用于报告软件物料清单（SBOM）和漏洞信息的 YANG 数据模型

RFC Pub Date : 2023-10-01 DOI:10.17487/rfc9472

E. Lear, Scott Rose

{"title":"用于报告软件物料清单（SBOM）和漏洞信息的 YANG 数据模型","authors":"E. Lear, Scott Rose","doi":"10.17487/rfc9472","DOIUrl":null,"url":null,"abstract":"To improve cybersecurity posture, automation is necessary to locate the software a device is using, whether that software has known vulnerabilities, and what, if any, recommendations suppliers may have. This memo extends the Manufacturer User Description (MUD) YANG schema to provide the locations of software bills of materials (SBOMs) and vulnerability information by introducing a transparency schema.","PeriodicalId":21471,"journal":{"name":"RFC","volume":"5 1","pages":"1-18"},"PeriodicalIF":0.0000,"publicationDate":"2023-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A YANG Data Model for Reporting Software Bills of Materials (SBOMs) and Vulnerability Information\",\"authors\":\"E. Lear, Scott Rose\",\"doi\":\"10.17487/rfc9472\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"To improve cybersecurity posture, automation is necessary to locate the software a device is using, whether that software has known vulnerabilities, and what, if any, recommendations suppliers may have. This memo extends the Manufacturer User Description (MUD) YANG schema to provide the locations of software bills of materials (SBOMs) and vulnerability information by introducing a transparency schema.\",\"PeriodicalId\":21471,\"journal\":{\"name\":\"RFC\",\"volume\":\"5 1\",\"pages\":\"1-18\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"RFC\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.17487/rfc9472\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"RFC","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17487/rfc9472","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

为改善网络安全态势，有必要实现自动化，以查找设备正在使用的软件、该软件是否存在已知漏洞，以及供应商可能提出的建议（如有）。本备忘录扩展了制造商用户描述（MUD）YANG 模式，通过引入透明度模式来提供软件物料清单（SBOM）的位置和漏洞信息。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A YANG Data Model for Reporting Software Bills of Materials (SBOMs) and Vulnerability Information

To improve cybersecurity posture, automation is necessary to locate the software a device is using, whether that software has known vulnerabilities, and what, if any, recommendations suppliers may have. This memo extends the Manufacturer User Description (MUD) YANG schema to provide the locations of software bills of materials (SBOMs) and vulnerability information by introducing a transparency schema.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

RFC

自引率

0.00%

发文量