Date   

Re: About the translation of Open-Source-Policy-Template

MASAHIKO HAYASHI(林 正彦)
 

Dear Andrew-san 

 

Thank you for your cooperation. 

 

As I mentioned to Shane-san, the translation has been completed and now is undergoing our internal review. 

As soon as the review is complete, we will make the following pull request. 

https://github.com/OpenChain-Project/Reference-Material/tree/master/Open-Source-Policy/Official/2.1/ ja 

If we have any questions during our internal or Japanese community review, we will be happy to discuss them with you. 

 

Kind regards 

Masahiko Hayashi 




差出人: main@... <main@...> が Andrew K <andrew.katz@...> の代理で送信
送信日時: 2022年1月24日 23:43
宛先: main@... <main@...>
件名: Re: [openchain] About the translation of Open-Source-Policy-Template
 

Dear Masahiko-san

 

I would delighted for you to translate the template into Japanese, and I am sure that Shane would be equally pleased. If I can help in any way, and if you have any questions or observations about the template, or there is any way in which I can clarify anything, please do let me know.

 

Just so you know, I am considering updating tab 3 (code acceptance) so that it follows the work on Chaoss community health analytics: https://chaoss.community/

 

Kind regards

 

 

Andrew

 

 

 

From: <main@...> on behalf of "HAYASHI MASAHIKO (林 正彦)" <m.hayashi@...>
Reply to: <main@...>
Date: Thursday, 20 January 2022 at 10:56
To: "main@..." <main@...>
Subject: [openchain] About the translation of Open-Source-Policy-Template

 

Shane-san, Andrew-san

I would like to translate "Open-Source-Policy-Template-en-OpenChain2.1-ISO5230.xlsx" in OpenChain Resource into Japanese and make a contribution. Please let me know how I can do this.

 


Re: About the translation of Open-Source-Policy-Template

MASAHIKO HAYASHI(林 正彦)
 

Hi Shane San

 

Thank you for the information.

 

We have now finished the translation and are reviewing it internally.

As soon as we finish the review, we will make a pull request below.

<https://github.com/OpenChain-Project/Reference-Material/tree/master/Open-Source-Policy/Official/2.1/> ja

 

Regards

 

Masahiko Hayashi




差出人: main@... <main@...> が Shane Coughlan <scoughlan@...> の代理で送信
送信日時: 2022年1月21日 11:30
宛先: OpenChain Main <main@...>
件名: Re: [openchain] About the translation of Open-Source-Policy-Template
 
Hi Hayashi San!

I am really glad to hear that you will help support the translation of the policy template document.

The basic way to start is super simple. Download the document here:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Open-Source-Policy/Official/2.1/en/Open-Source-Policy-Template-en-OpenChain2.1-ISO5230.xlsx
And then submit the translation as a pull request (or just send it to this list).

Thank you very much in advance!

Regards

Shane

> On Jan 20, 2022, at 19:56, HAYASHI MASAHIKO(林 正彦) <m.hayashi@...> wrote:
>
> Shane-san, Andrew-san
>
> I would like to translate "Open-Source-Policy-Template-en-OpenChain2.1-ISO5230.xlsx" in OpenChain Resource into Japanese and make a contribution. Please let me know how I can do this.
>
>
>






Re: OpenChain Bi-Weekly Call 2022-01-18 – Full Recording

 

I trust the move is going well!

I loved living in Zurich 🙂

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

On Jan 21, 2022, at 18:37, Jari Koivisto <jari.p.koivisto@...> wrote:


Thanks, Shane for sharing!

I would have joined on Tuesday (morning CET), but Monday-Tuesday were moving days (from Lausanne to Zürich) and too many things to worry about. 

BR, Jari

---
Jari Koivisto
E-mail: jari.p.koivisto@...
Mobile: +41 78 7479791
Skype: jari.p.koivisto
LinkedIn: http://www.linkedin.com/in/jarikoivisto



On Fri, Jan 21, 2022 at 6:52 AM Shane Coughlan <scoughlan@...> wrote:
Catch up here :)
https://www.openchainproject.org/news/2022/01/20/bi-weekly-call-2022-01-18






Kakao Announces OpenChain Conformant Program

 

Today Kakao Corporation announces an OpenChain ISO/IEC 5230 conformant program. Kakao Corporation is South Korea’s mobile life platform company that provides innovative services in global mobile and internet markets.

