A reminder that we start our SPDX 3.0 overview and explanation webinar in about ten minutes (09:00 CEST / 07:00 UTC / 15:00 CST / 16:00 KST + JST). All welcome here: https://zoom.us/j/4377592799

OpenChain Mini-Summit - Co-Located with Open Source Summit North America - Vancouver The OpenChain Project will host an afternoon mini-summit with a particular focus on:Open source tooling for open

OpenChain Governing Board + Guests: Brown Bag Strategy Lunch Event This will be an informal event for the OpenChain Governing Board and invited guests to discuss strategy items related to the current

OpenChain Webinar #50 - An Overview of SPDX 3.0 09:00 CEST (07:00 UTC) 2023-03-31 Our 50th webinar will feature Alexios Zavras, Chief Open Source Compliance Officer at Intel Corporation and a

Dear all A reminder that our OpenChain Germany Work Group is having a virtual meeting today at 09:00 CEST. It will run until 11:00. All welcome. We will have presentations on tooling, SBOMs and

Dear all There is a printable version of the DIS 18974 self-certification checklist

Yes securitytext.org is for web sites/services, for example https://github.com/.well-known/security.txt SECURITY.* in a code repository typically alongside LICENSE -- though GitHub also looks in a

My 2c's Honestly think that we are starting to overpopulate root project dirs. Not only LICENSE anymore, it goes for a number of files and this needs to have more control that what is today. Just

Is this JUST for web services? The location section focuses on a fixed URL rather than, say, a location within a source repo. But then, I've barely skimmed the document. From:specification@...

Jeff flagged this on our monthly call (2023-03-21) https://securitytxt.org/ It is like LICENSE files but for security. What do you think? Have you heard about this? Useful in your workflow?

OpenChain Webinar #50 - An Overview of SPDX 3.0 Our 50th webinar will feature Alexios Zavras, Chief Open Source Compliance Officer at Intel Corporation and a long-term friend and collaborator around

Our regular monthly meeting continued our work to edit the next generation of our license compliance and security assurance specifications. Our focus this time was on some open issues around the next

Awesome! I think we have a lot of potential new users and - most important - community collaborators in China. I am really looking forward to what we will do together in the coming

Thank you for sharing this event, Shane. I will be there as speaker like you. Of course , I will introduce OpenChain Project in my presentationJ 发件人: main@... [mailto:main@...]代表

The OpenChain Project is delighted to be part of the OSPO Summit held in Beijing during March 2023. You can check out our speech from the event

A reminder that our monthly North America / Asia call is taking place in a five minutes: 2023-03-21 at 09:00 CST / 10:00 KST+JST (01:00 UTC). That will be 18:00 Pacific on the 20th of March for our

Dear All A reminder that our monthly North America / Asia call is taking place tomorrow, 2023-03-21, at 09:00 CST / 10:00 KST+JST (01:00 UTC). That will be 18:00 Pacific on the 20th of March for our

Shane Congratulations to the entire team who contributed to the development of the DIS 18974 Open Source Security Assurance specification. Best Chris

The OpenChain Security Assurance Specification 1.1 is now DIS 18974, OpenChain Security Assurance Specification. This de facto industry standard describes the key requirements of a quality open source

China Electronics Standardization Institute (CESI) is the latest official partner of the OpenChain Project. From today, CESI is offering third-party certification around the standards produced by the