Date   

Re: [openchain] OpenChain UK Work Group Meeting – 2022-10-13 in London

Steve Kilbane
 

Now received, thanks!

 

From: uk-wg@... <uk-wg@...> on behalf of Shane Coughlan <scoughlan@...>
Date: Thursday, 13 October 2022 at 11:12
To: OpenChain UK <uk-wg@...>
Cc: Marie Parkinson <marie.parkinson@...>
Subject: Re: [uk-wg] [openchain] OpenChain UK Work Group Meeting – 2022-10-13 in London

[External]

No worries, hooking you up with the Moorcrofts staff now.

> On Oct 13, 2022, at 12:02, Steve Kilbane <stephen.kilbane@...> wrote:
>
> Hi all,

> Did the dial-in details for this call get sent out? I can find the dial-in details for the September event, but not for the October one.

> steve

> From: main@... <main@...> on behalf of Shane Coughlan <scoughlan@...>
> Date: Thursday, 29 September 2022 at 09:19
> To: OpenChain Main <main@...>
> Cc: OpenChain UK <uk-wg@...>
> Subject: [openchain] OpenChain UK Work Group Meeting – 2022-10-13 in London
>
> [External]
>
> OpenChain, Moorcrofts and Orcro will host the next OpenChain UK Work Group meeting on the 13th of October 2022 in London. All welcome. Learn more here:
> https://urldefense.com/v3/__https://www.openchainproject.org/news/2022/09/29/uk-work-2022-10-13__;!!A3Ni8CS0y2Y!87Fi4QEvze2hB7IV-MDNQtMyECKzbd6PnXiX6fcpuI-KEWKMomj8XJ-QLMXj2mz-xoqpm-bt2yRNWq_G2FzHIqMNOyMb7fA$ 
>
>
>
>
>






Re: [openchain] OpenChain UK Work Group Meeting – 2022-10-13 in London

 

No worries, hooking you up with the Moorcrofts staff now.

On Oct 13, 2022, at 12:02, Steve Kilbane <stephen.kilbane@...> wrote:

Hi all,

Did the dial-in details for this call get sent out? I can find the dial-in details for the September event, but not for the October one.

steve

From: main@... <main@...> on behalf of Shane Coughlan <scoughlan@...>
Date: Thursday, 29 September 2022 at 09:19
To: OpenChain Main <main@...>
Cc: OpenChain UK <uk-wg@...>
Subject: [openchain] OpenChain UK Work Group Meeting – 2022-10-13 in London

[External]

OpenChain, Moorcrofts and Orcro will host the next OpenChain UK Work Group meeting on the 13th of October 2022 in London. All welcome. Learn more here:
https://urldefense.com/v3/__https://www.openchainproject.org/news/2022/09/29/uk-work-2022-10-13__;!!A3Ni8CS0y2Y!87Fi4QEvze2hB7IV-MDNQtMyECKzbd6PnXiX6fcpuI-KEWKMomj8XJ-QLMXj2mz-xoqpm-bt2yRNWq_G2FzHIqMNOyMb7fA$





Re: [openchain] OpenChain UK Work Group Meeting – 2022-10-13 in London

Steve Kilbane
 

Hi all,

 

Did the dial-in details for this call get sent out? I can find the dial-in details for the September event, but not for the October one.

 

steve

 

From: main@... <main@...> on behalf of Shane Coughlan <scoughlan@...>
Date: Thursday, 29 September 2022 at 09:19
To: OpenChain Main <main@...>
Cc: OpenChain UK <uk-wg@...>
Subject: [openchain] OpenChain UK Work Group Meeting – 2022-10-13 in London

[External]

OpenChain, Moorcrofts and Orcro will host the next OpenChain UK Work Group meeting on the 13th of October 2022 in London. All welcome. Learn more here:
https://urldefense.com/v3/__https://www.openchainproject.org/news/2022/09/29/uk-work-2022-10-13__;!!A3Ni8CS0y2Y!87Fi4QEvze2hB7IV-MDNQtMyECKzbd6PnXiX6fcpuI-KEWKMomj8XJ-QLMXj2mz-xoqpm-bt2yRNWq_G2FzHIqMNOyMb7fA$ 




REMINDER: OpenChain UK work group meeting 13th October 11:00 to 13:00 BST

 

Register here for free and attend in person (London) or virtually:
As usual, Moorcrofts and Orcro host. I’ll be there in person to talk through our latest global news. It will be good to see some of you face to face for the first time in years.

