We had a fantastic meeting focused on editing previously submitted scope suggestions from ISO/IEC WG/SC 27 (Information Technology Security). This time we went over issues submitted by reviewer CERT. In addition to this, we closed an open issue syncing the definition of Open Source between the licensing (ISO 5230) and security specifications.
Co-chairs Helio and Chris lead the discussion, and we had some great contributions from the audience. It is clear that there is significant interest in reviewing the draft 3rd generation licensing standard and 2nd generation security standard. You are reminded that everyone is invited to participate on the monthly calls and via our main or specification mailing lists.
Specifically..
We closed this open source definition issue:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/20
We set this action item based on a suggestion by CERT:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/22
We decided not to pursue this suggestion by CERT:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/23
We decided not to pursue this suggestion by CERT:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/24