OpenChain-Project/Security-Assurance-Specification

NOASSERTION

Issues

[Improvement] SMK10 - Suggested addition of documented review process
#13 opened 6 months ago by shanecoughlan
4
Scope Suggestions from Expert RU/OP on OpenChain Security Assurance Specification 1.0 (WG3 N2348) 2022-09-17
#5 opened 6 months ago by shanecoughlan
7
Comments on OpenChain security specification 1.1 - Maturity model consideration
#11 opened 6 months ago by szlin
1
[Improvement] Expand definitions section for (1) Secure Software Development to include Secure Programming Techniques and (2) Security Testing to include Static and Dynamic
#36 opened 7 months ago by shanecoughlan
14
[New Material] What is a quality or complete SBOM for licensing or security use cases?
#32 opened 9 months ago by shanecoughlan
8
Add triage entry to specific situations where vulnerability not appliable
#29 opened 9 months ago by heliocastro
10
[Improvement] ZA/NM05 - Proposed rewording for 3.1.5
#18 opened 9 months ago by shanecoughlan
6
[Improvement] SMK15 - First bullet of 3.1.5 seems to be asking for more than Known Vulnerabilities
#15 opened 9 months ago by shanecoughlan
0
[Improvement] SMK20 - Customer agreement ask may be too much
#16 opened 9 months ago by shanecoughlan
1
[Improvement] Change review period to 12 months to align with ISO 17021 for certification of management systems
#35 opened a year ago by shanecoughlan
6
[Improvement] SMK24 - Check if time limits are consistent
#17 opened a year ago by shanecoughlan
4
[Bug] "Scope" section mixed with Definitions in earlier edit cycle
#33 opened a year ago by shanecoughlan
4
[Improvement] SMK04 - Adjustment to Language
#12 opened a year ago by shanecoughlan
1
[Improvement] Adjust SBOM definition to align with Licensing Spec 3.0
#31 opened a year ago by shanecoughlan
4
[Improvement] Align "Terms and Definitions" in Section 2 with Licensing Spec 3.0
#30 opened a year ago by shanecoughlan
6
[Improvement] Clarify Stated Purpose (Github) and Scope (specification)
#28 opened 2 years ago by shanecoughlan
2
[Improvement] SMK13 - Add program objectives
#14 opened 2 years ago by shanecoughlan
7
[Improvement] Comments on the Known Vulnerability in the proposed Security Assurance Specification
#19 opened 2 years ago by szlin
4
[Improvement] Clarifying the "Get Customer" requirement in Section 3.3.2 to make the logic clearer
#27 opened 2 years ago by shanecoughlan
2
[Improvement] Revisit Definitions 2.7 - Open Source
#20 opened 2 years ago by shanecoughlan
5
[Improvement] CERT #2 - Please add definitions for “remediate” and “mitigate”
#22 opened 2 years ago by shanecoughlan
4
[Improvement] Include "mitigation" in Section 3.3.2 - Security Assurance
#26 opened 2 years ago by shanecoughlan
1
[Improvement] Include "remediation" and "mitigation" in Section 3.1.5 - Standard Practice Implementation
#25 opened 2 years ago by shanecoughlan
1
[Improvement] CERT #3 - Under the Competence category, add requirements
#23 opened 2 years ago by shanecoughlan
2
[Improvement] CERT #4 - Add references to ISO/IEC Standards
#24 opened 2 years ago by shanecoughlan
2
Scope Suggestions from Expert CERT on OpenChain Security Assurance Specification 1.0 (WG3 N2348) 2022-09-07
#6 opened 2 years ago by shanecoughlan
5
Editorial Suggestions from Expert ZA/NM on OpenChain Security Assurance (WG3 N2348) 2022-09-08
#4 opened 2 years ago by shanecoughlan
4
Various comments
#8 opened 2 years ago by stephenkilbaneadi
6
Comments on the proposed Security Assurance Specification
#9 opened 2 years ago by jeff-luszcz
5
TOC would be possible, but there are blocking items
#10 opened 2 years ago by kappapiana
2
Commentary on architecture-based and model-based approach for developing the security and the assurance for a generic OpenSource Supply Chain
#7 opened 2 years ago by shanecoughlan
1
Security Assurance Reference Guide 2.0 / Specification Release Candidate 1 - Defining SBOM
#2 opened 2 years ago by shanecoughlan
1
Security Assurance Reference Guide 2.0 DRAFT - Defining Security Testing
#3 opened 2 years ago by mrybczyn
1