Date   

FINAL NOTE: OpenChain Third Monday Webinar - 2021-06-21 - 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST: SBOM Challenges in Unstructured Projects + Case Study: Readiness Assessment for OpenChain ISO 5230

 

In case you missed it in the text of the previous note, our Zoom room has changed:
https://zoom.us/j/4377592799

See a lot of you in a couple of minutes. :)


REMINDER: OpenChain Third Monday Webinar - 2021-06-21 - 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST: SBOM Challenges in Unstructured Projects + Case Study: Readiness Assessment for OpenChain ISO 5230

 

We start in about three hours :)

On Jul 19, 2021, at 9:22, Shane Coughlan <scoughlan@linuxfoundation.org> wrote:

We have two featured speakers today.

SBOM Challenges in Unstructured Projects
Jan Thielscher from EACG

Case Study: Readiness Assessment for OpenChain ISO 5230
Marcel Scholze from PwC

All welcome. No registration.
https://zoom.us/j/4377592799

Meeting ID: 437 759 2799
One tap mobile
+13017158592,,4377592799# US (Washington DC)
+13126266799,,4377592799# US (Chicago)

Dial by your location
+1 301 715 8592 US (Washington DC)
+1 312 626 6799 US (Chicago)
+1 346 248 7799 US (Houston)
+1 646 558 8656 US (New York)
+1 669 900 6833 US (San Jose)
+1 253 215 8782 US (Tacoma)
877 369 0926 US Toll-free
855 880 1246 US Toll-free
+1 438 809 7799 Canada
+1 587 328 1099 Canada
+1 647 374 4685 Canada
+1 647 558 0588 Canada
+1 778 907 2071 Canada
+1 204 272 7920 Canada
855 703 8985 Canada Toll-free
Meeting ID: 437 759 2799
Find your local number: https://zoom.us/u/awFnORNiA



Want to confirm your timezone?
2021-06-21 - 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST


OpenChain Third Monday Webinar - 2021-06-21 - 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST: SBOM Challenges in Unstructured Projects + Case Study: Readiness Assessment for OpenChain ISO 5230

 

We have two featured speakers today.

SBOM Challenges in Unstructured Projects
Jan Thielscher from EACG

Case Study: Readiness Assessment for OpenChain ISO 5230
Marcel Scholze from PwC

All welcome. No registration.
https://zoom.us/j/4377592799

Meeting ID: 437 759 2799
One tap mobile
+13017158592,,4377592799# US (Washington DC)
+13126266799,,4377592799# US (Chicago)

Dial by your location
+1 301 715 8592 US (Washington DC)
+1 312 626 6799 US (Chicago)
+1 346 248 7799 US (Houston)
+1 646 558 8656 US (New York)
+1 669 900 6833 US (San Jose)
+1 253 215 8782 US (Tacoma)
877 369 0926 US Toll-free
855 880 1246 US Toll-free
+1 438 809 7799 Canada
+1 587 328 1099 Canada
+1 647 374 4685 Canada
+1 647 558 0588 Canada
+1 778 907 2071 Canada
+1 204 272 7920 Canada
855 703 8985 Canada Toll-free
Meeting ID: 437 759 2799
Find your local number: https://zoom.us/u/awFnORNiA



Want to confirm your timezone?
2021-06-21 - 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST


Bosch Announces Rollout Of An OpenChain ISO 5230 Framework For Open Source Compliance

 

Some very big news from Bosch today: while parts of the organization already have OpenChain ISO 5230 conformant programs, there is a target of having whole organization conformance by end of year. This will make Bosch the second company in the world to seek whole entity conformance, and the first at the core of the automotive supply chain. Learn more:
https://www.openchainproject.org/featured/2021/07/13/bosch-iso-conformance


REMINDER: OpenChain Bi-Weekly Webinar - 2021-07-06 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

 

OpenChain Bi-Weekly Webinar - 2021-07-06 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

On today's webinar we are going to cover two major topics.

First up we have 'An Overview of FOSSLight' by Kyoungae Kim of LG Electronics. FOSSLight is a newly released open source tool for open source compliance management that has been used internally in LG Electronics for several years:
https://fosslight.org
https://n.news.naver.com/article/001/0012435207

We continuing discussing tooling with 'Automated Yocto compliance built on SPDX: meta-doubleopen to Fossology to OSS Review Toolkit' by Mikko Murto of HH Partners.

