Show me the SBOM VDR, a concept that is similar to a "CARFAX" for Software Product SBOM's. The SBOM tells us the ingredients in a software product but the SBOM VDR tells of any known harmful effects (vulnerabilities) that may be present within those ingredients (software components), starting on day one, when the product is first released and is updated continuously over the product lifetime, just like a CARFAX.
Never trust software, always verify and report! (TM)