Eliot Lear <[email protected]> wrote: > For those of you who don’t know, Common Security Advisory Format (CSAF) > is an evolution on Common Vulnerability Reporting Framework. Such an > object could easily be delivered with an SBOM. It has a slightly > different characteristic in terms of update frequency. CSAF changes
It's not an SBOM, but it would be associated with a specific instance of an
SBOM, right?
> My proposal is to add into the draft an optional URL that indicates the
> CSAF object for This device, a’la:
>> container sbom { … leaf csaf-location { type inet:uri;
So, would this be an alternative to an actual SBOM?
Would the CSAF instead point to the SBOM indirectly?
Or would this be in addition to an SBOM?
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
