True, some IoT devices will "auto update" using MUD/SUIT capabilities and a customer may never see, or have access to, the SBOM.
Thanks, Dick Brooks Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: [email protected] Tel: +1 978-696-1788 -----Original Message----- From: Michael Richardson <[email protected]> Sent: Friday, February 4, 2022 3:31 PM To: [email protected]; [email protected]; [email protected] Subject: Re: [OPSAWG] SBOMs and version non-specific MUD files Dick Brooks <[email protected]> wrote: > The predominant "SBOM delivery channel" I see is through access controlled > customer portals where customers can download SBOM's Vulnerability > Disclosures and other artifacts needed to perform a NIST C-SCRM risk > assessment for Executive Order 14028. For hospitals, sure. For baby monitors, maybe not. -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
