Date   

Re: Direct or indirect supplier?

Carlo Piana
 

----- Original Message -----
From: "Dirk Riehle" <dirk@riehle.org>
To: "main@lists.openchainproject.org" <main@lists.openchainproject.org>
Sent: Thursday, 1 July, 2021 13:26:51
Subject: [openchain] Direct or indirect supplier?
Hi,

Germany has a new law about diligence in the supply chain, basically to watch
out that no supplier violates human rights.

We like to talk about open source projects being suppliers, but I'm not sure
that legally speaking this is true.

As a consequence, what is the relationship between a company contributing to
an open source project with the company using it? Is that a direct supplier
relationship? An indirect one? None at all?

Thanks, Dirk
Dirk,

I guess a German Lawyer should reply.

In general terms, as I have been pondering it on other accounts, I would suggest that making FOSS generally available does not qualify as a supplier relationship. One needs to have a development agreement or a support agreement for that. This could also include developing FOSS to be given at large.

Just my two eurocents.

Cheers

Carlo


Direct or indirect supplier?

Dirk Riehle
 

Hi,

Germany has a new law about diligence in the supply chain, basically to watch out that no supplier violates human rights.

We like to talk about open source projects being suppliers, but I'm not sure that legally speaking this is true.

As a consequence, what is the relationship between a company contributing to an open source project with the company using it? Is that a direct supplier relationship? An indirect one? None at all?

Thanks, Dirk

--
Confused about open source?
Get clarity through https://bayave.com/training
--
Website: https://dirkriehle.com - Twitter: @dirkriehle
Ph (DE): +49-157-8153-4150 - Ph (US): +1-650-450-8550


OpenChain Korea Work Group Meeting #10 - Full Recording

 

You can find all the sections of the event carefully edited by Soim right here:
https://openchain-project.github.io/OpenChain-KWG/en/meeting/10th/


Re: Root of competence

Martin Yagi
 

Hi Steve,

 

That’s a great question, and thinking about it, I’d be in a similar position if I was looking for formal compliance.

 

I’d also add “designed/wrote the Company Open Source Policy and Procedures” as evidence for my own competence (I wrote the policy, so I decide what is ok!). I also have talked about Open Source Compliance at Intellectual Property conferences.

 

It would be good to know others’ thoughts on this bootstrapping. 😉

 

Best regards,

 

Martin Yagi

Intellectual Property Manager|

 

 

From: main@... <main@...> On Behalf Of Steve Kilbane via lists.openchainproject.org
Sent: 29 June 2021 08:52
To: main@...
Subject: Re: [openchain] Root of competence

 

Thanks, Martin. In that context, your comments make sense.

 

I'm specifically looking for a starting point: assuming no-one in the org has any formal/external training yet, how does one show competence for the *first* trainer in the org, the one who would then be providing training to the others in the org?

 

It could be argued that working through the OpenChain curriculum and adapting it to the local org's needs is equivalent to receiving that training, but I don't want to start out with a flawed assumption. And while it would have been necessary in the past to say "my years of personal experience are sufficient" because there wasn't any alternative, I don't know that that's good enough now. Hence taking the temperature of the group.

 

steve

 

From: main@... <main@...> On Behalf Of Martin Yagi
Sent: 29 June 2021 08:25
To: main@...
Subject: Re: [openchain] Root of competence

 

[External]

 

Dear all,

 

I may have misunderstood the original question, my comment was around “training the trainers” and/or keeping the “experts” up to date. I don’t think there is much formal training available for that purpose and would certainly welcome any other thoughts in this area.

 

In terms of general training, I use some LinkedIn Learning modules (because as a company we currently have licenses) and some OpenChain reference materials. I supplement both of these with more targeted examples, use-cases, anecdotes, company specific terms&procedures, etc.

 

I would recommend using the above materials, to make something bite sized and utilising all modern methods of delivery (i.e. videos, quizes) if available virtually. The OpenChain Reference Training sub-group is making great progress towards improved materials.

