Linux Foundation and the SPDX team may also want to consider this advice from Yogesh Deshpande from ARM - see email below for his recommendation.
Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council - A Public-Private Partnership Never trust software, always verify and report! <https://reliableenergyanalytics.com/products> T http://www.reliableenergyanalytics.com <http://www.reliableenergyanalytics.com/> Email: [email protected] <mailto:[email protected]> Tel: +1 978-696-1788 From: SCITT <[email protected]> On Behalf Of Yogesh Deshpande Sent: Tuesday, November 21, 2023 6:59 AM To: [email protected] Subject: [SCITT] CISA RFC Hi All, Please see below CISA RFC. As a responsible Open Standards community, SCITT should send our response to the RFC on their Secure Software Development attestation (self certification) form to accompany software used in Federal Systems. CISA Requests Comment on Draft Secure Software Development Attestation Form <https://www.cisa.gov/news-events/alerts/2023/11/16/cisa-requests-comment-dr aft-secure-software-development-attestation-form> 11/16/2023 12:00 PM EST CISA has opened a 30-day Federal Register notice to receive public comment on the draft Secure Software Development Attestation Form <https://www.cisa.gov/secure-software-attestation-form> . CISA developed this form in coordination with the Office of Management and Budget. With the Secure Software Development Attestation Form <https://www.cisa.gov/secure-software-attestation-form> , federal departments and agencies will be able to obtain attestation of product security from a software producer before using the software on government systems. This form will establish a standardized process for the federal government and software producers that will create transparency on the security of software development efforts. All interested parties are encouraged to review the form and submit input through the Federal Register <https://www.federalregister.gov/documents/2023/11/16/2023-25251/agency-info rmation-collection-activities-request-for-comment-on-secure-software-develop ment> . Comments will be received through Dec. 18, 2023. Regards, Yogesh Deshpande IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5437): https://lists.spdx.org/g/Spdx-tech/message/5437 Mute This Topic: https://lists.spdx.org/mt/102727452/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
-- SCITT mailing list [email protected] https://www.ietf.org/mailman/listinfo/scitt
