Date   

Re: Regional Traction: 2,100 Eyes on Japanese FAQ

 

Some very cool news from the Japan work group.

The FAQ sub-group chaired by Ouchi San has released a version of their FAQ in English 👍

And since we last spoke a week ago the Japanese FAQ has been downloaded another 500 times. 🎉

The English version:
https://github.com/OpenChain-Project/OpenChain-JWG/blob/master/Education_Material/FAQ/Misunderstandings_of_OSS_licenses_CC0.pptx

Japanese:
https://github.com/OpenChain-Project/OpenChain-JWG/blob/master/Education_Material/FAQ/OSS%E3%83%A9%E3%82%A4%E3%82%BB%E3%83%B3%E3%82%B9%E9%96%A2%E9%80%A3%E3%81%A7%E3%82%88%E3%81%8F%E3%81%82%E3%82%8B%E8%AA%A4%E8%A7%A3_CC0.pptx

On Nov 2, 2021, at 19:12, Shane Coughlan via lists.openchainproject.org <scoughlan=linuxfoundation.org@...> wrote:

The OpenChain Project often highlights global news. However, it is important to remember that the majority of activity is truly distributed around the world, especially in our local China, Japan, Korea, Taiwan, India, Germany, UK and US work groups. Today we are taking a moment to shine a spotlight on a specific example in Japan.
The OpenChain Japan Work Group operates seven sub-groups, one of which is focused on providing answers to frequently asked questions, chaired by Ouchi San from Fujitsu. The FAQ document produced by the group has been downloaded over 2,100 times so far, demonstrating the extent of information dissemination in a specific geography.

If you have a Japanese office (or you represent a Japanese company), please be aware that the FAQ sub-group meets on the 8th of November at 15:00 JST. All welcome.

・日時:11月8日(月) 15:00〜17:30
・チャタムハウスルールを採用しています。
(誰が言ったかは口外禁止、得た情報は自由利用可)
・オンライン会議(Zoom):
 Zoom のURLはFAQ-SGのSLACKに掲載予定です。
 (Japan WGのSLACKとは異なります)

以下のメーリングリストへご連絡願います。
https://lists.openchainproject.org/g/japan-sg-faq/messages




The OpenChain PlayBooks - Getting Started

 

We have started work on the OpenChain PlayBooks, full decision-making examples for companies adopting OpenChain. After discussion on the work team call, we want to get the first part of these playbooks out for December 16th, the Open Compliance Summit.

We have provisionally chosen the “medium company” playbook. The document editing link is below and you are encouraged to take a look and help expand our framework material. For your reference, here is the complete introduction to the playbook document to explain context:

Introduction

The OpenChain PlayBooks are intended to help you understand the types of decisions made by managers in companies adopting OpenChain ISO/IEC 5230:2020. We cover examples of the decision-process in small, medium and large companies. Our examples are based on companies (a) in the technology industry, (b) in the middle of the supply chain and (c) shipping physical products containing software.

This may sound specific. However, the intention is to provide a thinking-tool for your company. Whether you are in the technology, finance, cloud, infrastructure or automotive industry (or any other), you will face similar challenges and solutions. The same applies whether you are in the middle of the supply chain or at its end, and whether you are shipping hardware or software. Our chosen examples cover a lot of ground.

There may be situations where you would like more examples for more specific industries. This is where the OpenChain community comes in. You can join our mailing lists, our webinars, our group calls and our regional work groups to discuss challenges with your peers and in your native language. You can get started here:
https://www.openchainproject.org/community


The OpenChain PlayBooks:
https://docs.google.com/document/d/1GK0-d5vy_mN8gzAuS5XQ6vYM8_BePvO088WYV0eRF7M/edit?usp=sharing


REMINDER OpenChain Work Teams Call - 2021-11-09 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

 

Our regular global work teams call starts in just under two hours.

Today we are going to focus on scheduling development of our playbooks and key translations of documentation to help our community.

