Hi everyone, Below is a draft that Scott Rose and I have co-authored. Its purpose is to help deployments identify software bills of materials (SBOMs) when they are available. An SBOM is a software inventory that includes some additional meta-information, such as what dependencies a component may have. The idea behind SBOMs is that they can provide licensing status to developers, and some notion of vulnerability status to everyone (and I mean everyone).
MUD is ideal as a discovery mechanism. The goal is not to create new ways to retrieve the information, but simply to advertise what ways are available for a given device. Eliot > Begin forwarded message: > > From: <[email protected]> > Subject: New Version Notification for draft-lear-opsawg-mud-sbom-00.txt > Date: 18 May 2020 at 12:05:29 CEST > To: Scott Rose <[email protected]>, Eliot Lear <[email protected]> > > > A new version of I-D, draft-lear-opsawg-mud-sbom-00.txt > has been successfully submitted by Eliot Lear and posted to the > IETF repository. > > Name: draft-lear-opsawg-mud-sbom > Revision: 00 > Title: SBOM Extension for MUD > Document date: 2020-05-18 > Group: Individual Submission > Pages: 14 > URL: > https://www.ietf.org/internet-drafts/draft-lear-opsawg-mud-sbom-00.txt > Status: https://datatracker.ietf.org/doc/draft-lear-opsawg-mud-sbom/ > Htmlized: https://tools.ietf.org/html/draft-lear-opsawg-mud-sbom-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-lear-opsawg-mud-sbom > > > Abstract: > Software bills of materials (SBOMs) are formal descriptions of what > pieces of software are included in a product. This memo specifies a > means for manufacturers to state how SBOMs may be retrieved through > an extension to manufacturer usage descriptions (MUD). > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > >
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
