OSIM: Open Supply-Chain Information Modeling TC
TC Convener: Duncan Sparrell, sFractal Consulting, duncan@sfractal.com
Staff Contact: Kelly Cullinane, kelly.cullinane@oasis-open.org
OSIM Sponsors
About
The OSIM TC aims to standardize and promote information models for supply chains, addressing the growing threat of cybersecurity breaches.
The goal of the OSIM TC is to bring clarity to supply chain partners and eliminate the inefficiencies that come from the increase of disparate implementations. Standard information models will make it easier for companies to plan for upgrades and contingencies and help reduce vulnerabilities, disruptions, and security risks.
Show More
The OSIM TC aims to standardize and promote information models for supply chains, addressing the growing threat of cybersecurity breaches.
The goal of the OSIM TC is to bring clarity to supply chain partners and eliminate the inefficiencies that come from the increase of disparate implementations. Standard information models will make it easier for companies to plan for upgrades and contingencies and help reduce vulnerabilities, disruptions, and security risks.
An Information Model (IM) defines the essential content of messages used in computing, independently of how those messages are represented (i.e., serialized) for communication or storage. Information models are a means to understand and document the essential information content relevant to a system, application, or protocol exchange without regard to how that information is represented in actual implementations. Having a clear view of the information required provides clarity regarding the goals that the eventual implementation must satisfy.
Show Less
The goal of OSIM isn’t to create yet another competing standard but to provide a unifying framework. By standardizing OSIM, we can bridge the gap between existing data models like CSAF, CycloneDX, and OpenVEX, emphasizing interoperability and collaboration among multiple standards.
Duncan Sparrell, sFractal Consulting
FAQ
Why is there a need for OSIM?
Supply chain cybersecurity is increasingly critical due to rising cybercrime rates and associated costs. The software supply chain plays a pivotal role in cybersecurity, with recent high-profile attacks highlighting vulnerabilities.
Who should participate?
Defining OSIM standardized information models in the software and hardware industries will benefit various stakeholders:
· Software and hardware vendors will find clarity in supply chains, aiding in product planning and improving customer satisfaction.
· Open-source maintainers will make informed decisions about project components.
· End users and enterprises will receive timely product information, reducing vulnerabilities and disruptions.
· Technology consultants and service providers will offer better support with standardized information.
· Supply chain partners will experience enhanced transparency and predictability, reducing uncertainties and risks.
· Government agencies will find it easier to oversee the industry and promote fair practices.
How do I view the mailing list archive?
Archives of the mailing list used by OSIM members to conduct Committee work will be viewable following the Call for Participation. TC membership is required to post to this list. TC members are automatically subscribed.
This TC welcomes new members. Whether you want to actively contribute in decision-making or just observe progress from the inside, you will need to be an OASIS member.
If your employer is already on our current member list, submit this request form to be added to the TC roster. If not, find out how to join OASIS.
Non-members may monitor the mailing list archives online, view approved documents, and provide feedback to our comments list.