Thomas,
I had one suggestion for F.2.3: Suggest adding a Contextual Example for an "impact statement" artifact to help people understand the distinction. Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council - A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! T <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:[email protected]> [email protected] Tel: +1 978-696-1788 From: [email protected] <[email protected]> On Behalf Of Thomas Steenbergen Sent: Tuesday, April 26, 2022 1:09 PM To: [email protected] Subject: [spdx-tech] Call for feedback: Adding Security Info to SPDX 2.3 Hi all, The Defects group has been working on adding security information to SPDX 2.3 and we now created a proposal. We welcome feedback from the community on below linked pull request. https://github.com/spdx/spdx-spec/pull/658 Regards, Thomas Steenbergen Lead for SPDX Defects -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4472): https://lists.spdx.org/g/Spdx-tech/message/4472 Mute This Topic: https://lists.spdx.org/mt/90713054/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