 

Best regards,

 

Martin Yagi

Intellectual Property Manager|

 

 

From: main@... <main@...> On Behalf Of Steve Kilbane via lists.openchainproject.org
Sent: 29 June 2021 08:06
To: main@...
Subject: Re: [openchain] Root of competence

 

Thanks, Christopher,

 

> Several of the open source organizations, including OpenChain have published training curriculum or materials

> that would provide a peer-reviewed foundational knowledge which when combined with individual experience would

> provide evidence that you meet technical criteria. 

 

As noted, I'd probably base our own training on the OpenChain materials. Can you be specific about the other materials you mention?

 

Thanks,

 

steve

 

From: main@... <main@...> On Behalf Of Christopher Wood
Sent: 24 June 2021 19:39
To:
main@...
Subject: Re: [openchain] Root of competence

 

[External]

 

Steve

My observation based on 20+ years in this space is that training by a recognized organization using a designed curriculum is far better than just going to meetings and attending conferences.  Most individuals would have some (or great) difficulty in sifting the wheat from the chaff (opinions and not necessarily facts) offered by the various presenters in this complex and evolving field.  Several of the open source organizations, including OpenChain have published training curriculum or materials that would provide a peer-reviewed foundational knowledge which when combined with individual experience would provide evidence that you meet technical criteria.  Some of the Software Composition Analysis (SCA) vendors do offer "auditing" training on their tools where a certification that you have completed the training is provided (if you want to be  the go-to person in your organization).

These are my thoughts and do not reflect the positions of anyone else.

Best Regards

Chris Wood PhD CISSP

On Thursday, June 24, 2021, 10:21:09 AM CDT, Martin Yagi <martin.yagi@...> wrote:

 

 

Dear Steve,

 

I count my ongoing “training” as attending webinars, industry events, etc.

 

Best regards,

 

Martin Yagi

Intellectual Property Manager|

 

 

From: main@... <main@...> On Behalf Of Steve Kilbane via lists.openchainproject.org
Sent: 24 June 2021 16:18
To:
main@...
Subject: [openchain] Root of competence

 

Hi all,

 

One of the key points in OpenChain is that program participants are trained in order to have sufficient competency for their role. In my org, I'd probably be one of the key trainers, and would likely be developing the courses (most likely based on the great work going on in the education team). But I haven't had training – just years to the grindstone in an organically-growing compliance team. How's this normally handled? Is it just recognised that someone is the local expert, or is it necessary/recommended that I'd get external training in order to be able to self-certify as competent before spreading the Word to the rest of the org? If the latter, recommendations gratefully accepted…

 

Thanks,

 

steve

 

 
   First Light Fusion Ltd.
   p: 01865 807 670
   a: Unit 10, Oxford Industrial Park, Mead Road, Yarnton, Kidlington, Oxford, OX5 1QU

    

This email and any attachments are confidential. Find more legal information here.

 
   First Light Fusion Ltd.
   p: 01865 807 670
   a: Unit 10, Oxford Industrial Park, Mead Road, Yarnton, Kidlington, Oxford, OX5 1QU

    

This email and any attachments are confidential. Find more legal information here.

 
  
First Light Fusion Ltd.
   p: 01865 807 670
   a: Unit 10, Oxford Industrial Park, Mead Road, Yarnton, Kidlington, Oxford, OX5 1QU

    

This email and any attachments are confidential. Find more legal information here.


Re: Root of competence

Steve Kilbane
 

Thanks, Martin. In that context, your comments make sense.

 

I'm specifically looking for a starting point: assuming no-one in the org has any formal/external training yet, how does one show competence for the *first* trainer in the org, the one who would then be providing training to the others in the org?

 

It could be argued that working through the OpenChain curriculum and adapting it to the local org's needs is equivalent to receiving that training, but I don't want to start out with a flawed assumption. And while it would have been necessary in the past to say "my years of personal experience are sufficient" because there wasn't any alternative, I don't know that that's good enough now. Hence taking the temperature of the group.

