Eliot Lear <l...@lear.ch> wrote: > For those of you who don’t know, Common Security Advisory Format (CSAF) > is an evolution on Common Vulnerability Reporting Framework. Such an > object could easily be delivered with an SBOM. It has a slightly > different characteristic in terms of update frequency. CSAF changes
It's not an SBOM, but it would be associated with a specific instance of an SBOM, right? > My proposal is to add into the draft an optional URL that indicates the > CSAF object for This device, a’la: >> container sbom { … leaf csaf-location { type inet:uri; So, would this be an alternative to an actual SBOM? Would the CSAF instead point to the SBOM indirectly? Or would this be in addition to an SBOM? -- Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg