Norms like the ISO 21434 and the WP.29 from UNECE make it increasingly important to integrate tools for security risk analysis
The security tools not only need to exchange data with existing tool chains (think system elements, or security requirements), but also integrate with each other.
All parties would benefit from an open format which allows to exchange security risk analysis data across departments and corporations
We are inviting to develop openXSAM, an open Xml Security Analysis Model
Yikes, we already have a domain for it: openxsam.io. That’ll be a good start to get an overview over our activities. Just that the website still needs to be built…
One challenge is that security analyses of the whole supply chain need to be added into a wholesome consideration for the whole vehicle.
You’re welcome to join us work on this format! Since we don’t have a lot of infrastructure yet, you may contact us over there: