[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [csaf] CSAF member support for SBOM use of CSAF
I echo Duncanâs comments. We already have CSAF participants interested on collaborating (such as Stefan, Thomas, and myself). Duncan, you mentioned âpick something differentâ, what is the alternative? That
may help the group also be aware of any other initiatives outside of SBOM VEX and CSAF. Regards, Omar Santos PSIRT, Security Research and Operations
Cisco Systems Email: os@cisco.com PGP: https://keybase.io/santosomar From: <csaf@lists.oasis-open.org> on behalf of "duncan sfractal.com" <duncan@sfractal.com> Hi all, Iâm not sure if everyone is following the public comment channel of CSAF. I recommend you look at
https://lists.oasis-open.org/archives/csaf-comment/202103/msg00000.html from Allan Friedman, an influential USG leader. His SBOM efforts (see
https://www.ntia.gov/sbom and
https://www.ntia.gov/SoftwareTransparency ) are gaining quite a lot of support both inside and outside of government (and not just US government). The VEX group he refers to is looking at CSAF for itâs needs. However some members are raising objections because âno one from CSAF is hereâ. Personally I both understand their frustration (since members arenât
informed enough to know whether CSAF meets the needs, and whether CSAF could evolve if it needed some tweak to meet the needs) but also think it is sometimes a red herring masking other issues (alternatives they are advocating, desire to slow process down,
etc). Allan is inviting more participation in his group, and is willing to meet with CSAF participants to bring them on board. This is a non-trivial offer. I strongly advise anyone with an interest in CSAF succeeding
to take Allan up on his offer. His SBOM group is both large and influential so his group picking CSAF would be a feather is CSAF cap. Conversely, if they roll their own or pick something different, it may hinder CSAF adoption. Duncan Sparrell sFractal Consulting LLC iPhone, iTypo, iApologize I welcome VSRE emails. Learn more at http://vsre.info/ |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]