Eliot Lear <[email protected]> wrote: > For those not keeping score, SBOMs are entering the world of > regulation. US President Joe Biden issued an executive order,[1] > Section 4 of which focuses on supply chain security, and SBOMs. One of > the key aspects will be how that information is shared. NIST, NTIA, > and DHS will play a big role.
What should the IETF do? Things I can think about: 1) Ask Allen Friedman to do an IAB Tech presentation 2) Be clear about what core technologies from the IETF are being leveraged. 3) Find a replacement for MAC addresses as primary key to identify specific devices 4) How do our incident reporting protocols preserve or do not preserve privacy? Once we have better supply chain security, then we will have better and clearer statements about vulnerabilities. How does this translate back to reports about specific devices? How can an ISP gauge the extent of their vulnerability without actually having an inventory of devices? (I think Bloom filters have some role here) -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
