Software-Component-Verification-Standard
Software-Component-Verification-Standard copied to clipboard
OWASP
Software Component Verification Standard (SCVS)
I want to translate this standards to Japanese. How can I contribute ? I just translate markdowns in "en/" directories? https://github.com/OWASP/Software-Component-Verification-Standard/tree/master/en
Depends on: #34
The mindmap of the taxonomy currently in development is located: https://drive.google.com/file/d/1Uot5Ntm0NB3kJgHAc7fDtZTleJIhZS2P/view?usp=sharing Use [XMind](https://www.xmind.net/) to view. A preview of the taxonomy is here (may not always be update to date): https://drive.google.com/file/d/1_GIylG4K3mT_TPeGJlIUj4HtouNRgtPQ/view?usp=sharing
lvl 2 and lvl 3 is impossible due to requiring both reproducability and non-reproducability of SBOMs
`2.2 SBOM creation is automated and reproducible` means the SBOM must be reproducible, a good requirement for lvl2 and lvl3. `2.7 SBOM is timestamped` requires a timestamp for every level....
Congrats on the new release! Looks really useful! I do wonder about a few requirements (See below): can you help me understand what they mean? It would be great if...
Possible improvements to the spec would be to map SCVC controls to existing control documents including: * NIST 800-53 * NIST 800-171 * CMMC * OWASP ASVS * OWASP SAMM...
Comments on OWASP “Software Component Verification Standard” by David A. Wheeler Here are my comments on the “Software Component Verification Standard” Version 1.0.0-RC.1 (Public Preview), 16 April 2020, https://owasp-scvs.gitbook.io/scvs/ My...
Software Supply Chain Security become a critical approach for many security programs. Vietnam is also a country that adopts new standards, and processes to enhance their chance in Software Supply...
