Date   

Re: Tracking third-party deployment

Anant Vishnu
 

Hi Steve,

 

Might sound off, but one idea would be to run an SCA tool which is also tuned to capture and segregate license text/copyright notices embedded in the delivered product (more of a syntactic approach – not limited to open source).

 

I believe Github already has couple of offerings that may assist such as https://github.com/nexB/scancode-toolkit (by nexB) etc.

Might help to set up a scan system for every outbound asset flow so that some form of flag is raised at the onset itself

 

Regards

Ananth

 

 

 

From: main@... <main@...> On Behalf Of Steve Kilbane
Sent: Friday, June 3, 2022 3:55 PM
To: main@...
Subject: [openchain] Tracking third-party deployment

 

[**EXTERNAL EMAIL**]

Hi all,

 

Apologies if this question is off-topic. I figure it’s OpenChainy, in that it relates to tying outbound software back to inbound software.

 

As part of our compliance and SBOM processes, we’re identifying not just our own  code and open source in a delivered product, but also third-party commercial IP. Such commercial IP typically has a bunch of attributes that don’t apply to open source (license expiry dates, specific licensed users, etc.). There are standard commercial offerings that provide “Software Asset Management” for the stuff you *use* - your MS Words, your internal Oracle dbs, etc. These offerings aren’t really suited for something you *ship* as part of your delivered product – especially, as in our case, where the majority of the products are embedded offerings running in minimal footprint, where something like floating license key usage isn’t part of the product.

 

I was wondering whether anyone has recommendations for tools or systems that are suitable for tracking the usage and distribution of commercial IP?

 

Thanks,

 

steve

 


Re: Tracking third-party deployment

Shurjeel Tousif
 

Hi Steve,

 

We actively support companies manage 3rd party commercial IP too – and we have a few tools that can help with manage and audit.

Perhaps we can connect offline..?

 

Regards,

Shurjeel

 

Shurjeel Tousif

SeQuenX BV
De Hooghkamer | Mozartlaan 9, 2215 LS, Voorhout, NL
T +31 63 073 4464  | E shurjeel.tousif@... | M +31 63 073 4464| W www.sequenx.com

 

From: main@... <main@...> On Behalf Of Steve Kilbane via lists.openchainproject.org
Sent: Friday, June 3, 2022 12:25 PM
To: main@...
Subject: [openchain] Tracking third-party deployment

 

Hi all,

 

Apologies if this question is off-topic. I figure it’s OpenChainy, in that it relates to tying outbound software back to inbound software.

 

As part of our compliance and SBOM processes, we’re identifying not just our own  code and open source in a delivered product, but also third-party commercial IP. Such commercial IP typically has a bunch of attributes that don’t apply to open source (license expiry dates, specific licensed users, etc.). There are standard commercial offerings that provide “Software Asset Management” for the stuff you *use* - your MS Words, your internal Oracle dbs, etc. These offerings aren’t really suited for something you *ship* as part of your delivered product – especially, as in our case, where the majority of the products are embedded offerings running in minimal footprint, where something like floating license key usage isn’t part of the product.

 

I was wondering whether anyone has recommendations for tools or systems that are suitable for tracking the usage and distribution of commercial IP?

 

Thanks,

 

steve

 


Tracking third-party deployment

Steve Kilbane
 

Hi all,

 

Apologies if this question is off-topic. I figure it’s OpenChainy, in that it relates to tying outbound software back to inbound software.

 

As part of our compliance and SBOM processes, we’re identifying not just our own  code and open source in a delivered product, but also third-party commercial IP. Such commercial IP typically has a bunch of attributes that don’t apply to open source (license expiry dates, specific licensed users, etc.). There are standard commercial offerings that provide “Software Asset Management” for the stuff you *use* - your MS Words, your internal Oracle dbs, etc. These offerings aren’t really suited for something you *ship* as part of your delivered product – especially, as in our case, where the majority of the products are embedded offerings running in minimal footprint, where something like floating license key usage isn’t part of the product.

 

I was wondering whether anyone has recommendations for tools or systems that are suitable for tracking the usage and distribution of commercial IP?

 

Thanks,

 

steve

 


Re: Query on Open Source Compliance Lead role

Amanda Brock <amanda.brock@...>
 

Morning

We have a weekly blog at OpenUK and I wonder if one of you would be interested in contributing a post on what Open Chain adoption means to a business and perhaps share experience?

Cheers

Amanda
Amanda Brock
CEO, OpenUK
+447718516954
@openuk_uk
@amandabrockUK




On 2 Jun 2022, at 12:38, Mattran, Mary <mary.mattran@...> wrote:

Hi Siddharth,

The way we have been handling these roles is to look at the purpose of the role and how that is being fulfilled.  If it is being addressed by a team, then it is good.  The Roles & Responsibilities tab is really an example, and not a list of required roles.  You have to refer back to the standard to understand what that role would do and how it can be fulfilled in your organization.  My organization is larger and the way our compliance is structured, it makes more sense to have one person who is the lead.  He is the Business Owner for the compliance activity and responsible for the budget for the team, so it's a good fit.  

But, you have to figure out what is right for your org, and identify the roles that work for your org.

Best Regards,
Mary




Re: Query on Open Source Compliance Lead role

Mattran, Mary
 

Hi Siddharth,

The way we have been handling these roles is to look at the purpose of the role and how that is being fulfilled.  If it is being addressed by a team, then it is good.  The Roles & Responsibilities tab is really an example, and not a list of required roles.  You have to refer back to the standard to understand what that role would do and how it can be fulfilled in your organization.  My organization is larger and the way our compliance is structured, it makes more sense to have one person who is the lead.  He is the Business Owner for the compliance activity and responsible for the budget for the team, so it's a good fit.  

But, you have to figure out what is right for your org, and identify the roles that work for your org.

Best Regards,
Mary


Re: Technical University Munich | Search for Interview Partners for a thesis on OSS Compliance Certification

vaishali avhad
 

Oops, I guess, I have sent the reply to a wrong email id !
I am sorry for that.

Best,
-Vaishali


On Thursday, June 2, 2022, 03:23:48 PM GMT+5:30, vaishali avhad via lists.openchainproject.org <vaishali_avhad=yahoo.com@...> wrote:


Hi Jana, 

I am Vaishali Avhad here. I would be happy to answer your questions about OpenChain certification/ISO 5230. 
I will introduce myself in short here - 

Name:                                                Vaishali Avhad
Gender:                                              Female
Basic Education:                                 Bachelor of Engineering in Computers ( Completed July 1998) 
OSS Compliance Experience:           11+ years 

I have worked with companies such as Siemens ( 6+ years) , AMD (2+ years) , Johnson Controls and a law firm named HH Partners (Helsinki ) .
At present, I am working with Oniro project for OpenChain Conformance and OSS Compliance. 

Let me know, if you'd like to go ahead with an interview. 




Best,
-Vaishali


On Thursday, June 2, 2022, 02:52:06 PM GMT+5:30, Müller, Jana <jana.mueller@...> wrote:


Hello,

 

I am writing to you regarding my Master's thesis on "The Relevance of OSS Compliance Certification in the Software Supply Chain - A Qualitative Analysis". The thesis is to contribute to the research at the Chair of Technology and Innovation Management at the Technical University of Munich (TUM). For this I am looking for experts in this field of Open Source Compliance. 

 

Specifically, it is about questions around the topic of Open Source Software compliance certification (keyword OpenChain Project and ISO 5230 standard), especially about motives as well as advantages and disadvantages of third party certification. The answers will of course be anonymized and only used in the context of the research project. 

 

I would be very pleased if someone were to get in touch and take the time to talk to me in an interview and answer my open questions on the subject of OSS compliance certification.

 

Thank you in advance and kind regards,

Jana Müller


Re: Technical University Munich | Search for Interview Partners for a thesis on OSS Compliance Certification

vaishali avhad
 

Hi Jana, 

I am Vaishali Avhad here. I would be happy to answer your questions about OpenChain certification/ISO 5230. 
I will introduce myself in short here - 

Name:                                                Vaishali Avhad
Gender:                                              Female
Basic Education:                                 Bachelor of Engineering in Computers ( Completed July 1998) 
OSS Compliance Experience:           11+ years 

I have worked with companies such as Siemens ( 6+ years) , AMD (2+ years) , Johnson Controls and a law firm named HH Partners (Helsinki ) .
At present, I am working with Oniro project for OpenChain Conformance and OSS Compliance. 

Let me know, if you'd like to go ahead with an interview. 




Best,
-Vaishali


On Thursday, June 2, 2022, 02:52:06 PM GMT+5:30, Müller, Jana <jana.mueller@...> wrote:


Hello,

 

I am writing to you regarding my Master's thesis on "The Relevance of OSS Compliance Certification in the Software Supply Chain - A Qualitative Analysis". The thesis is to contribute to the research at the Chair of Technology and Innovation Management at the Technical University of Munich (TUM). For this I am looking for experts in this field of Open Source Compliance. 