“More industries are increasing their use of open source, which importance is increasing day after day” says Charles Chung, CTO of Kakao. “Kakao will proactively share the open source competency we have accumulated to spearhead advancements in the development ecosystem. By acquiring certification for the International Standard for open source compliance, OpenChain ISO 5230, Kakao has been recognized for our ability to use open source. The OpenChain ISO 5230 certification will also help strengthen the reputation of ‘Olive Platform’, Kakao’s open source license identification and verification service.”
https://www.openchainproject.org/featured/2022/01/24/kakao-conformant

About Kakao

Kakao Corporation is a mobile life platform company that provides innovative services in global mobile and internet markets, building on its employees with profound knowledge and experience, technological capabilities, quality contents and highly competitive mobile traffic. Under the corporate vision, “Making a better world with people and technology”, we connect everything in our everyday lives, enabling anyone to experience innovations on a daily basis. The Kakao Corporation headquarters can be found on Jeju Island, with an integrated metropolitan office in Pangyo, where over 2,300 employees in total are working today. Daum Communications, established in 1995, and Kakao, founded in 2006, merged on October 1, 2014 to become Daum Kakao. The name of the company was changed to Kakao on September 23, 2015 to become a company that stands at the forefront of the mobile era.


Kakaobank Announces OpenChain Conformance

 

Kakaobank announces an OpenChain ISO/IEC 5230 conformant program. It is the first financial company in Korea and the second worldwide to formally adopt the International Standard for open source compliance.

“The use of open source is a trend and essential for all IT industries,” says Shin Jae-Hong, Chief Information Officer(CIO) of Kakaobank. “As Kakaobank is the first Korean financial company to be a part of OpenChain, We will accelerate innovative financial business possibilities through Ai, Big data, and Cloud based on our open source ability”
https://www.openchainproject.org/featured/2022/01/24/kakaobank-conformance

About Kakaobank

Kakaobank is the biggest mobile-first bank in South Korea. Established in January 2016, the bank launched its public service in July 2017 after obtaining a final full banking license in April 2017. The bank attracted 240,000 customers within the first 24 hours of starting service. At the end of December 2021, Kakaobank holds 17.9 million users and 15.7 million account holders, around 60% of economically-active population in South Korea.
Kakaobank provides full-banking products via its mobile application, enabling customers to enjoy our services easier and faster. Kakaobank is looking to become a customer-centric bank under our slogan of “Helping you use banking services easier in your daily life” by providing a variety of essential financial products.


Re: [partners] Supplier Education Leaflet – Help Wanted

Stefan Thanheiser
 

Hello again everyone,

Please find a first version of my current OpenChain Supplier Leaflet ODT at

Please also find enclosed a PDF export of that version.

I know that there still might still be some typos in the document - as ff, fl, etc. weren’t transferred via copy&paste.
=> Corrected version upcoming… 

Regards,
Stefan



Am 24.01.2022 um 16:39 schrieb Stefan Thanheiser <Stefan.Thanheiser@...>:

Hi everyone,

what a coincidence - I just started to familiarize myself with LibeOffice Write by creating an ODT Template for the Supplier Leaflet 😉
(...as a substitute for my historic Scribus version).

I'll post a first (still incomplete) version in my GitHub repo this evening. Any help is welcome.

Regards,
Stefan

Stefan Thanheiser

Atruvia AG
---
Servicefeld Qualität IT-Sicherheit Einkauf,
Tribe Einkauf,
Chapter Software Asset & Lizenzmanagement
---
Telefon +49 721 4004-1860
Mobil +49 170 3304133
E-Mail stefan.thanheiser@...




Atruvia AG | www.atruvia.de
AG Frankfurt a. M. HRB 102381 | Sitz der Gesellschaft: Frankfurt a. M. | USt-IdNr. DE 143582320
Vorstand: Martin Beyer (Vorstandssprecher), Ulrich Coenen (Vorstandssprecher),
Daniela Bücker, Birgit Frohnhoff, Jörg Staff, Ralf Teufel
Vorsitzender des Aufsichtsrats: Jürgen Brinkmann


-----Ursprüngliche Nachricht-----
Von: main@... <main@...> Im Auftrag von Malcolm Bain
Gesendet: Donnerstag, 20. Januar 2022 10:46
An: partners@...
Cc: OpenChain Main <main@...>
Betreff: Re: [openchain] [partners] Supplier Education Leaflet – Help Wanted

Thanks Shane

We've OCR'd to MSWord, and will then move to ODT or TXT format or some markup if you want.  