 

steve

 

From: main@... <main@...> On Behalf Of Martin Yagi
Sent: 29 June 2021 08:25
To: main@...
Subject: Re: [openchain] Root of competence

 

[External]

 

Dear all,

 

I may have misunderstood the original question, my comment was around “training the trainers” and/or keeping the “experts” up to date. I don’t think there is much formal training available for that purpose and would certainly welcome any other thoughts in this area.

 

In terms of general training, I use some LinkedIn Learning modules (because as a company we currently have licenses) and some OpenChain reference materials. I supplement both of these with more targeted examples, use-cases, anecdotes, company specific terms&procedures, etc.

 

I would recommend using the above materials, to make something bite sized and utilising all modern methods of delivery (i.e. videos, quizes) if available virtually. The OpenChain Reference Training sub-group is making great progress towards improved materials.

 

Best regards,

 

Martin Yagi

Intellectual Property Manager|

 

 

From: main@... <main@...> On Behalf Of Steve Kilbane via lists.openchainproject.org
Sent: 29 June 2021 08:06
To: main@...
Subject: Re: [openchain] Root of competence

 

Thanks, Christopher,

 

> Several of the open source organizations, including OpenChain have published training curriculum or materials

> that would provide a peer-reviewed foundational knowledge which when combined with individual experience would

> provide evidence that you meet technical criteria. 

 

As noted, I'd probably base our own training on the OpenChain materials. Can you be specific about the other materials you mention?

 

Thanks,

 

steve

 

From: main@... <main@...> On Behalf Of Christopher Wood
Sent: 24 June 2021 19:39
To:
main@...
Subject: Re: [openchain] Root of competence

 

[External]

 

Steve

My observation based on 20+ years in this space is that training by a recognized organization using a designed curriculum is far better than just going to meetings and attending conferences.  Most individuals would have some (or great) difficulty in sifting the wheat from the chaff (opinions and not necessarily facts) offered by the various presenters in this complex and evolving field.  Several of the open source organizations, including OpenChain have published training curriculum or materials that would provide a peer-reviewed foundational knowledge which when combined with individual experience would provide evidence that you meet technical criteria.  Some of the Software Composition Analysis (SCA) vendors do offer "auditing" training on their tools where a certification that you have completed the training is provided (if you want to be  the go-to person in your organization).

These are my thoughts and do not reflect the positions of anyone else.

Best Regards

Chris Wood PhD CISSP

On Thursday, June 24, 2021, 10:21:09 AM CDT, Martin Yagi <martin.yagi@...> wrote:

 

 

Dear Steve,

 

I count my ongoing “training” as attending webinars, industry events, etc.

 

Best regards,

 

Martin Yagi

Intellectual Property Manager|

 

 

From: main@... <main@...> On Behalf Of Steve Kilbane via lists.openchainproject.org
Sent: 24 June 2021 16:18
To:
main@...
Subject: [openchain] Root of competence

 

Hi all,

 

One of the key points in OpenChain is that program participants are trained in order to have sufficient competency for their role. In my org, I'd probably be one of the key trainers, and would likely be developing the courses (most likely based on the great work going on in the education team). But I haven't had training – just years to the grindstone in an organically-growing compliance team. How's this normally handled? Is it just recognised that someone is the local expert, or is it necessary/recommended that I'd get external training in order to be able to self-certify as competent before spreading the Word to the rest of the org? If the latter, recommendations gratefully accepted…

 

Thanks,

 

steve

 

 
   First Light Fusion Ltd.
   p: 01865 807 670
   a: Unit 10, Oxford Industrial Park, Mead Road, Yarnton, Kidlington, Oxford, OX5 1QU

    

This email and any attachments are confidential. Find more legal information here.

 
   First Light Fusion Ltd.
   p: 01865 807 670
   a: Unit 10, Oxford Industrial Park, Mead Road, Yarnton, Kidlington, Oxford, OX5 1QU

    

This email and any attachments are confidential. Find more legal information here.


