Date   

Bosch Announces Rollout Of An OpenChain ISO 5230 Framework For Open Source Compliance

 

Some very big news from Bosch today: while parts of the organization already have OpenChain ISO 5230 conformant programs, there is a target of having whole organization conformance by end of year. This will make Bosch the second company in the world to seek whole entity conformance, and the first at the core of the automotive supply chain. Learn more:
https://www.openchainproject.org/featured/2021/07/13/bosch-iso-conformance


REMINDER: OpenChain Bi-Weekly Webinar - 2021-07-06 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

 

OpenChain Bi-Weekly Webinar - 2021-07-06 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

On today's webinar we are going to cover two major topics.

First up we have 'An Overview of FOSSLight' by Kyoungae Kim of LG Electronics. FOSSLight is a newly released open source tool for open source compliance management that has been used internally in LG Electronics for several years:
https://fosslight.org
https://n.news.naver.com/article/001/0012435207

We continuing discussing tooling with 'Automated Yocto compliance built on SPDX: meta-doubleopen to Fossology to OSS Review Toolkit' by Mikko Murto of HH Partners.

All welcome.

Join Zoom Meeting
https://zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

Meeting ID: 999 012 0120
Passcode: 123456


OpenChain Bi-Weekly Webinar - 2021-07-06 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

 

OpenChain Bi-Weekly Webinar - 2021-07-06 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST

On tomorrow’s webinar we are going to cover two major topics.

First up we have 'An Overview of FOSSLight' by Kyoungae Kim of LG Electronics. FOSSLight is a newly released open source tool for open source compliance management that has been used internally in LG Electronics for several years:
https://fosslight.org
https://n.news.naver.com/article/001/0012435207

We continuing discussing tooling with 'Automated Yocto compliance built on SPDX: meta-doubleopen to Fossology to OSS Review Toolkit' by Mikko Murto of HH Partners.

All welcome.

Join Zoom Meeting
https://zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

Meeting ID: 999 012 0120
Passcode: 123456


Please Participate in the TODO Group 2021 State of OSPO Survey

 

Hey everyone, it’s time to do the OSPO Survey. Links below.




Please Participate in the TODO Group 2021 State of OSPO Survey
OSPOSurvey_Banner

Greetings Shane,

 

The TODO Group, together with Linux Foundation Research and The New Stack, is conducting a survey as part of a research project on the prevalence and outcomes of open source programs among different organizations across the globe. 

 

Open source program offices (OSPOs) help set open source strategies and improve an organization's software development practices. Since 2018, the TODO Group has conducted surveys to assess the state of open source programs across the industry. Today, we are pleased to announce the launch of the 2021 edition featuring additional questions to add value to the community.

 

The survey will generate insights into the following areas, including:

  • The extent of adoption of open source programs and initiatives 
  • Concerns around the hiring of open source developers 
  • Perceived benefits and challenges of open source programs
  • The impact of open source on organizational strategy

Please participate now; we intend to close the survey in early July. Privacy and confidentiality are important to us. Neither participant names, nor their company names, will be published in the final results.

 

To take the 2021 OSPO Survey, click the button below:

 
 

This email was sent by: The TODO Group and Linux Foundation Research


OpenChain Third Monday Webinar - 2021-06-21 - 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST

 

Our webinar today will feature two excellent talks.

Till Jaeger, JBB Rechtsanwälte on:
How to bring an ancient development project into compliance- best practices

Nicole Pappler, AlektoMetis on:
OpenChain ISO 5230 and Software Quality Management

All welcome. No registration.
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

Want to confirm your timezone?
2021-06-21 - 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST


REMINDER: OpenChain Q2 Mini-Summit 2021-06-14 at 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST

 

This three-hour event will have two live collaboration sessions.

We will open with one hour for the OpenChain education work team. The focus will be on final review of the online course and a discussion of what education work we should do next. This will be lead by Balakrisha, chair of the education work team.

We will continue with a two hour live-editing session for the OpenChain ISO 5230 security usage reference document. The goal will be to have an output that can be immediately used by our community regarding application of OpenChain ISO 5230 in security contexts. This discussion will be lead by Mark, chair of the specification work team.

Everyone is welcome to the event and encouraged to attend. There is no registration or fee to access. Your thoughts and requests for additional activities during the event are also welcome.

Dial in:
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09


OpenChain Partner Summit Today @ 07:00 UTC / 00:00 PST / 08:00 BST / 09:00 CEST / 12:30 IST / 15:00 CST / 16:00 KST / 16:00 JST

 

Quarterly OpenChain Partner Summit Today (Monday) @ 07:00 UTC / 00:00 PST / 08:00 BST / 09:00 CEST / 12:30 IST / 15:00 CST / 16:00 KST / 16:00 JST. Two hours of talks, panels and roundtables covering key items in the OpenChain ISO 5230 vendor ecosystem. No registration or fee to attend.
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


OpenChain Q2 Mini-Summit – 2021-06-14 @ 14:00 UTC

 

The OpenChain Q2 Mini-Summit will be held on the 14th of June at 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST.

This three-hour event will have two live collaboration sessions.

We will open with one hour for the OpenChain education work team. The focus will be on final review of the online course and a discussion of what education work we should do next. This will be lead by Balakrisha, chair of the education work team.

We will continue with a two hour live-editing session for the OpenChain ISO 5230 security usage reference document. The goal will be to have an output that can be immediately used by our community regarding application of OpenChain ISO 5230 in security contexts. This discussion will be lead by Mark, chair of the specification work team.

Everyone is welcome to the event and encouraged to attend. There is no registration or fee to access. Your thoughts and requests for additional activities during the event are also welcome.

Dial in:
https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09


OpenChain Q1 Survey - Results and Notes

 

Dear all

It is time to explore the results of our Q1 survey! Attached is the full document. Let’s check out the highlights:

(1) Engagement and satisfaction is rated as very good or (more frequently) excellent across the board. The vast majority of respondents believe that we are “Very Good” or “Excellent” in putting forward what we are doing and sharing our information – either the business value, conformance, reference materials, and our website. Most importantly, people see us as a community that is easy to engage with and easy to get help from.

(2) Our conformance response revealed something interesting. About half of our respondents are primarily interested in something other than a private health of their compliance program or being listed publicly as having an OpenChain conformant program.This is worth digging into more (and we will), but some preliminary notes are:
(i) Feedback indicates that a relatively small percentage are seeking public announcements regarding conformance at this juncture, regardless of internal compliance activities. Their focus is instead on internal (or inter-supply chain) improvements and conformance.
(ii) We additionally have a number of companies engaging with OpenChain ISO 5230 with applications outside of our core scope of conformance for the purpose of license compliance. These include entities engaging for activities related to security, mergers and acquisitions, and other business processes. We knew this from participants on our calls and so on, but it’s interesting how many of our community participants appear to fit into this demographic.

(3) About a third of respondents have used our online conformance web app, and those that have found it excellent in its ease of use, while about a third of respondents are not interested in getting more help conforming with OpenChain ISO 5230:2020 in the future. From other sources we have indications that this is due to two factors:
(i) People are using the specification directly for conformance or using our downloadable questionnaire.
(ii) People are getting assistance from third parties such as participants in our partner program.

(4) We asked broader questions in the survey than those related only to OpenChain. For example, we asked about tooling, software bill of materials and interoperability. The interoperability questions were framed around determining what is important to the community in the context of open source license compliance and interoperability around Software Bill of Materials and/or automation. Respondents overwhelmingly expressed interest in greater interoperability for all tools and automation. This means supporting ingest and export of SPDX. It means greater interoperability between open source tooling as well as between open source and proprietary tooling.

Now we know what people want, it is time to make it happen.

You can expect the project as a whole to lean into supporting to diverse use-cases for OpenChain ISO 5230. You can expect the tooling group to lean into the interoperability question.

And…you are the community. Let’s get started!

Regards

Shane


Announcing the OpenChain Telco Work Group mailing list + Recording of first meeting

 

The OpenChain Telco Work Group is off to a strong start. This includes a new mailing list for those interested. Sign up here:
https://lists.openchainproject.org/g/telco

Catch up: Telco Work Group Meeting #1– Recording:
https://www.openchainproject.org/news/2021/05/13/openchain-telco-work-group-meeting-1-2021-05-06-full-recording


OpenChain Web-App Under Coordinated Attack - Service Intermittent or Down - Data Safe - Assistance Welcomed

 

Dear all

We are under a coordinated automated attack against our self-certification web app. Over 57,000 false accounts were created in a matter of a few hours in an attempt to take down the system. Thanks to the quick thinking of Gary, the brunt of this attack has been mitigated. However, there are a few consequences:
(1) Access to the self-certification web app is disabled for non-registered users
(2) Our May quota of emails sent by the service for May has been used
(3) We are still digging into how to harden the service and ensure full return

If you can assist, that would be much appreciated. Gary is heading into vacation and will be offline until Mid-May. While we are calling in LF Technical to assist, a community member familiar with AWS would be of incredible use to us right now.

My apologies for the interruption. As Gary noted, the attack was planned out and beyond a typical “script kiddie” event. We have no idea why and we have yet to isolate and report the computer(s) involved. Once we do, they will be reported to law enforcement in the relevant jurisdiction.

Regards

Shane


Shane Coughlan
General Manager, OpenChain
e: scoughlan@linuxfoundation.org
p: +81 (0) 80 4035 8083
w: www.linuxfoundation.org

Schedule a call:
https://meetings.hubspot.com/scoughlan


Re: OpenChain Bi-Weekly Webinar at 14:00 UTC Today

 

Greetings all! Our webinar starts in ten minutes. Look forward to seeing you there.

On Apr 19, 2021, at 15:18, Shane Coughlan <scoughlan@linuxfoundation.org> wrote:

Our regular bi-weekly webinar takes place at 14:00 UTC.

We have two speakers on two important topics:
Andreas Kotulla from Bitsea on Linux license clean-up disorder dispelled
Reza Alavi from Wipro on OpenChain ISO 5230 in the Context of Security

OpenChain Bi-Weekly Webinar at 14:00 UTC Today

• Join Zoom Meeting ( https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09 )

Meeting ID: 999 012 0120
Password: 123456

One Tap Telephone (no screensharing)

• +358 9 4245 1488,,9990120120# Finland

• +33 7 5678 4048,,9990120120# France

• +49 69 7104 9922,,9990120120# Germany

• +852 5808 6088,,9990120120# Hong Kong

• +39 069 480 6488,,9990120120# Italy

• +353 6 163 9031,,9990120120# Ireland

• +81 524 564 439,,9990120120# Japan

• +82 2 6105 4111,,9990120120# Korea

• +34 917 873 431,,9990120120# Spain

• +46 850 539 728,,9990120120# Sweden

• +41 43 210 71 08,,9990120120# Switzerland

• +44 330 088 5830,,9990120120# UK

• +16699006833,,9990120120# US (San Jose)

• +12532158782,,9990120120# US

Find your local number: https://zoom.us/u/abeUqy3kYQ
Not all countries have available numbers.

After dialing the local number enter 9990120120#


OpenChain Bi-Weekly Webinar at 14:00 UTC Today

 

Our regular bi-weekly webinar takes place at 14:00 UTC.

We have two speakers on two important topics:
Andreas Kotulla from Bitsea on Linux license clean-up disorder dispelled
Reza Alavi from Wipro on OpenChain ISO 5230 in the Context of Security

OpenChain Bi-Weekly Webinar at 14:00 UTC Today

• Join Zoom Meeting ( https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09 )

Meeting ID: 999 012 0120
Password: 123456

One Tap Telephone (no screensharing)

• +358 9 4245 1488,,9990120120# Finland

• +33 7 5678 4048,,9990120120# France

• +49 69 7104 9922,,9990120120# Germany

• +852 5808 6088,,9990120120# Hong Kong

• +39 069 480 6488,,9990120120# Italy

• +353 6 163 9031,,9990120120# Ireland

• +81 524 564 439,,9990120120# Japan

• +82 2 6105 4111,,9990120120# Korea

• +34 917 873 431,,9990120120# Spain

• +46 850 539 728,,9990120120# Sweden

• +41 43 210 71 08,,9990120120# Switzerland

• +44 330 088 5830,,9990120120# UK

• +16699006833,,9990120120# US (San Jose)

• +12532158782,,9990120120# US

Find your local number: https://zoom.us/u/abeUqy3kYQ
Not all countries have available numbers.

After dialing the local number enter 9990120120#


Educate suppliers around ISO 5230 with one email - Our new supplier pack is out

 

We have created a single, simple supplier education pack for open source license compliance. Get it from our website and enjoy a "one email" solution to aligning your supply chain around ISO 5230, the International Standard for compliance:
https://www.openchainproject.org/


OpenChain survey last call! ☎️

 

If you have not already done so, please help us capture the current state of OpenChain and the broader open source compliance community via our Q1 survey. It’s about to close!
https://forms.gle/BHC9Z9qM16ukDWun9

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Our Bi-Weekly Webinar Today @ 6am UTC / 11:30am IST/ 2pm CST / 3pm KST+JST 🥳

 

Once more for clarity 😊

Dear all

Our regular bi-weekly webinar will focus on inclusive communities today. Given recent developments such as the controversy around the reappointment of Richard Stallman to the FSF board, such discussions are of more importance than ever. Let’s talk about what OpenChain has done in the past and what we will be doing in the future.

One click to join @ 6am UTC / 11:30am IST/ 2pm CST / 3pm KST+JST

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Our Bi-Weekly Webinar Today @ 6am UTC / 11:30am IST/ 2pm CST / 3pm KST+JST

 

Dear all

Our regular bi-weekly webinar will focus on inclusive communities today. Given recent developments such as the controversy around the reappointment of Richard Stallman to the FSF board, such discussions are of more importance than ever. Let’s talk about what OpenChain has done in the past and what we will be doing in the future.

One click to join @ 6am UTC / 11:30am IST/ 2pm CST / 3pm KST+JST

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Re: Agenda announced for the next OpenChain UK Work Group Meeting

Marie Parkinson
 

Please see details below:

 

Join Zoom Meeting

https://zoom.us/j/98647515621?pwd=bE42c0sxZmpURlFEMnNabTBQZlRDUT09

Meeting ID: 986 4751 5621

Passcode: 592899



On 25/03/2021 13:52, Shane Coughlan wrote:

Marie, can you send me the dial in details? I did not receive a mail with the final access link.

On Mar 16, 2021, at 18:53, Marie Parkinson <marieparkinson@...> wrote:

Here is the agenda for the next OpenChain UK Work Group meeting, taking place via Zoom on Thursday 25 March from 14:00 – 15:30 GMT.

The meeting will be an interactive session with plenty of opportunity to ask questions and discuss OpenChain adoption and best practice.

Agenda

We have a full agenda planned with a fantastic line-up of speakers:

14:00: Welcome and introduction by Andrew Katz (Orcro) & Sami Atabani (Arm)
14:05: News and Updates by Andrew Katz, Sami Atabani & Shane Coughlan
14:30: Any other news from people present
14:45: Open source compliance for containers by Armijn Hemel
15:15: Q&As
15:25: AOB
15:30: Thank you and Goodbye

To register your attendance and receive the Zoom login details, please complete the Eventbrite booking form.










Re: Agenda announced for the next OpenChain UK Work Group Meeting

 

Marie, can you send me the dial in details? I did not receive a mail with the final access link.

On Mar 16, 2021, at 18:53, Marie Parkinson <marieparkinson@ojimarketing.co.uk> wrote:

Here is the agenda for the next OpenChain UK Work Group meeting, taking place via Zoom on Thursday 25 March from 14:00 – 15:30 GMT.

The meeting will be an interactive session with plenty of opportunity to ask questions and discuss OpenChain adoption and best practice.

Agenda

We have a full agenda planned with a fantastic line-up of speakers:

14:00: Welcome and introduction by Andrew Katz (Orcro) & Sami Atabani (Arm)
14:05: News and Updates by Andrew Katz, Sami Atabani & Shane Coughlan
14:30: Any other news from people present
14:45: Open source compliance for containers by Armijn Hemel
15:15: Q&As
15:25: AOB
15:30: Thank you and Goodbye

To register your attendance and receive the Zoom login details, please complete the Eventbrite booking form.



REMINDER: OpenChain Automotive Meets Today

 

Dear all

A reminder that our automotive work group meets today at 14:00 UTC. This quarterly meeting will be chaired by Endo San of Toyota. As always, it will connect ISO 5230 to domain requirements, and we will discuss what further support is needed. Your voice matters.

This is:
07:00 PST
14:00 BST
15:00 CET
22:00 CST
23:00 KST
23:00 JST

One click to join:

https://us02web.zoom.us/j/9990120120?pwd=NzVCaFE2L1RRRFZaSkk0dm8xdlplUT09



Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

21 - 40 of 106