g<mailto:spdx@lists.spdx.org>
Cc: sc...@ietf.org<mailto:sc...@ietf.org>; scrm-nist
mailto:scrm-n...@nist.gov>>; swsupplychain-eo
mailto:swsupplychain...@nist.gov>>; Steve Springett
mailto:steve.spring...@owasp.org>>
Subject: Re: [spdx] EU CRA is very supporti
On Mon, 2023-07-31 at 14:54 -0400, Dick Brooks wrote:
> Thanks for providing your feedback and insights Mike. It seems we
> agree on two important points:
>
> AGREE: “We can all agree that improving the security of software is
> necessary. Consumers deserve protections that they currently do not
bleenergyanalytics.com
>
> Tel: +1 978-696-1788
>
>
>
>
>
> *From:* spdx@lists.spdx.org *On Behalf Of *Mike
> Linksvayer
> *Sent:* Monday, July 31, 2023 4:19 PM
> *To:* spdx@lists.spdx.org
> *Cc:* sc...@ietf.org; scrm-nist ; swsupplychain-eo <
> swsupplychain...@nis
pdx@lists.spdx.org On Behalf Of Mike Linksvayer
Sent: Monday, July 31, 2023 4:19 PM
To: spdx@lists.spdx.org
Cc: sc...@ietf.org; scrm-nist ; swsupplychain-eo
; Steve Springett
Subject: Re: [spdx] EU CRA is very supportive of SBOM
On Mon, Jul 31, 2023 at 12:12 PM Brian Fox mailto:bri...@son
On Mon, Jul 31, 2023 at 12:12 PM Brian Fox wrote:
> On Mon, Jul 31, 2023 at 3:10 PM David Prater via lists.spdx.org cisco@lists.spdx.org> wrote:
>
>> Addressing the open-source business model by ensuring that no commercial
>> entities will participate in/contribute to open source work for
@lists.spdx.org
Cc: sc...@ietf.org
Subject: Re: [spdx] EU CRA is very supportive of SBOM
You make a good point Brian. Clearly the restaurant owner bears responsibility
in your analogy.
But what about the case where a consumer takes the tainted cucumbers from the
farm stand and gets sick/dies? Who
om/products>* ™
>>
>> http://www.reliableenergyanalytics.com
>>
>> Email: d...@reliableenergyanalytics.com
>>
>> Tel: +1 978-696-1788
>>
>>
>>
>>
>>
>> *From:* spdx@lists.spdx.org *On Behalf Of *Brian
>
Center
+1 914 945 4364
From: on behalf of Dick Brooks
Organization: Reliable Energy Analytics LLC
Reply-To: "spdx@lists.spdx.org"
Date: Monday, July 31, 2023 at 15:27
To: "spdx@lists.spdx.org"
Cc: "sc...@ietf.org"
Subject: [EXTERNAL] Re: [spdx] EU CRA is ver
uttgart, HRB:
19033
From: spdx@lists.spdx.org On Behalf Of Dick Brooks via
lists.spdx.org
Sent: Sunday, 30 July 2023 14:05
To: spdx@lists.spdx.org
Cc: sc...@ietf.org; 'scrm-nist' ; 'swsupplychain-eo'
; 'Steve Springett'
Subject: Re: [spdx] EU CRA is very supportive of SBOM
Mike,
I ag
;
> Email: d...@reliableenergyanalytics.com
>
> Tel: +1 978-696-1788
>
>
>
>
>
> *From:* spdx@lists.spdx.org *On Behalf Of *Brian Fox
> *Sent:* Monday, July 31, 2023 1:57 PM
> *To:* spdx@lists.spdx.org
> *Cc:* sc...@ietf.org; scrm-nist ; swsupplychain-eo <
> swsu
pdx@lists.spdx.org
Cc: sc...@ietf.org; scrm-nist ; swsupplychain-eo
; Steve Springett
Subject: Re: [spdx] EU CRA is very supportive of SBOM
On Sun, Jul 30, 2023 at 8:05 AM Dick Brooks mailto:d...@reliableenergyanalytics.com> > wrote:
Mike,
I agree. The CRA is raising questio
> *Cc: *sc...@ietf.org , 'scrm-nist' ,
> 'swsupplychain-eo' , 'Steve Springett' <
> steve.spring...@owasp.org>
> *Subject: *Re: [spdx] EU CRA is very supportive of SBOM
>
> Thanks for providing your feedback and insights Mike. It seems we agree on
> two important points:
l: +1 978-696-1788
From: spdx@lists.spdx.org On Behalf Of Mike Milinkovich
via lists.spdx.org
Sent: Monday, July 31, 2023 1:25 PM
To: spdx@lists.spdx.org
Cc: sc...@ietf.org; 'scrm-nist' ; 'swsupplychain-eo'
; 'Steve Springett'
Subject: Re: [spdx] EU CRA is very supportive of SBOM
Dick,
' ,
'swsupplychain-eo' , 'Steve Springett'
Subject: Re: [spdx] EU CRA is very supportive of SBOM
Dick,
We can all agree that improving the security of software is necessary.
