Skip to main content

Tell Us About Your Conformance


OpenChain Security Assurance 1.1

The OpenChain Security Assurance Specification 1.1 is intended to identify and describe the key requirements of a quality Security Assurance Program in the context of using Open Source Software. It focuses on a narrow subset of primary concern: checking Open Source Software against publicly known security vulnerabilities like CVEs, GitHub/GitLab vulnerability reports, and so on.

You can adopt the OpenChain Security Assurance Specification 1.1 by self-certification in your own time or working with a service provider for independent assessment or third-party certification. Our recommended path is self-certification and we provide this form to support this with a series of "yes" or "no" statements. If you can answer "yes" to everything, you are self-certified. If you answer "no" to some items, you know where to invest further time to build a quality program.

Section 3.1.1(Required)
Section 3.1.2(Required)
Section 3.1.3(Required)
Section 3.1.4(Required)
Section 3.1.5(Required)
Section 3.2.1(Required)
Section 3.2.2(Required)
Section 3.3.1(Required)
Section 3.3.2(Required)
Section 3.4.1(Required)
Section 3.4.2(Required)
Can We List You On Our Website?
This field is for validation purposes and should be left unchanged.