Join Zoom Meeting
https://zoom.us/j/4377592799

Meeting ID: 437 759 2799
One tap mobile
+13017158592,,4377592799# US (Washington DC)
+13126266799,,4377592799# US (Chicago)

Need to confirm your timezone?
2021-11-09 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Re: OpenChain Security Assurance Reference Guide - Public Sharing - Feedback Requested

Mark Gisi
 

Hi Tak,

 

>>   "There is no registration procedure such as in §3.6.2 of OpenChain Specification."

 

That is correct - conformance is obtained once an organization has satisfied all the requirements (verification materials). This is achieved by guide requirement 3.4.2.1. I can make the case that – although registration  is a helpful aid, it is not a requirement for spec conformance. That is – there are no verification materials that require registration. What spec conformance validation ensures is that evidence exists for each of the verification material requirements. That is achieved by 3.6.2.1.

 

>> §3.4 of this guide corresponds to §3.6 of the OpenChain specification; if so, this clause does not necessarily mean intending to publish evidence.

 

That is correct. There is no requirement to publish or make the evidence public. In fact, most will likely not choose that path. However, an organization is required to maintain digital evidence that all the requirements have been met. It is conceivable that if a supplier claims conformance, that their customer may request to see the evidence. Whether the evidence is provided to a customer is up to the negotiations between the two parties and likely subject to an NDA (assuming they agree).

 

Best,

Mark

 

 

 

From: main@... <main@...> On Behalf Of takashi1.ninjouji@...
Sent: Wednesday, November 3, 2021 3:02 PM
To: main@...
Subject: Re: [openchain] OpenChain Security Assurance Reference Guide - Public Sharing - Feedback Requested

 

[Please note: This e-mail is from an EXTERNAL e-mail address]

Thanks a lot, Mark!

 

My understanding is getting better than before :)

 

>> there is no specific way to declare conformance to this guide.

 

I should correct my above comment because what intends the following:

  "There is no registration procedure such as in §3.6.2 of OpenChain Specification."

 

 

> At this point, companies will be able to present their evidence of conformance to any 

> party (e.g., key customers). It is not mandatory to make the evidence public, but it is

>  possible if you choose to do so.

 

 

§3.4 of this guide corresponds to §3.6 of the OpenChain specification; if so, this clause does not necessarily mean intending to publish evidence.

 

In supply and consumption, no wonder there is more interest in SBOM.

 

I hope that the community and industry can build a consensus on the quality of SBOMs together. So, I guess it is important to discuss SBOM format, compliance workflows, and automation processes for this purpose.

 

 

BR,

Tak

 


差出人: main@... <main@...> Mark Gisi <mark.gisi@...> の代理で送信
送信日時: 2021113 15:32
宛先: Takashi NINJOUJI <takashi.ninjouji@...>; Shane Coughlan <scoughlan@...>
CC: main@... <main@...>
件名: Re: [openchain] OpenChain Security Assurance Reference Guide - Public Sharing - Feedback Requested

 

Hi Tak,

 

>> there is no specific way to declare conformance to this guide. And each duration will be managed separately.

 

One can declare conformance with the guide. According to section 3.4.2:

ÿ          3.4.2.1 A document affirming the Program meets all the requirements of this guide, within the past 18 months of obtaining conformance validation.

Although it is true they are separate, they are highly complimentary. Once a company can gather up evidence that demonstrates that each of the requirements (verification materials) have been met including a document for verification artifact 3.4.2.1 above, one can claim conformance from the date of that document. At that point the company would be able to present evidence to any party (at their choice) to demonstrate conformance (e.g., major customer). Although it is NOT a requirement to publish the evidence – they would be capable should they choose to do so.

 

>> if a program already OpenChain conformant is newly this guide conformant, it may be possible to renew this guide conformant in conjunction with the subsequent OpenChain conformant.

 

Yes, that is very achievable. Although they each require a separate preparation and archiving of evidence (verifications materials) – they can be performed in parallel. Even if an organization achieved conformance with the spec 6 months prior to the security assurance guide, they can both be renewed in the future at the same time. There is no need to wait 18 months. An organization can choose to verify conformance annually (e.g., every January) – which represents a best practice. The 18 month requirement was included as a minimum baseline to make sure an organization keeps their evidence (i.e., their policies, procedures and documents) current.

 

Please let us know if you would like additional clarification.