 

Specifically, it is about questions around the topic of Open Source Software compliance certification (keyword OpenChain Project and ISO 5230 standard), especially about motives as well as advantages and disadvantages of third party certification. The answers will of course be anonymized and only used in the context of the research project. 

 

I would be very pleased if someone were to get in touch and take the time to talk to me in an interview and answer my open questions on the subject of OSS compliance certification.

 

Thank you in advance and kind regards,

Jana Müller


Technical University Munich | Search for Interview Partners for a thesis on OSS Compliance Certification

Müller, Jana <jana.mueller@...>
 

Hello,

 

I am writing to you regarding my Master's thesis on "The Relevance of OSS Compliance Certification in the Software Supply Chain - A Qualitative Analysis". The thesis is to contribute to the research at the Chair of Technology and Innovation Management at the Technical University of Munich (TUM). For this I am looking for experts in this field of Open Source Compliance. 

 

Specifically, it is about questions around the topic of Open Source Software compliance certification (keyword OpenChain Project and ISO 5230 standard), especially about motives as well as advantages and disadvantages of third party certification. The answers will of course be anonymized and only used in the context of the research project. 

 

I would be very pleased if someone were to get in touch and take the time to talk to me in an interview and answer my open questions on the subject of OSS compliance certification.

 

Thank you in advance and kind regards,

Jana Müller


Query on Open Source Compliance Lead role

HS, Siddarth <Siddarth.HS@...>
 

Hi Team,

 

This is Siddarth from Open Source Team at Elektrobit. We are in process of self-certification of Open Chain Standard. We have one query regarding a full time role called Open Source Compliance Lead.

 

We have an Open Source Review Board and all members fulfils the role and perform tasks of an Open Source Compliance Lead, so we wanted to know is it mandatory to appoint one person as Open Source Compliance Lead?

 

Regards,

Siddarth

 


Re: Looking for open source articles for IEEE Computer magazine

 

Do you want me to do something? I can write an article tomorrow. Perhaps something about how security overlapped with the license compliance ecosystem organically last year?

“No, not you again” is a valid answer 🙂

On Jun 2, 2022, at 16:06, Dirk Riehle <dirk@...> wrote:


Yep, any time. It is a column. But of course I needed them yesterday :-) (for those who don't function without a deadline, I can provide a deadline.)

On Wed, Jun 1, 2022, 22:00 VM (Vicky) Brasseur via lists.openchainproject.org <vm.brasseur=wipro.com@...> wrote:
Hello, Dirk!

You don't have any deadlines/due dates in your request. Does that mean it's an open-ended call for articles rather than one targeted at a specific issue of the magazine?

--V

--

VM (Vicky) Brasseur
Director, Senior Strategy Advisor
Open Source Program Office
Wipro Limited
⏰ Time Zone: Pacific/West Coast US


-----Original Message-----
From: <main@...> on behalf of "Dirk Riehle via lists.openchainproject.org" <dirk=riehle.org@...>
Reply to: "main@..." <main@...>
Date: Tuesday, May 31, 2022 at 08:33
To: "main@..." <main@...>
Subject: [openchain] Looking for open source articles for IEEE Computer magazine

    CAUTION:This email is received from an external domain. Open the hyperlink(s) & attachment(s) with caution.
    .


    Hello everyone,

    I'm looking for articles again for the IEEE Computer (magazine) column on open
    source.

    Topics that would be a good fit are, for example,

    - open source security
    - devops tooling, in particular continuous integration
    - securing the open source supply chain
    - reproducible builds in open source
    - open source collaboration using forges (GitHub)
    - quality assurance in open source

    Business models in general, if we haven't had it yet

    Open source communities, if we haven't had the topic yet

    Open source program office practices and case studies for example

    - managing suppliers
    - managing outbound contributions
    - OpenChain implementation (we had an overview article; more is needed)
    - university open source program offices

    Corporate contribution and leadership of open source projects

    Corporate strategy and struggles for open source projects

    Impact of open source on developer careers; quantitative would be great

    Open source and agile development

    At some point in time, I want to have an inner source theme arc with multiple
    articles

    - inner source introduction
    - internal component marketplaces
    - interesting inner source case studies
    - from inner source to open source
    - cross-company inner source

    On the inner source topics, I'm looking for fresh faces, so if you have
    practical experience, but are not a researcher, please speak up!

    The general article constraints are here (max 2500 words)

    https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdrive.google.com%2Fopen%3Fid%3D1MHU2P2T8AnBYXcEbivj2ahR0aJSJmr6N&amp;data=05%7C01%7Cvm.brasseur%40wipro.com%7C1cd1f19421b043f686ef08da431a9fed%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C637896079963000943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=yEV8%2Fl8STCz%2FRXjaylUd146MXWRD7VTwJR1tPEFPSEs%3D&amp;reserved=0

    Previous articles: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdirkriehle.com%2Ftag%2Fopen-source-expanded%2F&amp;data=05%7C01%7Cvm.brasseur%40wipro.com%7C1cd1f19421b043f686ef08da431a9fed%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C637896079963000943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=uas4k5uw7W4%2F3Q77p4%2Bkbjh%2Bcz97SHAQHdjpXhInTMI%3D&amp;reserved=0

    Would love to hear from you! Also please forward!

    Thanks, Dirk


    --
    Prof. Dr. Dirk Riehle, Friedrich-Alexander-University Erlangen-Nürnberg
    Open Source Research Group, Applied Software Engineering
    Web: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Foss.cs.fau.de%2F&amp;data=05%7C01%7Cvm.brasseur%40wipro.com%7C1cd1f19421b043f686ef08da431a9fed%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C637896079963000943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=1zj5Rc5ddUjciWICsJaoV3YLT%2B6PTgXa%2BLLuEkS34lQ%3D&amp;reserved=0, Email: dirk.riehle@...
    Cell phone: +49 157 8153 4150 or +1 650 450 8550


    --
    Confused about open source?
    Get clarity through https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbayave.com%2Ftraining&amp;data=05%7C01%7Cvm.brasseur%40wipro.com%7C1cd1f19421b043f686ef08da431a9fed%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C637896079963000943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=SE%2F5Pq1oZkjCTaQ0mXAe0PTOC3k9Q355MSURvOlCKZo%3D&amp;reserved=0
    --
    Website: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdirkriehle.com%2F&amp;data=05%7C01%7Cvm.brasseur%40wipro.com%7C1cd1f19421b043f686ef08da431a9fed%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C637896079963000943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=pRYHPpIp178mlmhRazsQpYg4Y4%2FTPfGdqvsCxhvj%2BEs%3D&amp;reserved=0 - Twitter: @dirkriehle
    Ph (DE): +49-157-8153-4150 - Ph (US): +1-650-450-8550







'The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com'

Internal to Wipro






Re: Looking for open source articles for IEEE Computer magazine

Dirk Riehle
 

Yep, any time. It is a column. But of course I needed them yesterday :-) (for those who don't function without a deadline, I can provide a deadline.)

On Wed, Jun 1, 2022, 22:00 VM (Vicky) Brasseur via lists.openchainproject.org <vm.brasseur=wipro.com@...> wrote:

Hello, Dirk!

You don't have any deadlines/due dates in your request. Does that mean it's an open-ended call for articles rather than one targeted at a specific issue of the magazine?

--V

--

VM (Vicky) Brasseur
Director, Senior Strategy Advisor
Open Source Program Office
Wipro Limited
⏰ Time Zone: Pacific/West Coast US


-----Original Message-----
From: <main@...> on behalf of "Dirk Riehle via lists.openchainproject.org" <dirk=riehle.org@...>
Reply to: "main@..." <main@...>
Date: Tuesday, May 31, 2022 at 08:33
To: "main@..." <main@...>
Subject: [openchain] Looking for open source articles for IEEE Computer magazine

    CAUTION:This email is received from an external domain. Open the hyperlink(s) & attachment(s) with caution.
    .


    Hello everyone,

    I'm looking for articles again for the IEEE Computer (magazine) column on open
    source.

    Topics that would be a good fit are, for example,

    - open source security
    - devops tooling, in particular continuous integration
    - securing the open source supply chain
    - reproducible builds in open source
    - open source collaboration using forges (GitHub)
    - quality assurance in open source

    Business models in general, if we haven't had it yet

    Open source communities, if we haven't had the topic yet

    Open source program office practices and case studies for example

    - managing suppliers
    - managing outbound contributions
    - OpenChain implementation (we had an overview article; more is needed)
    - university open source program offices

    Corporate contribution and leadership of open source projects

    Corporate strategy and struggles for open source projects

    Impact of open source on developer careers; quantitative would be great

    Open source and agile development

    At some point in time, I want to have an inner source theme arc with multiple
    articles

    - inner source introduction
    - internal component marketplaces
    - interesting inner source case studies
    - from inner source to open source
    - cross-company inner source

    On the inner source topics, I'm looking for fresh faces, so if you have
    practical experience, but are not a researcher, please speak up!

    The general article constraints are here (max 2500 words)

    https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdrive.google.com%2Fopen%3Fid%3D1MHU2P2T8AnBYXcEbivj2ahR0aJSJmr6N&amp;data=05%7C01%7Cvm.brasseur%40wipro.com%7C1cd1f19421b043f686ef08da431a9fed%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C637896079963000943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=yEV8%2Fl8STCz%2FRXjaylUd146MXWRD7VTwJR1tPEFPSEs%3D&amp;reserved=0

    Previous articles: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdirkriehle.com%2Ftag%2Fopen-source-expanded%2F&amp;data=05%7C01%7Cvm.brasseur%40wipro.com%7C1cd1f19421b043f686ef08da431a9fed%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C637896079963000943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=uas4k5uw7W4%2F3Q77p4%2Bkbjh%2Bcz97SHAQHdjpXhInTMI%3D&amp;reserved=0

    Would love to hear from you! Also please forward!

    Thanks, Dirk


    --
    Prof. Dr. Dirk Riehle, Friedrich-Alexander-University Erlangen-Nürnberg
    Open Source Research Group, Applied Software Engineering
    Web: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Foss.cs.fau.de%2F&amp;data=05%7C01%7Cvm.brasseur%40wipro.com%7C1cd1f19421b043f686ef08da431a9fed%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C637896079963000943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=1zj5Rc5ddUjciWICsJaoV3YLT%2B6PTgXa%2BLLuEkS34lQ%3D&amp;reserved=0, Email: dirk.riehle@...
    Cell phone: +49 157 8153 4150 or +1 650 450 8550


    --
    Confused about open source?
    Get clarity through https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbayave.com%2Ftraining&amp;data=05%7C01%7Cvm.brasseur%40wipro.com%7C1cd1f19421b043f686ef08da431a9fed%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C637896079963000943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=SE%2F5Pq1oZkjCTaQ0mXAe0PTOC3k9Q355MSURvOlCKZo%3D&amp;reserved=0
    --
    Website: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdirkriehle.com%2F&amp;data=05%7C01%7Cvm.brasseur%40wipro.com%7C1cd1f19421b043f686ef08da431a9fed%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C637896079963000943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=pRYHPpIp178mlmhRazsQpYg4Y4%2FTPfGdqvsCxhvj%2BEs%3D&amp;reserved=0 - Twitter: @dirkriehle
    Ph (DE): +49-157-8153-4150 - Ph (US): +1-650-450-8550







'The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com'

Internal to Wipro






Re: [telco] [openchain] OpenChain Telco Work Group meeting 2022-06-2 (today) at 09:00-10:00 CET

Jimmy Ahlberg
 

Hi Prasad,

Normally we would run a Pacific friendly meeting at 8.00 AM Pacific time (5 PM CET) as well. However due to other events today we will have to postpone that session today. The tentative plan is to move that to June 16th instead.

8.00 AM is perhaps a bit early, if there is an interest we can shift that slightly later (9.00 AM?) if we think we would get a better response that way.

-----Original Message-----
From: telco@... <telco@...> On Behalf Of Prasad Iyer via lists.openchainproject.org
Sent: den 2 juni 2022 08:40
To: main@...; Shane Coughlan <scoughlan@...>
Cc: OpenChain Telco Work Group <telco@...>
Subject: Re: [telco] [openchain] OpenChain Telco Work Group meeting 2022-06-2 (today) at 09:00-10:00 CET

Just curious, Do we've a follow-up Telecom session that has Pacific time zone(US) friendly timing ? Otherwise, I'll refer to the recording.

Thanks,

Prasad Iyer
Director, Engineering - Product Operations

Email : prasadiy@...
Phone: +1 (408) 315-5101 <mailto:prasadiy@...>





On 6/1/22, 10:11 PM, "main@... on behalf of Shane Coughlan" <main@... on behalf of scoughlan@...> wrote:

OpenChain Telco Work Group meeting 2022-06-2 (today) at 09:00-10:00 CET

How we work:
As always anyone is welcome, it is not required that you are part of the list or a member of OpenChain, not for that matter identifying as a Telco company. Feel free to invite those you think would benefit from participating.

Agenda:
Information about the May meeting of the Telco Group (not much activity thus the lack of MoMs.
A first look at the “draft specification”.
Trademark discussion.
Discussion of possible F2F get together.

Dial-In details below.

The Telco group meets the first Thursday of each month, our meeting cadence can be found here:
https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-68a48f0b2f0bbe0d&q=1&e=973bf205-b282-45ae-9c14-e4dd6f80b221&u=https%3A%2F%2Fwww.openchainproject.org%2Fcommunity

Our charter and work program can be found here:
https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-ba6178b612a043b6&q=1&e=973bf205-b282-45ae-9c14-e4dd6f80b221&u=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fd%2F1B6SAOqB-yEu3H0JrTUpF3Sa1f7QBGu22_kOaSsN2GlM%2Fedit%3Fusp%3Dsharing

Dial-In Information:
https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-06fcbe18780a9d6c&q=1&e=973bf205-b282-45ae-9c14-e4dd6f80b221&u=https%3A%2F%2Fzoom.us%2Fj%2F4377592799
Meeting ID: 4377592799

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00


Re: OpenChain Telco Work Group meeting 2022-06-2 (today) at 09:00-10:00 CET

Prasad Iyer
 

Just curious, Do we've a follow-up Telecom session that has Pacific time zone(US) friendly timing ? Otherwise, I'll refer to the recording.

Thanks,

Prasad Iyer
Director, Engineering - Product Operations

Email : prasadiy@...
Phone: +1 (408) 315-5101 <mailto:prasadiy@...>





On 6/1/22, 10:11 PM, "main@... on behalf of Shane Coughlan" <main@... on behalf of scoughlan@...> wrote:

OpenChain Telco Work Group meeting 2022-06-2 (today) at 09:00-10:00 CET

How we work:
As always anyone is welcome, it is not required that you are part of the list or a member of OpenChain, not for that matter identifying as a Telco company. Feel free to invite those you think would benefit from participating.

Agenda:
Information about the May meeting of the Telco Group (not much activity thus the lack of MoMs.
A first look at the “draft specification”.
Trademark discussion.
Discussion of possible F2F get together.

Dial-In details below.

The Telco group meets the first Thursday of each month, our meeting cadence can be found here:
https://www.openchainproject.org/community

Our charter and work program can be found here:
https://docs.google.com/document/d/1B6SAOqB-yEu3H0JrTUpF3Sa1f7QBGu22_kOaSsN2GlM/edit?usp=sharing

Dial-In Information:
https://zoom.us/j/4377592799
Meeting ID: 4377592799

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00


OpenChain Telco Work Group meeting 2022-06-2 (today) at 09:00-10:00 CET

 

OpenChain Telco Work Group meeting 2022-06-2 (today) at 09:00-10:00 CET

How we work:
As always anyone is welcome, it is not required that you are part of the list or a member of OpenChain, not for that matter identifying as a Telco company. Feel free to invite those you think would benefit from participating.

Agenda:
Information about the May meeting of the Telco Group (not much activity thus the lack of MoMs.
A first look at the “draft specification”.
Trademark discussion.
Discussion of possible F2F get together.

Dial-In details below.

The Telco group meets the first Thursday of each month, our meeting cadence can be found here:
https://www.openchainproject.org/community

Our charter and work program can be found here:
https://docs.google.com/document/d/1B6SAOqB-yEu3H0JrTUpF3Sa1f7QBGu22_kOaSsN2GlM/edit?usp=sharing

Dial-In Information:
https://zoom.us/j/4377592799
Meeting ID: 4377592799

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00


OpenChain IP Summit Survey Results

 

Ahead of the results of the main OpenChain Industry Survey 2022, I wanted to share the results of an earlier survey we held at the OpenChain IP Summit. We have twelve responses (around 22% of the audience).

These results include some interesting insights into company focus and evolution SBOM, OSPO/SCA collaboration, and the use of tooling.

Check the results out below. Your thoughts and comments are most welcome (as always).

Main interest:
33% Copyright
0% Patents
67% Copyright and Patents

Was this event directly relevant to your work?
100% Yes

Is tooling (automaton) something critical to your work?
92% Yes
8% No

Is the use of SBOM a reality for your supply chain today?
67% Yes
17% No
17% Partially

Does your OSPO collaborate closely with your SCA team?
67% Yes
0% No
25% Not Applicable

Do you collaborate with other companies to share SCA, SBOM or tooling approaches?
25% Yes
33% No
42% To a limited extent


Re: Looking for open source articles for IEEE Computer magazine

VM (Vicky) Brasseur
 

Hello, Dirk!

You don't have any deadlines/due dates in your request. Does that mean it's an open-ended call for articles rather than one targeted at a specific issue of the magazine?

--V

--

VM (Vicky) Brasseur
Director, Senior Strategy Advisor
Open Source Program Office
Wipro Limited
⏰ Time Zone: Pacific/West Coast US

-----Original Message-----
From: <main@...> on behalf of "Dirk Riehle via lists.openchainproject.org" <dirk=riehle.org@...>
Reply to: "main@..." <main@...>
Date: Tuesday, May 31, 2022 at 08:33
To: "main@..." <main@...>
Subject: [openchain] Looking for open source articles for IEEE Computer magazine

CAUTION:This email is received from an external domain. Open the hyperlink(s) & attachment(s) with caution.
.


Hello everyone,

I'm looking for articles again for the IEEE Computer (magazine) column on open
source.

Topics that would be a good fit are, for example,

- open source security
- devops tooling, in particular continuous integration
- securing the open source supply chain
- reproducible builds in open source
- open source collaboration using forges (GitHub)
- quality assurance in open source

Business models in general, if we haven't had it yet

Open source communities, if we haven't had the topic yet

Open source program office practices and case studies for example

- managing suppliers
- managing outbound contributions
- OpenChain implementation (we had an overview article; more is needed)
- university open source program offices

Corporate contribution and leadership of open source projects

Corporate strategy and struggles for open source projects

Impact of open source on developer careers; quantitative would be great

Open source and agile development

At some point in time, I want to have an inner source theme arc with multiple
articles

- inner source introduction
- internal component marketplaces
- interesting inner source case studies
- from inner source to open source
- cross-company inner source

On the inner source topics, I'm looking for fresh faces, so if you have
practical experience, but are not a researcher, please speak up!

The general article constraints are here (max 2500 words)

https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdrive.google.com%2Fopen%3Fid%3D1MHU2P2T8AnBYXcEbivj2ahR0aJSJmr6N&;data=05%7C01%7Cvm.brasseur%40wipro.com%7C1cd1f19421b043f686ef08da431a9fed%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C637896079963000943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=yEV8%2Fl8STCz%2FRXjaylUd146MXWRD7VTwJR1tPEFPSEs%3D&amp;reserved=0

Previous articles: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdirkriehle.com%2Ftag%2Fopen-source-expanded%2F&;data=05%7C01%7Cvm.brasseur%40wipro.com%7C1cd1f19421b043f686ef08da431a9fed%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C637896079963000943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=uas4k5uw7W4%2F3Q77p4%2Bkbjh%2Bcz97SHAQHdjpXhInTMI%3D&amp;reserved=0

Would love to hear from you! Also please forward!

Thanks, Dirk


--
Prof. Dr. Dirk Riehle, Friedrich-Alexander-University Erlangen-Nürnberg
Open Source Research Group, Applied Software Engineering
Web: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Foss.cs.fau.de%2F&;data=05%7C01%7Cvm.brasseur%40wipro.com%7C1cd1f19421b043f686ef08da431a9fed%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C637896079963000943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=1zj5Rc5ddUjciWICsJaoV3YLT%2B6PTgXa%2BLLuEkS34lQ%3D&amp;reserved=0, Email: dirk.riehle@...
Cell phone: +49 157 8153 4150 or +1 650 450 8550


--
Confused about open source?
Get clarity through https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbayave.com%2Ftraining&;data=05%7C01%7Cvm.brasseur%40wipro.com%7C1cd1f19421b043f686ef08da431a9fed%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C637896079963000943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=SE%2F5Pq1oZkjCTaQ0mXAe0PTOC3k9Q355MSURvOlCKZo%3D&amp;reserved=0
--
Website: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdirkriehle.com%2F&;data=05%7C01%7Cvm.brasseur%40wipro.com%7C1cd1f19421b043f686ef08da431a9fed%7C258ac4e4146a411e9dc879a9e12fd6da%7C1%7C0%7C637896079963000943%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=pRYHPpIp178mlmhRazsQpYg4Y4%2FTPfGdqvsCxhvj%2BEs%3D&amp;reserved=0 - Twitter: @dirkriehle
Ph (DE): +49-157-8153-4150 - Ph (US): +1-650-450-8550







'The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com'

Internal to Wipro


Looking for open source articles for IEEE Computer magazine

Dirk Riehle
 

Hello everyone,

I'm looking for articles again for the IEEE Computer (magazine) column on open source.

Topics that would be a good fit are, for example,

- open source security
- devops tooling, in particular continuous integration
- securing the open source supply chain
- reproducible builds in open source
- open source collaboration using forges (GitHub)
- quality assurance in open source

Business models in general, if we haven't had it yet

Open source communities, if we haven't had the topic yet

Open source program office practices and case studies for example

- managing suppliers
- managing outbound contributions
- OpenChain implementation (we had an overview article; more is needed)
- university open source program offices

Corporate contribution and leadership of open source projects

Corporate strategy and struggles for open source projects

Impact of open source on developer careers; quantitative would be great

Open source and agile development

At some point in time, I want to have an inner source theme arc with multiple articles

- inner source introduction
- internal component marketplaces
- interesting inner source case studies
- from inner source to open source
- cross-company inner source

On the inner source topics, I'm looking for fresh faces, so if you have practical experience, but are not a researcher, please speak up!

