Closed sparrell closed 2 years ago
Duncan advocates that it be beyond scope at least for now. We may want to consider hardware within PACE scope eventually, but I believe the focus should be on software for the foreseeable future. However is someone has software to contribute on hardware PACE, we could reconsider.
Will defer for the time being - 02/14/2022
Should we add text somewhere saying "Hardware BOMs are currently out-of-scope"? Where should be put these resolutions of our scope issues? Note that once we put text somewhere, we can close this issue with a link to the PR that has the text. Put we shouldn't close this issue until then.
Added to FAQ at the 4/25/2022 PACE meeting
There can be hardware vulnerabilities as well as other aspects of hardware affect the security posture. Is hardware bill of materials in scope for PACE?