Hello Everyone,
Just an FYI that the IETF SCITT Hackathon takes place today, showing how a SCITT Trust Registry can be used to exchange legitimate, trustworthy software supply chain artifacts, i.e. NTIA compliant SBOM, SBOM VDR and Cybersecurity Label, NIST SSDF attestations and information, using an international Trust Registry design under development within the IETF, SCITT (Supply Chain Integrity, Transparency and Trust) work group. An open-source "Vendor Response File" (VRF) owned by the IETF SCITT work group will be used to register software supply chain artifacts into a SCITT Trust Registry: https://raw.githubusercontent.com/rjb4standards/REA-Products/master/SAGVendo rResponseSAMPLE.json A description of the SCITT Hackathon is available on the IETF Hackathon website, https://wiki.ietf.org/meeting/117/hackathon#ProjectsIncludedinHackathon I also wrote an article describing the important role a SCITT Trust Registry plays in the software supply chain: https://energycentral.com/c/iu/requirements-international-iot-device-trust-l abel Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council - A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! T <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:[email protected]> [email protected] Tel: +1 978-696-1788 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5252): https://lists.spdx.org/g/Spdx-tech/message/5252 Mute This Topic: https://lists.spdx.org/mt/100296858/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
