Supply Chain Integrity, Transparency, and Trust at the IETF .
The IETF (The Internet Engineering Task Force) is proposing new work on Supply Chain Integrity, Transparency, and Trust.
From the Charter: "...The Supply Chain Integrity, Transparency, and Trust (SCITT) work forms a set of interoperable building blocks that will allow implementers to build integrity and accountability into supply chain systems to help assure trustworthy operation. For example, a public computer interface system could report its software composition that can then be compared against known software compositions or certifications for such a device thereby giving confidence that the system is running the software expected and has not been modified, either by attack or accident, in the supply chain..."
The Proposed WG has as action point: "Standardize the technical flows for providing information about a software supply chain, which also includes firmware, and covering the essential building blocks that make up the architecture."
Mailing List for subscription: https://www.ietf.org/mailman/listinfo/scitt
The IETF participation is open to any interested individual