OpenChain Security Draft Spec - Security Best Practice Modeling


Asking for feedback on a recent note. Does your organization have a similar approach?

For the Vulnerabilities reporting some organizations have an established Security defects data visibility policy in conjunction with an automated internal alert system. These incorporate e2e processes to seek vulnerabilities information from both external sources (such as NVD - as well as internal vulnerabilities detection / analysis mechanisms. These are then fed back to the Product Development process via a continuous feedback loop that can serve as a sample model.