METI’s OSS security use cases reflect CoT Principles
Japan’s Ministry of Economy, Trade, and Industry (METI), an Associated Partner of the Charter of Trust, published a collection of use cases on open source software (OSS) security management that reflects the relevance of Charter of Trust Principles.
Considering its high potential for products and services, open source software (OSS) is nowadays being used on a large scale across various industries. With its source code open to the public, OSS can be used, modified, and redistributed for commercial or non-commercial purposes. It is, however, crucial that software security is ensured.
For this purpose, Japan’s Ministry of Economy, Trade, and Industry (METI), an Associated Partner of the Charter of Trust, set up the Task Force Evaluating Software Management Methods, etc. toward Ensuring Cyber/Physical Security in 2019, which found that companies faced various challenges with OSS security management. METI now published a collection of use cases that can help companies get a better understanding of how to maintain high standards of cybersecurity when using OSS. The collection includes use cases from major companies including CoT Partner NTT as well as Fujitsu, Hitachi, NEC, Olympus, Sony, Toshiba, and Toyota.
Various Charter of Trust Principles are reflected in METI’s collection, illustrating their relevance for software security: In line with Principle 2 “Responsibility throughout the digital supply chain”, OSS security management can make supply chains safer. Moreover, use cases play a key role in making cybersecurity concepts more tangible and actionable across industries. This is at the heart of CoT’s Principle 6 “Education”, which aims to lead the transformation of skills essential to the future of cybersecurity. In addition, the Charter’s Principle 7 “Certification for critical infrastructure and solutions” discusses how to address OSS as part of certification schemes.
You can access METI’s use case collection here.