Consumers deserve protections that they currently do not have. Regulation of
the software industry is coming
gyanalytics.com
>
> Email: d...@reliableenergyanalytics.com
>
> Tel: +1 978-696-1788
>
>
>
>
>
> *From:* spdx@lists.spdx.org *On Behalf Of *Mike
> Milinkovich via lists.spdx.org
> *Sent:* Thursday, July 27, 2023 4:51 PM
> *To:* spdx@lists.spdx.org
> *Cc:* sc...@iet
> If you think of this in another context, would you as a consumer accept a
> free food product that causes cancer to occur?
>
> Would you accept software that causes a malicious cyber incident to occur?
>
I think a better analogy would be: if you as an inspector/consumer find
spoiled food in a
ics.com
<mailto:d...@reliableenergyanalytics.com>
Tel: +1 978-696-1788
*From:* spdx@lists.spdx.org *On Behalf Of *Mike
Milinkovich via lists.spdx.org
*Sent:* Thursday, July 27, 2023 4:51 PM
*To:* spdx@lists.spdx.org
*Cc:* sc...@ietf.org; scrm-nist ; swsupplychain-eo
; Steve Springett
*Sub
alytics.com>
d...@reliableenergyanalytics.com
Tel: +1 978-696-1788
From: spdx@lists.spdx.org On Behalf Of Mike Milinkovich
via lists.spdx.org
Sent: Thursday, July 27, 2023 4:51 PM
To: spdx@lists.spdx.org
Cc: sc...@ietf.org; scrm-nist ; swsupplychain-eo
; Steve Springett
Subject: Re: [spdx] EU CRA is very
While the CRA mentions SBOM in the draft many times, it is not requiring that
the vendor
provides customers with an SBOM. It says that SBOM is a good tool for
vulnerability
tracking and opens up for the EU to decide on a recommendation on a particular
SBOM format.
So yes, it’s mentioning SBOM
On 2023-07-27 10:52 a.m., Dick Brooks wrote:
Today, all the risks and cost from a cyber attack fall on the consumer.
IMO the EU CRA is designed to protect consumers by sharing responsibility for
cyber attack liabilities with software producers.
The issue IMO is the open source model fails to
On 2023-07-26 4:24 p.m., John Sullivan wrote:
On Wed, Jul 26, 2023 at 09:21:30AM -0400, Dick Brooks wrote:
Very encouraging language in the EU CRA for SBOM adoption and vulnerability
monitoring/reporting.
Small consolation given what a potential disaster the CRA is for open
source / free
Today, all the risks and cost from a cyber attack fall on the consumer.
IMO the EU CRA is designed to protect consumers by sharing responsibility for
cyber attack liabilities with software producers.
The issue IMO is the open source model fails to properly compensate the
talented people
22 matches
Mail list logo