 

best,

Mark

 

Mark Gisi
Director, Open Source Program Office

Empowering Engineers & Customers to Prosper using Open Source

(510) 749-2016

Wind River

 

From: Takashi NINJOUJI <takashi.ninjouji@...>
Sent: Tuesday, November 2, 2021 3:16 PM
To: Gisi, Mark <Mark.Gisi@...>; Shane Coughlan <scoughlan@...>
Cc: main@...
Subject: Re: [openchain] OpenChain Security Assurance Reference Guide - Public Sharing - Feedback Requested

 

[Please note: This e-mail is from an EXTERNAL e-mail address]

Hello Mark and Shane,

 

I'm translating §3.4 of the Security Assurance Reference Guide ("this guide") into Japanese, but I need to confirm something:
My understandings are:

(1) 

This guide focuses on security assurance and can be operated independently of the OpenChain Specification. However, there is no specific way to declare conformance to this guide. And each duration will be managed separately.

 

(2) 

In practice, if a program already OpenChain conformant is newly this guide conformant, it may be possible to renew this guide conformant in conjunction with the subsequent OpenChain conformant.



 Are all of the above OK?

 

Best Regards

Tak

 

 

 

On Tue, Oct 26, 2021 at 1:07 PM Shane Coughlan <scoughlan@...> wrote:

As discussed on our global work team calls, the security assurance reference guide has a dedicated page here:

 

Is the material - particularly that contained in the FAQ - enough to guide understanding and use? Feedback most welcome.

 

Regards

 

Shane 

 

Shane Coughlan

OpenChain General Manager

+818040358083

Book a meeting:


Re: [japan-wg] Regional Traction: 2,100 Eyes on Japanese FAQ

Hiro Fukuchi
 

Shane and all,

The OpenChain Japan Work Group operates seven sub-groups, one of which is
focused on providing answers to frequently asked questions, chaired by Ouchi San
from Fujitsu. The FAQ document produced by the group has been downloaded over
2,100 times so far, demonstrating the extent of information dissemination in a
specific geography.
Ouchi-san's group has also published the English version of the FAQ.
You can read it here:
English:
https://github.com/OpenChain-Project/OpenChain-JWG/blob/master/Education_Material/FAQ/Misunderstandings_of_OSS_licenses_CC0.pptx

Japanese:
https://github.com/OpenChain-Project/OpenChain-JWG/blob/master/Education_Material/FAQ/OSS%E3%83%A9%E3%82%A4%E3%82%BB%E3%83%B3%E3%82%B9%E9%96%A2%E9%80%A3%E3%81%A7%E3%82%88%E3%81%8F%E3%81%82%E3%82%8B%E8%AA%A4%E8%A7%A3_CC0.pptx

---
Hiro Fukuchi (Hiroyuki.Fukuchi@...)
Sony

-----Original Message-----
From: japan-wg@...
<japan-wg@...> On Behalf Of Shane Coughlan
Sent: Tuesday, November 2, 2021 7:12 PM
To: OpenChain Main <main@...>
Cc: OpenChain Japan <japan-wg@...>;
japan-sg-faq@...
Subject: [japan-wg] Regional Traction: 2,100 Eyes on Japanese FAQ

The OpenChain Project often highlights global news. However, it is important to
remember that the majority of activity is truly distributed around the world,
especially in our local China, Japan, Korea, Taiwan, India, Germany, UK and US
work groups. Today we are taking a moment to shine a spotlight on a specific
example in Japan.
The OpenChain Japan Work Group operates seven sub-groups, one of which is
focused on providing answers to frequently asked questions, chaired by Ouchi San
from Fujitsu. The FAQ document produced by the group has been downloaded over
2,100 times so far, demonstrating the extent of information dissemination in a
specific geography.

If you have a Japanese office (or you represent a Japanese company), please be
aware that the FAQ sub-group meets on the 8th of November at 15:00 JST. All
welcome.

