Oops accidently hit send. Here is a more complete version.
Congrats on reaching public review of CACAO. I would like to call your attention to the
SBOM / OpenC2 / SCAPv2 / IACD / CACAO / OCA / MUD /DBOM
virtual Proof-of-Concept(Poc)/Plugfest/Hackathon that is open to all and I feel is a good opportunity to show the value of CACAO to a wider community. Since that name is too long, those of us participating to date have been calling it the SBOM PoC.
The purpose is to show the value of automated cyber defense, which is best shown using usecases involving all aspects of the security infrastructure showcasing many concepts. More information may be found at
https://github.com/oasis-tcs/openc2-usecases/blob/master/SBOM-PoC/README.md . I would like to use CACAO as the playbooks for the scenarios and use cases in the PoC, but I could use some help. And I suspect members of this community have some tools/products
that could be showcases as part of the PoC.
Google has provided $60k of GCP credits in support of OpenC2 in the PoC. Participate in the plugfest and learn how to take advantage of this. There are currently 13 organizations participating. The previous
OpenC2 plugfest/hackathon involved 28 organizations from 3 countries and the expectation is this will be larger. Note that the work is done transparently (e.g. no NDA s) which solves some problems and introduces
others. I d be happy to talk details with anyone considering participating.
Summer is drawing to a close and the plugfest is kicking into a higher gear. Work has started and will culminate in an all-day meetup on Oct-28th. For more information on how to participate, see
https://github.com/oasis-tcs/openc2-usecases/blob/master/SBOM-PoC/README.md .
Please consider participating.
Duncan Sparrell
sFractal Consulting LLC
iPhone, iTypo, iApologize
I welcome VSRE emails. Learn more at
http://vsre.info /