Press Release

OASIS Awards 2018 Open Standards Cup to KMIP for Key Management Security and SARIF for Static Analysis Tools

20 August 2018 – The Key Management Interoperability Protocol (KMIP) and the Static Analysis Results Interchange Format (SARIF) were both awarded the 2018 Open Standards Cup by the OASIS international consortium in recognition of exceptional advancements within the IT community.

Named as Outstanding Approved Standard, KMIP version 1.4 defines a single, comprehensive protocol for communication between encryption key management systems and a broad range of new and legacy enterprise applications. Interoperability for the v1.4 specification was demonstrated by several OASIS members at the RSA 2018 Expo. The OASIS KMIP Technical Committee is co-chaired by Tony Cox of Cryptsoft and Judy Furlong of Dell.

“Encryption Key Management continues to evolve, and with the fourth version of KMIP (v1.4) we have completed the initial objectives of the technical committee in addressing fundamental enterprise needs. In KMIP 2.0, the KMIP TC is now embracing a wider set of functionality required to meet modern enterprise security challenges, and we welcome input from security practitioners and users as we continue on our journey,” said KMIP co-chairs, Tony Cox and Judy Furlong.

Named as Outstanding New Initiative, the OASIS SARIF Technical Committee develops an interoperability standard for tools that detect software defects and vulnerabilities. Their goal is to make it easier for software developers to assess the quality and security of their programs by aggregating data from multiple static analysis tools. The OASIS SARIF Technical Committee is chaired by Luke Cartey of Semmle and David Keaton.

“We are honored to accept this award as a reflection of both the hard work by the members of the TC, and the importance of the problem we are working to solve. Each static analysis tool contributes a different perspective on the code being analyzed. Combining the results of multiple tools in a common format provides a more complete understanding of the issues in the code that need to be addressed, like taking a picture of the same object from many angles. This is especially valuable where safety and security are concerned,” said SARIF co-chairs, Luke Cartey and David Keaton.

Finalists in the Approved Standard category include specifications and profiles from the Trust Elevation, Business Document Exchange, TOSCA, UBL, and XLIFF Technical Committees.

Finalists in the New Initiative category include the LegalXML Litigant Portal and OpenC2 Command and Control Technical Committees.

More information
KMIP Technical Committee
SARIF Technical Committee

OASIS is one of the most respected, member-driven standards bodies in the world. It offers projects—including open source projects–a path to standardization and de jure approval for reference in international policy and procurement. OASIS has a broad technical agenda encompassing cybersecurity, privacy, cryptography, cloud computing, IoT, legal, emergency management, augmented reality, and more. Any initiative for developing code, APIs, specifications, or reference implementations can find a home at OASIS. Each project operates independently under industry-approved process and IPR policies. Some of the most widely adopted OASIS Standards include AMQP, CAP, CMIS, DITA, DocBook, KMIP, MQTT, OpenC2, OpenDocument, PKCS, SAML, STIX, TAXII, TOSCA, UBL, and XLIFF. Many of these have gone on to be published as ISO, IEC, or ITU standards. New work is encouraged, and all are welcome to participate. OASIS members can be found in 100+ countries on virtually every continent. Major multinational companies, SMEs, government agencies, universities, research institutions, consulting groups, and individuals are represented.

Media inquiries:; +1.941.284.0403