Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sbom-access-05.txt

Sun, 06 Mar 2022 01:52:13 -0800 

Good morning, good afternoon, and good evening to all,
This update really has only two changes in it from the last time, and should be ready for WGLC: 

1. An attempt is made to format the Security Considerations section in
   line with the requirements for YANG models.  Thanks to Tom Petch
   (yet again) for sticking to this.
2. A warning is given about using non-secure retrieval methods for
   SBOMs.  We cannot remove these methods because there are operational
   environments where encryption simply is not used today.

Eliot

On 06.03.22 10:45, internet-dra...@ietf.org wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Operations and Management Area Working Group 
WG of the IETF.

         Title           : Discovering and Retrieving Software Transparency and 
Vulnerability Information
         Authors         : Eliot Lear
                           Scott Rose
        Filename        : draft-ietf-opsawg-sbom-access-05.txt
        Pages           : 21
        Date            : 2022-03-06

Abstract:
    To improve cybersecurity posture, automation is necessary to locate
    what software is running on a device, whether that software has known
    vulnerabilities, and what, if any recommendations suppliers may have.
    This memo specifies a model to provide access to this information.
    It may optionally be discovered through manufacturer usage
    descriptions.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-opsawg-sbom-access/

There is also an htmlized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-sbom-access-05

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-sbom-access-05


Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts


_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg

Attachment: OpenPGP_0x87B66B46D9D27A33.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg

Reply via email to