Re: Root of competence

Martin Yagi
 

Dear all,

 

I may have misunderstood the original question, my comment was around “training the trainers” and/or keeping the “experts” up to date. I don’t think there is much formal training available for that purpose and would certainly welcome any other thoughts in this area.

 

In terms of general training, I use some LinkedIn Learning modules (because as a company we currently have licenses) and some OpenChain reference materials. I supplement both of these with more targeted examples, use-cases, anecdotes, company specific terms&procedures, etc.

 

I would recommend using the above materials, to make something bite sized and utilising all modern methods of delivery (i.e. videos, quizes) if available virtually. The OpenChain Reference Training sub-group is making great progress towards improved materials.

 

Best regards,

 

Martin Yagi

Intellectual Property Manager|

 

 

From: main@... <main@...> On Behalf Of Steve Kilbane via lists.openchainproject.org
Sent: 29 June 2021 08:06
To: main@...
Subject: Re: [openchain] Root of competence

 

Thanks, Christopher,

 

> Several of the open source organizations, including OpenChain have published training curriculum or materials

> that would provide a peer-reviewed foundational knowledge which when combined with individual experience would

> provide evidence that you meet technical criteria. 

 

As noted, I'd probably base our own training on the OpenChain materials. Can you be specific about the other materials you mention?

 

Thanks,

 

steve

 

From: main@... <main@...> On Behalf Of Christopher Wood
Sent: 24 June 2021 19:39
To:
main@...
Subject: Re: [openchain] Root of competence

 

[External]

 

Steve

My observation based on 20+ years in this space is that training by a recognized organization using a designed curriculum is far better than just going to meetings and attending conferences.  Most individuals would have some (or great) difficulty in sifting the wheat from the chaff (opinions and not necessarily facts) offered by the various presenters in this complex and evolving field.  Several of the open source organizations, including OpenChain have published training curriculum or materials that would provide a peer-reviewed foundational knowledge which when combined with individual experience would provide evidence that you meet technical criteria.  Some of the Software Composition Analysis (SCA) vendors do offer "auditing" training on their tools where a certification that you have completed the training is provided (if you want to be  the go-to person in your organization).

These are my thoughts and do not reflect the positions of anyone else.

Best Regards

Chris Wood PhD CISSP

On Thursday, June 24, 2021, 10:21:09 AM CDT, Martin Yagi <martin.yagi@...> wrote:

 

 

Dear Steve,

 

I count my ongoing “training” as attending webinars, industry events, etc.

 

Best regards,

 

Martin Yagi

Intellectual Property Manager|

 

 

From: main@... <main@...> On Behalf Of Steve Kilbane via lists.openchainproject.org
Sent: 24 June 2021 16:18
To:
main@...
Subject: [openchain] Root of competence

 

Hi all,

 

One of the key points in OpenChain is that program participants are trained in order to have sufficient competency for their role. In my org, I'd probably be one of the key trainers, and would likely be developing the courses (most likely based on the great work going on in the education team). But I haven't had training – just years to the grindstone in an organically-growing compliance team. How's this normally handled? Is it just recognised that someone is the local expert, or is it necessary/recommended that I'd get external training in order to be able to self-certify as competent before spreading the Word to the rest of the org? If the latter, recommendations gratefully accepted…

 

Thanks,

 

steve

 

 
   First Light Fusion Ltd.
   p: 01865 807 670
   a: Unit 10, Oxford Industrial Park, Mead Road, Yarnton, Kidlington, Oxford, OX5 1QU

    

This email and any attachments are confidential. Find more legal information here.

 
  
First Light Fusion Ltd.
   p: 01865 807 670
   a: Unit 10, Oxford Industrial Park, Mead Road, Yarnton, Kidlington, Oxford, OX5 1QU

    

This email and any attachments are confidential. Find more legal information here.


Re: Root of competence

Steve Kilbane
 

Thanks, Christopher,

 

> Several of the open source organizations, including OpenChain have published training curriculum or materials

> that would provide a peer-reviewed foundational knowledge which when combined with individual experience would

> provide evidence that you meet technical criteria. 

