Date   

Re: OpenChain Telco Work Group Meeting Today 2021-10-21 at 07:00 UTC / 08:00 BST / 09:00 CEST / 15:00 CST / 16:00 KST + JST

 

Heads up… our meeting starts now.

On Oct 21, 2021, at 8:33, Shane Coughlan <scoughlan@linuxfoundation.org> wrote:

OpenChain Telco Work Group Meeting Today 2021-10-21 at 07:00 UTC / 08:00 BST / 09:00 CEST / 15:00 CST / 16:00 KST + JST

Jimmy from Ericsson will host.
“We hope to continue our discussion started last time on Software Bill of Material and how we best can create alignment and a voluntary best practice "standard" we can adhere to so that whatever is supplied into, our out of the Telco ecosystem is easily digestible in a predictable manner.”

----( Zoom )----
https://zoom.us/j/4377592799


SCANOSS Is The Latest OpenChain Partner

 

SCANOSS is the latest company to announce participation in the OpenChain Project partner program.

“The standards promoted by the OpenChain Project have helped us to converge on a more interoperable SBOM that will further reduce friction in the software supply chain,” says Alan Facey, Chief Disruptor, SCANOSS. “SCANOSS exists to enable companies of all sizes to run a quality open source compliance program without having to rely on commercial vendor tools. Our partnership with OpenChain reinforces our commitment to the open source community and the ‘freedoms’ it embodies.”

Learn More:
https://www.openchainproject.org/news/2021/10/20/scanoss-partner


OpenChain Telco Work Group Meeting Today 2021-10-21 at 07:00 UTC / 08:00 BST / 09:00 CEST / 15:00 CST / 16:00 KST + JST

 

OpenChain Telco Work Group Meeting Today 2021-10-21 at 07:00 UTC / 08:00 BST / 09:00 CEST / 15:00 CST / 16:00 KST + JST

Jimmy from Ericsson will host.
“We hope to continue our discussion started last time on Software Bill of Material and how we best can create alignment and a voluntary best practice "standard" we can adhere to so that whatever is supplied into, our out of the Telco ecosystem is easily digestible in a predictable manner.”

----( Zoom )----
https://zoom.us/j/4377592799


Re: The Eclipse Foundation Announces It Has Achieved OpenChain ISO 5230 Conformance

 

Hi Sebastian!

Eclipse are quite a special case, being the first large development-orientated NGO to adjust their overarching processes to match ISO/IEC 5230 requirements. As you said, it helps to foster an environment where other similar organizations can be inspired to do the same.

Regards

Shane

On Oct 21, 2021, at 2:31, Sebastian Crane <seabass-labrax@gmx.com> wrote:

On Wed, Oct 20, 2021 at 11:11:15AM +0900, Shane Coughlan wrote:
BRUSSELS – October 19, 2021 – The Eclipse Foundation AISBL, a global
community fostering a mature, scalable, and business-friendly
environment for software collaboration and innovation, has announced
that it is the first open source software foundation to confirm that
its open source development and license management processes are
OpenChain ISO 5230 conformant.
Learn More:
https://www.openchainproject.org/featured/2021/10/19/eclipse-foundation-conformance
It's particularly interesting to me to see open source compliance with
the OpenChain specification from a project-centred consortium. From what
I can tell, the Eclipse Foundation are the second non-profit to announce
a OpenChain conformance programme, aren't they? Indeed, they might serve
as inspiration for other non-profits to start such programmes! :)

Best wishes,

Sebastian



Re: The Eclipse Foundation Announces It Has Achieved OpenChain ISO 5230 Conformance

Sebastian Crane
 

On Wed, Oct 20, 2021 at 11:11:15AM +0900, Shane Coughlan wrote:
BRUSSELS – October 19, 2021 – The Eclipse Foundation AISBL, a global
community fostering a mature, scalable, and business-friendly
environment for software collaboration and innovation, has announced
that it is the first open source software foundation to confirm that
its open source development and license management processes are
OpenChain ISO 5230 conformant.

