Date   

Re: Synology is the latest organization to announce an OpenChain ISO 5230 conformant program

Gilles Gravier
 

Yeah!

Congratulations to the Synology team! Well played. A tribute to their long term use of open source.

Gilles

Le lun. 27 sept. 2021 à 01:22, Shane Coughlan <scoughlan@...> a écrit :
Synology, a data storage and IT solutions manufacturer, is the latest organization to announce an OpenChain ISO 5230 conformant program. This builds on their commitment to excellence in products and governance as one of the leaders in the networked storage industry. 
https://www.openchainproject.org/news/2021/09/26/synology






--
Gilles Gravier  - Gilles@...
GSM : +33618347147 and +41794728437
Skype : ggravier | PGP Key : 0xA610DB098DE6D026


OpenChain Korea Work Group Meeting #11 – 2021-09-30 - 14:00-16:00 KST

 

The OpenChain Korea Work Group will hold its 11th meeting on the 2021-09-30 (Thursday) between 14:00 and 16:00 KST. You can join the meeting via Zoom: https://line.zoom.us/s/97987235521

Learn More (view the schedule):
https://www.openchainproject.org/featured/2021/09/26/korea-wg-11


OpenChain Quarterly Mini Summit Final Details - September 30th @ 2:00pm - 5:00pm PST

 

This is a reminder that the OpenChain mini-summit adjacent to Open Source Summit (Seattle) is coming up.

Date: Thursday, September 30th
Time: 2:00pm - 5:00pm PST

Beverage Service:
• On Consumption
• Bottled Organic Iced Tea
• Still & Sparkling Waters
• Pepsi Soft Drinks
• Coffee and Tea

We currently have 24 physical attendees registered for the meeting.

Mark Gisi, chair of the OpenChain Spec team, will be leading the conversation around the Security Assurance Reference Guide:
https://www.openchainproject.org/featured/2021/08/12/openchain-iso-5230-security-assurance-reference-guide-now-available

This will also be an excellent opportunity to talk about where the specification is today, where it may go tomorrow, and what other references guides would be useful in the near term.

Want to attend the meeting?
https://events.linuxfoundation.org/open-source-summit-north-america/features/co-located-events/#openchain-quarterly-mini-summit

Want to dial-in? All being well, we will be talking via Zoom on Mark’s computer :)
https://zoom.us/j/4377592799


Synology is the latest organization to announce an OpenChain ISO 5230 conformant program

 

Synology, a data storage and IT solutions manufacturer, is the latest organization to announce an OpenChain ISO 5230 conformant program. This builds on their commitment to excellence in products and governance as one of the leaders in the networked storage industry.
https://www.openchainproject.org/news/2021/09/26/synology


Re: OpenChain Automation Case Study launches September 22nd at 06:00 UTC (8am Berlin / 3pm Tokyo)

Maximilian Huber
 

Hey all

Here is the link to the repository of the presented tool:
https://github.com/opossum-tool/OpossumUI/


Best
Maximilian

Am Montag, dem 13.09.2021 um 21:44 +0900 schrieb Shane Coughlan:

Dear all

As previously discussed, we will be launching a rolling case study
between September and December 2021. This case study will be anchored
by webinars in and around a new GUI tool from Facebook + TNG.

We initially planned to begin on September 15th. However, Michael (FB)
and Max (TNG) are holding a launch event in Germany on the 22nd, so we
will align the global launch with that date.

You will find the event details in the OpenChain global calendar. You
can join this event via our normal Zoom room. No registration is
necessary.
https://zoom.us/j/4377592799

Regards

Shane

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan



--
Maximilian Huber * maximilian.huber@tngtech.com * +49-174-3410223
TNG Technology Consulting GmbH, Beta-Str. 13a, 85774 Unterföhring
Geschäftsführer: Henrik Klagges, Dr. Robert Dahlke, Thomas Endres
Sitz: Unterföhring * Amtsgericht München * HRB 135082


OpenChain Automation Case Study Part #1

 

We had a very big audience today. Thank you all for your attention and contributions.

Part #1 explores a new graphical tool from Facebook/TNG to make open source tooling easier to use. Our demo shows ORT calling ScanCode in a clean, simple way. We also discuss how the graphical interface was designed.

Please find the video covering all the key material here:
https://www.openchainproject.org/featured/2021/09/22/automation-case-study

The Q&A section was recorded and will be released shortly.


REMINDER: OpenChain automation case study at 12:00 UTC on Wednesday (today) - 13:00 UK - 14:00 CEST - 20:00 CST - 21:00 KST + JST

 

We launch *the* OpenChain automation case study… 🤦‍♂️

This is a must-see for those working in open source compliance.
12:00 UTC / 05:00 PST / 13:00 BST / 14:00 CEST / 17:30 IST / 20:00 CST / 21:00 KST + JST.
https://zoom.us/j/4377592799

No registration.

