|
Invitation: OpenChain Export Control Work Group - Third Meeting @ Tue Mar 7, 2023 16:00 - 17:00 (CST) (main@lists.openchainproject.org)
|
||||||||||||
|
|
||||||||||||
|
OpenChain Telco Special Interest Group – 2023-02-02 – Recording
Video here: In the February 2nd 2023 call, we reviewed the open pull requests on GitHub. All pull requests except one have been merged, with some modifications. The remaining pull request is about when the SBOM should be created. This needs further discussion. See section 3.7. Please review the current document and provide your comments. Some topics that need review and input:
Several “Verification and reference material” and “Rationale” sections are still empty. Also, we need a good name for the specification. Currently in the document we have:
Best regards, Be Part Of This
|
||||||||||||
|
|
||||||||||||
|
Invitation: OpenChain Monthly Community Call - 09:00 PST (17:00 UTC) ... @ Monthly from 01:00 to 02:00 on the first Tuesday (CST) (main@lists.openchainproject.org)
|
||||||||||||
|
|
||||||||||||
|
Invitation: OpenChain Monthly Community Call - 09:00 PST (17:00 UTC) ... @ Wed Feb 8, 2023 01:00 - 02:00 (CST) (main@lists.openchainproject.org)
|
||||||||||||
|
|
||||||||||||
|
OpenChain Overview Slides – 02-2023
The OpenChain Project has developed a set of overview slides to help you understand and explain our work across the supply chain. Please feel free to download and use these slides, and we also welcome suggestions for improvement.
https://www.openchainproject.org/news/2023/02/01/openchain-overview-slides-02-2023
|
||||||||||||
|
|
||||||||||||
|
OpenChain Newsletter #50 - A monthly summary of the key project news around January 2023
 Newsletter – Issue 50 – January 2023After focusing on rolling news in 2022, the OpenChain Newsletter is back to provide a monthly summary of our work. You can expect an overview of what the OpenChain Project is doing to build trust around license compliance and security in the open source supply chain. You will also find other news directly related to our field. We accept suggestions and ideas. Just mail us at any time. Cool Statistic To Start The Year20% of German companies with over 2,000 employees have already implemented OpenChain ISO/IEC 5230:2020, the International Standard for open source license compliance. Key Project Governance NewsIn Q4 2022 the OpenChain Project elected a new Governing Board Chair (Jimmy Ahlberg of Ericsson) as well as new co-chairs of the Specification Work Group (Helio Chissini de Castro, CARIAD + Chris Wood, Lockheed Martin) and a new chair of the Education Work Group (Nathan Kumagai, Qualcomm). This is all part of an initiative to ensure that the project has sustainable, clear and fair processes for leadership transition to ensure long-term sustainability. Google Announces ISO/IEC 5230:2020 Conformant Program We ended Q4 2022 with some exciting news. Google, an OpenChain Governing Board member and early adopter of the first generation OpenChain standard for open source license compliance, announced formal adoption of ISO/IEC 5230, the International Standard for open source license compliance. Meanwhile, Around Security…We have submitted the OpenChain Security Assurance Specification to the ISO/IEC JTC-1 PAS Transposition Process. We expect it to graduate as an ISO/IEC standard around mid-2023. Security Assurance Specification ConformanceBlackBerry became the first multinational to go whole entity conformant with the OpenChain Security Assurance Specification. They also set a milestone as the first entity to achieve conformance with both OpenChain ISO5230:2020 and the OpenChain Security Assurance Specification 1.1.  That said, the very first company to announce adoption of the OpenChain Security Assurance Specification was Interneuron in the UK. This builds on their previous adoption of OpenChain ISO/IEC 5230:2020, and underlines their continued mission to seek excellence in open source software governance for the British National Health Service.  Security Assurance Specification Gains Additional SupportAt the end of December 2022 we saw some significant announcements regarding support for the OpenChain Security Assurance Specification:  This support continued to grow in January 2023 with an announcement from Bitsea about their new services for customers around adoption.  