diff --git a/README.md b/README.md
index c692f064..7651e541 100644
--- a/README.md
+++ b/README.md
@@ -68,9 +68,9 @@ The officially supported media type for Protocol Buffer format is `application/x
## Related Work
[SPDX (Software Package Data Exchange)][spdx-url] is a specification that provides low-level details of components, including all files, hashes, authors, and copyrights. SPDX also defines over 300 open source license IDs. CycloneDX builds on top of the work SPDX has accomplished with license IDs, but varies greatly in its approach towards building a software bill of material specification.
-[SWID (ISO/IEC 19770-2:2015)][swid-url] is used primarily to identify installed software and is the preferred format of the NVD. SWID tags are used in the National Vulnerability Database to describe vulnerable components. The CycloneDX specification compliments this work as CycloneDX documents can incorporate SWID tags and other high-level SWID metadata and optionally include entire SWID documents. Use of SWID tag ID's are useful in determining if a specific component has known vulnerabilities.
+[SWID (ISO/IEC 19770-2:2015)][swid-url] is used primarily to identify installed software and is the preferred format of the NVD. SWID tags are used in the National Vulnerability Database to describe vulnerable components. The CycloneDX specification complements this work as CycloneDX documents can incorporate SWID tags and other high-level SWID metadata and optionally include entire SWID documents. Use of SWID tag ID's are useful in determining if a specific component has known vulnerabilities.
-[CPE (Common Platform Enumeration)][cpe-url] is a specification that describes the vendor, name, and version for an application, operating system, or hardware device. CPE identifiers are used in the National Vulnerability Database to describe vulnerable components. The CycloneDX specification compliments this work as CycloneDX documents can easily be used to construct exact CPE identifiers that are useful in determining if a specific component has known vulnerabilities.
+[CPE (Common Platform Enumeration)][cpe-url] is a specification that describes the vendor, name, and version for an application, operating system, or hardware device. CPE identifiers are used in the National Vulnerability Database to describe vulnerable components. The CycloneDX specification complements this work as CycloneDX documents can easily be used to construct exact CPE identifiers that are useful in determining if a specific component has known vulnerabilities.
## Copyright & License
diff --git a/schema/bom-1.6.proto b/schema/bom-1.6.proto
index 511e7c34..89991875 100644
--- a/schema/bom-1.6.proto
+++ b/schema/bom-1.6.proto
@@ -264,7 +264,7 @@ enum ExternalReferenceType {
EXTERNAL_REFERENCE_TYPE_CODIFIED_INFRASTRUCTURE = 31;
// A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency.
EXTERNAL_REFERENCE_TYPE_MODEL_CARD = 32;
- // Plans of Action and Milestones (POAM) compliment an "attestation" external reference. POAM is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones".
+ // Plans of Action and Milestones (POAM) complement an "attestation" external reference. POAM is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones".
EXTERNAL_REFERENCE_TYPE_POAM = 33;
// A record of events that occurred in a computer system or application, such as problems, errors, or information on current operations.
EXTERNAL_REFERENCE_TYPE_LOG = 34;
@@ -536,7 +536,7 @@ message Pedigree {
repeated Component variants = 3;
// A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.
repeated Commit commits = 4;
- // A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.
+ // A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complementary to commits or may be used in place of commits.
repeated Patch patches = 5;
// Notes, observations, and other non-structured commentary describing the components pedigree.
optional string notes = 6;
diff --git a/schema/bom-1.6.schema.json b/schema/bom-1.6.schema.json
index 4ecc4ae5..695b1d2d 100644
--- a/schema/bom-1.6.schema.json
+++ b/schema/bom-1.6.schema.json
@@ -985,7 +985,7 @@
"patches": {
"type": "array",
"title": "Patches",
- "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.",
+ "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complementary to commits or may be used in place of commits.",
"items": {"$ref": "#/definitions/patch"}
},
"notes": {
@@ -1728,7 +1728,7 @@
"certification-report": "Industry, regulatory, or other certification from an accredited (if applicable) certification body.",
"codified-infrastructure": "Code or configuration that defines and provisions virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC).",
"quality-metrics": "Report or system in which quality metrics can be obtained.",
- "poam": "Plans of Action and Milestones (POAM) compliment an \"attestation\" external reference. POAM is defined by NIST as a \"document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones\".",
+ "poam": "Plans of Action and Milestones (POAM) complement an \"attestation\" external reference. POAM is defined by NIST as a \"document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones\".",
"electronic-signature": "An e-signature is commonly a scanned representation of a written signature or a stylized script of the persons name.",
"digital-signature": "A signature that leverages cryptography, typically public/private key pairs, which provides strong authenticity verification.",
"other": "Use this if no other types accurately describe the purpose of the external reference."
diff --git a/schema/bom-1.6.xsd b/schema/bom-1.6.xsd
index 12731aa6..8d1ded1e 100644
--- a/schema/bom-1.6.xsd
+++ b/schema/bom-1.6.xsd
@@ -1421,7 +1421,7 @@ limitations under the License.
- Plans of Action and Milestones (POAM) compliment an "attestation" external reference. POAM is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones".
+ Plans of Action and Milestones (POAM) complement an "attestation" external reference. POAM is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones".
@@ -1828,7 +1828,7 @@ limitations under the License.
A list of zero or more patches describing how the component
- deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits
+ deviates from an ancestor, descendant, or variant. Patches may be complementary to commits
or may be used in place of commits.