|
Minutes from June 1 SPDX General Meeting
Rose Judge
Hello SPDX Community,
Thanks to the 42 of you that were able to join us for the June General Meeting last week. Another big thanks to Mike and Brandon for their presentation on GUAC. The slides from their presentation are attached for anyone who was unable to join.
The minutes for the June General Meeting are also available for review. Not all attendees were captured in the Attendee list, so if you attended the meeting and are missing from that list, please let me know. We’ll approve these meeting minutes at the beginning of our next call on July 13th (Moved a week to accommodate the US July 4th Holiday.)
Have a great week! |
||||||||||||||||
|
|
||||||||||||||||
|
Re: Interpretation of Errors and Exceptions from SPDX Online Tools
#spdx
Gary O'Neall
Hi Arturo,
The spreadsheet format supported by the online tools follows a specific format that includes all the fields as columns supporting the entire spec. It wasn’t intended to just support the LITE format, although that isn’t a bad idea. We could add an issue in the SPDX Spreadsheet Store to support a LITE version and see if we find any volunteers to implement it. I’ll be pretty focused on upgrading the libraries to 3.0 for the next few weeks, so it may be a while before I can look into it.
Although the columns and sheets are required, you don’t need to have any values for any of the columns not in the LITE profile.
What I would suggest is starting with the full spreadsheet and just fill in the columns which are relevant.
You can take the SPDX example XLS document and remove the data for as starting point.
Using the Python API’s is also a good option for generating the output if that is easier.
You can also use the Tag/Value, JSON or YAML formats and convert those to RDF/XML – YAML is a reasonably human readable / writable option.
Regards, Gary
From: spdx@... <spdx@...> On Behalf Of arturrzgz@...
Sent: Friday, June 2, 2023 8:34 AM To: spdx@... Subject: Re: [spdx] Interpretation of Errors and Exceptions from SPDX Online Tools #spdx
Hello Gary, Even though I have ensured that these fields are introduced in my SPDX XLS Document, the validation tool throws these error messages: Analysis exception processing SPDX file: Column <Name_of_column> missing for SPDX <Clause> worksheet On the other hand, I've been using the python-tools API to create my desired output format. Let me know if it is still worth for me to report the issue, or is this expected behaviour. Regards, Arturo |
||||||||||||||||
|
|
||||||||||||||||
|
Re: Interpretation of Errors and Exceptions from SPDX Online Tools
#spdx
arturrzgz@...
Hello Gary, Even though I have ensured that these fields are introduced in my SPDX XLS Document, the validation tool throws these error messages: Analysis exception processing SPDX file: Column <Name_of_column> missing for SPDX <Clause> worksheet On the other hand, I've been using the python-tools API to create my desired output format. Let me know if it is still worth for me to report the issue, or is this expected behaviour. Regards, Arturo |
||||||||||||||||
|
|
||||||||||||||||
|
Re: Interpretation of Errors and Exceptions from SPDX Online Tools
#spdx
Gary O'Neall
Greetings,
If you are seeing an exception type message, especially if it has a stack trace, it is likely an issue with the tool.
Could you submit an issue at https://github.com/spdx/spdx-online-tools/issues and include a screenshot of the error message?
You should get a response within a day or two.
Gary
From: spdx@... <spdx@...> On Behalf Of arturrzgz@...
Sent: Tuesday, May 30, 2023 3:49 PM To: spdx@... Subject: [spdx] Interpretation of Errors and Exceptions from SPDX Online Tools #spdx
I've been using the SPDX Online Tools recently to Validate and Convert. However, when an error or an exception is being thrown by the tool, understanding of the nature of the issue has not been clear to me. The problem or exception may occurr do to a bug in the tool or due to the format itself not being compliant. Either way, I haven't found a way to troubleshoot the issues with my current document in a comprehensible way. I would appreciate some direction on how can I understand this error codes and/or any reference to where these might be documented. |
||||||||||||||||
|
|
||||||||||||||||
|
Interpretation of Errors and Exceptions from SPDX Online Tools
#spdx
arturrzgz@...