All welcome.

Join Zoom Meeting
https://zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

Meeting ID: 999 012 0120
Passcode: 123456


OpenChain Bi-Weekly Webinar - 2021-07-06 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

 

OpenChain Bi-Weekly Webinar - 2021-07-06 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

On tomorrow’s webinar we are going to cover two major topics.

First up we have 'An Overview of FOSSLight' by Kyoungae Kim of LG Electronics. FOSSLight is a newly released open source tool for open source compliance management that has been used internally in LG Electronics for several years:
https://fosslight.org
https://n.news.naver.com/article/001/0012435207

We continuing discussing tooling with 'Automated Yocto compliance built on SPDX: meta-doubleopen to Fossology to OSS Review Toolkit' by Mikko Murto of HH Partners.

All welcome.

Join Zoom Meeting
https://zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

Meeting ID: 999 012 0120
Passcode: 123456


Please Participate in the TODO Group 2021 State of OSPO Survey

 

Hey everyone, it’s time to do the OSPO Survey. Links below.




Please Participate in the TODO Group 2021 State of OSPO Survey
OSPOSurvey_Banner

Greetings Shane,

 

The TODO Group, together with Linux Foundation Research and The New Stack, is conducting a survey as part of a research project on the prevalence and outcomes of open source programs among different organizations across the globe. 

 

Open source program offices (OSPOs) help set open source strategies and improve an organization's software development practices. Since 2018, the TODO Group has conducted surveys to assess the state of open source programs across the industry. Today, we are pleased to announce the launch of the 2021 edition featuring additional questions to add value to the community.

 

The survey will generate insights into the following areas, including:

  • The extent of adoption of open source programs and initiatives 
  • Concerns around the hiring of open source developers 
  • Perceived benefits and challenges of open source programs
  • The impact of open source on organizational strategy

Please participate now; we intend to close the survey in early July. Privacy and confidentiality are important to us. Neither participant names, nor their company names, will be published in the final results.

 

To take the 2021 OSPO Survey, click the button below:

 
 

This email was sent by: The TODO Group and Linux Foundation Research


OpenChain Third Monday Webinar - 2021-06-21 - 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST

 

Our webinar today will feature two excellent talks.

Till Jaeger, JBB Rechtsanwälte on:
How to bring an ancient development project into compliance- best practices

Nicole Pappler, AlektoMetis on:
OpenChain ISO 5230 and Software Quality Management

All welcome. No registration.
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

Want to confirm your timezone?
2021-06-21 - 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST


REMINDER: OpenChain Q2 Mini-Summit 2021-06-14 at 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST

 

This three-hour event will have two live collaboration sessions.

We will open with one hour for the OpenChain education work team. The focus will be on final review of the online course and a discussion of what education work we should do next. This will be lead by Balakrisha, chair of the education work team.

We will continue with a two hour live-editing session for the OpenChain ISO 5230 security usage reference document. The goal will be to have an output that can be immediately used by our community regarding application of OpenChain ISO 5230 in security contexts. This discussion will be lead by Mark, chair of the specification work team.

Everyone is welcome to the event and encouraged to attend. There is no registration or fee to access. Your thoughts and requests for additional activities during the event are also welcome.

Dial in:
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09


OpenChain Partner Summit Today @ 07:00 UTC / 00:00 PST / 08:00 BST / 09:00 CEST / 12:30 IST / 15:00 CST / 16:00 KST / 16:00 JST

 

Quarterly OpenChain Partner Summit Today (Monday) @ 07:00 UTC / 00:00 PST / 08:00 BST / 09:00 CEST / 12:30 IST / 15:00 CST / 16:00 KST / 16:00 JST. Two hours of talks, panels and roundtables covering key items in the OpenChain ISO 5230 vendor ecosystem. No registration or fee to attend.
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


OpenChain Q2 Mini-Summit – 2021-06-14 @ 14:00 UTC

 

The OpenChain Q2 Mini-Summit will be held on the 14th of June at 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST.

This three-hour event will have two live collaboration sessions.

We will open with one hour for the OpenChain education work team. The focus will be on final review of the online course and a discussion of what education work we should do next. This will be lead by Balakrisha, chair of the education work team.

We will continue with a two hour live-editing session for the OpenChain ISO 5230 security usage reference document. The goal will be to have an output that can be immediately used by our community regarding application of OpenChain ISO 5230 in security contexts. This discussion will be lead by Mark, chair of the specification work team.

Everyone is welcome to the event and encouraged to attend. There is no registration or fee to access. Your thoughts and requests for additional activities during the event are also welcome.

Dial in:
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09


OpenChain Q1 Survey - Results and Notes

 

Dear all

It is time to explore the results of our Q1 survey! Attached is the full document. Let’s check out the highlights:

(1) Engagement and satisfaction is rated as very good or (more frequently) excellent across the board. The vast majority of respondents believe that we are “Very Good” or “Excellent” in putting forward what we are doing and sharing our information – either the business value, conformance, reference materials, and our website. Most importantly, people see us as a community that is easy to engage with and easy to get help from.

(2) Our conformance response revealed something interesting. About half of our respondents are primarily interested in something other than a private health of their compliance program or being listed publicly as having an OpenChain conformant program.This is worth digging into more (and we will), but some preliminary notes are:
(i) Feedback indicates that a relatively small percentage are seeking public announcements regarding conformance at this juncture, regardless of internal compliance activities. Their focus is instead on internal (or inter-supply chain) improvements and conformance.
(ii) We additionally have a number of companies engaging with OpenChain ISO 5230 with applications outside of our core scope of conformance for the purpose of license compliance. These include entities engaging for activities related to security, mergers and acquisitions, and other business processes. We knew this from participants on our calls and so on, but it’s interesting how many of our community participants appear to fit into this demographic.

(3) About a third of respondents have used our online conformance web app, and those that have found it excellent in its ease of use, while about a third of respondents are not interested in getting more help conforming with OpenChain ISO 5230:2020 in the future. From other sources we have indications that this is due to two factors:
(i) People are using the specification directly for conformance or using our downloadable questionnaire.
(ii) People are getting assistance from third parties such as participants in our partner program.

(4) We asked broader questions in the survey than those related only to OpenChain. For example, we asked about tooling, software bill of materials and interoperability. The interoperability questions were framed around determining what is important to the community in the context of open source license compliance and interoperability around Software Bill of Materials and/or automation. Respondents overwhelmingly expressed interest in greater interoperability for all tools and automation. This means supporting ingest and export of SPDX. It means greater interoperability between open source tooling as well as between open source and proprietary tooling.

Now we know what people want, it is time to make it happen.

You can expect the project as a whole to lean into supporting to diverse use-cases for OpenChain ISO 5230. You can expect the tooling group to lean into the interoperability question.

And…you are the community. Let’s get started!

Regards

Shane


Announcing the OpenChain Telco Work Group mailing list + Recording of first meeting

 

The OpenChain Telco Work Group is off to a strong start. This includes a new mailing list for those interested. Sign up here:
https://lists.openchainproject.org/g/telco

Catch up: Telco Work Group Meeting #1– Recording:
https://www.openchainproject.org/news/2021/05/13/openchain-telco-work-group-meeting-1-2021-05-06-full-recording


OpenChain Web-App Under Coordinated Attack - Service Intermittent or Down - Data Safe - Assistance Welcomed

 

Dear all

We are under a coordinated automated attack against our self-certification web app. Over 57,000 false accounts were created in a matter of a few hours in an attempt to take down the system. Thanks to the quick thinking of Gary, the brunt of this attack has been mitigated. However, there are a few consequences:
(1) Access to the self-certification web app is disabled for non-registered users
(2) Our May quota of emails sent by the service for May has been used
(3) We are still digging into how to harden the service and ensure full return

If you can assist, that would be much appreciated. Gary is heading into vacation and will be offline until Mid-May. While we are calling in LF Technical to assist, a community member familiar with AWS would be of incredible use to us right now.

My apologies for the interruption. As Gary noted, the attack was planned out and beyond a typical “script kiddie” event. We have no idea why and we have yet to isolate and report the computer(s) involved. Once we do, they will be reported to law enforcement in the relevant jurisdiction.

Regards

Shane


Shane Coughlan
General Manager, OpenChain
e: scoughlan@linuxfoundation.org
p: +81 (0) 80 4035 8083
w: www.linuxfoundation.org

Schedule a call:
https://meetings.hubspot.com/scoughlan


Re: OpenChain Bi-Weekly Webinar at 14:00 UTC Today

 

Greetings all! Our webinar starts in ten minutes. Look forward to seeing you there.

On Apr 19, 2021, at 15:18, Shane Coughlan <scoughlan@linuxfoundation.org> wrote:

Our regular bi-weekly webinar takes place at 14:00 UTC.

We have two speakers on two important topics:
Andreas Kotulla from Bitsea on Linux license clean-up disorder dispelled
Reza Alavi from Wipro on OpenChain ISO 5230 in the Context of Security

OpenChain Bi-Weekly Webinar at 14:00 UTC Today

• Join Zoom Meeting ( https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09 )

Meeting ID: 999 012 0120
Password: 123456

One Tap Telephone (no screensharing)

• +358 9 4245 1488,,9990120120# Finland

• +33 7 5678 4048,,9990120120# France

• +49 69 7104 9922,,9990120120# Germany

• +852 5808 6088,,9990120120# Hong Kong

• +39 069 480 6488,,9990120120# Italy

• +353 6 163 9031,,9990120120# Ireland

• +81 524 564 439,,9990120120# Japan

• +82 2 6105 4111,,9990120120# Korea

• +34 917 873 431,,9990120120# Spain

• +46 850 539 728,,9990120120# Sweden

• +41 43 210 71 08,,9990120120# Switzerland

• +44 330 088 5830,,9990120120# UK

• +16699006833,,9990120120# US (San Jose)

• +12532158782,,9990120120# US

Find your local number: https://zoom.us/u/abeUqy3kYQ
Not all countries have available numbers.

After dialing the local number enter 9990120120#


OpenChain Bi-Weekly Webinar at 14:00 UTC Today

 

Our regular bi-weekly webinar takes place at 14:00 UTC.

We have two speakers on two important topics:
Andreas Kotulla from Bitsea on Linux license clean-up disorder dispelled
Reza Alavi from Wipro on OpenChain ISO 5230 in the Context of Security

OpenChain Bi-Weekly Webinar at 14:00 UTC Today

• Join Zoom Meeting ( https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09 )

Meeting ID: 999 012 0120
Password: 123456

One Tap Telephone (no screensharing)

• +358 9 4245 1488,,9990120120# Finland

• +33 7 5678 4048,,9990120120# France

• +49 69 7104 9922,,9990120120# Germany

• +852 5808 6088,,9990120120# Hong Kong

• +39 069 480 6488,,9990120120# Italy

• +353 6 163 9031,,9990120120# Ireland

• +81 524 564 439,,9990120120# Japan

• +82 2 6105 4111,,9990120120# Korea

• +34 917 873 431,,9990120120# Spain

• +46 850 539 728,,9990120120# Sweden

• +41 43 210 71 08,,9990120120# Switzerland

• +44 330 088 5830,,9990120120# UK

• +16699006833,,9990120120# US (San Jose)

• +12532158782,,9990120120# US

Find your local number: https://zoom.us/u/abeUqy3kYQ
Not all countries have available numbers.

After dialing the local number enter 9990120120#


Educate suppliers around ISO 5230 with one email - Our new supplier pack is out

 

We have created a single, simple supplier education pack for open source license compliance. Get it from our website and enjoy a "one email" solution to aligning your supply chain around ISO 5230, the International Standard for compliance:
https://www.openchainproject.org/


OpenChain survey last call! ☎️

 

If you have not already done so, please help us capture the current state of OpenChain and the broader open source compliance community via our Q1 survey. It’s about to close!
https://forms.gle/BHC9Z9qM16ukDWun9

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Our Bi-Weekly Webinar Today @ 6am UTC / 11:30am IST/ 2pm CST / 3pm KST+JST 🥳

 

Once more for clarity 😊

Dear all

Our regular bi-weekly webinar will focus on inclusive communities today. Given recent developments such as the controversy around the reappointment of Richard Stallman to the FSF board, such discussions are of more importance than ever. Let’s talk about what OpenChain has done in the past and what we will be doing in the future.

One click to join @ 6am UTC / 11:30am IST/ 2pm CST / 3pm KST+JST

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Our Bi-Weekly Webinar Today @ 6am UTC / 11:30am IST/ 2pm CST / 3pm KST+JST

 

Dear all

Our regular bi-weekly webinar will focus on inclusive communities today. Given recent developments such as the controversy around the reappointment of Richard Stallman to the FSF board, such discussions are of more importance than ever. Let’s talk about what OpenChain has done in the past and what we will be doing in the future.

One click to join @ 6am UTC / 11:30am IST/ 2pm CST / 3pm KST+JST

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

1 - 20 of 89