openXSAM stands for open Xml Security Analysis Model.
New norms like ISO21434 and UNECE require the automotive industry to perform and
document security risk analysis activities and results. This is true for the development
process as well as for the life cycle of the products. As a result, it becomes important for the
parties to integrate security risk analysis software in existing tool chains. The parties would
also benefit from an exchange format that would allow the exchange of security risk analysis
data across departments and corporations.
openXSAM could serve as a protocol to achieve the above goals.
This document outlines the status quo of the format and describes some of the use cases.
It serves as a basis for joint future work.
The work on openXSAM will be open to all parties interested in establishing an open
exchange format for security risk analysis in the automotive domain.