Olle E. Johansson
Olle E. Johansson
There is a lot of focus now on "Dependency chain security" - using automated systems to track down known (and possibly exploited) vulnerabilities. In the heart of these systems is...
In the huge "Software dependency chain" discussion there is a lot of talk about evaluating Open Source projects. OpenSSF has developed scorecards and work on this. What kind of competence...
We need to agree on terminology * Avoid key terms used in SBOMs to avoid confusion * Base on existing terminology * Proposal https://niccs.cisa.gov/cybersecurity-career-resources/vocabulary or this: https://csrc.nist.gov/glossary Possibly create a...
Based on discussions in #24 we have to expand the use cases with different stuff that people want to apply TEA on, deliverables that needs a TEI for discovery.
Adding an outline for discussion in our meeting.
Trying to gather thoughts on digital signatures in the TEA collections and for TEA artefacts. Feedback is always welcome!
In a TEA collection we have a number of documents, artefacts, for a given product version. How do we encode type of document? * Media types a la E-mail/HTTP? *...
We need to register the TEI: URN name space with IANA - https://www.rfc-editor.org/rfc/rfc8141.html - https://www.iana.org/assignments/urn-namespaces/urn-namespaces.xhtml#urn-namespaces-1 - https://www.iana.org/assignments/urn-formal/cdx
In the publication side of the API we need to handle that a published artefact may apply to many versions. This means that the same artefact may be part of...