%% You should probably cite rfc9472 instead of this I-D.
@techreport{ietf-opsawg-sbom-access-15,
    number =    {draft-ietf-opsawg-sbom-access-15},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-opsawg-sbom-access/15/},
    author =    {Eliot Lear and Scott Rose},
    title =     {{Discovering and Retrieving Software Transparency and Vulnerability Information}},
    pagetotal = 20,
    year =      2023,
    month =     mar,
    day =       27,
    abstract =  {To improve cybersecurity posture, automation is necessary to locate what software is running on a device, whether that software has known vulnerabilities, and what, if any recommendations suppliers may have. This memo extends the MUD YANG model to provide the locations of software bills of materials (SBOMS) and to vulnerability information.},
}