Learn More:
https://www.openchainproject.org/featured/2021/10/19/eclipse-foundation-conformance
It's particularly interesting to me to see open source compliance with
the OpenChain specification from a project-centred consortium. From what
I can tell, the Eclipse Foundation are the second non-profit to announce
a OpenChain conformance programme, aren't they? Indeed, they might serve
as inspiration for other non-profits to start such programmes! :)

Best wishes,

Sebastian


Re: Case Study: Open Source Compliance Automation and Interoperability #3 - Video Now Live

 

Apologies. The link to the recording was down for a few minutes. It is back now:
https://www.openchainproject.org/featured/2021/10/15/automation-case-study-3

On Oct 19, 2021, at 17:12, Shane Coughlan <scoughlan@linuxfoundation.org> wrote:

Part #3 of our epic automation case study explores the Open Source Review Toolkit (ORT) both in the context of the GUI tool from TNG/Facebook and when used on its own.
https://www.openchainproject.org/featured/2021/10/15/automation-case-study-3
This marks the moment when we begin to expand on automation options across the ecosystem in more detail. There are various choices people make when selecting tooling that we hope to unpack here, shortly with TERN, and over time with everything from FOSSology to FOSSLight and beyond.

Coming Next:
• October 27th, we do a deep dive on using TERN via the tool + deep dive into TERN internals engineering.
• November 10th, we do a “how this tool can work with TERN, ORT and ScanOSS in the real-world.”
• November 24th, we do a “fake supply chain” showing code going through multiple scanners and maintaining SPDX Lite integrity.
• December 8th, Facebook Usage Case Study.
• December 16th, A recap of the whole open source tooling eco-system at Open Compliance Summit 2021.
Seen Previously:
• Part #1 explores a new graphical tool from Facebook/TNG to make open source tooling easier to use. Our demo shows ORT calling ScanCode in a clean, simple way. We also discuss how the graphical interface was designed.
• Part #2 explores the engineering behind the new graphical tool from Facebook/TNG that makes open source tooling easier to use.


OpenChain Japan Work Group Meeting #21 – 2021-10-20 16:00~17:00 JST

 

Got a Japan team?

This is happening now:
OpenChain Japan Work Group Meeting #21 – 2021-10-20 16:00~17:00 JST

Venue

Zoom: https://lnkd.in/dd7isumy
Meeting ID: 99975267803

Password

]>guXS~6

Agenda

16:00 -16:02 Opening
16:02 -16:10 Keynote by Shane Coughlan
16:10 -16:20 about OpenChain Japan WG by S.Kato from Panasonic
16:20 -17:00 Case study “Growing Open Source Culture Inside Sony” by K.Sato from Sony
17:00 Closing


The Eclipse Foundation Announces It Has Achieved OpenChain ISO 5230 Conformance

 

BRUSSELS – October 19, 2021 – The Eclipse Foundation AISBL, a global community fostering a mature, scalable, and business-friendly environment for software collaboration and innovation, has announced that it is the first open source software foundation to confirm that its open source development and license management processes are OpenChain ISO 5230 conformant.

Learn More:
https://www.openchainproject.org/featured/2021/10/19/eclipse-foundation-conformance


NEC Announces OpenChain ISO 5230 Conformant Program

 

NEC Corporation, a Fortune 500 company and a leader in the integration of IT and network technologies, is the latest company to announce an OpenChain ISO 5230 Conformant program. This builds on their social values of safety, security, fairness and efficiency to promote a more sustainable world, and underlines a long-standing commitment to excellence in governance.

“NEC is proud to support the international standard for open source license compliance,” says Kimio Suganuma, General Manager of OSS Promotion Center. “It builds on our multi-decade support of open source in business environments. We look forward to continued collaboration with the global governance community, and helping to ensure supply chains are efficient and trustworthy.”

Learn More:
https://www.openchainproject.org/featured/2021/10/19/nec-conformant-program


Case Study: Open Source Compliance Automation and Interoperability #3 - Video Now Live

 

Part #3 of our epic automation case study explores the Open Source Review Toolkit (ORT) both in the context of the GUI tool from TNG/Facebook and when used on its own.
https://www.openchainproject.org/featured/2021/10/15/automation-case-study-3 
This marks the moment when we begin to expand on automation options across the ecosystem in more detail. There are various choices people make when selecting tooling that we hope to unpack here, shortly with TERN, and over time with everything from FOSSology to FOSSLight and beyond.

