Date   

Re: Root of competence

Christopher Wood
 

Steve
My observation based on 20+ years in this space is that training by a recognized organization using a designed curriculum is far better than just going to meetings and attending conferences.  Most individuals would have some (or great) difficulty in sifting the wheat from the chaff (opinions and not necessarily facts) offered by the various presenters in this complex and evolving field.  Several of the open source organizations, including OpenChain have published training curriculum or materials that would provide a peer-reviewed foundational knowledge which when combined with individual experience would provide evidence that you meet technical criteria.  Some of the Software Composition Analysis (SCA) vendors do offer "auditing" training on their tools where a certification that you have completed the training is provided (if you want to be  the go-to person in your organization).
These are my thoughts and do not reflect the positions of anyone else.
Best Regards
Chris Wood PhD CISSP

On Thursday, June 24, 2021, 10:21:09 AM CDT, Martin Yagi <martin.yagi@...> wrote:


Dear Steve,

 

I count my ongoing “training” as attending webinars, industry events, etc.

 

Best regards,

 

Martin Yagi

Intellectual Property Manager|

 

 

From: main@... <main@...> On Behalf Of Steve Kilbane via lists.openchainproject.org
Sent: 24 June 2021 16:18
To: main@...
Subject: [openchain] Root of competence

 

Hi all,

 

One of the key points in OpenChain is that program participants are trained in order to have sufficient competency for their role. In my org, I'd probably be one of the key trainers, and would likely be developing the courses (most likely based on the great work going on in the education team). But I haven't had training – just years to the grindstone in an organically-growing compliance team. How's this normally handled? Is it just recognised that someone is the local expert, or is it necessary/recommended that I'd get external training in order to be able to self-certify as competent before spreading the Word to the rest of the org? If the latter, recommendations gratefully accepted…

 

Thanks,

 

steve

 

 
  
First Light Fusion Ltd.
   p: 01865 807 670
   a: Unit 10, Oxford Industrial Park, Mead Road, Yarnton, Kidlington, Oxford, OX5 1QU

    

This email and any attachments are confidential. Find more legal information here.


Re: Root of competence

Martin Yagi
 

Dear Steve,

 

I count my ongoing “training” as attending webinars, industry events, etc.

 

Best regards,

 

Martin Yagi

Intellectual Property Manager|

 

 

From: main@... <main@...> On Behalf Of Steve Kilbane via lists.openchainproject.org
Sent: 24 June 2021 16:18
To: main@...
Subject: [openchain] Root of competence

 

Hi all,

 

One of the key points in OpenChain is that program participants are trained in order to have sufficient competency for their role. In my org, I'd probably be one of the key trainers, and would likely be developing the courses (most likely based on the great work going on in the education team). But I haven't had training – just years to the grindstone in an organically-growing compliance team. How's this normally handled? Is it just recognised that someone is the local expert, or is it necessary/recommended that I'd get external training in order to be able to self-certify as competent before spreading the Word to the rest of the org? If the latter, recommendations gratefully accepted…

 

Thanks,

 

steve

 

 
  
First Light Fusion Ltd.
   p: 01865 807 670
   a: Unit 10, Oxford Industrial Park, Mead Road, Yarnton, Kidlington, Oxford, OX5 1QU

    

This email and any attachments are confidential. Find more legal information here.


Root of competence

Steve Kilbane
 

Hi all,

 

One of the key points in OpenChain is that program participants are trained in order to have sufficient competency for their role. In my org, I'd probably be one of the key trainers, and would likely be developing the courses (most likely based on the great work going on in the education team). But I haven't had training – just years to the grindstone in an organically-growing compliance team. How's this normally handled? Is it just recognised that someone is the local expert, or is it necessary/recommended that I'd get external training in order to be able to self-certify as competent before spreading the Word to the rest of the org? If the latter, recommendations gratefully accepted…

 

Thanks,

 

steve

 


Webinar #25 – Compliance Around Old Development Projects + ISO 5230 in Software Quality Management - Full Recording

 

Our 25th Webinar saw two great talks and a very active Q&A. First we had Dr. Till Jaeger from JBB Rechtsanwälte on ‘How to bring an ancient development project into compliance best practices.’ This was followed by Nicole Pappler from AlektoMetis ‘OpenChain ISO 5230 and Software Quality Management.’ Check out the full recording below.
https://www.openchainproject.org/featured/2021/06/23/webinar-25


Please Participate in the TODO Group 2021 State of OSPO Survey

 

Hey everyone, it’s time to do the OSPO Survey. Links below.




Please Participate in the TODO Group 2021 State of OSPO Survey
OSPOSurvey_Banner

Greetings Shane,

 

The TODO Group, together with Linux Foundation Research and The New Stack, is conducting a survey as part of a research project on the prevalence and outcomes of open source programs among different organizations across the globe. 

 

Open source program offices (OSPOs) help set open source strategies and improve an organization's software development practices. Since 2018, the TODO Group has conducted surveys to assess the state of open source programs across the industry. Today, we are pleased to announce the launch of the 2021 edition featuring additional questions to add value to the community.

 

The survey will generate insights into the following areas, including:

  • The extent of adoption of open source programs and initiatives 
  • Concerns around the hiring of open source developers 
  • Perceived benefits and challenges of open source programs
  • The impact of open source on organizational strategy

Please participate now; we intend to close the survey in early July. Privacy and confidentiality are important to us. Neither participant names, nor their company names, will be published in the final results.

 

To take the 2021 OSPO Survey, click the button below:

 
 

This email was sent by: The TODO Group and Linux Foundation Research


OpenChain Third Monday Webinar - 2021-06-21 - 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST

 

Our webinar today will feature two excellent talks.

Till Jaeger, JBB Rechtsanwälte on:
How to bring an ancient development project into compliance- best practices

Nicole Pappler, AlektoMetis on:
OpenChain ISO 5230 and Software Quality Management

All welcome. No registration.
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

Want to confirm your timezone?
2021-06-21 - 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST


OpenChain Q2 Mini-Summit – 2021-06-14 – Full Recording

 


OpenChain Partner Mini-Summit – 2020-06-14 – Full Recording

 


Re: What is an SBOM?

 

Awesome post! Thank you so much for sharing!

On Jun 16, 2021, at 18:01, Jari Koivisto <jari.p.koivisto@iki.fi> wrote:

Thanks Shane,

Nice post and here is my LinkedIn post about it: https://www.linkedin.com/posts/jarikoivisto_what-is-an-sbom-linux-foundation-activity-6810848879144128512-IuOu

BR,

Jari

---
Jari Koivisto
E-mail: jari.p.koivisto@iki.fi
Mobile: +41 78 7479791
Skype: jari.p.koivisto
LinkedIn: http://www.linkedin.com/in/jarikoivisto



On Wed, 16 Jun 2021 at 05:25, Shane Coughlan <scoughlan@linuxfoundation.org> wrote:
What is an SBOM?
A little blog I wrote on the topic of software bill of materials.
https://www.linuxfoundation.org/blog/what-is-an-sbom/

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan



Re: What is an SBOM?

Jari Koivisto
 

Thanks Shane,


BR,

   Jari

---
Jari Koivisto
E-mail: jari.p.koivisto@...
Mobile: +41 78 7479791
Skype: jari.p.koivisto
LinkedIn: http://www.linkedin.com/in/jarikoivisto



On Wed, 16 Jun 2021 at 05:25, Shane Coughlan <scoughlan@...> wrote:
What is an SBOM? 
A little blog I wrote on the topic of software bill of materials.
https://www.linuxfoundation.org/blog/what-is-an-sbom/

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:


Re: What is an SBOM?

 

Thank you Gilles!

On Jun 16, 2021, at 15:55, Gilles Gravier via lists.openchainproject.org <gilles.gravier=wipro.com@lists.openchainproject.org> wrote:

Thanks Shane!

Nice writing! And very good read! A perfect intro.