Attached is the OCR'd MSWord version of the English (if it gets through the list) 

Malcolm 



-----Mensaje original-----
De: partners@...
<partners@...> En nombre de Shane Coughlan via 
lists.openchainproject.org Enviado el: jueves, 20 de enero de 2022 
4:55
Para: OpenChain Partners <partners@...>
CC: OpenChain Main <main@...>
Asunto: Re: [partners] Supplier Education Leaflet – Help Wanted

Update: the source documents are in InDesign format for professional 
printing. This raises some complications for community translation. I 
am checking with a designer if there is a way we can work around this.

On Jan 17, 2022, at 16:40, Malcolm Bain <malcolm.bain@id-
lawpartners.com> wrote:

No problem with Spanish – coming up on Wednesday!

Malcolm


De: partners@...
<partners@...> En nombre de Shane Coughlan 
via lists.openchainproject.org Enviado el: lunes, 17 de enero de 
2022 6:36
Para: OpenChain Main <main@...>
CC: OpenChain Partners <partners@...>
Asunto: [partners] Supplier Education Leaflet – Help Wanted

The OpenChain Project has a lot of reference material to support the
adoption of OpenChain ISO/IEC 5230 and with open source compliance, 
security and export control more broadly. One of the foundation 
documents we have is a supplier education leaflet. It was created by 
the OpenChain Japan Work Group and – with the recent addition of Dutch 
– is now available in eight languages.

We would like your help to expand the reach of this document. We
especially want help with translations into French and Spanish.

Check Out The Source Code On GitHub:
https://github.com/OpenChain-Project/Reference-Material/tree/master/
Su
ppliers/Leaflet/Official/2.1

<image001.png>
















Re: [partners] Supplier Education Leaflet – Help Wanted

Stefan Thanheiser
 

Hi everyone,

what a coincidence - I just started to familiarize myself with LibeOffice Write by creating an ODT Template for the Supplier Leaflet 😉
(...as a substitute for my historic Scribus version).

I'll post a first (still incomplete) version in my GitHub repo this evening. Any help is welcome.

Regards,
Stefan

Stefan Thanheiser

Atruvia AG
---
Servicefeld Qualität IT-Sicherheit Einkauf,
Tribe Einkauf,
Chapter Software Asset & Lizenzmanagement
---
Telefon +49 721 4004-1860
Mobil +49 170 3304133
E-Mail stefan.thanheiser@...




Atruvia AG | www.atruvia.de
AG Frankfurt a. M. HRB 102381 | Sitz der Gesellschaft: Frankfurt a. M. | USt-IdNr. DE 143582320
Vorstand: Martin Beyer (Vorstandssprecher), Ulrich Coenen (Vorstandssprecher),
Daniela Bücker, Birgit Frohnhoff, Jörg Staff, Ralf Teufel
Vorsitzender des Aufsichtsrats: Jürgen Brinkmann


-----Ursprüngliche Nachricht-----
Von: main@... <main@...> Im Auftrag von Malcolm Bain
Gesendet: Donnerstag, 20. Januar 2022 10:46
An: partners@...
Cc: OpenChain Main <main@...>
Betreff: Re: [openchain] [partners] Supplier Education Leaflet – Help Wanted

Thanks Shane

We've OCR'd to MSWord, and will then move to ODT or TXT format or some markup if you want.

Attached is the OCR'd MSWord version of the English (if it gets through the list)

Malcolm

-----Mensaje original-----
De: partners@...
<partners@...> En nombre de Shane Coughlan via
lists.openchainproject.org Enviado el: jueves, 20 de enero de 2022
4:55
Para: OpenChain Partners <partners@...>
CC: OpenChain Main <main@...>
Asunto: Re: [partners] Supplier Education Leaflet – Help Wanted

Update: the source documents are in InDesign format for professional
printing. This raises some complications for community translation. I
am checking with a designer if there is a way we can work around this.

On Jan 17, 2022, at 16:40, Malcolm Bain <malcolm.bain@id-
lawpartners.com> wrote:

No problem with Spanish – coming up on Wednesday!

