OpenChain Security Assurance 1.1
The OpenChain Security Assurance Specification 1.1 is intended to identify and describe the key requirements of a quality Security Assurance Program in the context of using Open Source Software. It focuses on a narrow subset of primary concern: checking Open Source Software against publicly known security vulnerabilities like CVEs, GitHub/GitLab vulnerability reports, and so on.
You can adopt the OpenChain Security Assurance Specification 1.1 by self-certification in your own time or working with a service provider for independent assessment or third-party certification. Our recommended path is self-certification and we provide this form to support this with a series of "yes" or "no" statements. If you can answer "yes" to everything, you are self-certified. If you answer "no" to some items, you know where to invest further time to build a quality program.