OpenChain ISO/IEC 18974:2023 - Security Assurance
OpenChain ISO/IEC 18974:2023 defines the key requirements of a quality open source security assurance program.
What Does It Do?
From OpenChain's Website:
ISO/IEC 18974:2023 helps organizations check open source for known security vulnerability issues like CVEs, GitHub dependency alerts or package manager alerts. It identifies:
- The key places to have security processes
- How to assign roles and responsibilities
- How to ensure sustainability of the processes
ISO/IEC 18974 is lightweight, easy to read and is supported by our global community with free reference material and conformance resources. Pending a successful ballot, it is expected to become a formal ISO/IEC International Standard in mid-2023.
Further Reading
OpenChain ISO/IEC 18984:2023 English version 2.1 in markdown. Other languages / versions available.
An Online Self-Certification Checklist an interactive checklist, with option to self-certify publicly on the OpenChain website.
SBOM primer.