Coming Next:
  • October 27th, we do a deep dive on using TERN via the tool + deep dive into TERN internals engineering.
  • November 10th, we do a “how this tool can work with TERN, ORT and ScanOSS in the real-world.”
  • November 24th, we do a “fake supply chain” showing code going through multiple scanners and maintaining SPDX Lite integrity.
  • December 8th, Facebook Usage Case Study.
  • December 16th, A recap of the whole open source tooling eco-system at Open Compliance Summit 2021.
Seen Previously:


Re: OpenChain Mini-Summit - Reviewing Our Security Assurance Guide - Starts in ~30 minutes via Zoom

 


Thanks Marcel and Chris!

Mark, over to you 😊

On Oct 16, 2021, at 15:01, Marcel (PwC DE) via lists.openchainproject.org <marcel.scholze=pwc.com@...> wrote:


Hello Chris,

Thanks for your efforts with this document!
Please find attached some comments, suggestions and thoughts.
Happy to discuss.

Kind regards
Marcel

Marcel Scholze (DE)
PwC | Director | Open Source Software Services & IT-Sourcing
Phone: +49 69 95851746 | Mobile: +49 151 161 57 049
Email: marcel.scholze@...
PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft
Friedrich-Ebert-Anlage 35-37 | 60327 | Frankfurt a. M. | Germany

Find out about Open Source Software Management: https://www.pwc.de/opensource

At PwC we work flexibly - so while it suits me to email now, I do not expect a response or action outside of your own working hours.

Vorsitzender des Aufsichtsrates: WP StB Dr. Norbert Vogelpoth
Geschäftsführer: WP StB Dr. Ulrich Störk, WP StB Dr. Peter Bartels, Dr. Joachim Englert, WP StB Petra Justenhoven, WP Clemens Koch, StB Marius Möller, WP StB Uwe Rittmann, StB RA Klaus Schmidt, StB CPA Mark Smith
Sitz der Gesellschaft: Frankfurt am Main, Amtsgericht Frankfurt am Main HRB 107858
PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft ist Mitglied von PricewaterhouseCoopers International, einer Company limited by guarantee registriert in England und Wales
Datenschutz: Hinweise zur Datenverarbeitung bei PricewaterhouseCoopers GmbH WPG finden Sie unter Datenschutzhinweise PricewaterhouseCoopers GmbH WPG


On Fri, 15 Oct 2021 at 08:46, Shane Coughlan <scoughlan@...> wrote:
Thank you Chris!

Flagging for Mark (CC) for review.

> On Oct 8, 2021, at 23:50, Christopher Wood <cvw01@...> wrote:
>
> Shane
> I had a few thoughts for consideration so I added them to the OpenChain Security Assurance Guide V1 attached.  I made the additions or suggested changes with the MS Word Tracking mode on so you should be able to see the bars in the left side margin.
>
> Regards
> Chris
>
> On Thursday, September 30, 2021, 03:23:52 PM CDT, Shane Coughlan <scoughlan@...> wrote:
>
>
> All welcome as Mark Gisi leads us through next steps in the security assurance guide for ISO 5230.
> https://zoom.us/j/4377592799
>
> Learn more about the current guide here:
> https://www.openchainproject.org/featured/2021/08/12/openchain-iso-5230-security-assurance-reference-guide-now-available
>
>
>
>
>
> <OpenChainSecurityAssuranceGuide.1.0-2021a_rcw.docx>







Diese Information ist ausschliesslich fuer den Adressaten bestimmt und kann vertrauliche oder gesetzlich geschuetzte Informationen enthalten. Wenn Sie nicht der bestimmungsgemaesse Adressat sind, unterrichten Sie bitte den Absender und vernichten Sie diese Mail. Anderen als dem bestimmungsgemaessen Adressaten ist es untersagt, diese E-Mail zu lesen, zu speichern, weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden. Wir verwenden aktuelle Virenschutzprogramme. Fuer Schaeden, die dem Empfaenger gleichwohl durch von uns zugesandte mit Viren befallene E-Mails entstehen, schliessen wir jede Haftung aus. 
* * * * *
The information contained in this email is intended only for its addressee and may contain confidential and/or privileged information. If the reader of this email is not the intended recipient, you are hereby notified that reading, saving, distribution or use of the content of this email in any way is prohibited. If you have received this email in error, please notify the sender and delete the email. We use updated antivirus protection software. We do not accept any responsibility for damages caused anyhow by viruses transmitted via email.


