Dear all There is a printable version of the DIS 18974 self-certification checklist here: https://github.com/OpenChain-Project/Reference-Material/blob/master/Self-Certification/Checklist/DIS-18974/en/

Is this JUST for web services? The location section focuses on a fixed URL rather than, say, a location within a source repo. But then, I've barely skimmed the document. From: specification@... <speci

Jeff flagged this on our monthly call (2023-03-21) https://securitytxt.org/ It is like LICENSE files but for security. What do you think? Have you heard about this? Useful in your workflow?

OpenChain Webinar #50 - An Overview of SPDX 3.0 Our 50th webinar will feature Alexios Zavras, Chief Open Source Compliance Officer at Intel Corporation and a long-term friend and collaborator around t

Our regular monthly meeting continued our work to edit the next generation of our license compliance and security assurance specifications. Our focus this time was on some open issues around the next

The OpenChain Project is delighted to be part of the OSPO Summit held in Beijing during March 2023. You can check out our speech from the event below. https://www.openchainproject.org/news/2023/03/20/

A reminder that our monthly North America / Asia call is taking place in a five minutes: 2023-03-21 at 09:00 CST / 10:00 KST+JST (01:00 UTC). That will be 18:00 Pacific on the 20th of March for our co

Dear All A reminder that our monthly North America / Asia call is taking place tomorrow, 2023-03-21, at 09:00 CST / 10:00 KST+JST (01:00 UTC). That will be 18:00 Pacific on the 20th of March for our c

The OpenChain Security Assurance Specification 1.1 is now DIS 18974, OpenChain Security Assurance Specification. This de facto industry standard describes the key requirements of a quality open source

China Electronics Standardization Institute (CESI) is the latest official partner of the OpenChain Project. From today, CESI is offering third-party certification around the standards produced by the

(Sorry for redundancy through crossposting.) Hello everyone, I'm running out of good articles for IEEE Computer (for the open source expanded column). More information in this old call, now current ag

Newsletter – Issue 51 – February 2023 The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and securit

TÜV Nord Taiwan is the latest official OpenChain Partner. TÜV NORD Taiwan was founded in 1988 and is one of the leading providers of quality, safety, information technology, and renewable energy solut

OpenChain ISO/IEC 5230:2020 is featured positively in the ‘Survey on Open-source Software Supply Chain Security’ published in the Journal Of Software (软件学报) Volume 33, Issue 3, 2023. This article by J

Dear all There is an updated ISO/IEC 5230 one pager to help people understand value and relevance for their company. Check it out here: https://github.com/OpenChain-Project/Reference-Material/blob/mas

Our monthly North America / Europe meeting for March saw continued discussion around the OpenChain Specification Editing Process. Helio and Chris (Co-Chairs of the Specification Work Group) explored t

Work continues on the Telecommunications Special Interest Group with a focus on building a telco specification related to SBOM. Learn more in the recordings. Morning: https://www.openchainproject.org/

Our meeting starts in 30 minutes and will cover a lot of ground. There will be a special focus on editing the licensing and security specifications. This will also be the first meeting where Chris and

The OpenChain Export Control Work Group held its third meeting on the 7th of March at 08:00 UTC. The focus was on reviewing the new volunteer project being set up at https://github.com/crypto-law-surv

This OpenChain Webinar featured a FOSDEM recap by Philippe Ombredanne of NexB for everyone who did not attend the event in Belgium at the start of 2023. In 2023 FOSDEM had over 8,000 participants and