There are already public databases with both secured and public SBOMs
https://sbom.rkvst.io/publicsboms
Christopher Gates
--------------------------------
Director of Product Security
www.velentium.com
(805)750-0171
Las Vegas, NV
(GMT-8)
Our new book is now shipping:
Medical Device Cybersecurity for Engineers and Manufacturers
U.S.
<https://us.artechhouse.com/Medical-Device-Cybersecurity-A-Guide-for-Engineers-and-Manufacturers-P2128.aspx>
| Worldwide
<https://uk.artechhouse.com/Medical-Device-Cybersecurity-A-Guide-for-Engineers-and-Manufacturers-P2073.aspx>
Amazon
<https://www.amazon.com/Medical-Device-Cybersecurity-Engineers-Manufacturers/dp/1630818151/ref=sr_1_1?dchild=1&keywords=Axel+Wirth&qid=1592335625&sr=8-1>
& Digital
<https://us.artechhouse.com/Medical-Device-Cybersecurity-for-Engineers-and-Manufacturers-P2174.aspx>
Security Book Of The Year!
<https://engineering.tapad.com/the-best-information-security-books-of-2020-e7430444fbd4>
“If everyone is thinking alike, then somebody isn't thinking.” -George
S. Patton
"Facts are stubborn things." -John Adams, 1770
------ Original Message ------
From: "Michael Richardson" <[email protected]>
To: [email protected]; [email protected]; [email protected]
Sent: 2/4/2022 12:30:41 PM
Subject: Re: [OPSAWG] SBOMs and version non-specific MUD files
Dick Brooks <[email protected]> wrote:
> The predominant "SBOM delivery channel" I see is through access controlled
> customer portals where customers can download SBOM's Vulnerability
> Disclosures and other artifacts needed to perform a NIST C-SCRM risk
> assessment for Executive Order 14028.
For hospitals, sure.
For baby monitors, maybe not.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
--
Disclaimer: The information and attachments transmitted by this e-mail are
proprietary to Velentium, LLC and the information and attachments may be
confidential and legally protected under applicable law and are intended
for use only by the individual or entity to whom it was addressed. If you
are not the intended recipient, you are hereby notified that any use,
forwarding, dissemination, or reproduction of this message and attachments
is strictly prohibited and may be unlawful. If you are not the intended
recipient, please contact the sender by return e-mail and delete this
message from your system immediately hereafter.
_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg
