Software Component Verification Standard
  • Cover
  • Frontispiece
  • Preface
  • Using SCVS
  • Assessment and Certification
  • V1 Inventory
  • V2 Software Bill of Materials
  • V3 Build Environment
  • V4 Package Management
  • V5 Component Analysis
  • V6 Pedigree and Provenance
  • Guidance: Open Source Policy
  • Appendix A: Glossary
  • Appendix B: References
Powered by GitBook
On this page
  • OWASP Projects
  • Community Projects
  • Others
  • SBOM Formats

Appendix B: References

The following resources may be useful to users and adopters of this standard:

OWASP Projects

  • OWASP Packman

  • OWASP Software Assurance Maturity Model (SAMM)

Community Projects

  • Open Source Security Foundation - Threats, Risks, and Mitigations in the Open Source Ecosystem

Others

  • InnerSource

  • Cybersecurity Maturity Model Certification (CMMC)

  • NIST 800-53 Security and Privacy Controls for Federal Information Systems and Organizations

  • NIST 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations

  • NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

  • NTIA Documents on Software Bill of Materials

  • Model Procurement Contract Language Addressing Cybersecurity Supply Chain Risk

  • Guide on Cybersecurity Procurement Language in Task Order Requests for Proposals for Federal Facilities

  • Energy Sector Control Systems Working Group (ESCSWG)

SBOM Formats

  • CycloneDX

  • SPDX

  • SPDX XML

  • ISO/IEC 19770-2:2015 (SWID)

PreviousAppendix A: Glossary

Last updated 4 years ago