The general article constraints are here (max 2500 words)

https://drive.google.com/open?id=1MHU2P2T8AnBYXcEbivj2ahR0aJSJmr6N

Previous articles: https://dirkriehle.com/tag/open-source-expanded/

Would love to hear from you! Also please forward!

Thanks, Dirk


--
Prof. Dr. Dirk Riehle, Friedrich-Alexander-University Erlangen-Nürnberg
Open Source Research Group, Applied Software Engineering
Web: https://oss.cs.fau.de, Email: dirk.riehle@...
Cell phone: +49 157 8153 4150 or +1 650 450 8550


--
Confused about open source?
Get clarity through https://bayave.com/training
--
Website: https://dirkriehle.com - Twitter: @dirkriehle
Ph (DE): +49-157-8153-4150 - Ph (US): +1-650-450-8550


Reminder: OpenChain India Working Group Meetup today!

Sreshta Ladegaam
 

Dear OpenChain Community,

I hope you are doing well and have received our invite for the Open Chain India Working group meetup hosted by Mishi Choudhary and Assosiates (MCA) taking place Today (31st May 2022) between 5:30-6:30 PM IST/ 12:00-1:00 PM GMT. The meetup will focus on Government Regulations and Policies on Open Source in India and OpenChain Compliance.


OpenChain is a project of the Linux Foundation and a community effort to establish common best practices for effective management of Open Source Software and compliance with Open Source Licenses. The project aims to build trust in Open Source Software by making Open Source License compliance simpler and more consistent.


MCA is a boutique law firm specializing in the areas of technology law, intellectual property law, and general corporate advisory. Our work is underpinned by in-depth research and strategic planning, which lets us help our clients expeditiously resolve their most demanding business challenges. With a sophisticated understanding of changing business environments that lie at the intersection of law, public policy and technology, our firm is well-placed to protect and advance our clients’ interests in a globalized world. We distinguish ourselves not only by the breadth of our legal expertise, but also by our unmatched international exposure that enables us to handle cases and transactions of any size and complexity. Please find the attached agenda for the meetup.

Link to register for the meetup:

https://www.eventbrite.com/e/open-chain-india-working-group-meetup-tickets-351069045967?utm-campaign=social&utm-content=attendeeshare&utm-medium=discovery&utm-term=listing&utm-source=cp&aff=escb

Here's the link to join: https://zoom.us/j/4377592799

This is a great opportunity for all OpenChain and open source professionals, technology companies, and FOSS enthusiasts to come together and discuss various aspects of FOSS Compliance.

We are looking forward to having a productive discussion to address the problems which are being faced by the FOSS community in India and to get a global perspective from leaders in the community. 

Please feel free to get back to us if you have any questions regarding the event.

OPenChain
        Agenda

Regards, Sreshta Ladegaam,

Communications Associate, Mishi Choudhary & Associates.



Our Webinar On SCA in China + Quantifying Open Source M&A starts... now

 

OpenChain Webinar in ~5 minutes.

We cover two topics key to open source supply chain management:

Challenges and Opportunities for SCA Vendors in China
+
Quantifying Open Source Risk in M&A

All welcome:
https://zoom.us/j/4377592799


Invitation: OpenChain Webinar #42 - Challenges and Opportunities for ... @ Mon May 30, 2022 23:00 - 23:59 (JST) (main@lists.openchainproject.org)

 

You have been invited to the following event.

OpenChain Webinar #42 - Challenges and Opportunities for SCA Vendors in China + Quantifying Open Source Risk in M&A

When
Mon May 30, 2022 23:00 – 23:59 Japan Standard Time
Where
https://zoom.us/j/4377592799 (map)
Calendar
main@...
Who
scoughlan@... - creator
korea-wg@...
uk-wg@...
main@...
germany-wg@...
india-wg@...
taiwan-wg@...
partners@...
japan-wg@...
Today we have an epic 42nd webinar!

We are covering two topics dead center in practical open source control and leverage:

Challenges and Opportunities for SCA Vendors in China + Quantifying Open Source Risk in M&A

This webinar is held in the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

All are welcome.

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

Compare timezones:
https://www.worldtimebuddy.com

Join via one tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number:
https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

Going (main@...)?   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account main@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More.

401 - 420 of 5042