Capture OWASP software component verification standard in the readme

[joshbressers]

@stevespringett brought up this topic during the meeting

OWASP software component verification standard

Similar to SLSA, but more broadMachine readable formats for taxonomy and models
Tell a user what a BOM can be used for
This is a sub projects of SCVS
BOM maturity model
Services, AI, ML, software, …
These tools don’t exist yet

Can you add a note somewhere in the readme about this effort existing and how interested people can get invovled?

We don't really have a section for something like this. Maybe a "Related Projects" or "Help Wanted". I'll let you decide. I'm happy to approve the PR

[stevespringett]

Project info:
https://owasp.org/scvs

Tickets related to BOM Maturity model:
OWASP/Software-Component-Verification-Standard#34
OWASP/Software-Component-Verification-Standard#35
OWASP/Software-Component-Verification-Standard#36

Slack:
https://owasp.org/slack/invite
#project-scvs

Calendar invite:
https://drive.google.com/file/d/1lS4oDgWFORbhobYfsdsG-T071sjMEmzn/view

Vendor neutrality:
https://owasp.org/2020/12/17/vendor-neutral

[stevespringett]

IMO, when OWASP/Software-Component-Verification-Standard#36 is complete, a new breed of tools can surface which can evaluate the types of analysis that can be performed on them, and can aid in automatic policy-driven decisions for CI/CD, procurement, and other types of consumption based on the target audience and role-based data expectations.

[ran-dall]

@stevespringett Thanks for sharing that.

@joshbressers I'll put it into markdown and put it in the README.md