Re: FINAL REMINDER: OpenChain Security Guidance Document - Last Call
Nicole Pappler
Hi all,
I went through the security addendum, and what I'm now really wondering is, shouldn't we address the existence of the other existing security standards? Like IEC 62443 or ISO 21434? I know we'd like to focus on the open source part, but as realistically there are software components shipped down the supply chain that exist of both open source and added self-developed code, shouldn't we at least add somewhere that people need to be aware of the existing applicatition specific security standards? That they need to evaluate if they are applicable to their scope? Not sure if we should make it a hard requirement, but I'm afraid that completely ignoring existing standards would weaken the OpenChain statement here - as people might say, I have to adhere to to IEC/ISO 62443 anyway, why bother with the OpenChain security addendum at all...
I'd love to discuss this in today's call, but unfortunatly I'm already of to another appointment...
Cheers,
Nicole
Am 10.08.21 um 07:40 schrieb Shane Coughlan:
toggle quoted message
Show quoted text
I went through the security addendum, and what I'm now really wondering is, shouldn't we address the existence of the other existing security standards? Like IEC 62443 or ISO 21434? I know we'd like to focus on the open source part, but as realistically there are software components shipped down the supply chain that exist of both open source and added self-developed code, shouldn't we at least add somewhere that people need to be aware of the existing applicatition specific security standards? That they need to evaluate if they are applicable to their scope? Not sure if we should make it a hard requirement, but I'm afraid that completely ignoring existing standards would weaken the OpenChain statement here - as people might say, I have to adhere to to IEC/ISO 62443 anyway, why bother with the OpenChain security addendum at all...
I'd love to discuss this in today's call, but unfortunatly I'm already of to another appointment...
Cheers,
Nicole
Am 10.08.21 um 07:40 schrieb Shane Coughlan:
We begin in 20 minutes :)
REMINDER: OpenChain Bi-Weekly Work Group Call - 2021-08-10 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST
We are finalizing this document:
https://1drv.ms/w/s!AsXJVqby5kpnkSaMT5WBZwJBONuB
In this Zoom room:
https://zoom.us/j/4377592799
The finished document will be released this week. It will provide context to all users of OpenChain ISO 5230 on application in the context of security.
--
——————————————————————————————————————
Nicole Pappler
email: nicole.pappler@...
mobile: +49 15156078183
PAPPSTARpromotion GmbH
Nürnberger Str. 2
91717 Wassertrüdingen
Germany
Sitz der Gesellschaft: Wassertrüdingen Registergericht: Amtsgericht Ansbach, HRB 7127
Geschäftsführer: Prof. Dr. Andreas Bärwald
http://www.PAPPSTARpromotion.de
——————————————————————————————————————
Nicole Pappler
email: nicole.pappler@...
mobile: +49 15156078183
PAPPSTARpromotion GmbH
Nürnberger Str. 2
91717 Wassertrüdingen
Germany
Sitz der Gesellschaft: Wassertrüdingen Registergericht: Amtsgericht Ansbach, HRB 7127
Geschäftsführer: Prof. Dr. Andreas Bärwald
http://www.PAPPSTARpromotion.de