Good morning, good afternoon, and good evening to all,
This update really has only two changes in it from the last time, and should be ready for WGLC:
1. An attempt is made to format the Security Considerations section in line with the requirements for YANG models. Thanks to Tom Petch (yet again) for sticking to this. 2. A warning is given about using non-secure retrieval methods for SBOMs. We cannot remove these methods because there are operational environments where encryption simply is not used today. Eliot On 06.03.22 10:45, internet-dra...@ietf.org wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Operations and Management Area Working Group WG of the IETF. Title : Discovering and Retrieving Software Transparency and Vulnerability Information Authors : Eliot Lear Scott Rose Filename : draft-ietf-opsawg-sbom-access-05.txt Pages : 21 Date : 2022-03-06 Abstract: To improve cybersecurity posture, automation is necessary to locate what software is running on a device, whether that software has known vulnerabilities, and what, if any recommendations suppliers may have. This memo specifies a model to provide access to this information. It may optionally be discovered through manufacturer usage descriptions. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-opsawg-sbom-access/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-sbom-access-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-sbom-access-05 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
OpenPGP_0x87B66B46D9D27A33.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg