OpenChain ISO/IEC 18974:2023 - Security Assurance

OpenChain ISO/IEC 18974:2023 defines the key requirements of a quality open source security assurance program.

What Does It Do?

From OpenChain's Website:

ISO/IEC 18974:2023 helps organizations check open source for known security vulnerability issues like CVEs, GitHub dependency alerts or package manager alerts. It identifies:

1. The key places to have security processes
2. How to assign roles and responsibilities
3. How to ensure sustainability of the processes

ISO/IEC 18974 is lightweight, easy to read and is supported by our global community with free reference material and conformance resources. Pending a successful ballot, it is expected to become a formal ISO/IEC International Standard in mid-2023.

Further Reading

• OpenChain ISO/IEC 18984:2023 English version 2.1 in markdown. Other languages / versions available.

• An Online Self-Certification Checklist an interactive checklist, with option to self-certify publicly on the OpenChain website.

• SBOM primer.