Eliot Lear <l...@lear.ch> wrote:
> For those of you who don’t know, Common Security Advisory Format (CSAF)
> is an evolution on Common Vulnerability Reporting Framework. Such an
> object could easily be delivered with an SBOM. It has a slightly
> different characteristic in terms of update frequency. CSAF changes
It's not an SBOM, but it would be associated with a specific instance of an
SBOM, right?
> My proposal is to add into the draft an optional URL that indicates the
> CSAF object for This device, a’la:
>> container sbom { … leaf csaf-location { type inet:uri;
So, would this be an alternative to an actual SBOM?
Would the CSAF instead point to the SBOM indirectly?
Or would this be in addition to an SBOM?
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
