[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cti] Re: [EXT] [cti] STIX 2.1 Extension Examples
Thank you, Jane. The issues/obstacles pointed out in the referenced paper (ACM best paper CPSIoTSec 2020) are genuinely inhibiting parties from properly identifying vulnerabilities during software supply chain risk assessments. SBOM alignment with CVE databases will be key to addressing many of the issues cited in the paper, e.g. inconsistent supplier names is a big issue at present. My hope is that by raising this issue now, the right people will be able to influence a solution to the cited problems, or at least begin a conversation to deal with these issues. Thanks, Dick Brooks Never trust software, always verify and report! â http://www.reliableenergyanalytics.com Email: dick@reliableenergyanalytics.com Tel: +1 978-696-1788 From: JG @ OASIS <jg@ctin.us> Dick: Thanks for the heads up on this. For those that are not familiar with SBOM I've attached a 2-page overview of the Software Bill of Materials (SBOM) inventory from the US Department of Commerce's National Telecommunications and Information Administration. Jane Ginn On 11/15/2020 12:30 PM, Dick Brooks wrote:
-- ********************************** R. Jane Ginn, MSIA, MRP OASIS, CTI TC Secretary OASIS, TAC TC Secretary jg@ctin.us ********************************** |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]