[OPSAWG] Last Call: <draft-ietf-opsawg-sbom-access-14.txt> (Discovering and Retrieving Software Transparency and Vulnerability Information) to Proposed Standard
The IESG <iesg-secretary@ietf.org> Mon, 27 February 2023 14:58 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: opsawg@ietf.org
Delivered-To: opsawg@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 09BD4C1526ED; Mon, 27 Feb 2023 06:58:53 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 9.12.0
Auto-Submitted: auto-generated
Precedence: bulk
CC: bill.wu@huawei.com, draft-ietf-opsawg-sbom-access@ietf.org, henk.birkholz@sit.fraunhofer.de, opsawg-chairs@ietf.org, opsawg@ietf.org, rwilton@cisco.com
Reply-To: last-call@ietf.org
Sender: iesg-secretary@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <167750993303.37674.3676623345774143020@ietfa.amsl.com>
Date: Mon, 27 Feb 2023 06:58:53 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/Yon6t2DqD8nJtwYNS7QYqLWWMF4>
Subject: [OPSAWG] Last Call: <draft-ietf-opsawg-sbom-access-14.txt> (Discovering and Retrieving Software Transparency and Vulnerability Information) to Proposed Standard
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Feb 2023 14:58:53 -0000
The IESG has received a request from the Operations and Management Area Working Group WG (opsawg) to consider the following document: - 'Discovering and Retrieving Software Transparency and Vulnerability Information' <draft-ietf-opsawg-sbom-access-14.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2023-03-13. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract To improve cybersecurity posture, automation is necessary to locate what software is running on a device, whether that software has known vulnerabilities, and what, if any recommendations suppliers may have. This memo extends the MUD YANG model to provide the locations of software bills of materials (SBOMS) and to vulnerability information. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-opsawg-sbom-access/ No IPR declarations have been submitted directly on this I-D.