A YANG Data Model for Reporting Software Bills of Materials and Vulnerability Information
RFC 9472, “A YANG Data Model for Reporting Software Bills of Materials and Vulnerability Information”, is a Proposed Standard document published in October 2023 by E. Lear, S. Rose. The canonical text is published by the RFC Editor.
Abstract
To improve cybersecurity posture, automation is necessary to locate the software a device is using, whether that software has known vulnerabilities, and what, if any, recommendations suppliers may have. This memo extends the Manufacturer User Description (MUD) YANG schema to provide the locations of software bills of materials (SBOMs) and vulnerability information by introducing a transparency schema.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9472 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9473 A Vocabulary of Path Properties
- RFC 9471 DNS Glue Requirements in Referral Responses
- RFC 9474 RSA Blind Signatures
- RFC 9470 OAuth 2.0 Step Up Authentication Challenge Protocol
- RFC 9475 Messaging Use Cases and Extensions for Secure Telephone Identity Revisited
- RFC 9469 Applicability of Ethernet Virtual Private Network to Network Virtualization over Layer 3 Networks
- RFC 9476 The .alt Special-Use Top-Level Domain
- RFC 9468 Unsolicited Bidirectional Forwarding Detection for Sessionless Applications