・日時:11月8日(月) 15:00〜17:30
・チャタムハウスルールを採用しています。
(誰が言ったかは口外禁止、得た情報は自由利用可)
・オンライン会議(Zoom):
 Zoom のURLはFAQ-SGのSLACKに掲載予定です。
 (Japan WGのSLACKとは異なります)

以下のメーリングリストへご連絡願います。

https://urldefense.com/v3/__https://lists.openchainproject.org/g/japan-sg-faq
/messages__;!!JmoZiZGBv3RvKRSx!p4-SY5VExUQaozP19Boqve9dCje52dJ_BvA
QPeHQLTqblQ-A17Ke1l510UgNWm2obw_K$ [lists[.]openchainproject[.]org]



Re: OpenChain Security Assurance Reference Guide - Public Sharing - Feedback Requested

takashi1.ninjouji@...
 

Thanks a lot, Mark!

My understanding is getting better than before :)

>> there is no specific way to declare conformance to this guide.

I should correct my above comment because what intends the following:
  "There is no registration procedure such as in §3.6.2 of OpenChain Specification."


> At this point, companies will be able to present their evidence of conformance to any 
> party (e.g., key customers). It is not mandatory to make the evidence public, but it is
>  possible if you choose to do so.


§3.4 of this guide corresponds to §3.6 of the OpenChain specification; if so, this clause does not necessarily mean intending to publish evidence.

In supply and consumption, no wonder there is more interest in SBOM.

I hope that the community and industry can build a consensus on the quality of SBOMs together. So, I guess it is important to discuss SBOM format, compliance workflows, and automation processes for this purpose.


BR,
Tak


差出人: main@... <main@...> が Mark Gisi <mark.gisi@...> の代理で送信
送信日時: 2021年11月3日 15:32
宛先: Takashi NINJOUJI <takashi.ninjouji@...>; Shane Coughlan <scoughlan@...>
CC: main@... <main@...>
件名: Re: [openchain] OpenChain Security Assurance Reference Guide - Public Sharing - Feedback Requested
 

Hi Tak,

 

>> there is no specific way to declare conformance to this guide. And each duration will be managed separately.

 

One can declare conformance with the guide. According to section 3.4.2:

ÿ          3.4.2.1 A document affirming the Program meets all the requirements of this guide, within the past 18 months of obtaining conformance validation.

Although it is true they are separate, they are highly complimentary. Once a company can gather up evidence that demonstrates that each of the requirements (verification materials) have been met including a document for verification artifact 3.4.2.1 above, one can claim conformance from the date of that document. At that point the company would be able to present evidence to any party (at their choice) to demonstrate conformance (e.g., major customer). Although it is NOT a requirement to publish the evidence – they would be capable should they choose to do so.

 

>> if a program already OpenChain conformant is newly this guide conformant, it may be possible to renew this guide conformant in conjunction with the subsequent OpenChain conformant.

 

Yes, that is very achievable. Although they each require a separate preparation and archiving of evidence (verifications materials) – they can be performed in parallel. Even if an organization achieved conformance with the spec 6 months prior to the security assurance guide, they can both be renewed in the future at the same time. There is no need to wait 18 months. An organization can choose to verify conformance annually (e.g., every January) – which represents a best practice. The 18 month requirement was included as a minimum baseline to make sure an organization keeps their evidence (i.e., their policies, procedures and documents) current.

 

Please let us know if you would like additional clarification.

 

best,

Mark

 

Mark Gisi
Director, Open Source Program Office

Empowering Engineers & Customers to Prosper using Open Source

(510) 749-2016

Wind River

 

From: Takashi NINJOUJI <takashi.ninjouji@...>
Sent: Tuesday, November 2, 2021 3:16 PM
To: Gisi, Mark <Mark.Gisi@...>; Shane Coughlan <scoughlan@...>
Cc: main@...
Subject: Re: [openchain] OpenChain Security Assurance Reference Guide - Public Sharing - Feedback Requested

 

[Please note: This e-mail is from an EXTERNAL e-mail address]

Hello Mark and Shane,

 

I'm translating §3.4 of the Security Assurance Reference Guide ("this guide") into Japanese, but I need to confirm something:
My understandings are:

(1) 

This guide focuses on security assurance and can be operated independently of the OpenChain Specification. However, there is no specific way to declare conformance to this guide. And each duration will be managed separately.

