PALO ALTO, Calif., June 30, 2020 — The Open Source Initiative® (OSI), the internationally recognized steward of the Open Source Definition and open source licenses, is excited to announce the Affiliate Membership of OASIS Open, a global nonprofit consortium managing a broad technical agenda encompassing cybersecurity, blockchain, privacy, cryptography, cloud computing, IoT, urban mobility, emergency management, and other content technologies.

“OASIS Open and OSI have been informal collaborators on licensing and other topics from the early days of the OpenDocument Format to our recent Open Projects Program,” noted Guy Martin, Executive Director of OASIS Open. “We are delighted to formalize our relationship as a sign of our mutual commitment to expanding the role of open source in the standards definition process and look forward to an exciting future for this combined open ecosystem.”

Founded in 1993, the OASIS Open community is committed to advancing work that lowers cost, improves efficiency, stimulates innovation, grows global markets, and promotes interoperability. Each project operates independently under OASIS’s industry-leading process and clear Intellectual Property Rights.

Begun in 2019, the OASIS Open Projects program provides open source communities with foundation-level support—for governance, intellectual property (IP) management, collaboration tools, outreach and events—with an optional path to standardization and de jure approval for reference in international policy and procurement. Open Projects lets communities choose from seven currently-supported, OSI-approved licenses.

OASIS Open and OSI have been consultative partners helping shape open source and open standards work in many technology domains, including ensuring that OASIS Open programs satisfy the criteria defined by OSI’s Open Standards Requirements (OSR), which mandates standards must not prohibit conforming implementations in open source software. OASIS Open also enjoys productive liaison and peer relationships with several of OSI’s other Affiliate Members.

“OASIS Open has been the most important pioneer of approaches to bridging the gap between open standards and open source, and we are excited to have a new basis on which to collaborate going forward,” said Pam Chestek, OSI Board Director and Chair, OSI Standards Committee.

The OSI Affiliate Member Program allows non-profit organizations—unequivocally independent groups with a commitment to open source—to join the OSI in support of our work to promote and protect open source software. As the steward of the Open Source Definition certifying Open Source Software Licenses, by establishing such certification as the standard for open source software development and distribution, and with the support of our Affiliate Membership, the OSI has become a cornerstone of software freedom.

About OASIS Open

One of the most respected, member-driven standards bodies in the world, OASIS Open offers projects—including open source projects—a path to standardization and de jure approval for reference in international policy and procurement. Their members include major multinational companies, SMEs, government agencies, universities, research institutions, consulting groups, and individuals are represented. Please see https://oasis-open-projects.org for more information.

About The Open Source Initiative

Founded in 1998, the Open Source Initiative (OSI) protects and promotes open source software, development and communities, championing software freedom in society through education, collaboration, and infrastructure, stewarding the Open Source Definition, and preventing abuse of the ideals and ethos inherent to the open source movement. The OSI is a public charity with global vision based in California. For more information about the OSI, please see https://opensource.org.

18 June 2020 – The OASIS open standards consortium announced that its members have approved Open Data Protocol (OData) Version 4.01 as an OASIS Standard, a status that signifies the highest level of ratification. OData helps create a more open, programmable Web, and simplifies the querying and sharing of data across applications for re-use in the enterprise, cloud, and mobile devices.

OData enables the creation and consumption of REST-based data services which allow resources, identified using Uniform Resource Locators (URLs) and defined in a data model, to be published and edited by Web clients using simple HTTP messages.

OData Version 4.01 adopts patterns to feel more like custom REST APIs, and defines new patterns in a number of areas. These enhancements can be categorized into:

● Simplified syntax and payloads

● Extended query patterns

● Enhanced update capabilities

● New JSON Metadata and Batch Formats

Also approved were three new versions of supporting specifications: OData JSON Format, OData Common Schema Definition Language (CSDL) JSON Representation, and OData Common Schema Definition Language (CSDL) XML Representation.

“OData 4.01 incorporates developer feedback to introduce cleaner patterns, while at the same time addressing a number of common feature requests,” said OASIS OData co-chair Michael Pizzo of Microsoft. “Looking forward, we are using the patterns introduced in OData 4.01 to define a lightweight profile for implementing RESTful APIs.”

As part of this effort, the OData Technical Committee is creating an OASIS Open Repository to support the community development and adoption of lightweight REST-based APIs based on this profile. The open repository will be available and open to contributions in early July.

OData co-chair Ralf Handl of SAP added, “OData 4.01 is a fully compatible increment, reflecting seven years of experience with using OData in enterprise software. OData is an extremely powerful REST protocol that has resulted in richer experiences and more interoperable solutions.”

