OSIM: Open Supply-Chain Information Modeling TC

Defining information models for exchanging software supply chain data

JOIN TC

Already a member? Access the OSIM TC Community Workspace here

TC Convener: Duncan Sparrell, sFractal Consulting, duncan@sfractal.com
Staff Contact: Kelly Cullinane, kelly.cullinane@oasis-open.org

OSIM Sponsors

About

The OSIM TC aims to standardize and promote information models for supply chains, addressing the growing threat of cybersecurity breaches. The goal of the OSIM TC is to bring clarity to supply chain partners and eliminate the inefficiencies that come from the increase of disparate implementations. Standard information models will make it easier for companies to plan for upgrades and contingencies and help reduce vulnerabilities, disruptions, and security risks.

Show More

The OSIM TC aims to standardize and promote information models for supply chains, addressing the growing threat of cybersecurity breaches. The goal of the OSIM TC is to bring clarity to supply chain partners and eliminate the inefficiencies that come from the increase of disparate implementations. Standard information models will make it easier for companies to plan for upgrades and contingencies and help reduce vulnerabilities, disruptions, and security risks.

An Information Model (IM) defines the essential content of messages used in computing, independently of how those messages are represented (i.e., serialized) for communication or storage. Information models are a means to understand and document the essential information content relevant to a system, application, or protocol exchange without regard to how that information is represented in actual implementations. Having a clear view of the information required provides clarity regarding the goals that the eventual implementation must satisfy.

Show Less

 

“The goal of OSIM isn’t to create yet another competing standard but to provide a unifying framework. By standardizing OSIM, we can bridge the gap between existing data models emphasizing interoperability and collaboration among multiple standards.”

Duncan Sparrell, sFractal Consulting

FAQ

Why is there a need for OSIM?

Supply chain cybersecurity is increasingly critical due to rising cybercrime rates and associated costs. The software supply chain plays a pivotal role in cybersecurity, with recent high-profile attacks highlighting vulnerabilities.

Who should participate?

Defining OSIM standardized information models in the software and hardware industries will benefit various stakeholders:
· Software and hardware vendors will find clarity in supply chains, aiding in product planning and improving customer satisfaction.
· Open-source maintainers will make informed decisions about project components.
· End users and enterprises will receive timely product information, reducing vulnerabilities and disruptions.
· Technology consultants and service providers will offer better support with standardized information.
· Supply chain partners will experience enhanced transparency and predictability, reducing uncertainties and risks.
· Government agencies will find it easier to oversee the industry and promote fair practices.

How does OSIM differ from existing data models like CSAF, CycloneDX, and OpenVEX?

While existing data models like CSAF, CycloneDX, and OpenVEX focus on specific implementations, OSIM provides a higher-level framework that encompasses these models. OSIM aims to identify commonalities and differences between data models, making it easier to understand and reconcile variations. By standardizing information at a higher level, OSIM facilitates interoperability and collaboration across diverse systems and stakeholders.

What challenges are faced by vendors in standardizing data exchange across different platforms, and how can OSIM help?

Customers receive information from various vendors, each using different standards and terminology. This diversity often leads to confusion and necessitates the integration of additional fields or adjustments to align with these varying formats. Even when using similar products, the terminology can differ significantly, which complicates the understanding and interoperability among systems. Without a unified guidance and framework, vendors might continue creating their unique solutions, further fragmenting the landscape. Hence, there is a significant need for better collaboration and a standardized framework to ensure all parties are aligned and can efficiently interact. The implementation of OSIM could serve as this central framework, offering a standardized approach that would help harmonize how information is exchanged across different systems, reducing confusion and enhancing interoperability.

How do I view the mailing list archive?

Archives of the mailing list used by OSIM members to conduct Committee work will be viewable following the Call for Participation. TC membership is required to post to this list. TC members are automatically subscribed.

Resources

Charter
Mailing List Archives

OSIM News

Blog

Introducing OASIS Open Supply Chain Information Modeling

2 May 2024
Project news

Call for Participation: OASIS Open Supplychain Information Modeling (OSIM) TC

30 Apr 2024

This TC welcomes new members. Whether you want to actively contribute in decision-making or just observe progress from the inside, you will need to be an OASIS member.

If your employer is already on our current member list, submit this request form to be added to the TC roster. If not, find out how to join OASIS.

Non-members may monitor the mailing list archives online, view approved documents, and provide feedback to our comments list. Contact us for more information.