DevHeads.net

Reply to comment

Re: Module metadata proposal

By Steve Grubb at 04/21/2016 - 16:57

Hello,

How does this scheme compare with SWID? All common criteria protection profiles
are calling out for SWID tags. Rather than having to pay for the ISO standard,
NIST has a copy of nearly the same thing here:

<a href="http://csrc.nist.gov/publications/drafts/nistir-8060/nistir_8060_draft_fourth.pdf" title="http://csrc.nist.gov/publications/drafts/nistir-8060/nistir_8060_draft_fourth.pdf">http://csrc.nist.gov/publications/drafts/nistir-8060/nistir_8060_draft_f...</a>

The creation of SWID tags are expected to be done as part of the build
process. But there has to be some metadata that gets fed into build process to
cover things like product name, web site, license, etc.

It would be really good if we can align all of this to support SWID tag
generation.

-Steve

On Thursday, April 21, 2016 04:32:02 PM Petr Ĺ abata wrote:

Reply