Is Hardware BOM within in PACE scope?

opencybersecurityalliance / PACE

Posture Attribute Collection and Evaluation

Other

23 stars 4 forks source link

Is Hardware BOM within in PACE scope? #29

Closed sparrell closed 2 years ago

sparrell commented 2 years ago

There can be hardware vulnerabilities as well as other aspects of hardware affect the security posture. Is hardware bill of materials in scope for PACE?

sparrell commented 2 years ago

Duncan advocates that it be beyond scope at least for now. We may want to consider hardware within PACE scope eventually, but I believe the focus should be on software for the foreseeable future. However is someone has software to contribute on hardware PACE, we could reconsider.

slarchacki22 commented 2 years ago

Will defer for the time being - 02/14/2022

sparrell commented 2 years ago

Should we add text somewhere saying "Hardware BOMs are currently out-of-scope"? Where should be put these resolutions of our scope issues? Note that once we put text somewhere, we can close this issue with a link to the PR that has the text. Put we shouldn't close this issue until then.

slarchacki22 commented 2 years ago

Added to FAQ at the 4/25/2022 PACE meeting