[C-safe-secure-studygroup] Criteria for freely available ISO/IEC JTC 1 standards

Wheeler, David A dwheeler at ida.org
Tue Jan 3 18:18:41 UTC 2017


David Keaton: Thanks for the information.

The obvious solution is to develop all materials outside ISO.  Then, if something thinks it might be important, submit it to ISO to see if ISO wants to bless it with an ISO id.  That's what the Common Criteria and Ada folks did, at least.  That would meet this criterion:
"FREE ELSEWHERE: Publications for which authorized identical documents are freely available in electronic format elsewhere"

If someone thinks a formal standards body is important, here is a list of some standards-setting organizations that I suspect have more reasonable policies:
* ECMA (they already manage JavaScript)
* OASIS (Organization for the Advancement of Structured Information Standards)
* IETF
* W3C
* The Open Group
* ITU (International Telecommunication Union)
* NIST (they're a *national* body, but they can certainly host standards work & then submit elsewhere)

Organizations that aren't traditional SSOs but would have an interest include (they're mentioned as W3C liasons at <https://www.w3.org/2001/11/StdLiaison>) :
* Open Web Application Security Project (OWASP)
* Linux Foundation (esp. CII)


--- David A. Wheeler



More information about the C-safe-secure-studygroup mailing list