OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

board-busdev-thought-leaders message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: OASIS Opportunity

CISA and the NSA recently released  Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption. The very last sentence of the body of the document, in the “Conclusion: SBOM Consumption Today and Tomorrow” section, states:

  • “A vendor neutral open standard set of risk factors that can be aggregated into risk scoring for SBOMs should be developed.”

 

I would be willing to participate in (but not chair) a new TC to create the standard envisioned. I believe it only takes 5 people in 2 companies to justify starting a TC. Anyone else interested? My belief is that it would kick off a firestorm of activity and result in some new members as well as more participation from existing members. But if we are to do it, we need to move quickly.

 

-- 

Duncan Sparrell

sFractal Consulting

iPhone, iTypo, iApologize

I welcome VSRE emails. Learn more at http://vsre.info/

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]