Date   

Case Study: Open Source Compliance Automation and Interoperability #3 - Video Now Live

 

Part #3 of our epic automation case study explores the Open Source Review Toolkit (ORT) both in the context of the GUI tool from TNG/Facebook and when used on its own.
https://www.openchainproject.org/featured/2021/10/15/automation-case-study-3 
This marks the moment when we begin to expand on automation options across the ecosystem in more detail. There are various choices people make when selecting tooling that we hope to unpack here, shortly with TERN, and over time with everything from FOSSology to FOSSLight and beyond.

Coming Next:
  • October 27th, we do a deep dive on using TERN via the tool + deep dive into TERN internals engineering.
  • November 10th, we do a “how this tool can work with TERN, ORT and ScanOSS in the real-world.”
  • November 24th, we do a “fake supply chain” showing code going through multiple scanners and maintaining SPDX Lite integrity.
  • December 8th, Facebook Usage Case Study.
  • December 16th, A recap of the whole open source tooling eco-system at Open Compliance Summit 2021.
Seen Previously:


Re: OpenChain Mini-Summit - Reviewing Our Security Assurance Guide - Starts in ~30 minutes via Zoom

 


Thanks Marcel and Chris!

Mark, over to you 😊

On Oct 16, 2021, at 15:01, Marcel (PwC DE) via lists.openchainproject.org <marcel.scholze=pwc.com@...> wrote:


Hello Chris,

Thanks for your efforts with this document!
Please find attached some comments, suggestions and thoughts.
Happy to discuss.

Kind regards
Marcel

Marcel Scholze (DE)
PwC | Director | Open Source Software Services & IT-Sourcing
Phone: +49 69 95851746 | Mobile: +49 151 161 57 049
Email: marcel.scholze@...
PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft
Friedrich-Ebert-Anlage 35-37 | 60327 | Frankfurt a. M. | Germany

Find out about Open Source Software Management: https://www.pwc.de/opensource

At PwC we work flexibly - so while it suits me to email now, I do not expect a response or action outside of your own working hours.

Vorsitzender des Aufsichtsrates: WP StB Dr. Norbert Vogelpoth
Geschäftsführer: WP StB Dr. Ulrich Störk, WP StB Dr. Peter Bartels, Dr. Joachim Englert, WP StB Petra Justenhoven, WP Clemens Koch, StB Marius Möller, WP StB Uwe Rittmann, StB RA Klaus Schmidt, StB CPA Mark Smith
Sitz der Gesellschaft: Frankfurt am Main, Amtsgericht Frankfurt am Main HRB 107858
PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft ist Mitglied von PricewaterhouseCoopers International, einer Company limited by guarantee registriert in England und Wales
Datenschutz: Hinweise zur Datenverarbeitung bei PricewaterhouseCoopers GmbH WPG finden Sie unter Datenschutzhinweise PricewaterhouseCoopers GmbH WPG


On Fri, 15 Oct 2021 at 08:46, Shane Coughlan <scoughlan@...> wrote:
Thank you Chris!

Flagging for Mark (CC) for review.

> On Oct 8, 2021, at 23:50, Christopher Wood <cvw01@...> wrote:
>
> Shane
> I had a few thoughts for consideration so I added them to the OpenChain Security Assurance Guide V1 attached.  I made the additions or suggested changes with the MS Word Tracking mode on so you should be able to see the bars in the left side margin.
>
> Regards
> Chris
>
> On Thursday, September 30, 2021, 03:23:52 PM CDT, Shane Coughlan <scoughlan@...> wrote:
>
>
> All welcome as Mark Gisi leads us through next steps in the security assurance guide for ISO 5230.
> https://zoom.us/j/4377592799
>
> Learn more about the current guide here:
> https://www.openchainproject.org/featured/2021/08/12/openchain-iso-5230-security-assurance-reference-guide-now-available
>
>
>
>
>
> <OpenChainSecurityAssuranceGuide.1.0-2021a_rcw.docx>







Diese Information ist ausschliesslich fuer den Adressaten bestimmt und kann vertrauliche oder gesetzlich geschuetzte Informationen enthalten. Wenn Sie nicht der bestimmungsgemaesse Adressat sind, unterrichten Sie bitte den Absender und vernichten Sie diese Mail. Anderen als dem bestimmungsgemaessen Adressaten ist es untersagt, diese E-Mail zu lesen, zu speichern, weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden. Wir verwenden aktuelle Virenschutzprogramme. Fuer Schaeden, die dem Empfaenger gleichwohl durch von uns zugesandte mit Viren befallene E-Mails entstehen, schliessen wir jede Haftung aus. 
* * * * *
The information contained in this email is intended only for its addressee and may contain confidential and/or privileged information. If the reader of this email is not the intended recipient, you are hereby notified that reading, saving, distribution or use of the content of this email in any way is prohibited. If you have received this email in error, please notify the sender and delete the email. We use updated antivirus protection software. We do not accept any responsibility for damages caused anyhow by viruses transmitted via email.


External Webinar: Hot Topics: Open Source Software Legal Update

 

Tony from GTC Law let me know they plan to have a section on the Executive Order and to discuss OpenChain (also also SPDX) as approaches to meeting that order’s requirements.

Learn more about the webinar registration details here:

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Telco work group meeting 2021-10-21 07:00 UTC

 

Dear all

We hold a telco work group meeting this Thursday the 21st at 07:00 UTC. It will be hosted by Jimmy from Ericsson and all are invited to attend. As he noted:

“We hope to continue our discussion started last time on Software Bill of Material and how we best can create alignment and a voluntary best practice "standard" we can adhere to so that whatever is supplied into, our out of the Telco ecosystem is easily digestible in a predictable manner.”

Dial in here:

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


OpenChain Webinar Today 2021-08-16 @ 14:00 UTC - Postponed due to scheduling change

 

Dear all

Today’s regular bi-weekly webinar is being postponed due to a scheduling conflict.

You are reminder that:

We hold a telco work group meeting this Thursday the 21st at 07:00 UTC.

and

Part #4 of our automation case study will take place on Wednesday the 27th at 14:00 UTC.

Our regular global work team call takes place next Monday the 25th at 14:00 UTC as usual.

All these events are in the global calendar and all are invited to attend without registration or restriction.

Regards

Shane


Re: OpenChain Mini-Summit - Reviewing Our Security Assurance Guide - Starts in ~30 minutes via Zoom

Marcel (PwC DE)
 

Hello Chris,

Thanks for your efforts with this document!
Please find attached some comments, suggestions and thoughts.
Happy to discuss.

Kind regards
Marcel

Marcel Scholze (DE)
PwC | Director | Open Source Software Services & IT-Sourcing
Phone: +49 69 95851746 | Mobile: +49 151 161 57 049
Email: marcel.scholze@...
PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft
Friedrich-Ebert-Anlage 35-37 | 60327 | Frankfurt a. M. | Germany

Find out about Open Source Software Management: https://www.pwc.de/opensource

At PwC we work flexibly - so while it suits me to email now, I do not expect a response or action outside of your own working hours.

Vorsitzender des Aufsichtsrates: WP StB Dr. Norbert Vogelpoth
Geschäftsführer: WP StB Dr. Ulrich Störk, WP StB Dr. Peter Bartels, Dr. Joachim Englert, WP StB Petra Justenhoven, WP Clemens Koch, StB Marius Möller, WP StB Uwe Rittmann, StB RA Klaus Schmidt, StB CPA Mark Smith
Sitz der Gesellschaft: Frankfurt am Main, Amtsgericht Frankfurt am Main HRB 107858
PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft ist Mitglied von PricewaterhouseCoopers International, einer Company limited by guarantee registriert in England und Wales
Datenschutz: Hinweise zur Datenverarbeitung bei PricewaterhouseCoopers GmbH WPG finden Sie unter Datenschutzhinweise PricewaterhouseCoopers GmbH WPG


On Fri, 15 Oct 2021 at 08:46, Shane Coughlan <scoughlan@...> wrote:
Thank you Chris!

