[OPSAWG] Protocol Action: 'Discovering and Retrieving Software Transparency and Vulnerability Information' to Proposed Standard (draft-ietf-opsawg-sbom-access-18.txt)
The IESG <iesg-secretary@ietf.org> Mon, 08 May 2023 21:49 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: opsawg@ietf.org
Delivered-To: opsawg@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A338C16953F; Mon, 8 May 2023 14:49:47 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 10.2.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: The IESG <iesg@ietf.org>, bill.wu@huawei.com, draft-ietf-opsawg-sbom-access@ietf.org, henk.birkholz@sit.fraunhofer.de, opsawg-chairs@ietf.org, opsawg@ietf.org, rfc-editor@rfc-editor.org, rwilton@cisco.com
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <168358258762.44973.9451973287661385053@ietfa.amsl.com>
Date: Mon, 08 May 2023 14:49:47 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/-7CRq-3COf5UPGlQ1NEimAtNMKo>
Subject: [OPSAWG] Protocol Action: 'Discovering and Retrieving Software Transparency and Vulnerability Information' to Proposed Standard (draft-ietf-opsawg-sbom-access-18.txt)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 May 2023 21:49:47 -0000
The IESG has approved the following document: - 'Discovering and Retrieving Software Transparency and Vulnerability Information' (draft-ietf-opsawg-sbom-access-18.txt) as Proposed Standard This document is the product of the Operations and Management Area Working Group. The IESG contact persons are Warren Kumari and Robert Wilton. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-opsawg-sbom-access/ Technical Summary To improve cybersecurity posture, automation is necessary to locate what software is running on a device, whether that software has known vulnerabilities, and what, if any recommendations suppliers may have. This memo extends the MUD YANG model to provide the locations of software bills of materials (SBOMS) and to vulnerability information. Working Group Summary No, it seemed to go smoothly, and got a few good WG last call reviews. Document Quality The authors indicate that they are working on an implementation. Personnel Rob Wilton is the Responsible AD Qin Wu is the Doc Shepherd.