This document lists recommended resources and training materials to help jPOS maintainers, contributors, and integrators stay informed about secure software development and supply chain security practices.
- OpenSSF Secure Software Development Fundamentals (Free)
- OWASP Top Ten
- Google's Building Secure and Reliable Systems
- SLSA (Supply-chain Levels for Software Artifacts)
- CycloneDX SBOM Specification
- The Update Framework (TUF)
Maintainers are encouraged to subscribe to:
- Security mailing lists of any upstream projects jPOS depends on.
- GitHub repository "Watch" settings for dependencies.
- FINTECH security forums and LinkedIn peer groups.
- At least once per year, maintainers revisit this resource list and update it.
- Regular security retrospectives follow major incidents or industry advisories.
- Contributors are expected to understand secure usage of HSMs, cryptography, and message handling in ISO8583 environments.
- Security considerations are integrated into our
CONTRIBUTING.mdand PR review templates.
To suggest new resources or report training gaps, please open an issue or contact security@jpos.org.