Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Back to "transparency and trust" from "security" #23

Merged
merged 2 commits into from
Sep 5, 2022
Merged

Back to "transparency and trust" from "security" #23

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
737b1b9
Back to "transparency and trust" from "security"
JAG-UK Sep 2, 2022
a3d0178
Address editorial comments
JAG-UK Sep 5, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions ietf-scitt-charter.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,7 @@ Over the years, rapid technological advancements have motivated organizations to
While these improvements help organizations increase efficiency and swiftly bring innovations to market, the rapid increase in scale, size, and complexity of supply chains has led to more frequent and sophisticated supply chain attacks.
The traditional methods of safeguarding supply chains (e.g., pre- and post-audit methodologies) are no longer adequate.

The output of the SCITT WG is a set of standards that define the essential building blocks enabling the security of supply chain systems and assisting implementers in securing deployments.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this sentence:

The output of the SCITT WG is a set of standards that define the essential building blocks enabling the security of supply chain systems

For example, a public computer interface system could report its software composition, which can be compared against known software compositions for such a device, as recorded in an append-only transparent registry.
Therefore, providing an individual using the system with confidence that it will behave as and when expected, consistently and without deviation.
SCITT forms a set of interoperable building blocks that will allow implementers to build integrity and accountability into supply chain systems to help assure trustworthy operation. For example, a public computer interface system could report its software composition that can then be compared against known software compositions (and certifications?) for such a device thereby giving confidence that the system is running the software expected and has not been modified, either by attack or accident, in the supply chain.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To address Orie's comment, how about this:

The output of the SCITT WG is a set of interoperable building blocks that will allow implementers to build integrity and accountability into supply chain systems to help assure trustworthy operation.

Instead of this...

SCITT forms a set of interoperable building blocks that will allow implementers to build integrity and accountability into supply chain systems to help assure trustworthy operation.

Otherwise, I agree with this change.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm good with that proposed language.

@henkbirkholz is this language ok for a charter?

I like the ideal of being a bit concrete about what we intend to deliver.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only a few editorial requests:

  • the 2nd sentence now is pretty long and should be split
  • "(and certifications?)" cannot stay, either remove it or incorporate it as "or certifications"

Otherwise I am okay with the suggested change, the core of the message remains unchanged.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All addressed in update #2. @henkbirkholz are you happy to merge?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am happy with Kay's proposal and will incorporate!


Problem Statement
=================
Expand Down