A YANG Data Model for Reporting Software Bills of Materials (SBOMs) and Vulnerability Information
draft-ietf-opsawg-sbom-access-18

• Status
• IESG evaluation record
• IESG writeups
• Email expansions
• History

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, bill.wu@huawei.com, draft-ietf-opsawg-sbom-access@ietf.org, henk.birkholz@sit.fraunhofer.de, opsawg-chairs@ietf.org, opsawg@ietf.org, rfc-editor@rfc-editor.org, rwilton@cisco.com
Subject: Protocol Action: 'Discovering and Retrieving Software Transparency and Vulnerability Information' to Proposed Standard (draft-ietf-opsawg-sbom-access-18.txt)

The IESG has approved the following document:
- 'Discovering and Retrieving Software Transparency and Vulnerability
   Information'
  (draft-ietf-opsawg-sbom-access-18.txt) as Proposed Standard

This document is the product of the Operations and Management Area Working
Group.

The IESG contact persons are Warren Kumari and Robert Wilton.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-opsawg-sbom-access/

Ballot Text

Technical Summary

   To improve cybersecurity posture, automation is necessary to locate
   what software is running on a device, whether that software has known
   vulnerabilities, and what, if any recommendations suppliers may have.
   This memo extends the MUD YANG model to provide the locations of
   software bills of materials (SBOMS) and to vulnerability information.

Working Group Summary

   No, it seemed to go smoothly, and got a few good WG last call reviews.

Document Quality

   The authors indicate that they are working on an implementation.

Personnel

   Rob Wilton is the Responsible AD
   Qin Wu is the Doc Shepherd.

RFC Editor Note