I've been using the SPDX Online Tools recently to Validate and Convert. However, when an error or an exception is being thrown by the tool, understanding of the nature of the issue has not been clear to me. The problem or exception may occurr do to a bug in the tool or due to the format itself not being compliant. Either way, I haven't found a way to troubleshoot the issues with my current document in a comprehensible way. I would appreciate some direction on how can I understand this error codes and/or any reference to where these might be documented.
|
||||||||||||||||
|
|
||||||||||||||||
|
SPDX General Meeting Reminder.
Phil Odence
We’ve great presentations planned for Thursday and the July meeting. Note, due to the the first week of July being a big vacation week in the US, we’ll push the July meeting a week to July 13.
Today’s special presentation:
Getting directed and actionable insights from your SBOMs from GUAC
With the rise of the popularity of SBOMs, more and more consumers of software are asking the question of what to do with them? For most, the large amounts of data now streaming in can be overwhelming. GUAC helps to organize that data and acts as a telescope to what's important. With GUAC, organizations can ingest SBOMs and other software metadata documents from different formats and sources and query them through an assembled knowledge graph. In addition, today, there is both too much data, but also sometimes a lack of data where it matters. GUAC, as a platform, provides the ability to augment SBOM data with other data sources and threat intelligence to get a more holistic view of the supply chain.
Brandon Lum Brandon loves designing and implementing computer systems (with a focus on Security, Operating Systems, and Distributed/Parallel Systems). Brandon is a Co-chair of the CNCF Security TAG, and as a part of Google's Open Source Security Team, he works on improving the supply chain security of the Open Source ecosystem through efforts around supply chain knowledge graphs - GUAC, SBOMs, and VEX. Previously at IBM Research, Brandon worked on various security areas such as: Container content protection via encryption and image signing, identity, and kernel attack surface reduction.
Michael Lieberman Michael Lieberman is a Chief Technology Officer at Kusari focused on technology transformation especially with regards to cloud native architectures, technologies and migrations. Most recently he has been focused on work within the software supply chain security space. He is co-chair of the CNCF Financial Services User Group, SLSA steering committee member, and recently co-lead the Secure Software Factory Reference Architecture for the Security Technical Advisory Group. Michael has also participated in multiple podcasts, panels and talks on behalf of the FSUG, the companies he’s worked for and on behalf of himself as an individual contributor in the tech community.
Meeting Time: Thurs, June 1, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Join the meeting:
Etherpad for minutes: https://spdx.swinslow.net/p/spdx-general-minutes
Administrative Agenda Attendance Minutes Approval: https://github.com/spdx/meetings/blob/main/general/2023-05-04.md
Steering Committee Update
Special Presentation
Technical Team Report – Kate/Gary/Others
Legal Team Report – Jilayne/Steve
Outreach/Website Team Report – Alexios/Bob
|
||||||||||||||||
|
|
||||||||||||||||
|
Announcement from Exiger
Hello Everyone,
Consolidation of the SBOM market space continues at pace with this announcement of Ion Channel being acquired by Exiger.
This is not surprising given the US Government requirements for software suppliers and vendors to attest to implementing NIST Guidance that includes SBOM in order to sell products to the US Government. FYI: Ion Channel is one of the SBOM Special Interest Group members that filed comments with NIST: https://www.nist.gov/document/responses-enhancing-software-supply-chain-security-sbom
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788
|
||||||||||||||||
|
|
||||||||||||||||
|
Reminder: Thursday SPDX General Meeting
Phil Odence
Meeting Time: Thurs, May 4, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Join the meeting:
Etherpad for minutes: https://spdx.swinslow.net/p/spdx-general-minutes
Administrative Agenda Attendance Minutes Approval: https://github.com/spdx/meetings/blob/main/general/2023-04-06.md
Steering Committee Update – Phil
Technical Team Report – Kate/Gary/Others
Legal Team Report – Jilayne/Steve
Outreach/Website Team Report – Alexios/Bob
|
||||||||||||||||
|
|
||||||||||||||||
|
Re: [SCITT] [spdx] CISA's proposed attestation form is now available and they are seeking comments
Thanks for your consideration, Henry.