External Webinar: Hot Topics: Open Source Software Legal Update

 

Tony from GTC Law let me know they plan to have a section on the Executive Order and to discuss OpenChain (also also SPDX) as approaches to meeting that order’s requirements.

Learn more about the webinar registration details here:

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Telco work group meeting 2021-10-21 07:00 UTC

 

Dear all

We hold a telco work group meeting this Thursday the 21st at 07:00 UTC. It will be hosted by Jimmy from Ericsson and all are invited to attend. As he noted:

“We hope to continue our discussion started last time on Software Bill of Material and how we best can create alignment and a voluntary best practice "standard" we can adhere to so that whatever is supplied into, our out of the Telco ecosystem is easily digestible in a predictable manner.”

Dial in here:

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


OpenChain Webinar Today 2021-08-16 @ 14:00 UTC - Postponed due to scheduling change

 

Dear all

Today’s regular bi-weekly webinar is being postponed due to a scheduling conflict.

You are reminder that:

We hold a telco work group meeting this Thursday the 21st at 07:00 UTC.

and

Part #4 of our automation case study will take place on Wednesday the 27th at 14:00 UTC.

Our regular global work team call takes place next Monday the 25th at 14:00 UTC as usual.

All these events are in the global calendar and all are invited to attend without registration or restriction.

Regards

Shane


Re: OpenChain Mini-Summit - Reviewing Our Security Assurance Guide - Starts in ~30 minutes via Zoom

Marcel (PwC DE)
 

Hello Chris,

Thanks for your efforts with this document!
Please find attached some comments, suggestions and thoughts.
Happy to discuss.

Kind regards
Marcel

Marcel Scholze (DE)
PwC | Director | Open Source Software Services & IT-Sourcing
Phone: +49 69 95851746 | Mobile: +49 151 161 57 049
Email: marcel.scholze@...
PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft
Friedrich-Ebert-Anlage 35-37 | 60327 | Frankfurt a. M. | Germany

Find out about Open Source Software Management: https://www.pwc.de/opensource

At PwC we work flexibly - so while it suits me to email now, I do not expect a response or action outside of your own working hours.

Vorsitzender des Aufsichtsrates: WP StB Dr. Norbert Vogelpoth
Geschäftsführer: WP StB Dr. Ulrich Störk, WP StB Dr. Peter Bartels, Dr. Joachim Englert, WP StB Petra Justenhoven, WP Clemens Koch, StB Marius Möller, WP StB Uwe Rittmann, StB RA Klaus Schmidt, StB CPA Mark Smith
Sitz der Gesellschaft: Frankfurt am Main, Amtsgericht Frankfurt am Main HRB 107858
PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft ist Mitglied von PricewaterhouseCoopers International, einer Company limited by guarantee registriert in England und Wales
Datenschutz: Hinweise zur Datenverarbeitung bei PricewaterhouseCoopers GmbH WPG finden Sie unter Datenschutzhinweise PricewaterhouseCoopers GmbH WPG


On Fri, 15 Oct 2021 at 08:46, Shane Coughlan <scoughlan@...> wrote:
Thank you Chris!

Flagging for Mark (CC) for review.

> On Oct 8, 2021, at 23:50, Christopher Wood <cvw01@...> wrote:
>
> Shane
> I had a few thoughts for consideration so I added them to the OpenChain Security Assurance Guide V1 attached.  I made the additions or suggested changes with the MS Word Tracking mode on so you should be able to see the bars in the left side margin.
>
> Regards
> Chris
>
> On Thursday, September 30, 2021, 03:23:52 PM CDT, Shane Coughlan <scoughlan@...> wrote:
>
>
> All welcome as Mark Gisi leads us through next steps in the security assurance guide for ISO 5230.
> https://zoom.us/j/4377592799
>
> Learn more about the current guide here:
> https://www.openchainproject.org/featured/2021/08/12/openchain-iso-5230-security-assurance-reference-guide-now-available
>
>
>
>
>
> <OpenChainSecurityAssuranceGuide.1.0-2021a_rcw.docx>







