|
REMINDER: Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST
Our third automation case study webinar is about to start. Join here: It will be a pretty special event and include some technical deep-dives as well as examples of easy automation usage. Max will take lead on explaining simplicity in using a GUI to access the Open Source Review Toolkit. Sebastian and Thomas will take us on a deep-dive into the tool itself. Not to be missed. Dial in details below and on our global calendar. Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST Regards Shane Shane Coughlan OpenChain General Manager +818040358083 Book a meeting:
|
|
|
|
REMINDER: Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST
Dear all This is a reminder that our third automation case study webinar takes place today. It will be a pretty special event and include some technical deep-dives as well as examples of easy automation usage. Max will take lead on explaining simplicity in using a GUI to access the Open Source Review Toolkit. Sebastian and Thomas will take us on a deep-dive into the tool itself. Not to be missed. Dial in details below and on our global calendar. Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST Regards Shane Shane Coughlan OpenChain General Manager +818040358083 Book a meeting: https://meetings.hubspot.com/scoughlan
|
|
|
|
REMINDER: Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST
Dear all
This is a reminder that our third automation case study webinar takes place tomorrow. It will be a pretty special event and include some technical deep-dives as well as examples of easy automation usage. Max will take lead on explaining simplicity in using a GUI to access the Open Source Review Toolkit. Sebastian and Thomas will take us on a deep-dive into the tool itself. Not to be missed. Dial in details below and on our global calendar. Case Study: Open Source Compliance Automation and Interoperability #3 - GUI + ORT Deep Dive 2021-10-13 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST + JST Regards Shane Shane Coughlan OpenChain General Manager +818040358083 Book a meeting: https://meetings.hubspot.com/scoughlan
|
|
|
|
RECORDING: Q3 2021 Mini-Summit - Focus: Security Assurance Reference Guide
Dear all
The recording of our recent mini-summit is now available. Huge thanks to Mark Gisi for leading the discussion with a focus on our Security Assurance Reference Guide. https://youtu.be/KBVlcZt4T8c Please note: this was a face-to-face event with dial-in support. We had some audio issues on the dial-in. The recording has been adjusted to remove sections of blank space and noise. Regards Shane — Shane Coughlan General Manager, OpenChain e: scoughlan@linuxfoundation.org p: +81 (0) 80 4035 8083 w: www.linuxfoundation.org Schedule a call: https://meetings.hubspot.com/scoughlan
|
|
|
|
Shane away from computer October 2nd to October 10th
Dear all
I am taking a week of vacation and will be away from email, slack and our other social channels during this time. Our bi-weekly webinar will take place as usual on Tuesday the 5th of October at 06:00 UTC. Jan Thielscher of EACG will be doing one of our periodic broader topics and covering “agile challenges.” I will host as usual. I am working on the recording of our mini-summit. We had some issues with the dial-in audio quality. I will put together the best possible version for release on Monday the 11th of October. Kudos to Mark Gisi for hosting a terrific and productive summit in Seattle, and thanks to everyone who contributed and made it a resounding success. Need me urgently? My cellphone is: +818040358083 See you all later! Regards Shane Shane Coughlan OpenChain General Manager +818040358083 Book a meeting: https://meetings.hubspot.com/scoughlan
|
|
|
|
OpenChain Automation Case Study Part #1
We had a very big audience today. Thank you all for your attention and contributions.
Part #1 explores a new graphical tool from Facebook/TNG to make open source tooling easier to use. Our demo shows ORT calling ScanCode in a clean, simple way. We also discuss how the graphical interface was designed. Please find the video covering all the key material here: https://www.openchainproject.org/featured/2021/09/22/automation-case-study The Q&A section was recorded and will be released shortly.
|
|
|
|
REMINDER: OpenChain automation case study at 12:00 UTC on Wednesday (today) - 13:00 UK - 14:00 CEST - 20:00 CST - 21:00 KST + JST
We launch *the* OpenChain automation case study… 🤦♂️
toggle quoted messageShow quoted text
This is a must-see for those working in open source compliance. 12:00 UTC / 05:00 PST / 13:00 BST / 14:00 CEST / 17:30 IST / 20:00 CST / 21:00 KST + JST. https://zoom.us/j/4377592799 No registration. Regards Shane
On Sep 22, 2021, at 19:08, Shane Coughlan via groups.io <scoughlan=linuxfoundation.org@groups.io> wrote:
|
|
|
|
REMINDER: OpenChain automation case study at 12:00 UTC on Wednesday (today) - 13:00 UK - 14:00 CEST - 20:00 CST - 21:00 KST + JST
We launch of the OpenChain automation case study about using open source tools for open source compliance at 12:00 UTC on Wednesday (today). This is a rolling case-study between September and December 2021. It will be the largest case study ever undertaken in this space. All welcome. No registration. September 22nd (today): We explore a new graphical tool from Facebook/TNG to make open source tooling easier to use. * Our real-world demo will show ORT calling ScanCode in a clean, simple way. * We will have an interview about how the graphical interface was designed.
Need help with your timezone? 12:00 UTC / 05:00 PST / 13:00 BST / 14:00 CEST / 17:30 IST / 20:00 CST / 21:00 KST + JST.
|
|
|
|
OpenChain webinar - deferred to Wednesday 12:00 UTC / 05:00 PST / 13:00 BST / 14:00 CEST / 17:30 IST / 20:00 CST / 21:00 KST + JST
Dear all Our regular bi-weekly webinar is being deferred from Monday to Wednesday at 12:00 UTC / 05:00 PST / 13:00 BST / 14:00 CEST / 17:30 IST / 20:00 CST / 21:00 KST + JST. This is to keep the focus this week on the launch of our automation case study that day. The case study will be launched with our virtual event and with a physical event in Germany at roughly the same time. We are laying the foundation for an exploration that will take us all the way to a simulated supply chain in November. You will find all the details in our global calendar as usual. Dial in link: Regards Shane Shane Coughlan OpenChain General Manager +818040358083 Book a meeting: https://meetings.hubspot.com/scoughlan
|
|
|
|
OpenChain UK Work Group Meeting 30th September 2021
The next OpenChain UK Work Group meeting takes place virtually via Zoom on Thursday 30 September from 14:00 – 15:30 BST.
A full agenda will be launched prior to the meeting, which will be an interactive session with plenty of opportunity to ask questions and discuss OpenChain adoption and best practice. There has been a huge amount going on in the world of OpenChain, with a raft of new, high-profile conformance announcements, new optional extensions to the standard covering security and community engagement, and increased emphasis on the ease of use of tooling. OpenChain’s General Manager Shane Coughlan will be joining us, and bringing us up to speed on new initiatives intended to make existing compliance tools like FOSSology and ScanCode easier to use. To reserve your free place on the virtual meeting, on 30 September 2021 from 14:00 – 15:30, please complete the online booking form: https://ojimarketing.us19.list-manage.com/track/click?u=100dfa4f88cfb2baa11d391c2&id=e185a135d2&e=5d1e015448 To join the OpenChain UK Work Group visit https://lists.openchainproject.org/g/uk-wg and subscribe to the list to receive future details about the bi-monthly meetings and to sync and share information across all aspects of open source compliance.
|
|
|
|
OpenChain UK Work Group September Meeting
The next meeting for the OpenChain UK Work Group will be held on Thursday 30 September 2021 from 14:00 - 15:30. A full agenda will be launched prior to the meeting, which will be an interactive session with plenty of opportunity to ask questions and discuss OpenChain adoption and best practice. There has been a huge amount going on in the world of OpenChain, with a raft of new, high-profile conformance announcements, new optional extensions to the standard covering security and community engagement, and increased emphasis on the ease of use of tooling. Open Chain’s General Manager Shane Coughlan will be joining us, and bringing us up to speed on new initiatives intended to make existing compliance tools like FOSSology and ScanCode easier to use.
|
|
|
|
CfP - Open Compliance Summit - December 16th 2021 - Deadline October 1st
Reminder about upcoming deadlines/dates to be aware of regarding the Open Compliance Summit CFP:
• CFP Closes: Friday, October 1 • CFP Notifications: Tuesday, October 19 • Schedule Announcement: Thursday, October 21 https://events.linuxfoundation.org/open-compliance-summit/program/cfp/#%E6%A6%82%E8%A6%81
|
|
|
|
Re: [india-wg] [openchain] Proposal - OpenChain Quality of Conformance Assessment Levels (including a sub-proposal for tooling quality assessment levels)
Thanks Matija. Glad it reads well to you!
toggle quoted messageShow quoted text
Regards Shane
On Aug 24, 2021, at 20:02, Matija Šuklje <matija@suklje.name> wrote:
|
|
|
|
Re: Proposal - OpenChain Quality of Conformance Assessment Levels (including a sub-proposal for tooling quality assessment levels)
Thanks for the great feedback Kate and Mark (on this list) and loads of other people (on our call).
toggle quoted messageShow quoted text
In broad strokes: (1) we decided to make it *very* clear this was not about variants of OpenChain ISO 5230 but rather about where companies can go next after adoption (2) we decided to pull back from “quality grading” by the project and instead providing case studies and examples to help inspire companies Check out the latest (and dramatically overhauled) edit here: https://1drv.ms/p/s!AsXJVqby5kpnkShuUGG9M2Ki9MEc
On Aug 23, 2021, at 23:06, Mark Gisi <mark.gisi@windriver.com> wrote:
|
|
|
|
Proposal - OpenChain Quality of Conformance Assessment Levels (including a sub-proposal for tooling quality assessment levels)
Dear all
During a recent OpenChain Japan Planning meeting we discussed the challenge of “next steps” in OpenChain ISO 5230 conformance. Our initial goal of adoption in the supply chain is well underway. Our basic concept of “raising all the boats” is working. But now it is time to talk in more detail about “raising the boats to where?” From its launch in October 2016 until today, the OpenChain Project has been based on the concept of continual improvement (or Kaizen). We can now provide a “map” to help guide companies in this process, and to help customer companies judge the sophistication of suppliers who have adopted OpenChain ISO 5230. Attached is a slide-deck exploring how this can be done. We will be discussing this in the OpenChain bi-weekly global work team meeting today (Monday 23rd of August) at 14:00 UTC. All welcome. No registration. https://zoom.us/j/4377592799 You can add comments to this document online: https://1drv.ms/p/s!AsXJVqby5kpnkShuUGG9M2Ki9MEc Regards Shane
|
|
|
|
OpenChain Webinar Today 2021-08-16 @ 14:00 UTC - Heads up on a very cool part of our forthcoming webinar. Carlo Piana and Alberto Pianon will open the door on a new frontier for OpenChain. Welcome to practical application in projects.
Heads up on a very cool part of our webinar today. Carlo Piana and Alberto Pianon will open the door on a new frontier for OpenChain. Welcome to practical application in projects. 'OpenChain beyond companies: How OpenHarmony and Openeuler have applied OpenChain ISO 5230 for process management' And as mentioned earlier: Helpful Engineering will discuss open innovation in the pandemic response with a focus on governance. Their case study will include a case study of an open source license violation (unpacking the situation, not naming names). Join the call: https://zoom.us/j/4377592799 Need to confirm your timezone? 2021-08-16 @ 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST
|
|
|
|
OpenChain Webinar Today 2021-08-16 @ 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST
OpenChain Webinar Today:
We have a bit of a treat today. Helpful Engineering will discuss open innovation in the pandemic response with a focus on governance. Their case study will include a case study of an open source license violation (unpacking the situation, not naming names). Learn more about this organization: https://helpfulengineering.org/ Join the call: https://zoom.us/j/4377592799 Need to confirm your timezone? 2021-08-16 @ 14:00 UTC / 07:00 PST / 15:00 BST / 16:00 CEST / 19:30 IST / 22:00 CST / 23:00 KST / 23:00 JST
|
|
|
|
OpenChain ISO 5230 – Security Assurance Reference Guide Now Available
The OpenChain Project has a mission to establish trust in the Open Source from which Software Solutions are built. The International Standard OpenChain ISO 5230 addresses this matter from the perspective around open source license compliance. Many of the same processes are equally applicable to open source security and for this reason we are providing guidance regarding how they can be applied.
The OpenChain Security Assurance Reference Guide 1.0 has a similar format to OpenChain ISO 5230. It can be regarded as a map enabling a user to transpose the proven processes of ISO 5230 to the security domain. This first iteration of the reference guide focuses on the core process of identifying and addressing “known vulnerabilities.” Over time we will evolve the guide to refine its effectiveness. The OpenChain Security Assurance Reference Guide should be understood as a method to complement rather than compete with security specific standards. It is quite possible that an organization is compliant with another given standard will automatically meet all the processes outlined in the OpenChain Security Assurance Reference Guide. This is by design. As the OpenChain Project adds additional reference guides over time (e.g., quality, export compliance, malware and functional safety) the value of OpenChain ISO 5230 will grow. This work – as with all activity inside the OpenChain Project – will be undertaken by the community of user companies for the benefit of the community. Get The Reference Guide • https://github.com/OpenChain-Project/SecurityAssuranceGuide/tree/main/Guide/1.0 Send Feedback To The Specification Team • https://lists.openchainproject.org/g/specification
|
|
|
|
FINAL REMINDER: OpenChain Security Guidance Document - Last Call
We begin in 20 minutes :)
REMINDER: OpenChain Bi-Weekly Work Group Call - 2021-08-10 at 06:00 UTC / 07:00 BST / 08:00 CEST / 11:30 IST / 14:00 CST / 15:00 KST+JST We are finalizing this document: https://1drv.ms/w/s!AsXJVqby5kpnkSaMT5WBZwJBONuB In this Zoom room: https://zoom.us/j/4377592799 The finished document will be released this week. It will provide context to all users of OpenChain ISO 5230 on application in the context of security.
|
|
|
|
IMPORTANT: OpenChain Security Assurance Reference Guide (ISO 5230 Security Assurance Reference Guide)
The security guidance guide for OpenChain ISO 5230 is nearly ready. This is the last call for comments.
This document will provide all that is necessary to apply OpenChain ISO 5230 to address security matters related to open source. It does not alter or adjust the standard itself. It is a “mapping” guide. Here is the document in a format that allows you to add comments: https://1drv.ms/w/s!AsXJVqby5kpnkSaMT5WBZwJBONuB Here is the most recent call where we discussed specifics: https://www.youtube.com/watch?v=okRa07dfokE You have until the 10th of August to provide feedback, with the process ending during our regular Global Work Team call on that day. The document will be released on the 11th of August. Regards Shane — Shane Coughlan General Manager, OpenChain e: scoughlan@linuxfoundation.org p: +81 (0) 80 4035 8083 w: www.linuxfoundation.org Schedule a call: https://meetings.hubspot.com/scoughlan
|
|
|