Shane Coughlan

The OpenChain Project has a lot of meetings being run by various work groups around the world. We constantly share the outcomes of these meetings in recordings throughout our community, but today we wanted to do something a little different. Let’s dig into a whole workflow through a recent three-part call to action around MarkDown in our reference library.

Our goal was to create a workflow to allow us to transition over time from many, many different file formats to a single, easy to edit and easy to translate file format for our reference material. This would never cover 100% of the material we share, but it could cover a lot, and it would make both contributions and tracking changes a lot easier.

The calls were a success, and ended not only in the guidelines we wanted, but also in providing a core project resource in the new format (our self-certification questionnaire) and facilitating the quick alteration of that document into a new format (our new self-certification checklist).

Learn about precisely how we did it in these three videos recording our calls.

As part of our newly evolved situation with two specifications in market (one ISO/IEC standard for license compliance and one de facto but soon to be ISO/IEC standard for security compliance), our self-certification efforts are ripe for revamp and expansion. 

We took the first step in that direction today (2022-10-05) by creating a version of the Self-Certification Questionnaire for ISO/IEC 5230 in MarkDown based on the material from the existing Self-Certification Web App located on the OpenChain Website. Huge credit to Steve @ Analogue Devices for this work. 

Steve’s initial contribution gives us a super clean and easy way to review and improve the questions for self-certification related to ISO/IEC 5230:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Self-Certification/Questionnaire/ISO5230-2020/en/OpenChain%20Self-Certification%20Questionnaire%202021-11-26.md

It also provides us with a clean way to fork and create a sister self-certification questionnaire for our Security Assurance Specification, the sister standard to ISO/IEC 5230.

Oh wait, but there is more!

On the markdown call today (2022-10-05) we decided that the best structure moving forward is checklist rather than a questionnaire. This is initially identical to the self-certification questionnaire in terms of structure and general wording, but everything is phrased as a statement rather than a question. You can find there here:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Self-Certification/Checklist/ISO5230-2020/en/OpenChain%20Self-Certification%20Checklist%202022-10-05.md

And now we have a call to action. Please help review the checklist and see what you think of the wording for each statement. Is it clear enough? Can you improve it? If you find bugs or opportunities for improvement, please open an issue or a pull request to help make self-certification to ISO/IEC 5230 easier than ever. 

What we do will feed back into the primary website resources, and it will form the basis of new self-certification material for our Security Assurance Reference Specification.

The OpenChain Call to Action series dedicated to break-outs focusing on migrating our reference library to markdown has come to an end. We have seen substantial progress on our goal of ensuring long-term maintainability of the resource library, and in converting key resources into markdown to get us started.

Firstly, you will find updated instructions about our repository here:

https://github.com/OpenChain-Project/Reference-Material/blob/master/README.md

Secondly, you will find contribution guidelines here:

https://github.com/OpenChain-Project/Reference-Material/blob/master/CONTRIBUTING.md

And finally you will find a rolling priority list of resources to be converted here:

https://github.com/OpenChain-Project/Reference-Material/blob/master/markdown-conversion-queue.md

The first major outcome of our activity has been completed with the release of the ISO/IEC 5230 self-certification questionnaire in markdown format here:

https://github.com/OpenChain-Project/Reference-Material/blob/master/Self-Certification/Questionnaire/ISO5230-2020/en/OpenChain%20Self-Certification%20Questionnaire%202021-11-26.md

This allowed us to quickly explore a new structure and build a self-certification checklist here:

https://github.com/OpenChain-Project/Reference-Material/blob/master/Self-Certification/Checklist/ISO5230-2020/en/OpenChain%20Self-Certification%20Checklist%202022-10-05.md

Your help in reviewing this material, in converting new material and in suggesting improvements to our processes is always welcome. We are now turning this activity over to the Education Work Group, and you will find that here:

https://lists.openchainproject.org/g/education

We recently held two calls to review feedback from ISO/IEC WG/SC27 on our recently completed OpenChain Security Assurance Specification. These calls provided feedback ahead of our formal submission into the JTC-1 PAS Transposition Process. Below the video you will find the full guidance provided to our community during this review process. The end result can be found in the OpenChain Security Assurance Specification 1.1, which has now been handed over to Joint Development Foundation (JDF) for entry into the JTC-1 PAS Transposition Process during October.

For reference, here is the full guidance provided to the OpenChain community during these recorded review calls:

ISO/IEC WG/SC27 (security) has provided some feedback on the OpenChain Security Assurance Specification 1.0 for our review. Our review cycle runs from now until October 4th and you can get started on checking their comments via our issue tracker here:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues
(This review cycle was closed early as all comments were address by the conclusion of the second call on 29th of September)

We are providing some guidance on the review of these comments and suggestions.

(1) Our specification was completed after a multi-month process in March 2022, and it was ratified by our board for ISO/IEC JTC-1 PAS submission on the 14th of September 2022
(2) Therefore OpenChain Security Assurance Specification 1.0 is functionally complete
(3) We should review the ISO/IEC WG comments with this perspective
(4) We are looking for editorial adjusts for clarity and errors
(5) We are not looking to change the scope or function of OpenChain Security Assurance Specification 1.0 or any immediate clarity / error adjusted successor
(6) This is because we want to proceed with our JTC-1 PAS submission as approved by the OpenChain Governing Board
(7) But we can place any comments for scope and function adjustment into a deferred status
(8) And we will return to them for discussion around inclusion in OpenChain Security Assurance Specification 2.0