 

As noted, I'd probably base our own training on the OpenChain materials. Can you be specific about the other materials you mention?

 

Thanks,

 

steve

 

From: main@... <main@...> On Behalf Of Christopher Wood
Sent: 24 June 2021 19:39
To: main@...
Subject: Re: [openchain] Root of competence

 

[External]

 

Steve

My observation based on 20+ years in this space is that training by a recognized organization using a designed curriculum is far better than just going to meetings and attending conferences.  Most individuals would have some (or great) difficulty in sifting the wheat from the chaff (opinions and not necessarily facts) offered by the various presenters in this complex and evolving field.  Several of the open source organizations, including OpenChain have published training curriculum or materials that would provide a peer-reviewed foundational knowledge which when combined with individual experience would provide evidence that you meet technical criteria.  Some of the Software Composition Analysis (SCA) vendors do offer "auditing" training on their tools where a certification that you have completed the training is provided (if you want to be  the go-to person in your organization).

These are my thoughts and do not reflect the positions of anyone else.

Best Regards

Chris Wood PhD CISSP

On Thursday, June 24, 2021, 10:21:09 AM CDT, Martin Yagi <martin.yagi@...> wrote:

 

 

Dear Steve,

 

I count my ongoing “training” as attending webinars, industry events, etc.

 

Best regards,

 

Martin Yagi

Intellectual Property Manager|

 

 

From: main@... <main@...> On Behalf Of Steve Kilbane via lists.openchainproject.org
Sent: 24 June 2021 16:18
To: main@...
Subject: [openchain] Root of competence

 

Hi all,

 

One of the key points in OpenChain is that program participants are trained in order to have sufficient competency for their role. In my org, I'd probably be one of the key trainers, and would likely be developing the courses (most likely based on the great work going on in the education team). But I haven't had training – just years to the grindstone in an organically-growing compliance team. How's this normally handled? Is it just recognised that someone is the local expert, or is it necessary/recommended that I'd get external training in order to be able to self-certify as competent before spreading the Word to the rest of the org? If the latter, recommendations gratefully accepted…

 

Thanks,

 

steve

 

 
   First Light Fusion Ltd.
   p: 01865 807 670
   a: Unit 10, Oxford Industrial Park, Mead Road, Yarnton, Kidlington, Oxford, OX5 1QU

    

This email and any attachments are confidential. Find more legal information here.


OpenChain Fourth Monday Work Team Call - 2021-06-28 - 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST

 

This will be a talk through and vote on where OpenChain goes next

All welcome. No registration.
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

Want to confirm your timezone?
2021-06-21 - 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


SBOM Readiness Survey

Jennifer McGinnis <jmcginnis@...>
 

Hello OpenChain,

The Linux Foundation's SBOM Readiness Survey has just been announced on their blog and social media channels. This is a major, important new initiative for the Linux Foundation.

Please take a few moments to read more about it and complete it if possible:



Thank you!




--
Jenni McGinnis
Projects Coordinator | The Linux Foundation
Assisting with RISC-V International, OpenChain, TARS, & OpenFabrics Alliance


Re: Root of competence

Christopher Wood
 

Steve
My observation based on 20+ years in this space is that training by a recognized organization using a designed curriculum is far better than just going to meetings and attending conferences.  Most individuals would have some (or great) difficulty in sifting the wheat from the chaff (opinions and not necessarily facts) offered by the various presenters in this complex and evolving field.  Several of the open source organizations, including OpenChain have published training curriculum or materials that would provide a peer-reviewed foundational knowledge which when combined with individual experience would provide evidence that you meet technical criteria.  Some of the Software Composition Analysis (SCA) vendors do offer "auditing" training on their tools where a certification that you have completed the training is provided (if you want to be  the go-to person in your organization).
These are my thoughts and do not reflect the positions of anyone else.
Best Regards
Chris Wood PhD CISSP

On Thursday, June 24, 2021, 10:21:09 AM CDT, Martin Yagi <martin.yagi@...> wrote:


Dear Steve,

 

I count my ongoing “training” as attending webinars, industry events, etc.

