Software compliance is growing in importance as more software is used in projects and the supply chains are getting wider and deeper.
This affects organizations, people management, individual projects for the engineering phase as well as during operations.
Effective handling of Software Bill of Materials (SBoM), software license handling and organizational setup can be supported by standards such as the ISO/IEC 5230 from the OpenChain project. For open-source security the ISO/IEC 18974 is often used as basis.
Our experiences and qualifications:
- Monitoring large projects for license issues of cybersecurity incidents
- Successful introduction of OpenChain in organizations
- Connecting cybersecurity incident handling with open-source supply chains
