Re: [Mud] [OPSAWG] SBOMs and version non-specific MUD files
Christopher Gates <chris.gates@velentium.com> Fri, 04 February 2022 20:42 UTC
Return-Path: <chris.gates@velentium.com>
X-Original-To: mud@ietfa.amsl.com
Delivered-To: mud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96F383A09E5 for <mud@ietfa.amsl.com>; Fri, 4 Feb 2022 12:42:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=velentium.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yAtAOD4lfXj8 for <mud@ietfa.amsl.com>; Fri, 4 Feb 2022 12:42:09 -0800 (PST)
Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 134243A228A for <mud@ietf.org>; Fri, 4 Feb 2022 12:42:08 -0800 (PST)
Received: by mail-pj1-x1035.google.com with SMTP id z14-20020a17090ab10e00b001b6175d4040so14204213pjq.0 for <mud@ietf.org>; Fri, 04 Feb 2022 12:42:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=velentium.com; s=google; h=from:to:subject:date:message-id:in-reply-to:references:reply-to :user-agent:mime-version; bh=zwMU3bCeM/vpRJ9Rs65AmSIbo3AygqebQVytnZey6rM=; b=KIbSVw79Uey0sRj2rBIAILYkZkUUHc5M+GUDWCzZ3g1Rtx8be9vUcO6GbRCZV03aIV Bq1SfPsCrXRJpRD17/K+u8MmEncWIIWHiEhy51rv2LXFeYfkm7ESe8280SNZrlOwNdwe G3v9owHQVSeJAkBqVN8KLU42OOCK2ZOoZ9z1A=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:reply-to:user-agent:mime-version; bh=zwMU3bCeM/vpRJ9Rs65AmSIbo3AygqebQVytnZey6rM=; b=iiK3rnl933YwlPiLsymYPysUObIR7ITqNlHkrnDA7ns0Y58na7gWRTZ1206hdLsmT1 JlDTOG6CAqSNX7XoeOcfVj+kD8500zV380vxhVov2xTT61LchIQBeUr9NaUttg00yJOu ewzyofUno2MhAChSaNWYCE1S0YTdHmgKCCq2REyUx5N5f4WumhGYvoHcYvbarLiu23vl TeQqFzjIGxdFyi+FET75AinL04xqSj2KYnmvTTKhxSop/eqgq9EbNNswnfMP2AxhejUJ NsksLLjBDMpHg27W1iq9coiWJvySmlmTAs3YXZf5z7q1fVLWRtq8lU+XTz3WD0DLoq5L tNjw==
X-Gm-Message-State: AOAM532ywedvV2NjI3JDt/c0e/VGAxQHn48qmGIW9/ZtRszlpj+NWj8d yLAlO9krrcqGIIKOJ9BnR2BvxN1ic5U1YRSagZ2ygo5+2FW51LWqMQkIKtBFKj4mwhgAIMIrEG1 2xniP
X-Google-Smtp-Source: ABdhPJxcwJpb6Ju1dQ93O/h9U0sT5P77UTfcFLBTIXf4jDWHrBfzmlgGZ1pO0H/z4hCwzYZJh/rjgA==
X-Received: by 2002:a17:902:d50d:: with SMTP id b13mr4991480plg.141.1644007326891; Fri, 04 Feb 2022 12:42:06 -0800 (PST)
Received: from ?IPv6:2600:8801:1298:5200:8414:c5d5:a88e:dea5? ([2600:8801:1298:5200:8414:c5d5:a88e:dea5]) by smtp.gmail.com with ESMTPSA id bt6sm13364834pjb.3.2022.02.04.12.42.06 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Feb 2022 12:42:06 -0800 (PST)
From: Christopher Gates <chris.gates@velentium.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, dick@reliableenergyanalytics.com, mud@ietf.org, opsawg@ietf.org
Date: Fri, 04 Feb 2022 20:40:15 +0000
Message-Id: <em63a52887-4f6b-419e-a584-67bd164de65c@vwdl7400-36262r2>
In-Reply-To: <27407.1644006641@localhost>
References: <282926.1643996393@dooku> <686901d819f9$8ffc5720$aff50560$@reliableenergyanalytics.com> <27407.1644006641@localhost>
Reply-To: Christopher Gates <chris.gates@velentium.com>
User-Agent: eM_Client/8.2.1659.0
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="------=_MB555ECB3C-B6DE-4590-937C-40BA2E1D09C5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mud/GIJWReU-ZULvNRkHs15lIJJkcD8>
X-Mailman-Approved-At: Wed, 09 Feb 2022 23:01:05 -0800
Subject: Re: [Mud] [OPSAWG] SBOMs and version non-specific MUD files
