Software transparency refers to the practice of providing comprehensive and easily accessible information about the components and dependencies within a piece of software, how the software was manufactured, and the behaviours observed or attestations made by the organization that developed the software.
This transparency aims to enhance security, compliance, and overall understanding of supply chain risk. A critical tool in achieving software transparency is a Bill of Materials (BOM), a structured list detailing all software components used in an application. Through software transparency, organizations can better manage software vulnerabilities, track open-source components, and foster a more secure and accountable software development and distribution ecosystem. TC54 aims to standardize core data formats, APIs and algorithms around software transparency information. This work intends not to use patents or if so then only royalty free patents. To aid in achieving that objective, this TC is using the Royalty-Free Patent Policy.
Programme of work:
- To develop a standard for the CycloneDX software transparency and Bill of Materials specification.
- To develop a standard for the Transparency Exchange API (Project Koala) for discovering and sharing of software transparency information.
- To develop a standard and guidance for multiple BOM merging algorithms.
- To investigate the further direction of standards in the software transparency space.
- To evaluate and consider proposals for complementary or additional technology.
- Chair: Steve Springett (ServiceNow)
- Vice-Chair: Alyssa Wright (Bloomberg)
- Secretary: Samina Husain (Ecma International)