Re: FINAL REMINDER: OpenChain Security Guidance Document - Last Call
Hi all,toggle quoted messageShow quoted text
I went through the security addendum, and what I'm now really wondering is, shouldn't we address the existence of the other existing security standards? Like IEC 62443 or ISO 21434? I know we'd like to focus on the open source part, but as realistically there are software components shipped down the supply chain that exist of both open source and added self-developed code, shouldn't we at least add somewhere that people need to be aware of the existing applicatition specific security standards? That they need to evaluate if they are applicable to their scope? Not sure if we should make it a hard requirement, but I'm afraid that completely ignoring existing standards would weaken the OpenChain statement here - as people might say, I have to adhere to to IEC/ISO 62443 anyway, why bother with the OpenChain security addendum at all...
I'd love to discuss this in today's call, but unfortunatly I'm already of to another appointment...
Am 10.08.21 um 07:40 schrieb Shane Coughlan:
We begin in 20 minutes :)
mobile: +49 15156078183
Nürnberger Str. 2
Sitz der Gesellschaft: Wassertrüdingen Registergericht: Amtsgericht Ansbach, HRB 7127
Geschäftsführer: Prof. Dr. Andreas Bärwald