Security Assurance
The focus was on developing the Draft Security Assurance Specification 2.0, which may become an update to ISO/IEC 18974:2023 over time.
We closed the following issues:
[Improvement] ZA/NM05 – Proposed rewording for 3.1.5https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/18
Add triage entry to specific situations where vulnerability not applicable
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/29
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/32
We opened the following issues:
Expand definitions section for (1) Secure Software Development to include Secure Programming Techniques and (2) Security Testing to include Static and Dynamic
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/36
License Compliance
We also had a look at the Draft License Compliance Specification 3.0, which may become an update to ISO/IEC 5230:2020 over time.
We closed the following issues:
3.8 supplied software – for discussion in subsequent iteration
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/40
We have additional work to do on the following issues:
Verification Material For Training – next iteration
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/38
