Every organization or committee that designs a logo should be legally required to have at least one teenager on the board to prevent accidental goatse or other inadvertent blunders.
I am very much hoping the effort succeeds, but I am also mindful of the fact that the site to which I have linked is more successful by virtue of having better coverage.
The presentation with a simple diagram that combines this data with an sbom to yield "information" gives me navel gazing vibes of UML being the future of coding.
Just as architecture didn't equate to well designed and maintainable software, I fear this initiative won't fix horribly outdated and vulnerable deployments. Software life cycle, deprecation, abandonment, supply chains are mostly a process problem, standards and technology won't fix that.
In other words it doesn't force you to add an SBOM + EOX checker step to your CI pipeline. But if your compliance auditor wants you to check your dependencies, adding such a standardized step makes it easier to satisfy the auditor.
Rarely have I found that compliance to the goals was an issue in themselves. Or that making changes to tick a checkbox correlated to material improvements.
That is to say that if this leads to more efficiency and makes it easier for compliance audits and such, I fear is stream lining the least impactful part of its goals.
"Oh, just write plain C". Which compiler do you mean? GCC? LLVM/clang? On top of what OS/kernel? What firmware? Etc.
