[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Working to consensus - a change to the schedule for the 3T-SBOM efforts
- To: CISQ SBOM List <sbom@omg.org>
- Subject: Working to consensus - a change to the schedule for the 3T-SBOM efforts
- From: "Martin, Robert A." <ramartin@mitre.org>
- Date: Fri, 8 Nov 2019 18:13:38 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.org; h=from:subject:to:message-id:date:mime-version:content-type:content-transfer-encoding; s=selector1; bh=U25LWSr0vsyRdQrRvzYkddHs5Gx8rcycEK+527mi7IY=; b=cuwOKQsbtEbVnPRftI+MIMfwRKuqQ0D3UC309QrW3x821E1QVjO6upApfQwhNz6NRQymryaM0EUOWbnBMSNAqgoRpXAZGPuKWl226NNJo6ez2268XOI3hTylMXB6Lv69RZQCFEFXyjl5IU+Nea9zh5OGIFI5H5EWZODoi5LsphA=
- Organization: MITRE
- User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.1.1
Hi Everyone,
Thank you all for participating in the 3T-SBOM working group.
In just six short weeks we have covered much ground together. We have
doubled the number of participants, we have learned how to create UML
models and XMIs, we have created a web page, a Google drive folder and a
GitHub repository. We have ongoing weekly meetings with healthy
attendance. We are consolidating the work of a number of existing
efforts. We have been working hard toward a draft specification
submission on 11/11.
It is on this last point that this email will be the focus. After
discussions with a number of you and also among the co-chairs, we have
decided to delay the submission of the SBOM draft specification.
Previous target:
• Submission: November 11, 2019
• Architecture Board Review: December 9, 2019 at the
OMG Long Beach meeting
New target:
• Submission: February 24, 2020 <<Bob, please verify>>
• Architecture Board Review: March 23, 2020 at the
OMG Reston meeting
In evaluating this decision, we considered both the quality of the
specification and the quality of the process. Here is what we found:
• The quality of the specification was good. For this we give a
heartfelt thanks especially to Philippe-Emmanuel. Over the past 6
weeks he has invested generous time and thoughtful attention to
generating the model, and automating the documentation and
illustrations.
• The quality of the process was not. Working group members had concerns
about the model, and they felt those concerns were not heard. They
were hearing from the co-chairs that there would be time to address
concerns during the Request for Comment (RFC) period. They were
feeling that because their concerns weren’t heard during the design
phase it was likely they would not be heard during the RFC comment
period. They let us know. We appreciate that they did and we are
listening and taking action.
When we met in Nashville, we knew the November 11 date would be a
stretch but at that point we all agreed we should try to meet it but we
all would also be satisfied if we met the February date. So now we plan
to refocus our effort to target the February submission date, with the
following mileposts as a guide.
• Weekly meetings between now and December 10/11 – Discuss concerns, and
also identify the user scenarios and technical requirements upon which
we will design and gate our February submission.
• Face-to-Face meeting December 10/11 – work through the details of a
model that satisfies our user scenarios and technical requirements.
• Holiday vacations
• January to February, complete the work to prepare for an RFC
specification submission for the March meeting in Reston VA.
Thank you again for being part of this effort. Our work will be the
basis of software transparency, quality, reliability and security for
generations to come.
Sincerely,
the co-chairs,
Bob Martin, MITRE
Bill Curtis, CISQ
Kay Williams, Microsoft