OpenChain Meetings, Webinars And EventsOur monthly meetings kicked off with next generation specification reviews for North America / Europe and North American / Asia. We are seeing some solid discussion around the open issues on both the license compliance and security specifications. It is recommended to take part in these meetings if you have ideas, suggestions or comments about where you want our standards to go next. We also held a Telco Special Interest Group meeting on the 12th of January and an Education Work Group meeting on the 19th of January. Telco are working on a meta specification about Software Bill of Materials. The Education Work Group is focused on renewal of core material to help people onboard with our standards. Everyone is welcome to join the calls and help out. Want to join our calls? Just check out our global calendar.The global calendar is also a great way to keep track of our webinars. We started the year with a great one: OpenChain Webinar #47 covered OSSelot: The Open Source Curation Database. OSSelot is a new project incubated by OSADL in Germany and promises to be an important part of automation tooling support moving forward. Continuing our program of external collaboration, the OpenChain Project was also part of an external webinar about Applying OpenChain and SBOMs for InnerSource. Our Training Material Continues To Support The MarketIn 2021 and 2022 the OpenChain Education Work Group released online courses in collaboration with LF Training. During January we received some updates providing context for market impact.  Introduction to Open Source License Compliance Management (LFC193) has had 1,209 enrollments and 398 digital completion badges issued with a satisfaction rating of 4.65 out of 5. Implementing Open Source License Compliance Management (LFC194) has had 579 enrollments and 38 digital completion badges issued with a satisfaction rating of 4.55 out of 5. LFC194 has only been out a few months, so we look forward to continued adoption growth in 2023.  It is also noteworthy that Continental Corporation made LFC193 a required course for their software developers from late Q3 2022. This is a concrete example of a company leveraging free resources provided by OpenChain Project and The Linux Foundation to support their open source governance processes. Check Out All Our Previous Newsletters: |
||||||||||||
|
|
||||||||||||
|
Re: Cool metrics about our online courses
Thanks Mary!
toggle quoted messageShow quoted text
Shane Coughlan OpenChain General Manager +818040358083 Book a meeting: https://meetings.hubspot.com/scoughlan
On Jan 27, 2023, at 21:01, Mattran, Mary <mary.mattran@...> wrote:
|
||||||||||||
|
|
||||||||||||
|
Re: Cool metrics about our online courses
We put a wrapper with a very short quiz around it. Finishing the quiz is a marker that the course is finished. We don't ask for certificates. I'm trying to find out from our training department how many people have finished that course (LFC193 with the wrapper).
|
||||||||||||
|
|
||||||||||||
|
Re: Cool metrics about our online courses
Martin Yagi
Dear Mary,
That’s great news and information! May I ask how you track that the training has been completed…do you ask for the completion certificates for example?
Best regards,
Martin.
From: main@... <main@...>
On Behalf Of Mattran, Mary via lists.openchainproject.org
[Edited Message Follows] We made LFC193 a required course for SW Developers. This training requirement was published I think very late Q3. We'll look through the LF courses to see if there is something we can reuse to train people contributing to open source projects.
|
||||||||||||
|
|
||||||||||||
|
Re: Cool metrics about our online courses
We made LFC193 a required course for SW Developers. This training requirement was published I think very late Q3. We'll look through the LF courses to see if there is something we can reuse to train people contributing to open source projects.
|
||||||||||||
|
|
||||||||||||
|
Re: Cool metrics about our online courses
Balakrishna Mukundaraj
Wow, these are awesome metrics! Congratulations to all👍🏻 Thanks, Balakrishna
On Thu, 26 Jan 2023 at 09:51, Shane Coughlan <scoughlan@...> wrote: Flavia at LF Training sent along some cool metrics for our recent online courses. --
Thanks & Regards, Balakrishna
|
||||||||||||
|
|
||||||||||||
|
Cool metrics about our online courses
Flavia at LF Training sent along some cool metrics for our recent online courses.
• LFC193 - 1209 total enrollments (398 digital badges for course completion issued) • LFC194 - 579 total enrollments (138 digital badges for course completion issued) Our ratings are looking pretty good too :) LFC193: 4.6 out of 5 in Q4 2022, 4.65 all time rating LFC194: 4.5 rating in Q4 2022, 4.55 all time rating This puts us in the upper echelon of LF Training courses. Well done everyone involved in the education team! Regards Shane — Shane Coughlan General Manager, OpenChain e: scoughlan@... p: +81 (0) 80 4035 8083 w: www.linuxfoundation.org Schedule a call: https://meetings.hubspot.com/scoughlan
|
||||||||||||
|
|
||||||||||||
|
OpenChain Webinar #47 – OSSelot: The Open Source Curation Database - Recording
Out now: OpenChain Webinar 47 explores the OSSelot Project. Our most popular recent event covers a key request around open source automation for open source compliance: an open, public database supporting SBOM (via SPDX ISO/IEC 5962): https://www.openchainproject.org/featured/2023/01/25/webinar-47
Kudos Open Source Automation Development Lab (OSADL) eG
|
||||||||||||
|
|
||||||||||||
|
Re: STARTING NOW: OpenChain Webinar #47 - OSSelot: The Open Source Curation Database - 08:00 UTC / 09:00 CET / 16:00 CST / 17:00 KST + JST
Christopher Wood
I agree SUSE is awesome nearer real-time Linux.
