Skip to main content

Learn More About OpenChain Security Assurance Specification 1.1

What Is This?

The OpenChain Security Assurance Specification defines the key requirements of a quality open source security assurance program.

What Does It Do?

The OpenChain Security Assurance Specification helps organizations check open source for known security vulnerability issues like CVEs, GitHub dependency alerts or package manager alerts.

It identifies:

  1. The key places to have security processes
  2. How to assign roles and responsibilities
  3. And how to ensure sustainability of the processes

The OpenChain Security Assurance Specification 1.1 is lightweight, easy to read and is supported by our global community with free reference material and conformance resources.

Get the Current Standard




Adopt the Standard





Report Your Adoption



Past Versions of the Standard



History

This specification is built from the Security Assurance Reference Guide. It went through a final approval process via editing on our specification list and calls, before graduating to a governing board vote to transform into a published security specification on 2022-09-14.




Improving The OpenChain Security Assurance Specification

The OpenChain Security Assurance Specification 1.1, the industry standard for open source security assurance, is available for everyone to review, adopt and to submit suggestions for improvement. We collect these comments on the OpenChain Security Assurance Specification GitHub Repository. You can add your comments in the “Issues” section.

You can also send questions and feedback to the mailing list or by email to the OpenChain Project administration team if you prefer to remain anonymous.