Best regards,
<Outlook-3zywgk4k.gif>
Gilles Gravier
Director, Senior Strategy Advisor - Global Open Source Practice
Wipro Limited
M: +41 79 472 8437
in/gillesgravier @gravax

From: main@lists.openchainproject.org <main@lists.openchainproject.org> on behalf of Shane Coughlan via lists.openchainproject.org<scoughlan=linuxfoundation.org@lists.openchainproject.org>
Sent: Wednesday 16 June 2021 05:25
To: OpenChain Main <main@lists.openchainproject.org>
Subject: [openchain] What is an SBOM?

CAUTION:This email is received from an external domain. Open the hyperlink(s) & attachment(s) with caution.
.

What is an SBOM?
A little blog I wrote on the topic of software bill of materials.
https://www.linuxfoundation.org/blog/what-is-an-sbom/

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan
'The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com'


Re: What is an SBOM?

Gilles Gravier
 

Thanks Shane!

Nice writing! And very good read! A perfect intro.

Best regards,

Gilles Gravier
Director, Senior Strategy Advisor - Global Open Source Practice
Wipro Limited
M: +41 79 472 8437
in/gillesgravier  @gravax


From: main@... <main@...> on behalf of Shane Coughlan via lists.openchainproject.org <scoughlan=linuxfoundation.org@...>
Sent: Wednesday 16 June 2021 05:25
To: OpenChain Main <main@...>
Subject: [openchain] What is an SBOM?
 

CAUTION:This email is received from an external domain. Open the hyperlink(s) & attachment(s) with caution.
.
 

What is an SBOM? 
A little blog I wrote on the topic of software bill of materials.
https://www.linuxfoundation.org/blog/what-is-an-sbom/

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan
'The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com'


What is an SBOM?

 

What is an SBOM? 
A little blog I wrote on the topic of software bill of materials.
https://www.linuxfoundation.org/blog/what-is-an-sbom/

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Re: Education editing at the mini-summit

Kurzmann Marcel (IOC/PDL3) <Marcel.Kurzmann@...>
 

Hi Mark,
Sorry, maybe I missed this in the yesterdays meeting:
Is there already a workspace (Github, Google, ...) with the material that was shown and discussed yesterday for the "security usage reference document" that can be accessed?

Mit freundlichen Grüßen / Best regards

Marcel Kurzmann

Project Delivery Immenstaad (IOC/PDL3)
Bosch.IO GmbH | Ziegelei 7 | 88090 Immenstaad | GERMANY | www.bosch.io
Tel. +49 7545 202-279 | Mobil +49 172 1499942 | Telefax +49 7545 202-301 | Marcel.Kurzmann@bosch.io

Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Dr. Aleksandar Mitrovic, Yvonne Reckling


-----Ursprüngliche Nachricht-----
Von: main@lists.openchainproject.org <main@lists.openchainproject.org> Im Auftrag von Shane Coughlan via lists.openchainproject.org
Gesendet: Dienstag, 15. Juni 2021 01:13
An: main@lists.openchainproject.org
Cc: OpenChain Education <education@lists.openchainproject.org>; OpenChain Project Operations <operations@openchainproject.org>
Betreff: Re: [openchain] Education editing at the mini-summit

Dave, Mark, everyone

Please accept my apologies for our unexpected and unwanted disruption via Zoom. A passcode-using and authenticated account adding white noise to the event as it entered the third hour was obviously not a desired outcome. I will be working with LF Technical to discuss strategies for ensuring we still have open access but have a more effective method for removing troublemakers.

Mark, thanks for hosting the second section of the security discussion on your Zoom! Super kudos. And, naturally, thanks to Jenni for helping to transition everyone over.