Regards

Shane

On Sep 22, 2021, at 19:08, Shane Coughlan via groups.io <scoughlan=linuxfoundation.org@groups.io> wrote:

We launch of the OpenChain automation case study about using open source tools for open source compliance at 12:00 UTC on Wednesday (today). This is a rolling case-study between September and December 2021. It will be the largest case study ever undertaken in this space. All welcome. No registration.
https://zoom.us/j/4377592799

September 22nd (today):
We explore a new graphical tool from Facebook/TNG to make open source tooling easier to use.
* Our real-world demo will show ORT calling ScanCode in a clean, simple way.
* We will have an interview about how the graphical interface was designed.
• September 29th, we will have an interview about how the tool internals was designed.
• October 13th, we do a deep dive on using ORT via the tool + deep dive into ORT internals engineering.
• October 27th, we do a deep dive on using TERN via the tool + deep dive into TERN internals engineering.
• November 10th, we do a “how this tool can work with TERN, ORT and ScanOSS in the real-world.”
• November 24th, we do a “fake supply chain” showing code going through multiple scanners and maintaining SPDX Lite integrity.
• December 8th, Facebook Usage Case Study.
• December 16th, A recap of the whole open source tooling eco-system at Open Compliance Summit 2021.
Need help with your timezone?
12:00 UTC / 05:00 PST / 13:00 BST / 14:00 CEST / 17:30 IST / 20:00 CST / 21:00 KST + JST.


REMINDER: OpenChain automation case study at 12:00 UTC on Wednesday (today) - 13:00 UK - 14:00 CEST - 20:00 CST - 21:00 KST + JST

 

We launch of the OpenChain automation case study about using open source tools for open source compliance at 12:00 UTC on Wednesday (today). This is a rolling case-study between September and December 2021. It will be the largest case study ever undertaken in this space. All welcome. No registration.

September 22nd (today):
We explore a new graphical tool from Facebook/TNG to make open source tooling easier to use. 
 * Our real-world demo will show ORT calling ScanCode in a clean, simple way.
 * We will have an interview about how the graphical interface was designed.
  • September 29th, we will have an interview about how the tool internals was designed.
  • October 13th, we do a deep dive on using ORT via the tool + deep dive into ORT internals engineering.
  • October 27th, we do a deep dive on using TERN via the tool + deep dive into TERN internals engineering.
  • November 10th, we do a “how this tool can work with TERN, ORT and ScanOSS in the real-world.”
  • November 24th, we do a “fake supply chain” showing code going through multiple scanners and maintaining SPDX Lite integrity.
  • December 8th, Facebook Usage Case Study.
  • December 16th, A recap of the whole open source tooling eco-system at Open Compliance Summit 2021.
Need help with your timezone?
12:00 UTC / 05:00 PST / 13:00 BST / 14:00 CEST / 17:30 IST / 20:00 CST / 21:00 KST + JST. 


OpenChain webinar - deferred to Wednesday 12:00 UTC / 05:00 PST / 13:00 BST / 14:00 CEST / 17:30 IST / 20:00 CST / 21:00 KST + JST

 

Dear all

Our regular bi-weekly webinar is being deferred from Monday to Wednesday at 12:00 UTC / 05:00 PST / 13:00 BST / 14:00 CEST / 17:30 IST / 20:00 CST / 21:00 KST + JST. This is to keep the focus this week on the launch of our automation case study that day. The case study will be launched with our virtual event and with a physical event in Germany at roughly the same time. We are laying the foundation for an exploration that will take us all the way to a simulated supply chain in November.

You will find all the details in our global calendar as usual. Dial in link:

https://zoom.us/j/4377592799


Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Re: OpenChain Global Work Team Call - 2021-08-14 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

 

The recording of our call is here:
https://www.openchainproject.org/news/2021/09/15/openchain-global-work-team-call-2021-09-14

Thank you all! Further details on discussions and outcomes shortly.

Regards

Shane

On Sep 14, 2021, at 9:47, Shane Coughlan <scoughlan@linuxfoundation.org> wrote:

Today we will be discussing further global deployment of our security reference documentation + open discussion on SBOMs and DBOMs.

Join Zoom Meeting
https://zoom.us/j/4377592799

Meeting ID: 437 759 2799
One tap mobile
+13017158592,,4377592799# US (Washington DC)
+13126266799,,4377592799# US (Chicago)

Need to confirm your timezone?
OpenChain Global Work Team Call - 2021-08-14 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST


External link: SPDX Software Supply Chain Spec Becomes an ISO Standard

 

Great article by Steven J. Vaughan-Nichols: 
 Alas, many of you haven’t heard of Software Package Data Exchange (SPDX). That’s a pity because SPDX is what’s going to save us from the misery of software supply chain attacks such as Solarwinds. Fortunately, while most of us haven’t been paying attention, the Linux Foundation and businesses such as Intel, Microsoft, and VMware, have been pushing it forward and now SPDX has become an International Standards Organization (ISO) standard: ISO/IEC 5962:2021.”

