Dick, Thank you for your questions.
1. Our spdx-based IoT SBOM is available to all our customers. I am not sure about the specific "testing purposes" you are referring to, happy to talk more details offline. 2. Good question. In addition to the SBOM info, we also provided links from SBOM to vulnerabilities, based on our own vulnerability database and some CVEs for now. We do plan to 1) expand to more vulnerability databases and CVEs. 2) expand to cover more devices. 3) the latest NIST VDR document <https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf> provides good guidance but did not prescribe specific format, we will closely follow up any updates from NIST. Thank you, -- May Wang, Ph.D. | CTO, IoT Security Palo Alto Networks | 3000 Tannery Way | Santa Clara, CA 95054 | USA Email: [email protected] | *www.*paloaltonetworks.com <https://www.paloaltonetworks.com/> <https://www.paloaltonetworks.com/> <https://www.linkedin.com/company/palo-alto-networks> <https://www.facebook.com/PaloAltoNetworks/> <https://twitter.com/PaloAltoNtwks> The content of this message is the proprietary and confidential property of Palo Alto Networks, and should be treated as such. If you are not the intended recipient and have received this message in error, please delete this message from your computer system and notify me immediately by e-mail. Any unauthorized use or distribution of the content of this message is prohibited. On Tue, Apr 11, 2023 at 5:10 AM Dick Brooks < [email protected]> wrote: > Thanks May. > > > > Two questions: > > 1. Is the SPDX artifact available to use for testing purposes? > 2. Is Palo Alto Networks also planning to issue NIST SBOM > Vulnerability Disclosure Reports (VDR) that will be linked to the published > SBOM? > > > > Thanks, > > > > Dick Brooks > > > > *Active Member of the CISA Critical Manufacturing Sector, * > > *Sector Coordinating Council – A Public-Private Partnership* > > > > *Never trust software, always verify and report! > <https://urldefense.proofpoint.com/v2/url?u=https-3A__reliableenergyanalytics.com_products&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=rmJB2YDEJefEydENp-aL880gNOGWgH12oLGXQ_MR4Qs&m=G9XFbJ6eNMR7WexyGB1CWvvvax8mW_CKqYqf6ZcoKd0RG7U7JemLV2qt0Lp2OX9K&s=xBPrdqEC430Uthyf_yCq30ZYOKxphNRu1diFITTNgII&e=>* > ™ > > http://www.reliableenergyanalytics.com > <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.reliableenergyanalytics.com_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=rmJB2YDEJefEydENp-aL880gNOGWgH12oLGXQ_MR4Qs&m=G9XFbJ6eNMR7WexyGB1CWvvvax8mW_CKqYqf6ZcoKd0RG7U7JemLV2qt0Lp2OX9K&s=dOulPtnD12WiXW71KbyTE4GpTR2GfZ6pkk7EmDynsOY&e=> > > Email: [email protected] > > Tel: +1 978-696-1788 > > > > *From:* [email protected] <[email protected]> *On Behalf Of *May Wang > via lists.spdx.org > *Sent:* Tuesday, April 11, 2023 12:05 AM > *To:* Phil Odence <[email protected]> > *Cc:* SPDX-general <[email protected]> > *Subject:* Re: [spdx] SPDX Gen Meeting Follow up- Mistake and Thanks > > > > Thank you, Phil, the members of the SPDX Steering Committee, and the SPDX > Community. > > > > I am grateful for the fruitful year we have had working together. This > year, we released the first loT SBOM product by Palo Alto Networks based on > SPDX. Such a significant milestone couldn't have been possible without your > support and leadership. I look forward to our continued collaboration to > advance the adoption of SPDX and foster innovation in SBOM, especially in > cybersecurity. > > > > -- > > *May Wang, Ph.D. | CTO, IoT Security* > > Palo Alto Networks* | *3000 Tannery Way* | *Santa Clara, CA 95054* | > *USA > > *Email: *[email protected] *|* *www.*paloaltonetworks.com > <https://www.paloaltonetworks.com/> > > > > [image: Image removed by sender.] <https://www.paloaltonetworks.com/> > [image: > Image removed by sender.] > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.linkedin.com_company_palo-2Dalto-2Dnetworks&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=rmJB2YDEJefEydENp-aL880gNOGWgH12oLGXQ_MR4Qs&m=G9XFbJ6eNMR7WexyGB1CWvvvax8mW_CKqYqf6ZcoKd0RG7U7JemLV2qt0Lp2OX9K&s=gLyVLEABGAXPiz4CwbphNtjHYMxx3vsResBSdiH8vGs&e=>[image: > Image removed by sender.] > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.facebook.com_PaloAltoNetworks_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=rmJB2YDEJefEydENp-aL880gNOGWgH12oLGXQ_MR4Qs&m=G9XFbJ6eNMR7WexyGB1CWvvvax8mW_CKqYqf6ZcoKd0RG7U7JemLV2qt0Lp2OX9K&s=kbO55ncCPqv5UFI0N3SOVwn4nPuYyZyr7jYydTAfQJU&e=>[image: > Image removed by sender.] > <https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_PaloAltoNtwks&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=rmJB2YDEJefEydENp-aL880gNOGWgH12oLGXQ_MR4Qs&m=G9XFbJ6eNMR7WexyGB1CWvvvax8mW_CKqYqf6ZcoKd0RG7U7JemLV2qt0Lp2OX9K&s=tA-7kZlGLO26f-gcMAslT85T0_gfwYms2BMYKL_BrjM&e=> > > *The content of this message is the proprietary and confidential property > of Palo Alto Networks, and should be treated as such. If you are not the > intended recipient and have received this message in error, please delete > this message from your computer system and notify me immediately by e-mail. > Any unauthorized use or distribution of the content of this message is > prohibited.* > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1672): https://lists.spdx.org/g/spdx/message/1672 Mute This Topic: https://lists.spdx.org/mt/98175049/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
