Re: [board-busdev-thought-leaders] OASIS Opportunity

[Carol Geyer <carol.geyer@oasis-open.org>]

Great idea, Duncan! You're right that the minimum requirement to start a TC is five people from two organization members (and at least one of them should be willing to chair if elected).Â

Shopping the idea around to members you know is the best tactic.Â

Staff can put out a general call once we have a draft charter in place.

I stand by the tenet that the best OASIS projects come to us from our Board members. Thanks!

On Wed, Nov 15, 2023 at 3:14âPM duncan sfractal.com <duncan@sfractal.com> wrote:

CISA and the NSA recently released ÂSecuring the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption. The very last sentence of the body of the document, in the âConclusion: SBOM Consumption Today and Tomorrowâ section, states:

• âA vendor neutral open standard set of risk factors that can be aggregated into risk scoring for SBOMs should be developed.â

Â

I would be willing to participate in (but not chair) a new TC to create the standard envisioned. I believe it only takes 5 people in 2 companies to justify starting a TC. Anyone else interested? My belief is that it would kick off a firestorm of activity and result in some new members as well as more participation from existing members. But if we are to do it, we need to move quickly.

Â

--Â

Duncan Sparrell

sFractal Consulting

iPhone, iTypo, iApologize

I welcome VSRE emails. Learn more atÂhttp://vsre.info/

Â