Regards

Shane

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmeetings.hubspot.com%2Fscoughlan&;data=04%7C01%7CMarcel.Kurzmann%40bosch.io%7C8b340e7ee5be47686ac308d92f89f6bf%7C0ae51e1907c84e4bbb6d648ee58410f4%7C0%7C0%7C637593091861541976%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=SwlBOKZrhDC83IT7G2Jtx%2BEDvbt19Cqkm9YoFvZIf5o%3D&amp;reserved=0

On Jun 15, 2021, at 1:20, Dave Marr <dmarr@qti.qualcomm.com> wrote:

Mark was able to disable the passcode, and if the summit gets Zoom bombed again he will be able to remove them.

Dave

-----Original Message-----
From: main@lists.openchainproject.org <main@lists.openchainproject.org> On Behalf Of Sami Atabani
Sent: Monday, June 14, 2021 9:17 AM
To: main@lists.openchainproject.org
Cc: OpenChain Education <education@lists.openchainproject.org>
Subject: Re: [openchain] Education editing at the mini-summit

-------------------------------------------------------------------------
CAUTION: This email originated from outside of the organization.
-------------------------------------------------------------------------

Can someone please post the new zoom link and passcode?
Sami

-----Original Message-----
From: main@lists.openchainproject.org <main@lists.openchainproject.org> On Behalf Of Shane Coughlan via lists.openchainproject.org
Sent: 14 June 2021 12:06
To: OpenChain Main <main@lists.openchainproject.org>
Cc: OpenChain Education <education@lists.openchainproject.org>
Subject: [openchain] Education editing at the mini-summit

Reminder: we are just doing the first three chapters for the first release. Document here. What do we need to change before going live?
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fd%2F1FA6GvYG7G-cQgSdAM610CjYQExwJW3xY%2Fedit%23&;data=04%7C01%7CMarcel.Kurzmann%40bosch.io%7C8b340e7ee5be47686ac308d92f89f6bf%7C0ae51e1907c84e4bbb6d648ee58410f4%7C0%7C0%7C637593091861541976%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=KHiuWCFLDQl%2BWMkMp91QePgplBCzG2pO0JKETqcNDvg%3D&amp;reserved=0




IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.











Re: Education editing at the mini-summit

 

Dave, Mark, everyone

Please accept my apologies for our unexpected and unwanted disruption via Zoom. A passcode-using and authenticated account adding white noise to the event as it entered the third hour was obviously not a desired outcome. I will be working with LF Technical to discuss strategies for ensuring we still have open access but have a more effective method for removing troublemakers.

Mark, thanks for hosting the second section of the security discussion on your Zoom! Super kudos. And, naturally, thanks to Jenni for helping to transition everyone over.

Regards

Shane

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

On Jun 15, 2021, at 1:20, Dave Marr <dmarr@qti.qualcomm.com> wrote:

Mark was able to disable the passcode, and if the summit gets Zoom bombed again he will be able to remove them.

Dave

-----Original Message-----
From: main@lists.openchainproject.org <main@lists.openchainproject.org> On Behalf Of Sami Atabani
Sent: Monday, June 14, 2021 9:17 AM
To: main@lists.openchainproject.org
Cc: OpenChain Education <education@lists.openchainproject.org>
Subject: Re: [openchain] Education editing at the mini-summit

-------------------------------------------------------------------------
CAUTION: This email originated from outside of the organization.
-------------------------------------------------------------------------

Can someone please post the new zoom link and passcode?
Sami

-----Original Message-----
From: main@lists.openchainproject.org <main@lists.openchainproject.org> On Behalf Of Shane Coughlan via lists.openchainproject.org
Sent: 14 June 2021 12:06
To: OpenChain Main <main@lists.openchainproject.org>
Cc: OpenChain Education <education@lists.openchainproject.org>
Subject: [openchain] Education editing at the mini-summit

Reminder: we are just doing the first three chapters for the first release. Document here. What do we need to change before going live?
https://docs.google.com/document/d/1FA6GvYG7G-cQgSdAM610CjYQExwJW3xY/edit#




IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.











Re: Education editing at the mini-summit

Dave Marr
 

Mark was able to disable the passcode, and if the summit gets Zoom bombed again he will be able to remove them.