John, is ITI interested in collaborating with the SMB community on this opportunity?
There are literally thousands of SMB’s in this space and my list of interested parties continues to grow. Clearly, there are SMB’s with an interest in collaborating on this matter, which affects all of us.
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788
From: Henry Young <henryy@...>
Sent: Monday, May 1, 2023 9:31 AM To: dick@...; ljeanc@...; spdx@... Cc: scitt@...; John Miller <JMiller@...> Subject: RE: [SCITT] [spdx] CISA's proposed attestation form is now available and they are seeking comments
Dick,
Thanks so much for reaching. I think it is likely that BSA will provide comments to CISA, and while I suspect many of the points we make will be the same, we probably won’t be submitting as part of a multi-association effort.
Henry
From: Dick Brooks <dick@...>
Thank you Jean, I have added your name to the growing list of parties that have expressed an interest in joining this collaboration.
FYI: I’ve also reached out to ITI and BSA to collaborate on this.
I see this as a unique opportunity to show that the “Big Guys” (BSA/ITI) and the little SMB’s that produce software are coming together on this very important opportunity to collaborate on an item that affects all of us.
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788
From: SCITT <scitt-bounces@...> On Behalf Of L Jean Camp
I am interested. Also I would like to know if anyone else has any interest in ensuring attestation standards have space to enable cryptographic agility or move towards self attesting addresses?
On Sat, Apr 29, 2023 at 9:34 AM Dick Brooks <dick@...> wrote:
-- Prof. L. Jean Camp
Make a Difference |
||||||||||||||||
|
|
||||||||||||||||
|
Re: CISA's proposed attestation form is now available and they are seeking comments
Alfred Strauch
Dear Mr Brooks, We are interested in attestation. Alfred Strauch, Smart Talk Beacon Steven CarbnoSmart Talk Beacon Alfred Strauch President SmartTalk Security Inc. Bus: 306-5291442 Email: alfred@...      Confidentiality and Disclaimer: The informa tion in this transmission may be confidential and/or protected by legal professional privilege, and is intended only for the person or persons to whom it is addressed. If you are not such a person, you are warned that any disclosure, copying or dissemination of the information is unauthorized If you have received the transmission in error, please immediately contact this Office by telephone or email, to inform us of the error and to enable arrangements to be made for the destruction of the transmission, or its return at our cost. No liability is accepted for any unauthorized use of the information contained in this transmission. If the transmission contains advice, the advice is based on instructions in relation to, and is provided to the addressee in connection with, the matter mentioned above. Responsibility is not accepted for reliance upon it by any other person or for any other purpose. On Sat, Apr 29, 2023 at 7:34 AM Dick Brooks <dick@...> wrote:
|
||||||||||||||||
|
|
||||||||||||||||
|
Re: CISA's proposed attestation form is now available and they are seeking comments
FYI
I have reached out to ITI and BSA on this opportunity and am waiting to hear back.
This matter affects everyone working in the SBOM community that is producing software products, aiming to sell to the US Government.
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788
From: spdx@... <spdx@...> On Behalf Of Jean Camp
Sent: Saturday, April 29, 2023 10:20 AM To: spdx@... Cc: scitt@... Subject: Re: [spdx] CISA's proposed attestation form is now available and they are seeking comments
I am interested. Also I would like to know if anyone else has any interest in ensuring attestation standards have space to enable cryptographic agility or move towards self attesting addresses?
