[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Comment on public review for Common Security Advisory Framework v2.0
I’m passing on comments made at an NTIA SBOM meeting yesterday. These comments are my own and are not intended to represent the views of others (they should submit themselves), but my views were informed by the discussion. The topic being
discussed was using CSAF for VEX to report beyond-end-of-life and beyond-end-of-support for components in a product that was itself not beyond-end-of-life nor beyond-end-of-support. Our understanding was that this was doable using CSAF but several observations
were made that might be improved in CSAF.
Neither comment is one that I would fall on my sword over. Just passing along for consideration in this or future versions. -- Duncan Sparrell sFractal Consulting LLC iPhone, iTypo, iApologize I welcome VSRE emails. Learn more at From:
csaf@lists.oasis-open.org <csaf@lists.oasis-open.org> on behalf of Paul Knight <paul.knight@oasis-open.org> Members of the CSAF TC,
--
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]