Malcolm


De: partners@...
<partners@...> En nombre de Shane Coughlan
via lists.openchainproject.org Enviado el: lunes, 17 de enero de
2022 6:36
Para: OpenChain Main <main@...>
CC: OpenChain Partners <partners@...>
Asunto: [partners] Supplier Education Leaflet – Help Wanted

The OpenChain Project has a lot of reference material to support the
adoption of OpenChain ISO/IEC 5230 and with open source compliance,
security and export control more broadly. One of the foundation
documents we have is a supplier education leaflet. It was created by
the OpenChain Japan Work Group and – with the recent addition of Dutch
– is now available in eight languages.

We would like your help to expand the reach of this document. We
especially want help with translations into French and Spanish.

Check Out The Source Code On GitHub:
https://github.com/OpenChain-Project/Reference-Material/tree/master/
Su
ppliers/Leaflet/Official/2.1

<image001.png>




Re: About the translation of Open-Source-Policy-Template

Andrew K
 

Dear Masahiko-san

 

I would delighted for you to translate the template into Japanese, and I am sure that Shane would be equally pleased. If I can help in any way, and if you have any questions or observations about the template, or there is any way in which I can clarify anything, please do let me know.

 

Just so you know, I am considering updating tab 3 (code acceptance) so that it follows the work on Chaoss community health analytics: https://chaoss.community/

 

Kind regards

 

 

Andrew

 

 

 

From: <main@...> on behalf of "HAYASHI MASAHIKO (林 正彦)" <m.hayashi@...>
Reply to: <main@...>
Date: Thursday, 20 January 2022 at 10:56
To: "main@..." <main@...>
Subject: [openchain] About the translation of Open-Source-Policy-Template

 

Shane-san, Andrew-san

I would like to translate "Open-Source-Policy-Template-en-OpenChain2.1-ISO5230.xlsx" in OpenChain Resource into Japanese and make a contribution. Please let me know how I can do this.

 


OpenChain Webinar: First order issued by a Judge in Italy enforcing the GPLv3 - 06:00 UTC / 07:00 CET / 08:00 BST / 14:00 CST / 15:00 KST+JST 2022-01-25 (22:00 PST previous day 2022-01-24)

 

Dear all

Our first regular webinar of 2022 takes place in around 24 hours (06:00 UTC 2022-01-25). This will be an important overview of the first order issued by a Judge in Italy enforcing the GPLv3. More specifically, it was based on a termination notification using Section 8 of the GPLv3.

The webinar will be hosted by Carlo Piana and Alberto Pianon of Array Law, the two lawyers behind the successful case.

Clearly one to watch 🙂

It takes place in our usual room without registration:

Check your time:
 06:00 UTC / 07:00 CET / 08:00 BST / 14:00 CST / 15:00 KST+JST 2022-01-25 (22:00 PST previous day 2022-01-24)

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Re: OpenChain Bi-Weekly Call 2022-01-18 – Full Recording

Jari Koivisto
 

Thanks, Shane for sharing!

I would have joined on Tuesday (morning CET), but Monday-Tuesday were moving days (from Lausanne to Zürich) and too many things to worry about. 

BR, Jari

---
Jari Koivisto
E-mail: jari.p.koivisto@...
Mobile: +41 78 7479791
Skype: jari.p.koivisto
LinkedIn: http://www.linkedin.com/in/jarikoivisto



On Fri, Jan 21, 2022 at 6:52 AM Shane Coughlan <scoughlan@...> wrote:
Catch up here :)
https://www.openchainproject.org/news/2022/01/20/bi-weekly-call-2022-01-18






OpenChain Bi-Weekly Call 2022-01-18 – Full Recording

 


Re: About the translation of Open-Source-Policy-Template

 

Hi Hayashi San!

I am really glad to hear that you will help support the translation of the policy template document.

The basic way to start is super simple. Download the document here:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Open-Source-Policy/Official/2.1/en/Open-Source-Policy-Template-en-OpenChain2.1-ISO5230.xlsx
And then submit the translation as a pull request (or just send it to this list).

Thank you very much in advance!

Regards

Shane

On Jan 20, 2022, at 19:56, HAYASHI MASAHIKO(林 正彦) <m.hayashi@...> wrote:

Shane-san, Andrew-san

I would like to translate "Open-Source-Policy-Template-en-OpenChain2.1-ISO5230.xlsx" in OpenChain Resource into Japanese and make a contribution. Please let me know how I can do this.



