The IESG has received a request from the Operations and Management Area Working Group WG (opsawg) to consider the following document: - 'Discovering and Retrieving Software Transparency and Vulnerability Information' <draft-ietf-opsawg-sbom-access-14.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2023-03-13. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract To improve cybersecurity posture, automation is necessary to locate what software is running on a device, whether that software has known vulnerabilities, and what, if any recommendations suppliers may have. This memo extends the MUD YANG model to provide the locations of software bills of materials (SBOMS) and to vulnerability information. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-opsawg-sbom-access/ No IPR declarations have been submitted directly on this I-D. _______________________________________________ IETF-Announce mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-announce
