For the RDF section, I did a quick search and found some interesting research on representing the National Vulnerability Database (NVD) in the Semantic Web:
http://cs.utdallas.edu/semanticweb/NIST-NVD/Tech-Rep-NIST-NVD.pdf - See page 17 for a nice diagram on the ontology http://scap.nist.gov/events/2009/itsac/presentations/day3/Day3_SCAPTech_Khadilkar_Rachapalli.pdf >From a quick 5 minute browse of the document, it looks like they have created >an ontology for the CPE structure which we could leverage. Interestingly, they chose the same basic architecture and tools strategy for their project as we did for the SPDX tools including using Protégé for OWL. If we want to use a common CPE RDF definition, I'll see if I can find the OWL document and propose an RDF set of classes and terms. Gary From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Tuesday, July 28, 2015 8:31 AM To: [email protected] Subject: Proposal: Security and Asset Management Identifier Looks like my original send didn't make it through the filters... resending. ---------- Forwarded message ---------- From: Kate Stewart <[email protected]> Date: Tue, Jul 28, 2015 at 7:49 AM Subject: Proposal: Security and Asset Management Identifier To: [email protected] Hi, https://docs.google.com/document/d/1WfArS8_xR_CQ_5plOOMtj1y9ps5M-gXFjofUBXR8hyE/edit# <https://docs.google.com/document/d/1WfArS8_xR_CQ_5plOOMtj1y9ps5M-gXFjofUBXR8hyE/edit> Has a proposal for security and assent management identifier for discussion in the tech team call later today. There is also some background (with links to other references) for those who want to dig further. This is being envisioned to be available at the SpdxItem level in the model, as an optional property. Looking forward to talking to you in a couple of hours. Kate
_______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