Re: Japan Work Group: All Member Meeting #22 on the 21st of January

Christopher Wood
 

Thanks for forwarding this document translation. I like it. 
Regards
Chris

On Jan 20, 2022, at 2:16 AM, Jari Koivisto <jari.p.koivisto@...> wrote:


I guess that Japan WG meetings are mainly in Japanese?

For those who do not know Japanse that well, I did a quick search and found this article: https://mercan.mercari.com/en/articles/25786/

BR, 

   Jari

---
Jari Koivisto
E-mail: jari.p.koivisto@...
Mobile: +41 78 7479791
Skype: jari.p.koivisto
LinkedIn: http://www.linkedin.com/in/jarikoivisto



On Thu, Jan 20, 2022 at 1:01 AM Shane Coughlan <scoughlan@...> wrote:
The OpenChain Japan Work Group will hold their 22nd meeting on the 21st of January. This meeting will take place between 15:00 and 16:00 with a case study covering Mercari’s Open Source Program Office (OSPO). Big thank you, as usual, to SocioNext for hosting us.
https://www.openchainproject.org/featured/2022/01/19/japan-wg-22





Re: [openchain-automotive-work-group] OpenChain On Security

Christopher Wood
 

Shane
Sounds like good opportunities to participate. Looking forward to the formal announcement for the security conference. 
Best Regards 
Chris

On Jan 20, 2022, at 12:07 AM, Shane Coughlan <scoughlan@...> wrote:



Over the last 12 months there have been several noteworthy concerns around open source and security. The exposure of vulnerability in software has exposed underlying issues with process management and ultimately with sustainability. The OpenChain Project, steward of ISO/IEC 5230:2020, the International Standard for open source compliance, has been at the forefront of addressing these matters.

In August 2021 we responded to market demand by releasing a Security Assurance Reference Guide. The first version of this document explained how ISO/IEC 5230 could be used through the optics of security. Like all our documentation, it was developed and released in the public arena, and subject to review and contributions from a wide array of stakeholders.

We are now working on the second iteration of this document. It does for security what ISO/IEC 5230 did for compliance: it provides a minimal, broadly applicable list of key requirements to institute a quality assurance program to address the domain space.

We do not intend to replace existing security standards. We do not intend to bloat ISO/IEC 5230. Instead, we are pursuing our proven approach of developing a real-world solution for a real-world problem that can be immediately deployed, and over time fits together with adjacent activities as neatly as a jigsaw puzzle.

For those new to this topic and wondering what OpenChain’s engagement means in practice, a summary of our Specification Work Group discussions throughout 2020-2021 is in order.

We are considering three paths for the security domain. One sees the Security Assurance Reference Guide maintaining its stance solely as a guide. Another sees the Security Assurance Reference Guide evolve into a Reference Specification that may become a de facto industry standard over time. Lastly, there is the option to have the Security Assurance Reference Guide evolve into an optional component for a future iteration of ISO/IEC 5230.

You can contribute to this activity by joining our bi-weekly global work team calls [1], our specification mailing list [2], and opening issues on the relevant repository in GitHub [3].

1.     https://www.openchainproject.org/community
2.     https://lists.openchainproject.org/g/specification
3.     https://github.com/OpenChain-Project/SecurityAssuranceGuide/tree/main/Guide/2.0

The OpenChain Project is far from alone in helping to address concerns around open source and security. The Open Source Security Foundation (OpenSSF) is a sister project at the Linux Foundation dedicated to securing the open source ecosystem. The Software Package Data Exchange Project (SPDX) maintains ISO/IEC 5962:2021, an International Standard for Software Bill of Materials. The Linux Foundation also hosts tools to help with automation in the space. We are collaborating to ensure the future of open source is secure.

You can expect a continuation of these activities throughout 2022. There will be an excellent opportunity for you to get involved during this quarter, as the OpenChain Project hosts a security summit to enable our extensive global community to share notes. To learn more about this, as well as our other activities, join one of our calls or one of our mailing lists. Everyone is welcome.

Get Started With Our Community

Attend The OpenChain Security Summit On February 17th and 18th 

The Security Summit will take place on February 17th 2022 at 17:00 PST / February 18th 2022 02:00 UTC / 09:00 CST / 10:00 JST. It will be hosted on Zoom and it will be free to attend. It will also be recorded. You can expect to come away with a clear understanding of market conditions, how the Linux Foundation is addressing them, and where OpenChain fits into the picture.

