Steve Springett
Steve Springett
Per https://twitter.com/ariadneconill/status/1506291663232241679 there's also a need to include build log support in formulation.
@zdtsw I had an intro conversation with Pete Allor a few weeks ago. I'd be really interested in hearing from you (and others) at RedHat about some of the requirements...
I think ML support in CDX will be critical in the near future. Although this bill was just introduced and may or may not pass, there seems to be a...
datasets and their provenance is a confirmed use case that needs to be addressed. Datasets also have licenses. Some are "free", others are commercial, etc. So datasets themselves should reuse...
This might provide a good starting point. https://www.gov.uk/government/collections/algorithmic-transparency-standard
Related thread modeling framework for ML: https://plot4.ai/
https://github.com/mitre/advmlthreatmatrix
I personally favor `https://cyclonedx.org/bom` as it closely aligns to the XSD and JSON Schema of the spec. I am not in favor of predicates that define the content of the...
What might be interesting is if in-toto would adopt BOM predicates specific to lifecycle, similar to how the rest of the world works. For whatever reason, the software industry is...
Indeed, it is misspelled and is an unfortunate mistake along the same lines as http "referer". Duplicate of #57