OpenChain Security Assurance Specification 1.0 now available


 

Dear all

The OpenChain Security Assurance Specification 1.0 is now available:
https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security-Assurance-Specification/1.0/en/openchain-security-specification-1.0.md

This specification is built from the Security Assurance Reference Guide 2.0 (Release Candidate 1) published on 2022-03-28. That completed reference specification document went through a final approval process via editing on our specification list and calls, before graduating to a governing board vote to transform into this published security specification on 2022-09-14.

We will now proceed to ISO/IEC JTC-1 PAS submission with an estimated completion date of circa mid-2023. In the meantime, our security assurance specification is ready for market adoption as a de facto standard.

Over the next couple of weeks we have some time for sanity-checks and minor adjustments. I would like to begin that process today.

There are two tasks for the community:

(1) Check our Security Assurance Specification 1.0 against the Security Assurance Reference Guide 2.0 (Release Candidate 1) to ensure Sections 1, 2 and 3 match. You can find the Security Assurance Reference Guide 2.0 (Release Candidate 1) here:
https://github.com/OpenChain-Project/Security-Assurance-Specification/tree/main/Security-Assurance-Guide-Depreciated/2.0

(2) Check the OpenChain Security Assurance Specification 1.0 for any typographical errors that have snuck through our existing editing process. You can find the document linked at the start of this email or here:
https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security-Assurance-Specification/1.0/en/openchain-security-specification-1.0.md

This email constitutes a soft launch for this specification. Over the next few days we will start broader distribution of this news, including on social media and via blog posts. However, you can begin sharing it immediately with your teams and peers.

Please note: the scope of this reference specification may expand over time based on community feedback. However, comments and notes should be confined to the existing scope at this juncture. Our specification is complete barring minor adjustments for readability, editing and clarity.

Regards

Shane


Shane Coughlan
General Manager, OpenChain
e: scoughlan@...
p: +81 (0) 80 4035 8083
w: www.linuxfoundation.org

Schedule a call:
https://meetings.hubspot.com/scoughlan

Join main@lists.openchainproject.org to automatically receive all group messages.