X-BeenThere: mud@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of Manufacturer Ussage Descriptions <mud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mud>, <mailto:mud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mud/>
List-Post: <mailto:mud@ietf.org>
List-Help: <mailto:mud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mud>, <mailto:mud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Feb 2022 20:42:15 -0000
There are already public databases with both secured and public SBOMs https://sbom.rkvst.io/publicsboms Christopher Gates -------------------------------- Director of Product Security www.velentium.com (805)750-0171 Las Vegas, NV (GMT-8) Our new book is now shipping: Medical Device Cybersecurity for Engineers and Manufacturers U.S. <https://us.artechhouse.com/Medical-Device-Cybersecurity-A-Guide-for-Engineers-and-Manufacturers-P2128.aspx> | Worldwide <https://uk.artechhouse.com/Medical-Device-Cybersecurity-A-Guide-for-Engineers-and-Manufacturers-P2073.aspx> Amazon <https://www.amazon.com/Medical-Device-Cybersecurity-Engineers-Manufacturers/dp/1630818151/ref=sr_1_1?dchild=1&keywords=Axel+Wirth&qid=1592335625&sr=8-1> & Digital <https://us.artechhouse.com/Medical-Device-Cybersecurity-for-Engineers-and-Manufacturers-P2174.aspx> Security Book Of The Year! <https://engineering.tapad.com/the-best-information-security-books-of-2020-e7430444fbd4> “If everyone is thinking alike, then somebody isn't thinking.” -George S. Patton "Facts are stubborn things." -John Adams, 1770 ------ Original Message ------ From: "Michael Richardson" <mcr+ietf@sandelman.ca> To: dick@reliableenergyanalytics.com; mud@ietf.org; opsawg@ietf.org Sent: 2/4/2022 12:30:41 PM Subject: Re: [OPSAWG] SBOMs and version non-specific MUD files > >Dick Brooks <dick@reliableenergyanalytics.com> wrote: > > The predominant "SBOM delivery channel" I see is through access controlled > > customer portals where customers can download SBOM's Vulnerability > > Disclosures and other artifacts needed to perform a NIST C-SCRM risk > > assessment for Executive Order 14028. > >For hospitals, sure. >For baby monitors, maybe not. > > >-- >Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > > -- Disclaimer: The information and attachments transmitted by this e-mail are proprietary to Velentium, LLC and the information and attachments may be confidential and legally protected under applicable law and are intended for use only by the individual or entity to whom it was addressed. If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message and attachments is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and delete this message from your system immediately hereafter.
- [Mud] SBOMs and version non-specific MUD files Michael Richardson
- Re: [Mud] [OPSAWG] SBOMs and version non-specific… Dick Brooks
- Re: [Mud] [OPSAWG] SBOMs and version non-specific… Michael Richardson
- Re: [Mud] [OPSAWG] SBOMs and version non-specific… Dick Brooks
- Re: [Mud] [OPSAWG] SBOMs and version non-specific… Dick Brooks
- Re: [Mud] [OPSAWG] SBOMs and version non-specific… Christopher Gates
- Re: [Mud] [EXTERNAL SOURCE] Re: [OPSAWG] SBOMs an… Tony Turner