 

(2) 

In practice, if a program already OpenChain conformant is newly this guide conformant, it may be possible to renew this guide conformant in conjunction with the subsequent OpenChain conformant.



 Are all of the above OK?

 

Best Regards

Tak

 

 

 

On Tue, Oct 26, 2021 at 1:07 PM Shane Coughlan <scoughlan@...> wrote:

As discussed on our global work team calls, the security assurance reference guide has a dedicated page here:

 

Is the material - particularly that contained in the FAQ - enough to guide understanding and use? Feedback most welcome.

 

Regards

 

Shane 

 

Shane Coughlan

OpenChain General Manager

+818040358083

Book a meeting:


Re: OpenChain Security Assurance Reference Guide - Public Sharing - Feedback Requested

Mark Gisi
 

Hi Chris,

 

>> Is there some way to incorporate this guide into the basic OpenChain Specification as an added conformance item?

 

We introduced the security assurance guide as a separate deliverable initially to reduce friction to adoption of both the spec and security guide. We did not want to have a company feel obligated to conform with both to achieve either one. However, having noted that, they were designed to be highly similar in spirit and format, and easily achieved together should a company choose (or a customer requires it). That is, they are separate but highly complementary. The long term objective is to create trust in open source by working toward creating a suite of highly complementary conformance specifications (e.g., license compliance, security, quality, export compliance, …) such that an organization can choose the ones that best fit their needs. For that reason we are trying to avoid creating a single monolithic specification.

 

Let us know if that does not completely address your concern.

 

best,

 

Mark Gisi
Director, Open Source Program Office

Empowering Engineers & Customers to Prosper using Open Source

(510) 749-2016

Wind River

 

From: main@... <main@...> On Behalf Of Christopher Wood
Sent: Tuesday, November 2, 2021 3:43 PM
To: main@...
Cc: Gisi, Mark <Mark.Gisi@...>; Shane Coughlan <scoughlan@...>
Subject: Re: [openchain] OpenChain Security Assurance Reference Guide - Public Sharing - Feedback Requested

 

[Please note: This e-mail is from an EXTERNAL e-mail address]

Hello

Is there some way to incorporate this guide into the basic OpenChain Specification as an added conformance item?

Thanks 

Chris



On Nov 2, 2021, at 5:16 PM, Takashi Ninjouji <takashi.ninjouji@...> wrote:



Hello Mark and Shane,

 

I'm translating §3.4 of the Security Assurance Reference Guide ("this guide") into Japanese, but I need to confirm something:
My understandings are:

(1) 

This guide focuses on security assurance and can be operated independently of the OpenChain Specification. However, there is no specific way to declare conformance to this guide. And each duration will be managed separately.

 

(2) 

In practice, if a program already OpenChain conformant is newly this guide conformant, it may be possible to renew this guide conformant in conjunction with the subsequent OpenChain conformant.



 Are all of the above OK?

 

Best Regards

Tak

 

 

 

On Tue, Oct 26, 2021 at 1:07 PM Shane Coughlan <scoughlan@...> wrote:

As discussed on our global work team calls, the security assurance reference guide has a dedicated page here:

 

Is the material - particularly that contained in the FAQ - enough to guide understanding and use? Feedback most welcome.

 

Regards

 

Shane 

 

Shane Coughlan

OpenChain General Manager

+818040358083

Book a meeting:


Re: OpenChain Security Assurance Reference Guide - Public Sharing - Feedback Requested

Mark Gisi
 

Hi Tak,

 

>> there is no specific way to declare conformance to this guide. And each duration will be managed separately.

 

One can declare conformance with the guide. According to section 3.4.2:

ÿ          3.4.2.1 A document affirming the Program meets all the requirements of this guide, within the past 18 months of obtaining conformance validation.

Although it is true they are separate, they are highly complimentary. Once a company can gather up evidence that demonstrates that each of the requirements (verification materials) have been met including a document for verification artifact 3.4.2.1 above, one can claim conformance from the date of that document. At that point the company would be able to present evidence to any party (at their choice) to demonstrate conformance (e.g., major customer). Although it is NOT a requirement to publish the evidence – they would be capable should they choose to do so.

 

>> if a program already OpenChain conformant is newly this guide conformant, it may be possible to renew this guide conformant in conjunction with the subsequent OpenChain conformant.

 

Yes, that is very achievable. Although they each require a separate preparation and archiving of evidence (verifications materials) – they can be performed in parallel. Even if an organization achieved conformance with the spec 6 months prior to the security assurance guide, they can both be renewed in the future at the same time. There is no need to wait 18 months. An organization can choose to verify conformance annually (e.g., every January) – which represents a best practice. The 18 month requirement was included as a minimum baseline to make sure an organization keeps their evidence (i.e., their policies, procedures and documents) current.

 

Please let us know if you would like additional clarification.

 

best,

Mark

 

Mark Gisi
Director, Open Source Program Office

Empowering Engineers & Customers to Prosper using Open Source

(510) 749-2016

Wind River

 

From: Takashi NINJOUJI <takashi.ninjouji@...>
Sent: Tuesday, November 2, 2021 3:16 PM
To: Gisi, Mark <Mark.Gisi@...>; Shane Coughlan <scoughlan@...>
Cc: main@...
Subject: Re: [openchain] OpenChain Security Assurance Reference Guide - Public Sharing - Feedback Requested

 

[Please note: This e-mail is from an EXTERNAL e-mail address]

Hello Mark and Shane,

 

I'm translating §3.4 of the Security Assurance Reference Guide ("this guide") into Japanese, but I need to confirm something:
My understandings are:

(1) 

This guide focuses on security assurance and can be operated independently of the OpenChain Specification. However, there is no specific way to declare conformance to this guide. And each duration will be managed separately.

 

(2) 

In practice, if a program already OpenChain conformant is newly this guide conformant, it may be possible to renew this guide conformant in conjunction with the subsequent OpenChain conformant.



 Are all of the above OK?

 

Best Regards

Tak

 

 

 

On Tue, Oct 26, 2021 at 1:07 PM Shane Coughlan <scoughlan@...> wrote:

As discussed on our global work team calls, the security assurance reference guide has a dedicated page here:

 

Is the material - particularly that contained in the FAQ - enough to guide understanding and use? Feedback most welcome.

 

Regards

 

Shane 

 

Shane Coughlan

OpenChain General Manager

+818040358083

Book a meeting:


Re: OpenChain Security Assurance Reference Guide - Public Sharing - Feedback Requested

Christopher Wood
 

Hello
Is there some way to incorporate this guide into the basic OpenChain Specification as an added conformance item?
Thanks 
Chris

On Nov 2, 2021, at 5:16 PM, Takashi Ninjouji <takashi.ninjouji@...> wrote:


Hello Mark and Shane,

I'm translating §3.4 of the Security Assurance Reference Guide ("this guide") into Japanese, but I need to confirm something:
My understandings are:

(1) 
This guide focuses on security assurance and can be operated independently of the OpenChain Specification. However, there is no specific way to declare conformance to this guide. And each duration will be managed separately.

(2) 
In practice, if a program already OpenChain conformant is newly this guide conformant, it may be possible to renew this guide conformant in conjunction with the subsequent OpenChain conformant.


 Are all of the above OK?

Best Regards
Tak



On Tue, Oct 26, 2021 at 1:07 PM Shane Coughlan <scoughlan@...> wrote:
As discussed on our global work team calls, the security assurance reference guide has a dedicated page here:

Is the material - particularly that contained in the FAQ - enough to guide understanding and use? Feedback most welcome.

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:


Re: OpenChain Security Assurance Reference Guide - Public Sharing - Feedback Requested

Takashi Ninjouji
 

Hello Mark and Shane,

I'm translating §3.4 of the Security Assurance Reference Guide ("this guide") into Japanese, but I need to confirm something:
My understandings are:

(1) 
This guide focuses on security assurance and can be operated independently of the OpenChain Specification. However, there is no specific way to declare conformance to this guide. And each duration will be managed separately.

(2) 
In practice, if a program already OpenChain conformant is newly this guide conformant, it may be possible to renew this guide conformant in conjunction with the subsequent OpenChain conformant.


 Are all of the above OK?

Best Regards
Tak



On Tue, Oct 26, 2021 at 1:07 PM Shane Coughlan <scoughlan@...> wrote:
As discussed on our global work team calls, the security assurance reference guide has a dedicated page here:

Is the material - particularly that contained in the FAQ - enough to guide understanding and use? Feedback most welcome.

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:


OpenChain Japan Work Group Meeting #21 – 2021-10-20

 

Full recording (Japanese) available here. Excellent on-boarding point for your Japanese team or suppliers:
https://www.openchainproject.org/news/2021/11/02/jp-wg-21


Regional Traction: 2,100 Eyes on Japanese FAQ

 

The OpenChain Project often highlights global news. However, it is important to remember that the majority of activity is truly distributed around the world, especially in our local China, Japan, Korea, Taiwan, India, Germany, UK and US work groups. Today we are taking a moment to shine a spotlight on a specific example in Japan.
The OpenChain Japan Work Group operates seven sub-groups, one of which is focused on providing answers to frequently asked questions, chaired by Ouchi San from Fujitsu. The FAQ document produced by the group has been downloaded over 2,100 times so far, demonstrating the extent of information dissemination in a specific geography.

If you have a Japanese office (or you represent a Japanese company), please be aware that the FAQ sub-group meets on the 8th of November at 15:00 JST. All welcome.

・日時:11月8日(月) 15:00〜17:30
・チャタムハウスルールを採用しています。
(誰が言ったかは口外禁止、得た情報は自由利用可)
・オンライン会議(Zoom):
 Zoom のURLはFAQ-SGのSLACKに掲載予定です。
 (Japan WGのSLACKとは異なります)

以下のメーリングリストへご連絡願います。
https://lists.openchainproject.org/g/japan-sg-faq/messages


FW: [education] Event: Web based training finalization #cal-invite

Balakrishna Mukundaraj
 

Web based training finalization

When:
Friday, November 5, 2021
3:00pm to 4:00pm
(UTC+05:30) Asia/Kolkata
Repeats: Weekly on Friday, 2 times

Where:
Zoom meeting

Organizer: Balakrishna

View Event

Description:
Hello,

Let's all join in and complete short remaining tasks of web based training.

As discussed in previous meeting 1st training will be chapters 1-5, training final review date 30 November., public release date by 16th of December.
2nd training release will be chapter 6-8 final review date first week of February.

Join Zoom Meeting
https://zoom.us/j/4377592799

Meeting ID: 437 759 2799


Re: REMINDER OpenChain Bi-Weekly Webinar - 2021-11-02 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

 

Our meeting begins in about ten minutes.

Please note: this is a webinar for people completely new to the OpenChain Project. It features a walkthrough of the website and so on.

On Nov 2, 2021, at 13:12, Shane Coughlan <scoughlan@...> wrote:

Our regular webinar starts in just under two hours.

Today we are going to record a “newbies” guide to the OpenChain website and resources. This is intended to help support companies that are just learning about us in countries like China, Japan and Korea.

Join Zoom Meeting
https://zoom.us/j/4377592799

Meeting ID: 437 759 2799
One tap mobile
+13017158592,,4377592799# US (Washington DC)
+13126266799,,4377592799# US (Chicago)

Need to confirm your timezone?
OpenChain Bi-Weekly Webinar - 2021-11-02 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


REMINDER OpenChain Bi-Weekly Webinar - 2021-11-02 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

 

Our regular webinar starts in just under two hours.

Today we are going to record a “newbies” guide to the OpenChain website and resources. This is intended to help support companies that are just learning about us in countries like China, Japan and Korea.

Join Zoom Meeting
https://zoom.us/j/4377592799

Meeting ID: 437 759 2799
One tap mobile
+13017158592,,4377592799# US (Washington DC)
+13126266799,,4377592799# US (Chicago)

Need to confirm your timezone?
OpenChain Bi-Weekly Webinar - 2021-11-02 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Education Work Group Meeting 2021-10-29

 

We discussed the final steps necessary to turn this document into an online course. Balakrishna (our chair) has finalized details with the LF Training Team. They can release a version of the course for December 16th if we (a) close open comments on Chapters 1~5 and provide the final deliverable by end of November. Most of the work is done on Chapters 1~3, so our focus will be on filling out Chapters 4~5 in the short term, and then reverting to the early chapters for final review.
Join the Education Work Group at this mailing list:


Case Study: Open Source Compliance Automation and Interoperability #4 - How TERN (a container scanner) works both with the graphical tool and when used on its own.

