The OpenChain Security Assurance Specification 1.0 is now available. This is the result of over one year of work throughout the global OpenChain community. Access the specification and lend a hand with next steps here:
https://www.openchainproject.org/featured/2022/09/22/openchain-security-assurance-specification-1-0-now-available

Next Steps

We will proceed to ISO/IEC JTC-1 PAS submission with an estimated completion date of circa mid-2023. In the meantime, our security assurance specification is ready for market adoption as a de facto standard.

Prior to the ISO/IEC JTC-1 PAS submission, we have some time for sanity-checks and minor adjustments. We begin that process today and will complete it on October 4th 2022 (2022-10-04).

There are two tasks for the community ahead of that date:
• Check our Security Assurance Specification 1.0 against the Security Assurance Reference Guide 2.0 (Release Candidate 1) to ensure Sections 1, 2 and 3 match. You can find the Security Assurance Reference Guide 2.0 (Release Candidate 1) here:
https://github.com/OpenChain-Project/Security-Assurance-Specification/tree/main/Security-Assurance-Guide-Depreciated/2.0

• Check the OpenChain Security Assurance Specification 1.0 for any typographical errors that have snuck through our existing editing process. You can find the document linked at the start of this email or here:
https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security-Assurance-Specification/1.0/en/openchain-security-specification-1.0.md

You can submit issues highlighting areas you would like review on our GitHub respository. Please note, due to this being a specification, we will only accept issues for discussion. We will not accept pull requests or remixes of any sort.

In the coming days we will have broader distribution of the specification launch, including on social media and via blog posts. However, you can begin sharing it immediately with your teams and peers.