 

Best regards,

 

Martin Yagi

Intellectual Property Manager|

 

 

From: main@... <main@...> On Behalf Of Steve Kilbane via lists.openchainproject.org
Sent: 24 June 2021 16:18
To: main@...
Subject: [openchain] Root of competence

 

Hi all,

 

One of the key points in OpenChain is that program participants are trained in order to have sufficient competency for their role. In my org, I'd probably be one of the key trainers, and would likely be developing the courses (most likely based on the great work going on in the education team). But I haven't had training – just years to the grindstone in an organically-growing compliance team. How's this normally handled? Is it just recognised that someone is the local expert, or is it necessary/recommended that I'd get external training in order to be able to self-certify as competent before spreading the Word to the rest of the org? If the latter, recommendations gratefully accepted…

 

Thanks,

 

steve

 

 
  
First Light Fusion Ltd.
   p: 01865 807 670
   a: Unit 10, Oxford Industrial Park, Mead Road, Yarnton, Kidlington, Oxford, OX5 1QU

    

This email and any attachments are confidential. Find more legal information here.


Re: Root of competence

Martin Yagi
 

Dear Steve,

 

I count my ongoing “training” as attending webinars, industry events, etc.

 

Best regards,

 

Martin Yagi

Intellectual Property Manager|

 

 

From: main@... <main@...> On Behalf Of Steve Kilbane via lists.openchainproject.org
Sent: 24 June 2021 16:18
To: main@...
Subject: [openchain] Root of competence

 

Hi all,

 

One of the key points in OpenChain is that program participants are trained in order to have sufficient competency for their role. In my org, I'd probably be one of the key trainers, and would likely be developing the courses (most likely based on the great work going on in the education team). But I haven't had training – just years to the grindstone in an organically-growing compliance team. How's this normally handled? Is it just recognised that someone is the local expert, or is it necessary/recommended that I'd get external training in order to be able to self-certify as competent before spreading the Word to the rest of the org? If the latter, recommendations gratefully accepted…

 

Thanks,

 

steve

 

 
  
First Light Fusion Ltd.
   p: 01865 807 670
   a: Unit 10, Oxford Industrial Park, Mead Road, Yarnton, Kidlington, Oxford, OX5 1QU

    

This email and any attachments are confidential. Find more legal information here.


Root of competence

Steve Kilbane
 

Hi all,

 

One of the key points in OpenChain is that program participants are trained in order to have sufficient competency for their role. In my org, I'd probably be one of the key trainers, and would likely be developing the courses (most likely based on the great work going on in the education team). But I haven't had training – just years to the grindstone in an organically-growing compliance team. How's this normally handled? Is it just recognised that someone is the local expert, or is it necessary/recommended that I'd get external training in order to be able to self-certify as competent before spreading the Word to the rest of the org? If the latter, recommendations gratefully accepted…

 

Thanks,

 

steve

 


Webinar #25 – Compliance Around Old Development Projects + ISO 5230 in Software Quality Management - Full Recording

 

Our 25th Webinar saw two great talks and a very active Q&A. First we had Dr. Till Jaeger from JBB Rechtsanwälte on ‘How to bring an ancient development project into compliance best practices.’ This was followed by Nicole Pappler from AlektoMetis ‘OpenChain ISO 5230 and Software Quality Management.’ Check out the full recording below.
https://www.openchainproject.org/featured/2021/06/23/webinar-25


Please Participate in the TODO Group 2021 State of OSPO Survey

 

Hey everyone, it’s time to do the OSPO Survey. Links below.




Please Participate in the TODO Group 2021 State of OSPO Survey
OSPOSurvey_Banner

Greetings Shane,

 

The TODO Group, together with Linux Foundation Research and The New Stack, is conducting a survey as part of a research project on the prevalence and outcomes of open source programs among different organizations across the globe. 

