OpenChain Security Assurance Specification

Overview

This repository holds the official OpenChain Security Assurance Specification releases in English along with community reference translations in multiple languages.

Scope

This document specifies the key requirements of a quality open source security assurance program in order to provide a benchmark that builds trust between organizations exchanging software solutions containing open source software.

License

This specification is licensed under Creative Commons Attribution License 4.0 (CC-BY-4.0). You can submit issues highlighting areas you would like review on our GitHub repository. Due to this being a specification, we will only accept issues for discussion. We will not accept pull requests or remixes. You can get more involved with our work beyond submitting issues via our community calls, mailing lists and events: https://www.openchainproject.org/community

Translations

Reference translations of this specification can be submitted via opening a new issue. Reference translations are licensed under Creative Commons Attribution License 4.0 (CC-BY-4.0). Please make sure to include the names of the people who assisted in the translation to ensure proper attribution.

Translations will be reviewed according to the guidelines in the OpenChain Project FAQ: https://www.openchainproject.org/resources/faq#specification-translation-questions