You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
the product in CSAF might only be a library. Therefore, I feel it should be named component. Which is more generic.
As product is used a lot, a renaming might not be (easily) possible. Therefore, I recommend to update the definition from
product: is any deliverable (e.g. software, hardware, specification,...) which can be referred to with a name. This applies regardless of the origin, the license model, or the mode of distribution of the deliverable.
to:
product: is any deliverable (e.g. software, software libraries, hardware, specification,...) which can be referred to with a name. This applies regardless of the origin, the license model, or the mode of distribution of the deliverable.
Depending on the definition of software, you can argue library is included, already. But to point it out would be good because I thought it is an application until digging deeper in the CSAF specification.
The text was updated successfully, but these errors were encountered:
As "a product is defined as any deliverable which can be referred to with a name", I don't think that component would be a good fit. Would you for example refer to ISO 27001 as component? To me, a component is a part - so renaming might confuse other people who then ask where to put their final products...
Nevertheless, the TC will consider you suggestion.
I agree that component wouldn't match and product is sufficient.
I personally, taking your comment into account, would call it artifact (which is a bit more technical and commonly used in software development and engineering contexts).
Hi,
the
product
in CSAF might only be a library. Therefore, I feel it should be namedcomponent
. Which is more generic.As
product
is used a lot, a renaming might not be (easily) possible. Therefore, I recommend to update the definition fromto:
Depending on the definition of software, you can argue library is included, already. But to point it out would be good because I thought it is an application until digging deeper in the CSAF specification.
The text was updated successfully, but these errors were encountered: