shanecoughlan
commented
4 months ago Sounds like something for reference material, as per call 2024-06-18, talk with stakeholders - especially Steering Committee.
Closed szlin closed 4 months ago
shanecoughlan
commented
4 months ago Sounds like something for reference material, as per call 2024-06-18, talk with stakeholders - especially Steering Committee.
There are various methods by which organizations could comply with the requirements specified in OpenChain security specification 1.1. Therefore, I think it would be great to have the maturity model set benchmarks for meeting these requirements. The objective of the maturity levels is to provide an organization with a benchmark to define its readiness to use its processes and procedures to design and implement a real case.
The maturity levels provide more details on how an organization has met these requirements and clarify the supply chain ecosystem. Using these benchmarks, an organization may find that it is not ready to implement all requirements to the same level of maturity.
Nowadays, the Capability Maturity Model Integration (CMMI) for Development (CMMI-DEV) model [1] and IEC 62443-4-1 Security for industrial automation and control systems - Part 4-1: Secure product development lifecycle requirements [2] contain several maturity levels in the standard, as shown below [2].
[1] https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=9661 [2] https://webstore.iec.ch/publication/33615