[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: proposal for SBoM AP GitHub repo
HII Mission Driven Innovative Solutions (HII-MDIS) â formerly G2, Inc.
Technical Solutions Division
302 Sentinel Drive | Annapolis Junction, MD 20701
Email: dave.lemire@g2-inc.com
Work: 301-575-5190 | Mobile: 240-938-9350
Whereas I think that we as a committee should only work on committee specs or committee notes and the âcustomâ is for the stuff that is one-off or there isnât agreement yet between two competing âcustomâ ways to do it. I think anyone should be able to do a CAP and no agreement is needed. I want SBoM to be a spec.
Aside - I was carefully to say spec since it precedes standard. As a separate agenda item, we should plan when to make the existing specs into standards.
iPhone, iTypo, iApologize
Duncan SparrellsFractal Consulting, LLCI welcome VSRE emails. Learn more at http://vsre.info/
From: David Kemp <Dkemp@mobility-challenge.com>
Sent: Wednesday, December 11, 2019 1:10:45 PM
To: duncan sfractal.com <duncan@sfractal.com>; Dave Lemire <dave.lemire@g2-inc.com>; Everett, Alex D <alex.everett@unc.edu>
Cc: openc2-actuator@lists.oasis-open.org <openc2-actuator@lists.oasis-open.org>; OpenC2CoChairs <openc2-committee-chairs@lists.oasis-open.org>; David Kemp <Dkemp@mobility-challenge.com>
Subject: RE: proposal for SBoM AP GitHub repoÂThatâs fine â The TC and the SC chairs havenât defined a particular workflow.ÂÂ My inclination is toward late binding (you can start a project now, and decide later to put it on the standards track) rather than making that decision up front.
Thereâs no downside (except DaveLâs time) to creating a standalone repo.Â
Dave
Â
Â
From: duncan sfractal.com <duncan@sfractal.com>
Sent: Wednesday, December 11, 2019 1:09 PM
To: David Kemp <Dkemp@mobility-challenge.com>; Dave Lemire <dave.lemire@g2-inc.com>; Everett, Alex D <alex.everett@unc.edu>
Cc: openc2-actuator@lists.oasis-open.org; OpenC2CoChairs <openc2-committee-chairs@lists.oasis-open.org>
Subject: Re: proposal for SBoM AP GitHub repoÂ
I am specifically requesting to create a draft Committee Specification. I consider CAP for APâs we are not creating specifications for, yet someone needs now so they create their own CAP. At least that was what I envisioned when we first created CAPâs. For this I would like to go to Committee Spec.
Duncan
Â
iPhone, iTypo, iApologize
Â
Duncan Sparrell
sFractal Consulting, LLC
I welcome VSRE emails. Learn more at http://vsre.info/
Â
From: David Kemp <Dkemp@mobility-challenge.com>
Sent: Wednesday, December 11, 2019 12:53:04 PM
To: Dave Lemire <dave.lemire@g2-inc.com>; Everett, Alex D <alex.everett@unc.edu>; duncan sfractal.com <duncan@sfractal.com>
Cc: openc2-actuator@lists.oasis-open.org <openc2-actuator@lists.oasis-open.org>; OpenC2CoChairs <openc2-committee-chairs@lists.oasis-open.org>
Subject: RE: proposal for SBoM AP GitHub repoÂ
Might this fall under the CAP repo https://github.com/oasis-open/openc2-custom-aps, where SFPF (and FAM and Email-Gateway) are already housed?
DaveÂ
Â
From: Dave Lemire <dave.lemire@g2-inc.com>
Sent: Wednesday, December 11, 2019 9:39 AM
To: Everett, Alex D <alex.everett@unc.edu>; David Kemp <Dkemp@mobility-challenge.com>; Duncan <duncan@sfractal.com>
Cc: openc2-actuator@lists.oasis-open.org; OpenC2CoChairs <openc2-committee-chairs@lists.oasis-open.org>
Subject: proposal for SBoM AP GitHub repoÂ
At yesterday's AP-SC meeting Duncan Sparrell agreed to edit a proposed Software Bill of Materials (SBoM) Actuator Profile. To request the repo, I need certain data, so this email is to coordinate the details:
Â
GH Repo Name:Â ap-sbom
Â
Maintainers:Â Duncan Sparrell, Alex Everett, David Kemp
(I'm sure Duncan would be happy to have a co-editor)
Â
Description:ÂThis repository provides configuration management and version control for developing the OpenC2 Software Bill of Materials (SBoM) actuator profile. Actuator profiles identify the aspects of the OpenC2 language specification that are mandatory and/or meaningful in the context of a given actuator. Actuator Profiles also identify specifiers and options that are unique to the actuator. This repository will focus on the use of OpenC2 to request and retrieve SBoMs from conformant actuators using industry standard SBoM formats.
Â
PurposeÂStatement:Â(this is optional; Duncan or Alex can supply a purpose if they feel the need.)
Â
Dave
Â
David Lemire, CISSP
Systems Engineer
HII Mission Driven Innovative Solutions (HII-MDIS) â formerly G2, Inc.
Technical Solutions Division
302 Sentinel Drive | Annapolis Junction, MD 20701
Email: dave.lemire@g2-inc.com
Work: 301-575-5190 | Mobile: 240-938-9350
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]