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


OpenChain Japan Planning Sub-Group Meeting - September 15th at 14:00 JST

 

The OpenChain Japan Planning Sub-Group is a small subset of the overarching Japanese community. These regular planning meetings provide a platform to arrange bi-monthly or quarterly events, and the ensure the pipeline of information to and from the global groups are in sync.

The next planning subgroup meeting will be held on 9/15 14:00-15:00.
https://socionext.zoom.us/j/99975267803?pwd=ekhxaHA3bVZUSVU5M0dVMkF2Z0pkQT09

All parties welcome. The meeting will be held in Japanese.


OpenChain Global Work Team Call - 2021-08-14 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

 

Today we will be discussing further global deployment of our security reference documentation + open discussion on SBOMs and DBOMs.

Join Zoom Meeting
https://zoom.us/j/4377592799

Meeting ID: 437 759 2799
One tap mobile
+13017158592,,4377592799# US (Washington DC)
+13126266799,,4377592799# US (Chicago)

Need to confirm your timezone?
OpenChain Global Work Team Call - 2021-08-14 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST


OpenChain UK Work Group Meeting 30th September 2021

 

The next OpenChain UK Work Group meeting takes place virtually via Zoom on Thursday 30 September from 14:00 – 15:30 BST.

A full agenda will be launched prior to the meeting, which will be an interactive session with plenty of opportunity to ask questions and discuss OpenChain adoption and best practice. There has been a huge amount going on in the world of OpenChain, with a raft of new, high-profile conformance announcements, new optional extensions to the standard covering security and community engagement, and increased emphasis on the ease of use of tooling.

OpenChain’s General Manager Shane Coughlan will be joining us, and bringing us up to speed on new initiatives intended to make existing compliance tools like FOSSology and ScanCode easier to use.

To reserve your free place on the virtual meeting, on 30 September 2021 from 14:00 – 15:30, please complete the online booking form:
https://ojimarketing.us19.list-manage.com/track/click?u=100dfa4f88cfb2baa11d391c2&id=e185a135d2&e=5d1e015448

To join the OpenChain UK Work Group visit https://lists.openchainproject.org/g/uk-wg and subscribe to the list to receive future details about the bi-monthly meetings and to sync and share information across all aspects of open source compliance.


OpenChain Automation Case Study launches September 22nd at 06:00 UTC (8am Berlin / 3pm Tokyo)

 

Dear all

As previously discussed, we will be launching a rolling case study between September and December 2021. This case study will be anchored by webinars in and around a new GUI tool from Facebook + TNG.

We initially planned to begin on September 15th. However, Michael (FB) and Max (TNG) are holding a launch event in Germany on the 22nd, so we will align the global launch with that date.

You will find the event details in the OpenChain global calendar. You can join this event via our normal Zoom room. No registration is necessary.
https://zoom.us/j/4377592799

Regards

Shane

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Re: Open Source and ISO Standards - OpenChain and the Future of Compliance @ Open Source Summit - Sept 28th 2021

 

Hi Steve!

OpenChain has had an extraordinary impact across multiple sectors of governance, including security and M&A, pushing beyond the boundaries of OSPOs per se. Because of this, my general hint is to filter event schedules by “OpenChain” to see what turns up :)

Another tip is that you will find four OpenChain mini-summits around Linux Foundation events throughout the year, normally Open Source Summit North America, Open Source Summit Europe, Open Source Summit Japan and the Linux Foundation Membership Summit.

And, of course, everything we do will be flagged on this list unless our individual community members forget something they are doing :P

Regards

Shane

On Sep 9, 2021, at 17:59, Steve Kilbane <stephen.kilbane@analog.com> wrote:

Thanks for highlighting these, Shane. I'd gone straight for the OSPOCon filter, which is where I assumed all OpenChain-relevant content would be, so missed all of them. 😊

I'm gonna have to read all those blurbs more carefully, aren't I?

steve

-----Original Message-----
From: main@lists.openchainproject.org <main@lists.openchainproject.org> On Behalf Of Shane Coughlan
Sent: 08 September 2021 05:59
To: OpenChain Main <main@lists.openchainproject.org>
Subject: [openchain] Open Source and ISO Standards - OpenChain and the Future of Compliance @ Open Source Summit - Sept 28th 2021

[External]

We have three major talks Open Source Summit in Seattle, kicking off with Open Source and ISO Standards - OpenChain and the Future of Compliance, continuing with our friends at Huawei discussing practical usage in a large operating system project, and concluding with our (traditional) mini-summit. Links below.