Dave

-----Original Message-----
From: main@lists.openchainproject.org <main@lists.openchainproject.org> On Behalf Of Sami Atabani
Sent: Monday, June 14, 2021 9:17 AM
To: main@lists.openchainproject.org
Cc: OpenChain Education <education@lists.openchainproject.org>
Subject: Re: [openchain] Education editing at the mini-summit

-------------------------------------------------------------------------
CAUTION: This email originated from outside of the organization.
-------------------------------------------------------------------------

Can someone please post the new zoom link and passcode?
Sami

-----Original Message-----
From: main@lists.openchainproject.org <main@lists.openchainproject.org> On Behalf Of Shane Coughlan via lists.openchainproject.org
Sent: 14 June 2021 12:06
To: OpenChain Main <main@lists.openchainproject.org>
Cc: OpenChain Education <education@lists.openchainproject.org>
Subject: [openchain] Education editing at the mini-summit

Reminder: we are just doing the first three chapters for the first release. Document here. What do we need to change before going live?
https://docs.google.com/document/d/1FA6GvYG7G-cQgSdAM610CjYQExwJW3xY/edit#




IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


Re: Education editing at the mini-summit

Sami Atabani
 

Can someone please post the new zoom link and passcode?
Sami

-----Original Message-----
From: main@lists.openchainproject.org <main@lists.openchainproject.org> On Behalf Of Shane Coughlan via lists.openchainproject.org
Sent: 14 June 2021 12:06
To: OpenChain Main <main@lists.openchainproject.org>
Cc: OpenChain Education <education@lists.openchainproject.org>
Subject: [openchain] Education editing at the mini-summit

Reminder: we are just doing the first three chapters for the first release. Document here. What do we need to change before going live?
https://docs.google.com/document/d/1FA6GvYG7G-cQgSdAM610CjYQExwJW3xY/edit#




IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


Re: [education] REMINDER: OpenChain Q2 Mini-Summit 2021-06-14 at 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST

Jari Koivisto
 

Try this URL: https://windriver.zoom.us/j/92761776704?pwd=YU5mUTVXWHV5NnRIZEhyTGk2RXA4QT09


---
Jari Koivisto
E-mail: jari.p.koivisto@...
Mobile: +41 78 7479791
Skype: jari.p.koivisto
LinkedIn: http://www.linkedin.com/in/jarikoivisto



On Mon, 14 Jun 2021 at 13:06, Shane Coughlan <scoughlan@...> wrote:
This three-hour event will have two live collaboration sessions.

We will open with one hour for the OpenChain education work team. The focus will be on final review of the online course and a discussion of what education work we should do next. This will be lead by Balakrisha, chair of the education work team.

We will continue with a two hour live-editing session for the OpenChain ISO 5230 security usage reference document. The goal will be to have an output that can be immediately used by our community regarding application of OpenChain ISO 5230 in security contexts. This discussion will be lead by Mark, chair of the specification work team.

Everyone is welcome to the event and encouraged to attend. There is no registration or fee to access. Your thoughts and requests for additional activities during the event are also welcome.

Dial in:
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09





REMINDER: OpenChain Q2 Mini-Summit 2021-06-14 at 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST

 

This three-hour event will have two live collaboration sessions.

We will open with one hour for the OpenChain education work team. The focus will be on final review of the online course and a discussion of what education work we should do next. This will be lead by Balakrisha, chair of the education work team.

We will continue with a two hour live-editing session for the OpenChain ISO 5230 security usage reference document. The goal will be to have an output that can be immediately used by our community regarding application of OpenChain ISO 5230 in security contexts. This discussion will be lead by Mark, chair of the specification work team.

Everyone is welcome to the event and encouraged to attend. There is no registration or fee to access. Your thoughts and requests for additional activities during the event are also welcome.

Dial in:
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09


Education editing at the mini-summit

 

Reminder: we are just doing the first three chapters for the first release. Document here. What do we need to change before going live?
https://docs.google.com/document/d/1FA6GvYG7G-cQgSdAM610CjYQExwJW3xY/edit#

281 - 300 of 4312