Skip to main content

Tell Us About Your Conformance

OpenChain Security Assurance 1.1

The OpenChain Security Assurance Specification 1.1 is intended to identify and describe the key requirements of a quality Security Assurance Program in the context of using Open Source Software. It focuses on a narrow subset of primary concern: checking Open Source Software against publicly known security vulnerabilities like CVEs, GitHub/GitLab vulnerability reports, and so on.

You can adopt the OpenChain Security Assurance Specification 1.1 by self-certification in your own time or working with a service provider for independent assessment or third-party certification. Our recommended path is self-certification and we provide this form to support this with a series of "yes" or "no" statements. If you can answer "yes" to everything, you are self-certified. If you answer "no" to some items, you know where to invest further time to build a quality program.

"*" indicates required fields

Section 3.1.1*
Section 3.1.2*
Section 3.1.3*
Section 3.1.4*
Section 3.1.5*
Section 3.2.1*
Section 3.2.2*
Section 3.3.1*
Section 3.3.2*
Section 3.4.1*
Section 3.4.2*
Can We List You On Our Website?
This field is for validation purposes and should be left unchanged.