Hello Everyone,
Just s short note to inform you of an updated use cases document from the Internet Engineering Task Force (IETF) Supply Chain Integrity, Transparency and Trust (SCITT) work group. https://www.ietf.org/archive/id/draft-birkholz-scitt-software-use-cases-01.h tml The SCITT work group is developing specifications that will establish an Internet wide "Trust Registry" for software artifacts, such as app's within app stores and other software products downloaded from the Internet. The concept is similar to a Registry of Deeds, enabling any party to check the SCITT Registry for statements of trustworthiness for software artifacts, which have been registered after passing a rigorous risk assessment protocol, which the SCITT initiative will document. Parties that are authorized to file trust statements in the trust registry may file their trust statements with the operator of a SCITT Trust Registry, known as a Transparency Service, by providing evidence supporting their trust statement assertion. Software consumers can search the SCITT Trust Registry for trust statements on software products, prior to procuring or installing a software product. The SCITT Trust Registry, working similar to a Registry of Deeds, only contains entries (trust statements) that are valid, and trustworthy, giving consumers a level of assurance that a software product is trustworthy, before installing. I hope you find this information useful. Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council - A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! T <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:[email protected]> [email protected] Tel: +1 978-696-1788 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4966): https://lists.spdx.org/g/Spdx-tech/message/4966 Mute This Topic: https://lists.spdx.org/mt/96984164/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
