UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF - RFC 9472

A YANG Data Model for Reporting Software Bills of Materials (SBOMs) and Vulnerability Information

active, Most Current
Organization: IETF
Publication Date: 1 October 2023
Status: active
Page Count: 18
scope:

To improve cybersecurity posture, automation is necessary to locate the software a device is using, whether that software has known vulnerabilities, and what, if any, recommendations suppliers may have. This memo extends the Manufacturer User Description (MUD) YANG schema to provide the locations of software bills of materials (SBOMs) and vulnerability information by introducing a transparency schema.

Document History

RFC 9472
October 1, 2023
A YANG Data Model for Reporting Software Bills of Materials (SBOMs) and Vulnerability Information
To improve cybersecurity posture, automation is necessary to locate the software a device is using, whether that software has known vulnerabilities, and what, if any, recommendations suppliers may...

References

This document references:
IETF RFC 6020 - YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)
Published by IETF on October 1, 2010
YANG is a data modeling language used to model configuration and state data manipulated by the Network Configuration Protocol (NETCONF), NETCONF remote procedure calls, and NETCONF notifications.
This document references:
IETF RFC 6991 - Common YANG Data Types
Published by IETF on July 1, 2013
This document introduces a collection of common data types to be used with the YANG data modeling language. This document obsoletes RFC 6021.
This document references:
IETF RFC 7231 - Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
Published by IETF on June 1, 2014
The Hypertext Transfer Protocol (HTTP) is a stateless applicationlevel protocol for distributed, collaborative, hypertext information systems. This document defines the semantics of HTTP/1.1...
This document references:
IETF RFC 8520 - Manufacturer Usage Description Specification
Published by IETF on March 1, 2019
This memo specifies a component-based architecture for Manufacturer Usage Descriptions (MUDs). The goal of MUD is to provide a means for end devices to signal to the network what sort of access and...
This document references:
IETF RFC 8615 - Well-Known Uniform Resource Identifiers (URIs)
Published by IETF on May 1, 2019
Abstract This memo defines a path prefix for "well-known locations", "/.well-known/", in selected Uniform Resource Identifier (URI) schemes. In doing so, it obsoletes RFC 5785 and updates the URI...
View Less
View All
Advertisement