Open Source and ISO Standards - OpenChain and the Future of Compliance - Shane Martin Coughlan, Linux Foundation Tuesday, September 28 • 12:00pm - 12:50pm https://urldefense.com/v3/__https://sched.co/lARA__;!!A3Ni8CS0y2Y!vJl30UjGopGtsC2PrJlpkj6JK5KkMO5yrVk3R5bh1s-80WPRW4RX9T3JaeclwOanIimL$

Meet All Scenarios OS: A Distributed O.S. with Feet on the Ground - Davide Ricci, Huawei Tuesday, September 28 • 9:00am - 9:50am https://urldefense.com/v3/__https://sched.co/lAMZ__;!!A3Ni8CS0y2Y!vJl30UjGopGtsC2PrJlpkj6JK5KkMO5yrVk3R5bh1s-80WPRW4RX9T3JaeclwLx-KImd$

OpenChain Quarterly Mini-Summit (Pre-Registration Required) Thursday, September 30 • 2:00pm - 5:30pm https://urldefense.com/v3/__https://sched.co/l90E__;!!A3Ni8CS0y2Y!vJl30UjGopGtsC2PrJlpkj6JK5KkMO5yrVk3R5bh1s-80WPRW4RX9T3JaeclwDwQGlA7$









External Resource: Growing the CHAOSS Community Globally - CHAOSS 社区的全球化故事 - with Xiaoya, Willem, King, and Clement

 

This podcast with some pillars of the Chinese open source community covers OpenChain thanks to our good friend King at Huawei:
https://podcast.chaoss.community/43

From a more general perspective, you can also find out more about current events in the Community Health Analytics Open Source Software Project :)


CfP - Open Compliance Summit - December 16th 2021 - Deadline October 1st

 

Reminder about upcoming deadlines/dates to be aware of regarding the Open Compliance Summit CFP:

• CFP Closes: Friday, October 1
• CFP Notifications: Tuesday, October 19
• Schedule Announcement: Thursday, October 21

https://events.linuxfoundation.org/open-compliance-summit/program/cfp/#%E6%A6%82%E8%A6%81


SPDX Becomes Internationally Recognized Standard for Software Bill of Materials

 

Backed by many of the world’s largest companies for more than a decade, SPDX formally becomes an internationally recognized ISO/IEC JTC 1 standard during a transformational time for software and supply chain security


Re: Open Source and ISO Standards - OpenChain and the Future of Compliance @ Open Source Summit - Sept 28th 2021

Steve Kilbane
 

Thanks for highlighting these, Shane. I'd gone straight for the OSPOCon filter, which is where I assumed all OpenChain-relevant content would be, so missed all of them. 😊

I'm gonna have to read all those blurbs more carefully, aren't I?

steve

-----Original Message-----
From: main@lists.openchainproject.org <main@lists.openchainproject.org> On Behalf Of Shane Coughlan
Sent: 08 September 2021 05:59
To: OpenChain Main <main@lists.openchainproject.org>
Subject: [openchain] Open Source and ISO Standards - OpenChain and the Future of Compliance @ Open Source Summit - Sept 28th 2021

[External]

We have three major talks Open Source Summit in Seattle, kicking off with Open Source and ISO Standards - OpenChain and the Future of Compliance, continuing with our friends at Huawei discussing practical usage in a large operating system project, and concluding with our (traditional) mini-summit. Links below.

Open Source and ISO Standards - OpenChain and the Future of Compliance - Shane Martin Coughlan, Linux Foundation Tuesday, September 28 • 12:00pm - 12:50pm https://urldefense.com/v3/__https://sched.co/lARA__;!!A3Ni8CS0y2Y!vJl30UjGopGtsC2PrJlpkj6JK5KkMO5yrVk3R5bh1s-80WPRW4RX9T3JaeclwOanIimL$

Meet All Scenarios OS: A Distributed O.S. with Feet on the Ground - Davide Ricci, Huawei Tuesday, September 28 • 9:00am - 9:50am https://urldefense.com/v3/__https://sched.co/lAMZ__;!!A3Ni8CS0y2Y!vJl30UjGopGtsC2PrJlpkj6JK5KkMO5yrVk3R5bh1s-80WPRW4RX9T3JaeclwLx-KImd$

OpenChain Quarterly Mini-Summit (Pre-Registration Required) Thursday, September 30 • 2:00pm - 5:30pm https://urldefense.com/v3/__https://sched.co/l90E__;!!A3Ni8CS0y2Y!vJl30UjGopGtsC2PrJlpkj6JK5KkMO5yrVk3R5bh1s-80WPRW4RX9T3JaeclwDwQGlA7$

41 - 60 of 4241