Support for OData Version 4.01

Microsoft
“Microsoft Graph uses OData to provide our customers a single unified API across Microsoft 365, which includes services such as Teams, Outlook, Azure Active Directory, Intune, Windows 10 and more. We appreciate the hard work of the OASIS OData Technical Committee and the developer community who helped shape OData 4.01. Our developers appreciate the simplified API patterns introduced in OData 4.01, and we are already building upon some of the new features like the JSON batch format and bulk operations.”
— Alex Simons, Corporate Vice President Program Management, Microsoft

SAP
“OData provides an important technology foundation that powers SAP’s User Experience. The rich metadata in OData combines with the SAP Fiori design system to create consistent interaction patterns that let our customers run across a wide range of business systems and technology platforms, providing end users a web or native mobile experience.”
— Alexander Lingg, Head of SAP User Experience

Additional Information
OASIS OData Technical Committee: https://www.oasis-open.org/committees/odata

About OASIS

One of the most respected, member-driven standards bodies in the world, OASIS offers projects—including open source projects—a path to standardization and de jure approval for reference in international policy and procurement. OASIS members include major multinational companies, SMEs, government agencies, universities, research institutions, consulting groups, and individuals are represented.

Media inquiries:
communications@oasis-open.org
+1.941.284.0403

4 June 2020 – The OASIS open standards consortium today announced that its members have approved the Static Analysis Results Interchange Format (SARIF) version 2.1.0 as an OASIS Standard, a status that signifies the highest level of ratification. SARIF defines a common output format for static analysis tools that detect software defects and vulnerabilities, making it feasible for developers and teams to aggregate results produced by multiple tools.

Software developers assess the quality of their programs using a variety of tools that report on validity, security, performance, and compliance with legal requirements. To form an overall picture of program quality, developers often need to aggregate the results produced by all of these tools, a task made difficult when each tool produces output in a different format. SARIF addresses this challenge by defining a standard format that enables developers to:

• Comprehensively capture the range of data produced by commonly used static analysis tools.
• Reduce the cost and complexity of aggregating the results of various analysis tools into common workflows.
• Represent analysis results for all kinds of programming artifacts, including source code and object code.

“Each static analysis tool contributes a different perspective on the code being analyzed,” said OASIS SARIF Technical Committee co-chair, David Keaton. “Combining the results of multiple tools in a common format provides a more complete understanding of the issues in the code that need to be addressed. It’s especially valuable with regard to safety and security.”

“With SARIF,” Keaton continued, “organizations can improve the quality and security of their systems while using standardized and interoperable static analysis solutions. SARIF gives them the ability to easily compare results and supports the development of products whose code spans languages and operating systems.”

The OASIS SARIF Technical Committee brings together major software companies, cybersecurity providers, government, security orchestration specialists, programmers, and consultants. Participation in the SARIF Technical Committee is open to all companies, nonprofit groups, governments, academic institutions, and individuals through membership in OASIS. As with all OASIS projects, archives of the Committee’s work are accessible to both members and non-members alike. OASIS also hosts an open mailing list for public comment.

Support for SARIF 2.1.0

GrammaTech
“The benefits of CodeSonar embracing SARIF have really resonated with customers. In today’s ecosystem driven world where lots of different products are being used within a CI/CD pipeline, SARIF enables interoperability which is extremely important at increasing the effectiveness of static analysis tools, and consequently the quality of software in many safety and security-critical domains.”

— Paul Anderson, VP of Engineering, GrammaTech

Micro Focus
“Software developers and security practitioners use a variety of solutions to form an overall picture of security and quality of their code, but the task is hindered by the need to process results in different formats. A standard output format allows organizations to more efficiently view, understand, manage, and ultimately address software flaws. As an industry leader, Micro Focus Fortify is proud to be a part of this effort.”

— Yekaterina Tsipenyuk O’Neil, Distinguished Technologist and Principal Security Researcher, Micro Focus

Microsoft
“Microsoft has found the SARIF standard invaluable to lower costs when creating cross-tool code authoring, build and work item filing experiences. The detailed, uniform cross-tool data produced by our SARIF-based engineering system is unlocking insights that weren’t previously available.”

— Michael C. Fanning, Principal Software Engineering Manager, Microsoft

Additional Information
OASIS SARIF Technical Committee: https://www.oasis-open.org/committees/sarif

About OASIS
One of the most respected, member-driven standards bodies in the world, OASIS offers projects—including open source projects—a path to standardization and de jure approval for reference in international policy and procurement. OASIS members include major multinational companies, SMEs, government agencies, universities, research institutions, consulting groups, and individuals are represented.

Media inquiries:
communications@oasis-open.org
+1.941.284.0403