 

 


About the translation of Open-Source-Policy-Template

MASAHIKO HAYASHI(林 正彦)
 

Shane-san, Andrew-san

I would like to translate "Open-Source-Policy-Template-en-OpenChain2.1-ISO5230.xlsx" in OpenChain Resource into Japanese and make a contribution. Please let me know how I can do this.



Re: Japan Work Group: All Member Meeting #22 on the 21st of January

 

Thanks Jari! Awesome link!

On Jan 20, 2022, at 17:15, Jari Koivisto <jari.p.koivisto@...> wrote:

I guess that Japan WG meetings are mainly in Japanese?

For those who do not know Japanse that well, I did a quick search and found this article: https://mercan.mercari.com/en/articles/25786/

BR,

Jari

---
Jari Koivisto
E-mail: jari.p.koivisto@...
Mobile: +41 78 7479791
Skype: jari.p.koivisto
LinkedIn: http://www.linkedin.com/in/jarikoivisto



On Thu, Jan 20, 2022 at 1:01 AM Shane Coughlan <scoughlan@...> wrote:
The OpenChain Japan Work Group will hold their 22nd meeting on the 21st of January. This meeting will take place between 15:00 and 16:00 with a case study covering Mercari’s Open Source Program Office (OSPO). Big thank you, as usual, to SocioNext for hosting us.
https://www.openchainproject.org/featured/2022/01/19/japan-wg-22





Re: [partners] Supplier Education Leaflet – Help Wanted

Malcolm Bain
 

Thanks Shane

We've OCR'd to MSWord, and will then move to ODT or TXT format or some markup if you want.

Attached is the OCR'd MSWord version of the English (if it gets through the list)

Malcolm

-----Mensaje original-----
De: partners@...
<partners@...> En nombre de Shane Coughlan via
lists.openchainproject.org
Enviado el: jueves, 20 de enero de 2022 4:55
Para: OpenChain Partners <partners@...>
CC: OpenChain Main <main@...>
Asunto: Re: [partners] Supplier Education Leaflet – Help Wanted

Update: the source documents are in InDesign format for professional
printing. This raises some complications for community translation. I am
checking with a designer if there is a way we can work around this.

On Jan 17, 2022, at 16:40, Malcolm Bain <malcolm.bain@id-
lawpartners.com> wrote:

No problem with Spanish – coming up on Wednesday!

Malcolm


De: partners@...
<partners@...> En nombre de Shane Coughlan via
lists.openchainproject.org Enviado el: lunes, 17 de enero de 2022 6:36
Para: OpenChain Main <main@...>
CC: OpenChain Partners <partners@...>
Asunto: [partners] Supplier Education Leaflet – Help Wanted

The OpenChain Project has a lot of reference material to support the
adoption of OpenChain ISO/IEC 5230 and with open source compliance,
security and export control more broadly. One of the foundation documents
we have is a supplier education leaflet. It was created by the OpenChain
Japan Work Group and – with the recent addition of Dutch – is now available
in eight languages.

We would like your help to expand the reach of this document. We
especially want help with translations into French and Spanish.

Check Out The Source Code On GitHub:
https://github.com/OpenChain-Project/Reference-Material/tree/master/Su
ppliers/Leaflet/Official/2.1

<image001.png>




Re: Japan Work Group: All Member Meeting #22 on the 21st of January

Jari Koivisto
 

I guess that Japan WG meetings are mainly in Japanese?

For those who do not know Japanse that well, I did a quick search and found this article: https://mercan.mercari.com/en/articles/25786/

BR, 

   Jari

---
Jari Koivisto
E-mail: jari.p.koivisto@...
Mobile: +41 78 7479791
Skype: jari.p.koivisto
LinkedIn: http://www.linkedin.com/in/jarikoivisto



On Thu, Jan 20, 2022 at 1:01 AM Shane Coughlan <scoughlan@...> wrote:
The OpenChain Japan Work Group will hold their 22nd meeting on the 21st of January. This meeting will take place between 15:00 and 16:00 with a case study covering Mercari’s Open Source Program Office (OSPO). Big thank you, as usual, to SocioNext for hosting us.
https://www.openchainproject.org/featured/2022/01/19/japan-wg-22





OpenChain On Security

 

Over the last 12 months there have been several noteworthy concerns around open source and security. The exposure of vulnerability in software has exposed underlying issues with process management and ultimately with sustainability. The OpenChain Project, steward of ISO/IEC 5230:2020, the International Standard for open source compliance, has been at the forefront of addressing these matters.

