Active PAR

P3390

Standard for Security Management Capability Framework of Open Source Software Supply Chain for Software Providers

This standard provides guidance for and requirements on the management of open source software security. Software providers play an important role in software supply chains. The standard defines security requirements for the entire open source software process ranging from development, introduction to delivery. The standard addresses five aspects of open source software management: 1. Establishment of a related organization and rules. 2. Open source software assets and their security evaluation. 3. Secondary aspects such as compliance with licenses. 4. Outsourcing. 5. Deliverables management, such as the bill of materials of software deliverables and software version management.

Standard Committee
C/CPSC - Cybersecurity and Privacy Standards Committee
Status
Active PAR
PAR Approval
2023-06-29

Working Group Details

Society
IEEE Computer Society
Standard Committee
C/CPSC - Cybersecurity and Privacy Standards Committee
Working Group
SSCS-WG - Software Supply Chain Security Working Group
IEEE Program Manager
Tom Thompson
Contact Tom Thompson
Working Group Chair
Siyu Gao

Other Activities From This Working Group

Current projects that have been authorized by the IEEE SA Standards Board to develop a standard.


No Active Projects

Standards approved by the IEEE SA Standards Board that are within the 10-year lifecycle.


No Active Standards

These standards have been replaced with a revised version of the standard, or by a compilation of the original active standard and all its existing amendments, corrigenda, and errata.


No Superseded Standards

These standards have been removed from active status through a ballot where the standard is made inactive as a consensus decision of a balloting group.


No Inactive-Withdrawn Standards

These standards are removed from active status through an administrative process for standards that have not undergone a revision process within 10 years.


No Inactive-Reserved Standards
Subscribe to our Newsletter

Sign up for our monthly newsletter to learn about new developments, including resources, insights and more.