b'
Agencies will soon be required to ask vendors for a software bill of materials\\u2014or SBOM\\u2014to help manage vulnerabilities like those found in the Log4J library, but much of its contents could still be open for negotiation.