|
End Of Life Tag in spdx
#spdx
Steve, Regarding: “I have no opinion on end-of-life either way, but wouldn’t the same argument apply to security vulnerabilities?” Yes, if a software vendor chooses to list each known vulnerability wi
Steve, Regarding: “I have no opinion on end-of-life either way, but wouldn’t the same argument apply to security vulnerabilities?” Yes, if a software vendor chooses to list each known vulnerability wi
|
By
Dick Brooks
· #1525
·
|
|
End Of Life Tag in spdx
#spdx
I agree: “I would suggest to keep this information "out of band" and not inside SPDX documents” Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council
I agree: “I would suggest to keep this information "out of band" and not inside SPDX documents” Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council
|
By
Dick Brooks
· #1523
·
|
|
SPDX and NTIA SBOM Minimum elements
#spdx
You’re welcome. You will most likely need SPDX V2.3 if you have any “FILE” components that need to specify version info. The new PackagePurpose field supports the version info for “FILE” artifacts. Th
You’re welcome. You will most likely need SPDX V2.3 if you have any “FILE” components that need to specify version info. The new PackagePurpose field supports the version info for “FILE” artifacts. Th
|
By
Dick Brooks
· #1516
·
|
|
SPDX and NTIA SBOM Minimum elements
#spdx
NTIA Framing document has the mapping you seek: see page 13 https://www.ntia.gov/files/ntia/publications/ntia_sbom_framing_2nd_edition_20211021.pdf However the “EO 14028 NTIA min element list is a lit
NTIA Framing document has the mapping you seek: see page 13 https://www.ntia.gov/files/ntia/publications/ntia_sbom_framing_2nd_edition_20211021.pdf However the “EO 14028 NTIA min element list is a lit
|
By
Dick Brooks
· #1514
·
|
|
End Of Life Tag in spdx
#spdx
Kate and Sandeep, Our customers are also interested in this information. There are two concepts to consider: Commercial Status: <enumeration value="Available"></enumeration> <enumeration value="Retire
Kate and Sandeep, Our customers are also interested in this information. There are two concepts to consider: Commercial Status: <enumeration value="Available"></enumeration> <enumeration value="Retire
|
By
Dick Brooks
· #1511
·
|
|
[spdx-tech] Registration open for SPDX DocFest on Jan 27th
Thanks, Rose – much appreciate the quick response and for all that you do for the SPDX community. Looking forward to participating in the DocFest. Cheers and best regards, Dick Brooks Never trust soft
Thanks, Rose – much appreciate the quick response and for all that you do for the SPDX community. Looking forward to participating in the DocFest. Cheers and best regards, Dick Brooks Never trust soft
|
By
Dick Brooks
· #1495
·
|
|
[spdx-tech] Registration open for SPDX DocFest on Jan 27th
Rose, Where can I find the target set objects to create/submit an SPDX SBOM? Thanks, Dick Brooks Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@re
Rose, Where can I find the target set objects to create/submit an SPDX SBOM? Thanks, Dick Brooks Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@re
|
By
Dick Brooks
· #1493
·
|
|
SPDX Company Membership
Phil, I just checked on REA’s LF membership status and it appears the lowest cost tier is $5,000 to become a LF member. Please confirm my understanding is correct that $5,000 is the lowest cost member
Phil, I just checked on REA’s LF membership status and it appears the lowest cost tier is $5,000 to become a LF member. Please confirm my understanding is correct that $5,000 is the lowest cost member
|
By
Dick Brooks
· #1485
·
|
|
SPDX Oct Gen Meeting Minutes
Thanks, Phil. 100% agree with you. Thanks, Dick Brooks Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-
Thanks, Phil. 100% agree with you. Thanks, Dick Brooks Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-
|
By
Dick Brooks
· #1463
·
|
|
SPDX Oct Gen Meeting Minutes
Thanks, Phil. Kate/Gary, please let me know if there is anything I can do to help with a cyber risk assessment use case – I’m happy to contribute and learn. Thanks, Dick Brooks Never trust software, a
Thanks, Phil. Kate/Gary, please let me know if there is anything I can do to help with a cyber risk assessment use case – I’m happy to contribute and learn. Thanks, Dick Brooks Never trust software, a
|
By
Dick Brooks
· #1461
·
|
|
SPDX Oct Gen Meeting Minutes
Phil, I had to attend a CISA meeting held at the same time as the SPDX meeting; I didn’t see any info in the minutes regarding the work on profiles. Any updates to share on the progress to support pro
Phil, I had to attend a CISA meeting held at the same time as the SPDX meeting; I didn’t see any info in the minutes regarding the work on profiles. Any updates to share on the progress to support pro
|
By
Dick Brooks
· #1459
·
|
|
SPDX Goes ISO
Thanks, Phil – I’m very much looking forward to the configurable profiles capability. Thanks, Dick Brooks Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email
Thanks, Phil – I’m very much looking forward to the configurable profiles capability. Thanks, Dick Brooks Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email
|
By
Dick Brooks
· #1456
·
|
|
SPDX Goes ISO
Phil, Minimal SBOM elements specified by NTIA for Executive Order (EO) 14028 do not include license data element requirements (see attached). The EO and the NTIA SBOM minimal elements focus on Cyber r
Phil, Minimal SBOM elements specified by NTIA for Executive Order (EO) 14028 do not include license data element requirements (see attached). The EO and the NTIA SBOM minimal elements focus on Cyber r
|
By
Dick Brooks
· #1453
·
|
|
SPDX Goes ISO
I just realized that the DocFest will be demonstrating interoperability of an ISO standard SBOM. Great timing getting the ISO standard status before the 9/16 DocFest. Very cool! Thanks, Dick Brooks Ne
I just realized that the DocFest will be demonstrating interoperability of an ISO standard SBOM. Great timing getting the ISO standard status before the 9/16 DocFest. Very cool! Thanks, Dick Brooks Ne
|
By
Dick Brooks
· #1442
·
|
|
SPDX Goes ISO
A truly amazing achievement – well done and congratulations to Kate and the entire SPDX and Linux Foundation community that made this happen. So much looking forward to advancing SPDX interoperability
A truly amazing achievement – well done and congratulations to Kate and the entire SPDX and Linux Foundation community that made this happen. So much looking forward to advancing SPDX interoperability
|
By
Dick Brooks
· #1437
·
|