Definition of product

[wurstbrot]

Hi,

the product in CSAF might only be a library. Therefore, I feel it should be named component. Which is more generic.

As product is used a lot, a renaming might not be (easily) possible. Therefore, I recommend to update the definition from

product: is any deliverable (e.g. software, hardware, specification,...) which can be referred to with a name. This applies regardless of the origin, the license model, or the mode of distribution of the deliverable.

to:

product: is any deliverable (e.g. software, software libraries, hardware, specification,...) which can be referred to with a name. This applies regardless of the origin, the license model, or the mode of distribution of the deliverable.

Depending on the definition of software, you can argue library is included, already. But to point it out would be good because I thought it is an application until digging deeper in the CSAF specification.

[tschmidtb51]

@wurstbrot Thank you for your contribution.

As "a product is defined as any deliverable which can be referred to with a name", I don't think that component would be a good fit. Would you for example refer to ISO 27001 as component? To me, a component is a part - so renaming might confuse other people who then ask where to put their final products...

Nevertheless, the TC will consider you suggestion.

[wurstbrot]

I agree that component wouldn't match and product is sufficient.

I personally, taking your comment into account, would call it artifact (which is a bit more technical and commonly used in software development and engineering contexts).