We recently held two calls to review feedback from ISO/IEC WG/SC27 on our recently completed OpenChain Security Assurance Specification. These calls provided feedback ahead of our formal submission into the JTC-1 PAS Transposition Process. Below the video you will find the full guidance provided to our community during this review process. The end result can be found in the OpenChain Security Assurance Specification 1.1, which has now been handed over to Joint Development Foundation (JDF) for entry into the JTC-1 PAS Transposition Process during October.
For reference, here is the full guidance provided to the OpenChain community during these recorded review calls:
ISO/IEC WG/SC27 (security) has provided some feedback on the OpenChain Security Assurance Specification 1.0 for our review. Our review cycle runs from now until October 4th and you can get started on checking their comments via our issue tracker here:
(This review cycle was closed early as all comments were address by the conclusion of the second call on 29th of September)
We are providing some guidance on the review of these comments and suggestions.
(1) Our specification was completed after a multi-month process in March 2022, and it was ratified by our board for ISO/IEC JTC-1 PAS submission on the 14th of September 2022
(2) Therefore OpenChain Security Assurance Specification 1.0 is functionally complete
(3) We should review the ISO/IEC WG comments with this perspective
(4) We are looking for editorial adjusts for clarity and errors
(5) We are not looking to change the scope or function of OpenChain Security Assurance Specification 1.0 or any immediate clarity / error adjusted successor
(6) This is because we want to proceed with our JTC-1 PAS submission as approved by the OpenChain Governing Board
(7) But we can place any comments for scope and function adjustment into a deferred status
(8) And we will return to them for discussion around inclusion in OpenChain Security Assurance Specification 2.0