Flagging for Mark (CC) for review.

> On Oct 8, 2021, at 23:50, Christopher Wood <cvw01@...> wrote:
>
> Shane
> I had a few thoughts for consideration so I added them to the OpenChain Security Assurance Guide V1 attached.  I made the additions or suggested changes with the MS Word Tracking mode on so you should be able to see the bars in the left side margin.
>
> Regards
> Chris
>
> On Thursday, September 30, 2021, 03:23:52 PM CDT, Shane Coughlan <scoughlan@...> wrote:
>
>
> All welcome as Mark Gisi leads us through next steps in the security assurance guide for ISO 5230.
> https://zoom.us/j/4377592799
>
> Learn more about the current guide here:
> https://www.openchainproject.org/featured/2021/08/12/openchain-iso-5230-security-assurance-reference-guide-now-available
>
>
>
>
>
> <OpenChainSecurityAssuranceGuide.1.0-2021a_rcw.docx>







Diese Information ist ausschliesslich fuer den Adressaten bestimmt und kann vertrauliche oder gesetzlich geschuetzte Informationen enthalten. Wenn Sie nicht der bestimmungsgemaesse Adressat sind, unterrichten Sie bitte den Absender und vernichten Sie diese Mail. Anderen als dem bestimmungsgemaessen Adressaten ist es untersagt, diese E-Mail zu lesen, zu speichern, weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden. Wir verwenden aktuelle Virenschutzprogramme. Fuer Schaeden, die dem Empfaenger gleichwohl durch von uns zugesandte mit Viren befallene E-Mails entstehen, schliessen wir jede Haftung aus. 
* * * * *
The information contained in this email is intended only for its addressee and may contain confidential and/or privileged information. If the reader of this email is not the intended recipient, you are hereby notified that reading, saving, distribution or use of the content of this email in any way is prohibited. If you have received this email in error, please notify the sender and delete the email. We use updated antivirus protection software. We do not accept any responsibility for damages caused anyhow by viruses transmitted via email.


Re: OpenChain Mini-Summit - Reviewing Our Security Assurance Guide - Starts in ~30 minutes via Zoom

Christopher Wood
 

Good morning i am sorry that I missed your review this morning. I dialed into the zoom meeting but there was no connection, then I realzed that it was 1:45 AM when I received the email. Let me know what you thought.
Best Regards
Chris

On Oct 15, 2021, at 1:45 AM, Shane Coughlan <scoughlan@linuxfoundation.org> wrote:

Thank you Chris!

Flagging for Mark (CC) for review.

On Oct 8, 2021, at 23:50, Christopher Wood <cvw01@sbcglobal.net> wrote:

Shane
I had a few thoughts for consideration so I added them to the OpenChain Security Assurance Guide V1 attached. I made the additions or suggested changes with the MS Word Tracking mode on so you should be able to see the bars in the left side margin.

Regards
Chris

On Thursday, September 30, 2021, 03:23:52 PM CDT, Shane Coughlan <scoughlan@linuxfoundation.org> wrote:


All welcome as Mark Gisi leads us through next steps in the security assurance guide for ISO 5230.
https://zoom.us/j/4377592799

Learn more about the current guide here:
https://www.openchainproject.org/featured/2021/08/12/openchain-iso-5230-security-assurance-reference-guide-now-available





<OpenChainSecurityAssuranceGuide.1.0-2021a_rcw.docx>





<OpenChainSecurityAssuranceGuide.1.0-2021a_rcw.docx>


Re: OpenChain Mini-Summit - Reviewing Our Security Assurance Guide - Starts in ~30 minutes via Zoom

 

Thank you Chris!

Flagging for Mark (CC) for review.

On Oct 8, 2021, at 23:50, Christopher Wood <cvw01@sbcglobal.net> wrote:

Shane
I had a few thoughts for consideration so I added them to the OpenChain Security Assurance Guide V1 attached. I made the additions or suggested changes with the MS Word Tracking mode on so you should be able to see the bars in the left side margin.

Regards
Chris

On Thursday, September 30, 2021, 03:23:52 PM CDT, Shane Coughlan <scoughlan@linuxfoundation.org> wrote:


All welcome as Mark Gisi leads us through next steps in the security assurance guide for ISO 5230.
https://zoom.us/j/4377592799

Learn more about the current guide here:
https://www.openchainproject.org/featured/2021/08/12/openchain-iso-5230-security-assurance-reference-guide-now-available





<OpenChainSecurityAssuranceGuide.1.0-2021a_rcw.docx>


REMINDER: Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST

 

Our third automation case study webinar is about to start. Join here:

It will be a pretty special event and include some technical deep-dives as well as examples of easy automation usage. Max will take lead on explaining simplicity in using a GUI to access the Open Source Review Toolkit. Sebastian and Thomas will take us on a deep-dive into the tool itself.

Not to be missed. Dial in details below and on our global calendar.

Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:


REMINDER: Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST

 

Dear all 

This is a reminder that our third automation case study webinar takes place today. It will be a pretty special event and include some technical deep-dives as well as examples of easy automation usage.

Max will take lead on explaining simplicity in using a GUI to access the Open Source Review Toolkit. Sebastian and Thomas will take us on a deep-dive into the tool itself.

Not to be missed. Dial in details below and on our global calendar.

Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


RECORDING: OpenChain Global Webinar 2021-10-12

 

We talk about the Security Assurance Reference Guide (PR to come) and Playbooks (priority for education work group in Q4 2021):
https://www.openchainproject.org/news/2021/10/12/openchain-global-webinar-2021-10-12


REMINDER: Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST

 

Dear all 

This is a reminder that our third automation case study webinar takes place tomorrow. It will be a pretty special event and include some technical deep-dives as well as examples of easy automation usage.

Max will take lead on explaining simplicity in using a GUI to access the Open Source Review Toolkit. Sebastian and Thomas will take us on a deep-dive into the tool itself.

Not to be missed. Dial in details below and on our global calendar.

Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


OpenChain Global Work Team call at 06:00 UTC today (2021-10-12)

 

Our regular bi-weekly work team call will be held in just over two hours (06:00 UTC 2021-10-12). This will probably be a relatively short call focused on activity summary and creating a “shopping list” of things to focus on during Q4.

Join here:
https://zoom.us/j/4377592799

Regards

Shane


RECORDING: OpenChain Webinar #31 - Agile Development

 


RECORDING: Q3 2021 Mini-Summit - Focus: Security Assurance Reference Guide

 

Dear all

The recording of our recent mini-summit is now available. Huge thanks to Mark Gisi for leading the discussion with a focus on our Security Assurance Reference Guide.
https://youtu.be/KBVlcZt4T8c

Please note: this was a face-to-face event with dial-in support. We had some audio issues on the dial-in. The recording has been adjusted to remove sections of blank space and noise.

Regards

Shane


Shane Coughlan
General Manager, OpenChain
e: scoughlan@linuxfoundation.org
p: +81 (0) 80 4035 8083
w: www.linuxfoundation.org

Schedule a call:
https://meetings.hubspot.com/scoughlan


Re: OpenChain Mini-Summit - Reviewing Our Security Assurance Guide - Starts in ~30 minutes via Zoom

Christopher Wood
 

Shane
I had a few thoughts for consideration so I added them to the OpenChain Security Assurance Guide V1 attached.  I made the additions or suggested changes with the MS Word Tracking mode on so you should be able to see the bars in the left side margin.

