’t show any change, but a number of the issues I have identified seem to have been resolved, but the document now appears inconsistent with some of the diagrams (e.g. https://drive.google.com/drive/u/1/folders/1q9v4y6MJBagQn42DMIqwSKU6lerrKWCj). I’m working from the word doc downloaded from the Git repository: https://github.com/cdfoundation/sig-security-sbom/blob/master/modeling/generated_3T-SBOM-EMS.docx BTW – from a quick glance, the version that is on Google docs does not have many of the issues identified in my analysis. I’ll go through my old analysis and move them over to the sheet or add issues to the git repo. Gary |