On Sat, Apr 29, 2023 at 9:34 AM Dick Brooks <dick@...> wrote:
-- Prof. L. Jean Camp
Make a Difference |
||||||||||||||||
|
|
||||||||||||||||
|
Re: CISA's proposed attestation form is now available and they are seeking comments
Jean Camp
I am interested. Also I would like to know if anyone else has any interest in ensuring attestation standards have space to enable cryptographic agility or move towards self attesting addresses? On Sat, Apr 29, 2023 at 9:34 AM Dick Brooks <dick@...> wrote:
--
Prof. L. Jean Camp http://www.ljean.com Make a Difference http://www.ieeeusa.org/policy/govfel/congfel.asp |
||||||||||||||||
|
|
||||||||||||||||
|
Re: [SCITT] [spdx] CISA's proposed attestation form is now available and they are seeking comments
I'm seeing a good response so far.
toggle quoted message
Show quoted text
Hoping to reach 100 small and medium businesses providing software to the US Government sign-on to this collaborative joint filing effort before the filing deadline for this CISA call for comments. Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788 -----Original Message-----
From: SCITT <scitt-bounces@...> On Behalf Of Michael Richardson Sent: Sunday, April 30, 2023 1:18 PM To: ljeanc@...; spdx@...; scitt@... Subject: Re: [SCITT] [spdx] CISA's proposed attestation form is now available and they are seeking comments L Jean Camp <ljeanc@...> wrote: > I am interested. Also I would like to know if anyone else has any interest > in ensuring attestation standards have space to enable cryptographic > agility or move towards self attesting addresses? If you pick an IETF specification like CWT/COSE (EAT) and agility is built in to the specification. Roll your own stuff, and you are probably in trouble. But there is more than formats and specifications needed to support agility. People have to use a variety of things so that software regularly is ready to accept the variety. -- Michael Richardson <mcr+IETF@...> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide |
||||||||||||||||
|
|
||||||||||||||||
|
Re: [SCITT] [spdx] CISA's proposed attestation form is now available and they are seeking comments
Thank you Jean, I have added your name to the growing list of parties that have expressed an interest in joining this collaboration.
FYI: I’ve also reached out to ITI and BSA to collaborate on this.
I see this as a unique opportunity to show that the “Big Guys” (BSA/ITI) and the little SMB’s that produce software are coming together on this very important opportunity to collaborate on an item that affects all of us.
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788
From: SCITT <scitt-bounces@...> On Behalf Of L Jean Camp
Sent: Saturday, April 29, 2023 10:20 AM To: spdx@... Cc: scitt@... Subject: Re: [SCITT] [spdx] CISA's proposed attestation form is now available and they are seeking comments
I am interested. Also I would like to know if anyone else has any interest in ensuring attestation standards have space to enable cryptographic agility or move towards self attesting addresses?
On Sat, Apr 29, 2023 at 9:34 AM Dick Brooks <dick@...> wrote:
-- Prof. L. Jean Camp
Make a Difference |
||||||||||||||||
|
|
||||||||||||||||
|
Re: CISA's proposed attestation form is now available and they are seeking comments
FYI: I’m envisioning a similar process to what was used by the SBOM Special Internet Group (SBOM SIG), contained in this filing to NIST: https://www.nist.gov/document/responses-enhancing-software-supply-chain-security-sbom
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788
From: Dick Brooks <dick@...>
Sent: Saturday, April 29, 2023 9:21 AM To: 'scitt@...' <scitt@...>; 'spdx@...' <spdx@...> Subject: CISA's proposed attestation form is now available and they are seeking comments
Hello Everyone,
CISA is seeking comments on their proposed self-attestation form for OMB M-22-18 and EO 14028.
Is there any interest in doing a joint comment filing to CISA? Please respond to this email if interested in a collaborative, joint response to CISA. I’ll be happy to facilitate the response. information has recently been updated and is now available. CISA Requests for Comment on Secure Software Self-Attestation Form 04/28/2023 02:00 PM EDT CISA has issued requests for comment on the Secure Software Self-Attestation Form. CISA, in coordination with the Office of Budget and Management (OMB), released proposed guidance on secure software. This guidance seeks to secure software leveraged by the federal government. CISA expects agencies to use this proposed form to reduce the risk to the federal environment, thereby implementing a standardized process for agencies and software producers that will create transparency on the security of software development efforts. Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788
|
||||||||||||||||
|
|
||||||||||||||||
|
CISA's proposed attestation form is now available and they are seeking comments
Hello Everyone,
CISA is seeking comments on their proposed self-attestation form for OMB M-22-18 and EO 14028.