Regards
Chris

On Thursday, September 30, 2021, 03:23:52 PM CDT, Shane Coughlan <scoughlan@...> wrote:


All welcome as Mark Gisi leads us through next steps in the security assurance guide for ISO 5230.

Learn more about the current guide here:





REMINDER OpenChain Bi-Weekly Webinar - 2021-10-05 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

 

Our regular webinar starts in two minutes.

Today we are talking about 'agile development' with Jan from EACG.

Join Zoom Meeting
https://zoom.us/j/4377592799

Meeting ID: 437 759 2799
One tap mobile
+13017158592,,4377592799# US (Washington DC)
+13126266799,,4377592799# US (Chicago)

Need to confirm your timezone?
OpenChain Bi-Weekly Webinar - 2021-10-05 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


OpenChain Bi-Weekly Webinar - 2021-10-05 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

 

Today we are talking about 'agile development' with Jan from EACG.

Join Zoom Meeting
https://zoom.us/j/4377592799

Meeting ID: 437 759 2799
One tap mobile
+13017158592,,4377592799# US (Washington DC)
+13126266799,,4377592799# US (Chicago)

Need to confirm your timezone?
OpenChain Bi-Weekly Webinar - 2021-10-05 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Re: Shane away from computer October 2nd to October 10th

Jimmy Ahlberg
 

HI Shane, If we could get the Telco workgroup call added to the calendar before then it would be great. If we can find a slot on the 20th-21st that be fantastic. I think this time we prioritise a time that works for EU-JAPAN so that we can get Huawei, as well as our Japanse friends onboard.

BR J

-----Original Message-----
From: main@lists.openchainproject.org <main@lists.openchainproject.org> On Behalf Of Shane Coughlan via lists.openchainproject.org
Sent: den 1 oktober 2021 08:33
To: OpenChain Main <main@lists.openchainproject.org>
Cc: OpenChain Korea <korea-wg@lists.openchainproject.org>; OpenChain Japan <japan-wg@lists.openchainproject.org>; OpenChain Taiwan <taiwan-wg@lists.openchainproject.org>; OpenChain Germany <germany-wg@lists.openchainproject.org>; OpenChain UK <uk-wg@lists.openchainproject.org>; OpenChain Partners <partners@lists.openchainproject.org>; OpenChain India <india-wg@lists.openchainproject.org>; OpenChain Specification <specification@lists.openchainproject.org>
Subject: [openchain] Shane away from computer October 2nd to October 10th

Dear all

I am taking a week of vacation and will be away from email, slack and our other social channels during this time.

Our bi-weekly webinar will take place as usual on Tuesday the 5th of October at 06:00 UTC. Jan Thielscher of EACG will be doing one of our periodic broader topics and covering “agile challenges.” I will host as usual.

I am working on the recording of our mini-summit. We had some issues with the dial-in audio quality. I will put together the best possible version for release on Monday the 11th of October. Kudos to Mark Gisi for hosting a terrific and productive summit in Seattle, and thanks to everyone who contributed and made it a resounding success.

Need me urgently? My cellphone is: +818040358083

See you all later!

Regards

Shane

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Shane away from computer October 2nd to October 10th

 

Dear all

I am taking a week of vacation and will be away from email, slack and our other social channels during this time.

Our bi-weekly webinar will take place as usual on Tuesday the 5th of October at 06:00 UTC. Jan Thielscher of EACG will be doing one of our periodic broader topics and covering “agile challenges.” I will host as usual.

I am working on the recording of our mini-summit. We had some issues with the dial-in audio quality. I will put together the best possible version for release on Monday the 11th of October. Kudos to Mark Gisi for hosting a terrific and productive summit in Seattle, and thanks to everyone who contributed and made it a resounding success.

Need me urgently? My cellphone is: +818040358083

See you all later!

Regards

Shane

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

81 - 100 of 4312