Diese Information ist ausschliesslich fuer den Adressaten bestimmt und kann vertrauliche oder gesetzlich geschuetzte Informationen enthalten. Wenn Sie nicht der bestimmungsgemaesse Adressat sind, unterrichten Sie bitte den Absender und vernichten Sie diese Mail. Anderen als dem bestimmungsgemaessen Adressaten ist es untersagt, diese E-Mail zu lesen, zu speichern, weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden. Wir verwenden aktuelle Virenschutzprogramme. Fuer Schaeden, die dem Empfaenger gleichwohl durch von uns zugesandte mit Viren befallene E-Mails entstehen, schliessen wir jede Haftung aus. 
* * * * *
The information contained in this email is intended only for its addressee and may contain confidential and/or privileged information. If the reader of this email is not the intended recipient, you are hereby notified that reading, saving, distribution or use of the content of this email in any way is prohibited. If you have received this email in error, please notify the sender and delete the email. We use updated antivirus protection software. We do not accept any responsibility for damages caused anyhow by viruses transmitted via email.


Re: OpenChain Mini-Summit - Reviewing Our Security Assurance Guide - Starts in ~30 minutes via Zoom

Christopher Wood
 

Good morning i am sorry that I missed your review this morning. I dialed into the zoom meeting but there was no connection, then I realzed that it was 1:45 AM when I received the email. Let me know what you thought.
Best Regards
Chris

On Oct 15, 2021, at 1:45 AM, Shane Coughlan <scoughlan@linuxfoundation.org> wrote:

Thank you Chris!

Flagging for Mark (CC) for review.

On Oct 8, 2021, at 23:50, Christopher Wood <cvw01@sbcglobal.net> wrote:

Shane
I had a few thoughts for consideration so I added them to the OpenChain Security Assurance Guide V1 attached. I made the additions or suggested changes with the MS Word Tracking mode on so you should be able to see the bars in the left side margin.

Regards
Chris

On Thursday, September 30, 2021, 03:23:52 PM CDT, Shane Coughlan <scoughlan@linuxfoundation.org> wrote:


All welcome as Mark Gisi leads us through next steps in the security assurance guide for ISO 5230.
https://zoom.us/j/4377592799

Learn more about the current guide here:
https://www.openchainproject.org/featured/2021/08/12/openchain-iso-5230-security-assurance-reference-guide-now-available





<OpenChainSecurityAssuranceGuide.1.0-2021a_rcw.docx>





<OpenChainSecurityAssuranceGuide.1.0-2021a_rcw.docx>


Re: OpenChain Mini-Summit - Reviewing Our Security Assurance Guide - Starts in ~30 minutes via Zoom

 

Thank you Chris!

Flagging for Mark (CC) for review.

On Oct 8, 2021, at 23:50, Christopher Wood <cvw01@sbcglobal.net> wrote:

Shane
I had a few thoughts for consideration so I added them to the OpenChain Security Assurance Guide V1 attached. I made the additions or suggested changes with the MS Word Tracking mode on so you should be able to see the bars in the left side margin.

Regards
Chris

On Thursday, September 30, 2021, 03:23:52 PM CDT, Shane Coughlan <scoughlan@linuxfoundation.org> wrote:


All welcome as Mark Gisi leads us through next steps in the security assurance guide for ISO 5230.
https://zoom.us/j/4377592799

Learn more about the current guide here:
https://www.openchainproject.org/featured/2021/08/12/openchain-iso-5230-security-assurance-reference-guide-now-available





<OpenChainSecurityAssuranceGuide.1.0-2021a_rcw.docx>


REMINDER: Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST

 

Our third automation case study webinar is about to start. Join here:

It will be a pretty special event and include some technical deep-dives as well as examples of easy automation usage. Max will take lead on explaining simplicity in using a GUI to access the Open Source Review Toolkit. Sebastian and Thomas will take us on a deep-dive into the tool itself.

Not to be missed. Dial in details below and on our global calendar.

Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:


REMINDER: Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST

 

Dear all 

This is a reminder that our third automation case study webinar takes place today. It will be a pretty special event and include some technical deep-dives as well as examples of easy automation usage.

Max will take lead on explaining simplicity in using a GUI to access the Open Source Review Toolkit. Sebastian and Thomas will take us on a deep-dive into the tool itself.

Not to be missed. Dial in details below and on our global calendar.

Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


RECORDING: OpenChain Global Webinar 2021-10-12

 

We talk about the Security Assurance Reference Guide (PR to come) and Playbooks (priority for education work group in Q4 2021):
https://www.openchainproject.org/news/2021/10/12/openchain-global-webinar-2021-10-12

1 - 20 of 4241