toggle quoted messageShow quoted text
Cheers Chris
On Jan 25, 2023, at 8:00 PM, Shane Coughlan <scoughlan@...> wrote:
|
||||||||||||
|
|
||||||||||||
|
Re: STARTING NOW: OpenChain Webinar #47 - OSSelot: The Open Source Curation Database - 08:00 UTC / 09:00 CET / 16:00 CST / 17:00 KST + JST
Hi Lubos (and everyone)
toggle quoted messageShow quoted text
The formal news item will be out later, but here is the recording of the webinar: https://youtu.be/Bq8OU9wZkaw It would be super cool if SUSE could assist with the effort. Shane
On Jan 25, 2023, at 22:12, Lubos Kocman via lists.openchainproject.org <lubos.kocman=suse.com@...> wrote:
|
||||||||||||
|
|
||||||||||||
|
Re: STARTING NOW: OpenChain Webinar #47 - OSSelot: The Open Source Curation Database - 08:00 UTC / 09:00 CET / 16:00 CST / 17:00 KST + JST
Absolutely. It’s processing on YouTube now and will be out shortly 👍
toggle quoted messageShow quoted text
Shane Coughlan OpenChain General Manager +818040358083 Book a meeting: https://meetings.hubspot.com/scoughlan
On Jan 24, 2023, at 21:49, Christopher Wood <cvw01@...> wrote:
|
||||||||||||
|
|
||||||||||||
|
Re: STARTING NOW: OpenChain Webinar #47 - OSSelot: The Open Source Curation Database - 08:00 UTC / 09:00 CET / 16:00 CST / 17:00 KST + JST
Lubos Kocman
Good morning
we (SUSE) would highly appreciate the recording as well. I'm having a meeting with our legal tomorrow to see if the collaboration could work. Meanwhile https://www.osselot.org/index.php?s=videos the bottom looks close enough. On Tue, 2023-01-24 at 07:48 -0600, Christopher Wood via lists.openchainproject.org wrote: Good morning Shane-- Best regards Lubos Kocman openSUSE Leap Release Manager
|
||||||||||||
|
|
||||||||||||
|
Re: BlackBerry Announces First North American OpenChain Security Assurance Specification Conformance
Christopher Wood
Congratulations on this achievement demonstrating a commitment to open-source software.
toggle quoted messageShow quoted text
On Jan 24, 2023, at 11:45 AM, Shane Coughlan <scoughlan@...> wrote:
|
||||||||||||
|
|
||||||||||||
|
BlackBerry Announces First North American OpenChain Security Assurance Specification Conformance
BlackBerry Limited (NYSE: BB; TSX: BB) announces adoption of the OpenChain Security Assurance Specification 1.1, creating a series of landmarks in doing so. BlackBerry is the first whole entity to announce conformance, the first conformance in the Americas, the first multinational company conformance, and first entity to achieve conformance with both OpenChain/ISO5230:2020 and OpenChain Security Assurance 1.1 with an OpenChain Partner, OSS Consultants.
Learn more: https://www.openchainproject.org/news/2023/01/24/blackberry-security-assurance-conformance
|
||||||||||||
|
|
||||||||||||
|
Re: STARTING NOW: OpenChain Webinar #47 - OSSelot: The Open Source Curation Database - 08:00 UTC / 09:00 CET / 16:00 CST / 17:00 KST + JST
Christopher Wood
Good morning Shane
toggle quoted messageShow quoted text
Was there a recording made from this meeting that would be available to those of us who were fast asleep in our bunks? Sounds like a great idea. Thanks Chris
On Jan 24, 2023, at 1:59 AM, Shane Coughlan <scoughlan@...> wrote:
|
||||||||||||
|
|
||||||||||||
