Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sbom-access-06.txt

Fri, 02 Sep 2022 05:11:19 -0700

Thank you Henk and chairs.  I have a favor to ask participants. Give this document a good read again.  Even though we are past WGLC, as an author I would still be delighted if you have comments.  SBOMs are a pretty big deal.  While the IETF isn't going to define a format, network discovery and transmission methods as well as our security expertise can really help. 

Eliot

On 02.09.22 13:56, Henk Birkholz wrote:

Thanks Eliot,
I've reviewed the changes and can confirm that the highlighted comments are addressed adequately.
@OPSAWG: please comment, if you discover any open issues. While the secdir review is still in progress, we can make use of that time. 

For the OPSAWG co-chairs,

Henk

On 01.09.22 14:11, Eliot Lear wrote:

Hi,
The intent of this draft was to address all WGLC comments.  I hope that we have.  One major change based on Joe's comments:
We moved from enums to identities in one case.  In doing so we pulled out support for openc2, because it can easily be added back in later. 

Jean Camp asked for an archive node, so we added that.

Please check my work.

Eliot

On 01.09.22 14:02, [email protected] wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Operations and Management Area Working Group WG of the IETF.
         Title           : Discovering and Retrieving Software Transparency and Vulnerability Information 
         Authors         : Eliot Lear
                           Scott Rose
   Filename        : draft-ietf-opsawg-sbom-access-06.txt
   Pages           : 21
   Date            : 2022-09-01

Abstract:
    To improve cybersecurity posture, automation is necessary to locate
    what software is running on a device, whether that software has known     vulnerabilities, and what, if any recommendations suppliers may have. 
    This memo specifies a model to provide access to this information.
    It may optionally be discovered through manufacturer usage
    descriptions.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-opsawg-sbom-access/

There is also an htmlized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-sbom-access-06

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-sbom-access-06
Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts 


_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg



_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg

Attachment: OpenPGP_0x87B66B46D9D27A33.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg

Reply via email to