OpenChain Security Assurance Specification
Conformance with OpenChain ISO 5230:2020 for open source licence compliance requires the generation of a software bill of materials (SBOM) for each item of supplied software covered by the project. The SBOM is critical to understanding licence compliance, but it can also be used as a tool to assist with vulnerability management.
As a natural extension to ISO 5230:2020 the OpenChain Project is developing an optional extension of the OpenChain Specification covering Security Assurance. Orcro fully supports this development, and is a actively involved in the project. Many existing clients are also preparing for potential adoption of the standard, and we are hopeful that the extension will become its own ISO Standard in due course, and are actively involved in the process.
For more information, contact Andrew Katz: andrew.katz@orcro.co.uk. You can see the specification itself here.