As part of my contribution to an action item related to monitoring SCAP (Security Content Automation Protocol), I wanted to make known that a new working group has been proposed within the IETF, currently named "SACM"
The proposed working group is currently just a "BOF", and is still under consideration.
However, there is a mailing list created for discussion. You can subscribe to the list by visiting this link: https://www.ietf.org/mailman/listinfo/sacm
The description of the list is included below:
This list is for discussions relating to the applicability of the SCAP content formats to current and emerging IETF protocols. Current SCAP specifications and Internet use scenarios are in scope for this discussion list. Current SCAP specifications include the Common Configuration Enumeration (CCE), Common Vulnerability Evaluation (CVE), Common Platform Enumeration (CPE), Open Vulnerability and Assessment Language (OVAL), and Extensible Configuration Checklist Description Format (XCCDF).
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...