 

Open source program offices (OSPOs) help set open source strategies and improve an organization's software development practices. Since 2018, the TODO Group has conducted surveys to assess the state of open source programs across the industry. Today, we are pleased to announce the launch of the 2021 edition featuring additional questions to add value to the community.

 

The survey will generate insights into the following areas, including:

  • The extent of adoption of open source programs and initiatives 
  • Concerns around the hiring of open source developers 
  • Perceived benefits and challenges of open source programs
  • The impact of open source on organizational strategy

Please participate now; we intend to close the survey in early July. Privacy and confidentiality are important to us. Neither participant names, nor their company names, will be published in the final results.

 

To take the 2021 OSPO Survey, click the button below:

 
 

This email was sent by: The TODO Group and Linux Foundation Research


OpenChain Third Monday Webinar - 2021-06-21 - 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST

 

Our webinar today will feature two excellent talks.

Till Jaeger, JBB Rechtsanwälte on:
How to bring an ancient development project into compliance- best practices

Nicole Pappler, AlektoMetis on:
OpenChain ISO 5230 and Software Quality Management

All welcome. No registration.
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

Want to confirm your timezone?
2021-06-21 - 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST


OpenChain Q2 Mini-Summit – 2021-06-14 – Full Recording

 


OpenChain Partner Mini-Summit – 2020-06-14 – Full Recording

 


Re: What is an SBOM?

 

Awesome post! Thank you so much for sharing!

On Jun 16, 2021, at 18:01, Jari Koivisto <jari.p.koivisto@iki.fi> wrote:

Thanks Shane,

Nice post and here is my LinkedIn post about it: https://www.linkedin.com/posts/jarikoivisto_what-is-an-sbom-linux-foundation-activity-6810848879144128512-IuOu

BR,

Jari

---
Jari Koivisto
E-mail: jari.p.koivisto@iki.fi
Mobile: +41 78 7479791
Skype: jari.p.koivisto
LinkedIn: http://www.linkedin.com/in/jarikoivisto



On Wed, 16 Jun 2021 at 05:25, Shane Coughlan <scoughlan@linuxfoundation.org> wrote:
What is an SBOM?
A little blog I wrote on the topic of software bill of materials.
https://www.linuxfoundation.org/blog/what-is-an-sbom/

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan



Re: What is an SBOM?

Jari Koivisto
 

Thanks Shane,


BR,

   Jari

---
Jari Koivisto
E-mail: jari.p.koivisto@...
Mobile: +41 78 7479791
Skype: jari.p.koivisto
LinkedIn: http://www.linkedin.com/in/jarikoivisto



On Wed, 16 Jun 2021 at 05:25, Shane Coughlan <scoughlan@...> wrote:
What is an SBOM? 
A little blog I wrote on the topic of software bill of materials.
https://www.linuxfoundation.org/blog/what-is-an-sbom/

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:


Re: What is an SBOM?

 

Thank you Gilles!

On Jun 16, 2021, at 15:55, Gilles Gravier via lists.openchainproject.org <gilles.gravier=wipro.com@lists.openchainproject.org> wrote:

Thanks Shane!

Nice writing! And very good read! A perfect intro.

Best regards,
<Outlook-3zywgk4k.gif>
Gilles Gravier
Director, Senior Strategy Advisor - Global Open Source Practice
Wipro Limited
M: +41 79 472 8437
in/gillesgravier @gravax

From: main@lists.openchainproject.org <main@lists.openchainproject.org> on behalf of Shane Coughlan via lists.openchainproject.org<scoughlan=linuxfoundation.org@lists.openchainproject.org>
Sent: Wednesday 16 June 2021 05:25
To: OpenChain Main <main@lists.openchainproject.org>
Subject: [openchain] What is an SBOM?

CAUTION:This email is received from an external domain. Open the hyperlink(s) & attachment(s) with caution.
.

What is an SBOM?
A little blog I wrote on the topic of software bill of materials.
https://www.linuxfoundation.org/blog/what-is-an-sbom/

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan
'The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com'

201 - 220 of 4241