1. Security
  2. Topics

Resources on security

Mirz, Markus <mmirz@...>
 

Dear all,

 

To facilitate the collection of resources on security topics, I would suggest that we use this mail thread to propose links etc.

Please just drop your ideas here and I will update the wiki page: https://wiki.lfenergy.org/display/HOME/Security+Working+Group

I hope that this facilitates the process compared to updating the wiki page directly 😉

 

Cheers

Markus

 

 

 

Dick Brooks
 

Markus,

 

Here is my comment:

 

Consider adopting an open source SBOM based Vulnerability Disclosure Report (VDR) XML schema to report on SBOM component level NIST NVD search results and vendor known vulnerability status information: https://github.com/rjb4standards/REA-Products/raw/master/SAGVulnDisclosure.xsd

SAMPLE VDR is available here: https://github.com/rjb4standards/REA-Products/blob/master/SAGVulnDisclosureSAG-PM.xml

 

Explanation of how VDR information is used during an SBOM C-SCRM software risk assessment is available here: https://www.linkedin.com/posts/richard-dick-brooks-8078241_how-does-vendor-provided-software-vulnerability-activity-6860955924933165056-mMcQ

 

 

 

 

From: security@... <security@...> On Behalf Of Mirz, Markus
Sent: Tuesday, November 2, 2021 11:32 AM
To: security@...
Subject: [Security WG] Resources on security

 

Dear all,

 

To facilitate the collection of resources on security topics, I would suggest that we use this mail thread to propose links etc.

Please just drop your ideas here and I will update the wiki page: https://wiki.lfenergy.org/display/HOME/Security+Working+Group

I hope that this facilitates the process compared to updating the wiki page directly 😉

 

Cheers

Markus

 

 

 

1 - 2 of 2