Is there any interest in doing a joint comment filing to CISA? Please respond to this email if interested in a collaborative, joint response to CISA. I’ll be happy to facilitate the response. information has recently been updated and is now available. CISA Requests for Comment on Secure Software Self-Attestation Form 04/28/2023 02:00 PM EDT CISA has issued requests for comment on the Secure Software Self-Attestation Form. CISA, in coordination with the Office of Budget and Management (OMB), released proposed guidance on secure software. This guidance seeks to secure software leveraged by the federal government. CISA expects agencies to use this proposed form to reduce the risk to the federal environment, thereby implementing a standardized process for agencies and software producers that will create transparency on the security of software development efforts. Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788
|
||||||||||||||||
|
|
||||||||||||||||
|
Elucidating why I'm leaving SPDX
Dear all,
I have relished the intellectual company of the SPDX community. There has been no other open source community that I have felt more welcomed in, nor one that shows so much potential for the entire computer software industry. Regrettably, though, I have observed a growing number of issues regarding the direction of the project and the missed opportunities to improve the accountability of the leadership. As a result, I'm writing to explain my decision to resign from my role on the Steering Committee as SPDX Outreach Team Lead and to withdraw for the time being from my involvement in the Legal Team, Tech Team and the related Serialisation Focus Group and Canonicalisation Committee. A number of people have been appointed to positions of responsibility within SPDX, including most recently a Marketing Manager. This has been done without the consultation, approval or notification of myself, my fellow Outreach Team Leads or even the Steering Committee. Additional support in SPDX's Outreach Team activities is always appreciated, and having had the pleasure of meeting the new Marketing Manager earlier in the week, I have been left with no doubt as to their ability to make a positive difference to the project. However, the lack of communication preceding this recruitment leaves the Steering Committee unable to strategically coordinate SPDX's growth, simply because it is unaware of what's going on! Many of you will be aware that one of the long-term projects that I have been engaged with is to rebuild the SPDX website, designing it with the members of the Outreach Team in order to allow the entire SPDX community to collaborate directly on editing and improving the site. However, I have been made aware that there is now a separate effort to start substantial development on SPDX's web presence. It does not make sense for me to continue with the SPDX website simply to duplicate the effort. Although I have offered to join forces and work together on the website, this offer has been declined. As a volunteer, the openness and transparency of SPDX has been a great motivating factor for me. I would like to see the SPDX Steering Committee be proactive, rather than merely reactive, and to actively form a coherent strategy for the future. Fragmented discussions, inadequate records of consensus decisions and their rationale and inconsistent adherence to process all inhibit this goal. SPDX is privileged to have the participation of dozens of experts and consequently I feel privileged to have been a part of such a special community. I hope that this email helps to elucidate my reasons for leaving, and that the relevant parties may reflect on the points above to ensure SPDX stays a welcoming, relevant and consensus-driven community. Best wishes, Sebastian Crane |
||||||||||||||||
|
|
||||||||||||||||
|
Re: SPDX Gen Meeting Follow up- Mistake and Thanks
Joe Bussell
The WDK that contains our SBOM and COSE tools is now available through the Windows Insider Program. I would appreciate any feedback on the tools or the delivery process.
Register to for the Windows Insider Program (Free) by following the instructions here: Get started with the Windows Insider Program - Windows Insider Program | Microsot Learn
Once registered go to the Windows Driver Kit Insider page here: Download Windows Insider Preview WDK (microsoft.com)
From this page download and install the SDK and the WDK.
