search

oasis-tcs / openeox

OASIS OpenEoX TC: The purpose of this repository is to support version control for Work Product artifacts developed by members of the OASIS OpenEoX TC, including prose specification editing and secondary artifacts like meeting minutes, productivity code, etc.
Other
9 stars 5 forks source link

Enhance the schemas to support the original proposal of integration with CSAF, VEX, and SBOMs #16

Open santosomar opened 2 months ago

santosomar commented 2 months ago

By potentially integrating with SBOMs and CSAF/VEX documents, OpenEoX enables organizations to incorporate end-of-life and end-of-support information into existing security and compliance workflows. This harmonization ensures that lifecycle information is part of the broader picture when assessing the security and viability of software and hardware components.

A standalone schema also makes it flexible and adaptable to a variety of environments. OpenEoX can be adopted widely without requiring extensive system overhauls.

image
tschmidtb51 commented 2 months ago

I think this is already addressed with the suggestion from #10

Nevertheless, as it is not a part of #14 and #15 it is good to track that goal.