 

The OpenChain automation case study about using open source tools for open source compliance runs between September and December 2021. It is the largest case study ever undertaken in this space. The outcome of attending will include better knowledge of options for automation around open source compliance, a better understanding of interoperability in the space, and an awareness of how to engage with the field in a turn-key manner.

Part #4 explores how TERN (a container scanner) works both with the graphical tool and when used on its own.
https://www.openchainproject.org/featured/2021/10/29/automation-case-study-4


CAICT Becomes OpenChain Partner, Launches Third Party Certification

 

One of the biggest announcements this year for the OpenChain Project: CAICT - a research institute under the Chinese Ministry of Industry and Information Technology - has become a partner and will offer third party certification support for OpenChain ISO/IEC 5230 in the Chinese market. 


Re: Update on web-based training and Open Chain ref-Playbook

Balakrishna Mukundaraj
 

Hello All,

We have education board update call in 15 mins.

Interested participants please join.


Mit freundlichen Grüßen / Best regards

Mukundaraj Balakrishna

Information co-ordination (RBEI/ECA5)
Robert Bosch GmbH | Postfach 10 60 50 | 70049 Stuttgart | GERMANY | www.bosch.com
Tel. +91 80 6657-5938 | Mobile +91-96207-91838 | Fax +91 80 6617-0711 | Balakrishna.Mukundraj@...

Registered Office: Stuttgart, Registration Court: Amtsgericht Stuttgart, HRB 14000;
Chairman of the Supervisory Board: Franz Fehrenbach; Managing Directors: Dr. Volkmar Denner,
Prof. Dr. Stefan Asenkerschbaumer, Filiz Albrecht, Dr. Christian Fischer, Dr. Stefan Hartung,
Dr. Markus Heyn, Harald Kröger, Rolf Najork

-----Original Appointment-----
From: education@... Group <education@...>
Sent: Tuesday, October 26, 2021 10:38 AM
To: education@... Group
Subject: Update on web-based training and Open Chain ref-Playbook
When: Friday, October 29, 2021 11:00 AM-12:00 PM (UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi.
Where: Zoom call

Hello all,

We would like to give you an update on the status of our pending web based training.

And with this call we would like to kick-off the reference playbook mentioned during our previous calls.

Please join us:

https://zoom.us/j/4377592799 ( https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fzoom.us%2Fj%2F4377592799&data=04%7C01%7Cbalakrishna.mukundraj%40in.bosch.com%7C39f12a61010c43123ad408d98d49eeea%7C0ae51e1907c84e4bbb6d648ee58410f4%7C0%7C0%7C637696170947556461%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=fyPp0%2FTR4WPu63gD5qJjSxn%2FHBBkCoMadIrk7pi%2F8h0%3D&reserved=0 )

https://zoom.us/j/4377592799 ( https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fzoom.us%2Fj%2F4377592799&data=04%7C01%7Cbalakrishna.mukundraj%40in.bosch.com%7C39f12a61010c43123ad408d98d49eeea%7C0ae51e1907c84e4bbb6d648ee58410f4%7C0%7C0%7C637696170947556461%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=fyPp0%2FTR4WPu63gD5qJjSxn%2FHBBkCoMadIrk7pi%2F8h0%3D&reserved=0 )


REMINDER: Automation Case Study: TERN and Containers today (27th) at 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST

 

A reminder that we go live in one hour. The event will be recorded but attending the live session is recommended.

On Oct 27, 2021, at 12:21, Shane Coughlan <scoughlan@...> wrote:

OpenChain Automation Case Study: TERN and Containers today (27th) at 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST.

This is part of our on-going global case study regarding automation ease-of-use and effectiveness demonstrated via a new global GUI and deep-dives on specific tools used.

No registration required.

561 - 580 of 4831