This standard provides guidance for and requirements on the management of open source software security. Software providers play an important role in software supply chains. The standard defines security requirements for the entire open source software process ranging from development, introduction to delivery. The standard addresses five aspects of open source software management: 1. Establishment of a related organization and rules. 2. Open source software assets and their security evaluation. 3. Secondary aspects such as compliance with licenses. 4. Outsourcing. 5. Deliverables management, such as the bill of materials of software deliverables and software version management.
- Sponsor Committee
- C/CPSC - Cybersecurity and Privacy Standards Committee
Learn More About C/CPSC - Cybersecurity and Privacy Standards Committee - Status
- Active PAR
- PAR Approval
- 2023-06-29
Working Group Details
- Society
- IEEE Computer Society
Learn More About IEEE Computer Society - Sponsor Committee
- C/CPSC - Cybersecurity and Privacy Standards Committee
Learn More About C/CPSC - Cybersecurity and Privacy Standards Committee - Working Group
-
SSCS-WG - Software Supply Chain Security Working Group
- IEEE Program Manager
- Tom Thompson
Contact Tom Thompson - Working Group Chair
- Siyu Gao
Other Activities From This Working Group
Current projects that have been authorized by the IEEE SA Standards Board to develop a standard.
No Active Projects
Standards approved by the IEEE SA Standards Board that are within the 10-year lifecycle.
No Active Standards
These standards have been replaced with a revised version of the standard, or by a compilation of the original active standard and all its existing amendments, corrigenda, and errata.
No Superseded Standards
These standards have been removed from active status through a ballot where the standard is made inactive as a consensus decision of a balloting group.
No Inactive-Withdrawn Standards
These standards are removed from active status through an administrative process for standards that have not undergone a revision process within 10 years.
No Inactive-Reserved Standards