OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

oasis-charter-discuss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Comment on Heimdall Data Format (HDF) TC

I have questions about the proposed Heimdall Data Format (HDF) TC.

From what I can tell, Heimdall Data Format is a data format used in an open source project (Heimdall) from MITRE. This project is a way to view the outputs from InSpec, which is a different project from Chef/Progress around CICD pipeline security.

 

https://github.com/mitre/heimdall2

 

https://github.com/inspec/inspec

 

A core question I have related to this TC is, who else is going to be the downstream consumer of the Heimdall data format outside this project? Is Heimdall is the ONLY project likely to ever use this? If so, then what is the value of it becoming standardized?

 

Would a better idea be to move Heimdall itself to be an OASIS open project, that would make a lot more sense to me at first blush.

 

-
Jason Keirstead
Distinguished Engineer, CTO - IBM Security Threat Management | www.ibm.com/security

 

Assistant - Mauricio Durán Cambronero (mauduran@ibm.com)

Co-Chair - Open Cybersecurity Alliance, Project Governing Board

www.opencybersecurityalliance.org

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]