In August 2021 we responded to market demand by releasing a Security Assurance Reference Guide. The first version of this document explained how ISO/IEC 5230 could be used through the optics of security. Like all our documentation, it was developed and released in the public arena, and subject to review and contributions from a wide array of stakeholders.

We are now working on the second iteration of this document. It does for security what ISO/IEC 5230 did for compliance: it provides a minimal, broadly applicable list of key requirements to institute a quality assurance program to address the domain space.

We do not intend to replace existing security standards. We do not intend to bloat ISO/IEC 5230. Instead, we are pursuing our proven approach of developing a real-world solution for a real-world problem that can be immediately deployed, and over time fits together with adjacent activities as neatly as a jigsaw puzzle.

For those new to this topic and wondering what OpenChain’s engagement means in practice, a summary of our Specification Work Group discussions throughout 2020-2021 is in order.

We are considering three paths for the security domain. One sees the Security Assurance Reference Guide maintaining its stance solely as a guide. Another sees the Security Assurance Reference Guide evolve into a Reference Specification that may become a de facto industry standard over time. Lastly, there is the option to have the Security Assurance Reference Guide evolve into an optional component for a future iteration of ISO/IEC 5230.

You can contribute to this activity by joining our bi-weekly global work team calls [1], our specification mailing list [2], and opening issues on the relevant repository in GitHub [3].

1.     https://www.openchainproject.org/community
2.     https://lists.openchainproject.org/g/specification
3.     https://github.com/OpenChain-Project/SecurityAssuranceGuide/tree/main/Guide/2.0

The OpenChain Project is far from alone in helping to address concerns around open source and security. The Open Source Security Foundation (OpenSSF) is a sister project at the Linux Foundation dedicated to securing the open source ecosystem. The Software Package Data Exchange Project (SPDX) maintains ISO/IEC 5962:2021, an International Standard for Software Bill of Materials. The Linux Foundation also hosts tools to help with automation in the space. We are collaborating to ensure the future of open source is secure.

You can expect a continuation of these activities throughout 2022. There will be an excellent opportunity for you to get involved during this quarter, as the OpenChain Project hosts a security summit to enable our extensive global community to share notes. To learn more about this, as well as our other activities, join one of our calls or one of our mailing lists. Everyone is welcome.

Get Started With Our Community

Attend The OpenChain Security Summit On February 17th and 18th 

The Security Summit will take place on February 17th 2022 at 17:00 PST / February 18th 2022 02:00 UTC / 09:00 CST / 10:00 JST. It will be hosted on Zoom and it will be free to attend. It will also be recorded. You can expect to come away with a clear understanding of market conditions, how the Linux Foundation is addressing them, and where OpenChain fits into the picture.

 

 


OpenChain 2022 - Our Mini-Summits Evolve Into full Summits

 

The OpenChain Project will host three summits throughout 2022. Each summit will be virtual though our positioning and agenda will reflect a different geography for each topic covered. Here is what you can expect:
  1. Security (North America)
  2. Intellectual Property (China/Japan)
  3. Automation (Germany)
The first summit will focus on Security and will take place on February 17th 2022 at 17:00 PST (February 18th 2022 02:00 UTC / 09:00 CST / 10:00 JST). It will be hosted on Zoom and it will be free to attend. It will also be recorded. You can expect to come away with a clear understanding of market conditions, how the Linux Foundation is addressing them, and where OpenChain fits into the picture.

The dates and times of the Intellectual Property Summit and the Automation Summit will be announced shortly. You can expect the former to provide a snapshot of current thinking around copyright, trademarks and patents in our domain. You can expect the latter to brief you on the state-of-the-art around automation for compliance, security and project health.

The goal - as always - is to ensure you have the information necessary to make informed, effective decisions around the open source supply chain. We seek to build trust in the quality of programs used by you, your customers and your suppliers. We are proud to have taken significant strides in our field throughout 2021. We expect to push the boundaries of what is possible once again in 2022.

641 - 660 of 5034