Once installed the SBOM tools are located in <kitsRoots>\10\Tools\<versions>\x64\ · sbom-tool-win-x64.exe · CoseSignTool.exe
Using the tools: SBOM tool The SBOM tool is an open-source tool. See the project's GitHub repository for documentation that covers how to run and use the tool. GitHub - microsoft/sbom-tool: The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
· sbom-tool-win-x64.exe generate [<options>]
COSE Tool CoseSignTool.exe is a command-line tool that uses the following syntax: · CoseSignTool.exe [Sign|Validate|Get] [<options>] To see available options use /?
For signing, you must supply a private key certificate to sign with. Validate and Get operations require one or more public key certificates for the COSE signature to root to. In either case, the certificates may be supplied as files or as thumbprints of certificates in the Windows Certificate Store.
From: spdx@... <spdx@...> On Behalf Of
May Wang via lists.spdx.org
Sent: Wednesday, April 12, 2023 10:25 PM To: spdx@... Cc: May Wang via lists.spdx.org <maywang=paloaltonetworks.com@...>; Phil Odence <Phil.Odence@...> Subject: [EXTERNAL] Re: [spdx] SPDX Gen Meeting Follow up- Mistake and Thanks
Joe,
As you know well, medical device security is a big challenge. SBOM is probably needed most in healthcare as you pointed out. We have lots of healthcare customers asking for SBOM, but many MDMs don't provide it. That's why we released it in our product trying to help. With increasing regulation requirements, such as the recent one: FDA will refuse new medical devices for cybersecurity reasons on Oct. 1, hopefully more enforcement will be put on standards like IEC 62304 you mentioned. That will definitely push for more SBOM adoption.
Dick,
Thank you for your explanation and the additional info. We don't have APIs for testing purposes right now. We can try to put it on the roadmap, but that might take a while. :) Thanks!
-- May Wang, Ph.D. | CTO, IoT Security Palo Alto Networks | 3000 Tannery Way | Santa Clara, CA 95054 | USA Email: may@... | www.paloaltonetworks.com
The content of this message is the proprietary and confidential property of Palo Alto Networks, and should be treated as such. If you are not the intended recipient and have received this message in error, please delete this message from your computer system and notify me immediately by e-mail. Any unauthorized use or distribution of the content of this message is prohibited.
On Wed, Apr 12, 2023 at 6:08 AM Joseph Silvia via lists.spdx.org <jsilvia=orielstat.com@...> wrote:
|
||||||||||||||||
|
|
||||||||||||||||
|
Google announce open devs.dep API
Google have opened their deps.dev API, covering dependencies, license information and vulnerabilities. Right now, it's open and free to use – you don't even need an API key.
Blog post here: https://security.googleblog.com/2023/04/announcing-depsdev-api-critical.html
steve
|
||||||||||||||||
|
|
||||||||||||||||
|
Re: SPDX Gen Meeting Follow up- Mistake and Thanks
May Wang
Joe, As you know well, medical device security is a big challenge. SBOM is probably needed most in healthcare as you pointed out. We have lots of healthcare customers asking for SBOM, but many MDMs don't provide it. That's why we released it in our product trying to help. With increasing regulation requirements, such as the recent one: FDA will refuse new medical devices for cybersecurity reasons on Oct. 1, hopefully more enforcement will be put on standards like IEC 62304 you mentioned. That will definitely push for more SBOM adoption. Dick, Thank you for your explanation and the additional info. We don't have APIs for testing purposes right now. We can try to put it on the roadmap, but that might take a while. :) Thanks! -- May Wang, Ph.D. | CTO, IoT Security Palo Alto Networks | 3000 Tannery Way | Santa Clara, CA 95054 | USA Email: may@... | www.paloaltonetworks.com
The content of this message is the proprietary and confidential property of Palo Alto Networks, and should be treated as such. If you are not the intended recipient and have received this message in error, please delete this message from your computer system and notify me immediately by e-mail. Any unauthorized use or distribution of the content of this message is prohibited.
|
||||||||||||||||
|
|