Regards

Shane 

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


IMPORTANT REMINDER: Telco Work Group meeting today - Telco SBOM Spec in Drafting

 

Dear all

The OpenChain Telco Work Group has a meeting today at 17:00 CEST (15:00 UTC).

This meeting will be of special interest to anyone working on matters related to SBOMs, as the work group is currently drafting a telco spec related to this topic:
https://github.com/OpenChain-Project/telco/blob/main/OpenChain%20Telco%20SBOM%20Specification.md

Absent other pressing agenda items, the call today will focus on collecting feedback for this specification via issues submitted live on the call (by the chair) or offline (by you directly).

Join us:
https://zoom.us/j/4377592799

Regards

Shane


Shane Coughlan
General Manager, OpenChain
e: scoughlan@...
p: +81 (0) 80 4035 8083
w: www.linuxfoundation.org

Schedule a call:
https://meetings.hubspot.com/scoughlan


REMINDER: OpenChain Monthly Community Call - 09:00 PST (16:00 UTC) on 1st Tuesday (Tomorrow)

 

Dear all

Tomorrow we have our Monthly Community Call.

We will be:

Looking at the new security specification and covering its ISO/IEC submission

Working on Our Path to Conformance

Reviewing our FAQ

And more…

Full Agenda
1. Introductions
2. Specification (process standards) news
3. SBOM news
4. OSPO news
5. Automation news
6. Community feedback and comments - issues for standards and core supporting material
7. Community feedback and comments - issues for reference and supporting material
8. Community feedback and comments - issues to support other projects
9. Any other business
10. Close of meeting

This meeting is held in the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

Compare timezones:
https://www.worldtimebuddy.com

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


Re: October's Ospology.live - OSPO Workshop:Stockholm, Sweden

Sean McIlroy (LF, PM) <smcilroy@...>
 

Dear all

October's Ospology.live will be hosted by OSPO at Ericsson (Stockholm, Sweden) and co-organized with TODO, OpenChain, SPDX, CHAOSS and OpenSSF projects.
Join the first in-person Workshop to help organizations effectively implement Open Source Program Offices (OSPOs) based on specific region needs in Europe. 
If you have any questions, please contact the event Organizer - Ana Jimenez (ana@todogroup.org)

Regards

Sean Mcilroy

Program Manager - Linux Foundation
C2PA | GSF | OpenChain | Open19
Timezone: GMT 


Invitation: OpenChain UK Work Group Meeting @ Thu Oct 13, 2022 12:00 - 14:00 (CEST) (uk-wg@lists.openchainproject.org)

 

OpenChain UK Work Group Meeting
Moorcrofts LLP and its sister compliance company Orcro Limited, as OpenChain partners invite you to join us at the next meeting of the OpenChain UK Work Group, taking place both virtually and physical
 
Moorcrofts LLP and its sister compliance company Orcro Limited, as OpenChain partners invite you to join us at the next meeting of the OpenChain UK Work Group, taking place both virtually and physically (Beck Greener, London) on Thursday 13 October, 11:00 - 13:00.

The keynote speaker for the event will be Liz Rice, Chief Open Source Officer with eBPF specialists, creators of the Cilium cloud native networking, security and observability project.

Liz is a member of the Open UK Board and was chair of the CNCF's Technical Oversight Committee 2019-2022, and co-chaired the KubeCon / CloudNativeCon 2018 events in Copenhagen, Shanghai and Seattle. She is also the author of Container Security, published by O'Reilly.

She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, competing in virtual races on Zwift, and making music under the pseudonym Insider Nine.

Agenda

11:00: Welcome and introduction by Andrew Katz (Orcro) & Sami Atabani (Arm)

11:10: News and Updates by Shane Coughlan (Linux Foundation)

11:25: OpenChain UK Work Group: Plans by Andrew Katz (Orcro) & Sami Atabani (Arm)

11:45: Liz Rice Key Note

12:45: AOB

13:00: Thank you and goodbye!

OpenChain, a project of the Linux Foundation, brings established governance principles to the software supply chain. It adopts best-practice from other compliance areas and maps them to software procurement, giving businesses a clear path to minimising infringement risk in procuring, developing and deploying software, with particular emphasis on use and re-use of free and open source software ("FOSS") components. The result is that open source licence compliance becomes more predictable, understandable and efficient for all participants in the software supply chain.

Why Join?
With a stellar roster of international businesses adopting the OpenChain framework for Open Source compliance and seeing the benefits of adopting best-practice – helping business teams work together towards a common goal, making Free and Open-Source Software (FOSS) more accessible to developers and reducing overall compliance effort, saving time, legal and engineering resources, it makes sense to unify and freely share this work, and help to embed it into the UK's software development culture.

With this in mind, the OpenChain UK Work Group was born. It is free to join, and open to anyone (whether in the UK or otherwise) interested in finding out more about why companies as diverse as Arm, Google, Scania, Hitachi Data Systems, Toyota, Facebook, Uber and Microsoft are embracing OpenChain, as well as smaller companies like B2M Solutions and NewRoCo. The group also aims to help developers' and organisations' journey through open source compliance by providing a practical and accessible platform for anyone in the UK to quickly sync, share information and save time across all aspects of open source compliance.

Book Now
To reserve your free place at either the physical or virtual meeting, on 13 October from 11:00 – 13:00, please complete the online booking form:

https://ojimarketing.us19.list-manage.com/track/click?u=100dfa4f88cfb2baa11d391c2&id=7e2a04c8e7&e=5d1e015448

When

Thursday Oct 13, 2022 ⋅ 12:00 – 14:00 (Central European Time - Paris)
Reply for uk-wg@...

Invitation from Google Calendar

You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event.

Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more


OpenChain UK Work Group Meeting – 2022-10-13 in London

 

OpenChain, Moorcrofts and Orcro will host the next OpenChain UK Work Group meeting on the 13th of October 2022 in London. All welcome. Learn more here:
https://www.openchainproject.org/news/2022/09/29/uk-work-2022-10-13


REMINDER: SPECIAL CALL: ISO/IEC WG suggestions for Security Specification today at 08:00 UTC (2022-09-27)

 

tl;dr: we have an important specification call in just under an hour.

ISO/IEC WG/SC27 (security) has provided some feedback on the OpenChain Security Assurance Specification 1.0 for our review. Our review cycle runs from now until October 4th and you can get started on checking their comments via our issue tracker here:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues

We will hold a special call to discuss their comments on Tuesday the 27th of September 2022 at 08:00 UTC to review their comments.

We are providing some guidance on the review of these comments and suggestions.

(1) Our specification was completed after a multi-month process in March 2022, and it was ratified by our board for ISO/IEC JTC-1 PAS submission on the 14th of September 2022
(2) Therefore OpenChain Security Assurance Specification 1.0 is functionally complete
(3) We should review the ISO/IEC WG comments with this perspective
(4) We are looking for editorial adjusts for clarity and errors
(5) We are not looking to change the scope or function of OpenChain Security Assurance Specification 1.0 or any immediate clarity / error adjusted successor
(6) This is because we want to proceed with our JTC-1 PAS submission as approved by the OpenChain Governing Board
(7) But we can place any comments for scope and function adjustment into a deferred status
(8) And we will return to them for discussion around inclusion in OpenChain Security Assurance Specification 2.0

This meeting is held in the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

Compare timezones:
https://www.worldtimebuddy.com

Join via one tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number:
https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan


October's Ospology.live - OSPO Workshop:Stockholm, Sweden

Sean McIlroy (LF, PM) <smcilroy@...>
 

Dear all

October's Ospology.live will be hosted by OSPO at Ericsson (Stockholm, Sweden) and co-organized with TODO, OpenChain, SPDX, CHAOSS and OpenSSF projects.
Join the first in-person Workshop to help organizations effectively implement Open Source Program Offices (OSPOs) based on specific region needs in Europe. 
If you have any questions, please contact the event Organizer - Ana Jimenez (asantamaria@...)

Regards

Sean Mcilroy

Program Manager - Linux Foundation
Timezone: GMT 


Invitation: SPECIAL CALL TO ACTION: ISO/IEC WG suggestions for OpenCh... @ Tue Sep 27, 2022 09:00 - 10:00 (WEST) (uk-wg@lists.openchainproject.org)

 

SPECIAL CALL TO ACTION: ISO/IEC WG suggestions for OpenChain Security Assurance Specification 1.0 - CALL UTC
ISO/IEC WG/SC27 (security) has provided some feedback on the OpenChain Security Assurance Specification 1.0 for our review. Our review cycle runs from now until October 4th and you can get started on
 
ISO/IEC WG/SC27 (security) has provided some feedback on the OpenChain Security Assurance Specification 1.0 for our review. Our review cycle runs from now until October 4th and you can get started on checking their comments via our issue tracker here:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues

We will hold a special call to discuss their comments on Tuesday the 27th of September 2022 at 08:00 UTC to review their comments.

We are providing some guidance on the review of these comments and suggestions.

(1) Our specification was completed after a multi-month process in March 2022, and it was ratified by our board for ISO/IEC JTC-1 PAS submission on the 14th of September 2022
(2) Therefore OpenChain Security Assurance Specification 1.0 is functionally complete
(3) We should review the ISO/IEC WG comments with this perspective
(4) We are looking for editorial adjusts for clarity and errors
(5) We are not looking to change the scope or function of OpenChain Security Assurance Specification 1.0 or any immediate clarity / error adjusted successor
(6) This is because we want to proceed with our JTC-1 PAS submission as approved by the OpenChain Governing Board
(7) But we can place any comments for scope and function adjustment into a deferred status
(8) And we will return to them for discussion around inclusion in OpenChain Security Assurance Specification 2.0

This meeting is held in the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

Compare timezones:
https://www.worldtimebuddy.com

Join via one tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number:
https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

When

Tuesday Sep 27, 2022 ⋅ 09:00 – 10:00 (Western European Time - Faroe)
Reply for uk-wg@...

Invitation from Google Calendar

You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event.

Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more


Invitation: OpenChain Monthly Community Call - 09:00 CST (01:00 UTC) ... @ Monthly from 02:00 to 03:00 on the third Tuesday (WEST) (uk-wg@lists.openchainproject.org)

 

OpenChain Monthly Community Call - 09:00 CST (01:00 UTC) on 3rd Tuesday
This is the OpenChain Monthly Community Call -&nbsp;09:00 CST (01:00 UTC) on 3rd Tuesday. It is open to every individual and company regardless of their membership of Linux Foundation or the OpenChain
 
This is the OpenChain Monthly Community Call - 09:00 CST (01:00 UTC) on 3rd Tuesday. It is open to every individual and company regardless of their membership of Linux Foundation or the OpenChain Project. It provides a forum to bring together the various things the OpenChain community is doing around the world, from building our family of standard (licensing compliance and now security compliance), assisting with tooling, SBOMs and OSPOs, and facilitating industry specific discussions in areas like telco and automotive.

Agenda
  1. Introductions 
  2. Specification (process standards) news 
  3. SBOM news
  4. OSPO news
  5. Automation news 
  6. Community feedback and comments - issues for standards and core supporting material
  7. Community feedback and comments - issues for reference and supporting material
  8. Community feedback and comments - issues to support other projects
  9. Any other business
  10. Close of meeting

This meeting is held in the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

Compare timezones:
https://www.worldtimebuddy.com

Join via one tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number:
https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

When

Monthly from 02:00 to 03:00 on the third Tuesday (Western European Time - Faroe)
RSVP for uk-wg@... for all events in this series

Invitation from Google Calendar

You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event.

Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more


Invitation: OpenChain Monthly Community Call - 09:00 PST (16:00 UTC) ... @ Monthly from 17:00 to 18:00 on the first Tuesday (WEST) (uk-wg@lists.openchainproject.org)

 

OpenChain Monthly Community Call - 09:00 PST (16:00 UTC) on 1st Tuesday
This is the OpenChain Monthly Community Call - 09:00 PST (16:00 UTC) on 1st Tuesday. It is open to every individual and company regardless of their membership of Linux Foundation or the OpenChain Proj
 
This is the OpenChain Monthly Community Call - 09:00 PST (16:00 UTC) on 1st Tuesday. It is open to every individual and company regardless of their membership of Linux Foundation or the OpenChain Project. It provides a forum to bring together the various things the OpenChain community is doing around the world, from building our family of standard (licensing compliance and now security compliance), assisting with tooling, SBOMs and OSPOs, and facilitating industry specific discussions in areas like telco and automotive.

Agenda
  1. Introductions 
  2. Specification (process standards) news 
  3. SBOM news
  4. OSPO news
  5. Automation news 
  6. Community feedback and comments - issues for standards and core supporting material
  7. Community feedback and comments - issues for reference and supporting material
  8. Community feedback and comments - issues to support other projects
  9. Any other business
  10. Close of meeting

This meeting is held in the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

Compare timezones:
https://www.worldtimebuddy.com

Join via one tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number:
https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

When

Monthly from 17:00 to 18:00 on the first Tuesday (Western European Time - Faroe)
RSVP for uk-wg@... for all events in this series

Invitation from Google Calendar

You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event.

Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more


IMPORTANT: New OpenChain Monthly Community Call - 09:00 PST (16:00 UTC) on 1st Tuesday / 09:00 CST (01:00 UTC) on 3rd Tuesday

 

Dear all

We have been experimenting with various structures for our calls for a couple of months (time and topic defined calls to action etc.). After collecting community feedback, I would like to announce a new Monthly Community Call Schedule where:
(1) Once per month for primary timezones we will hold a structured one hour meeting
(2) This meeting will have a repeating core agenda so you always know what you are getting
(3) We will be giving plenty of space for our work groups to ensure they share core news with you in a timely manner
(4) You can provide direct feedback on aspects of community work, management and future planning

This new structure is important to help us bring together the various things the OpenChain community is doing around the world, from building our family of standard (licensing compliance and now security compliance), assisting with tooling, SBOMs and OSPOs, and facilitating industry specific discussions in areas like telco and automotive.

The calendar invitations for our new meeting schedule will go out shortly. We will start in October and continue on this schedule to end-2023 before any further adjustments, allowing plenty of predictability in your calendars.

Regards

Shane


Shane Coughlan
General Manager, OpenChain
e: scoughlan@...
p: +81 (0) 80 4035 8083
w: www.linuxfoundation.org

Schedule a call:
https://meetings.hubspot.com/scoughlan


OpenChain Summit 2022 – Full Recording

 

The OpenChain Project held its annual an all-day summit adjacent to Open Source Summit Europe (OSS EU) on the 14th of September. This event featured news from our latest board meeting (including the decision to launch our new security specification), a deep dive into a significant new automation landscape to assist with license, security and export control compliance, SBOM discussions and more.

Check out the full recording at the link below alongside copies of our excellent keynote presentation from Andrew Katz of Orcro and the automation landscape capability map presentation delivered by Jan Thielscher of EACG on behalf of the OpenChain Reference Tooling Work Group.

Here are the key takeaways:
• The OpenChain Project now maintains a family of specifications to build trust in the supply chain. We started with license compliance and now we have a sister standard for security.
• Open source automation for open source license, security and export control compliance is getting a clear capability map to guide investment of resources and save time.
• Software Bill of Materials (SBOM) has seen great progress in the last year or two, and the OpenChain Telco Work Group is working on very practical items related to market adoption.
• Open source licensing discussions have become somewhat stale and there is scope for considering the future of open source licensing approaches.

https://www.openchainproject.org/news/2022/09/23/openchain-summit-2022-full-recording


OpenChain Security Assurance Specification 1.0 Now Available

 

The OpenChain Security Assurance Specification 1.0 is now available. This is the result of over one year of work throughout the global OpenChain community. Access the specification and lend a hand with next steps here:
https://www.openchainproject.org/featured/2022/09/22/openchain-security-assurance-specification-1-0-now-available

Next Steps

We will proceed to ISO/IEC JTC-1 PAS submission with an estimated completion date of circa mid-2023. In the meantime, our security assurance specification is ready for market adoption as a de facto standard.

Prior to the ISO/IEC JTC-1 PAS submission, we have some time for sanity-checks and minor adjustments. We begin that process today and will complete it on October 4th 2022 (2022-10-04).

There are two tasks for the community ahead of that date:
• Check our Security Assurance Specification 1.0 against the Security Assurance Reference Guide 2.0 (Release Candidate 1) to ensure Sections 1, 2 and 3 match. You can find the Security Assurance Reference Guide 2.0 (Release Candidate 1) here:
https://github.com/OpenChain-Project/Security-Assurance-Specification/tree/main/Security-Assurance-Guide-Depreciated/2.0

• Check the OpenChain Security Assurance Specification 1.0 for any typographical errors that have snuck through our existing editing process. You can find the document linked at the start of this email or here:
https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security-Assurance-Specification/1.0/en/openchain-security-specification-1.0.md

You can submit issues highlighting areas you would like review on our GitHub respository. Please note, due to this being a specification, we will only accept issues for discussion. We will not accept pull requests or remixes of any sort.

In the coming days we will have broader distribution of the specification launch, including on social media and via blog posts. However, you can begin sharing it immediately with your teams and peers.


OpenChain Summit + Governing Board News Summary

 

For your information:

Date: September 21, 2022 16:26:58 GMT+2
To: OpenChain Main <main@...>

You will get individual emails providing details on each item. The summary is:

(1) We are proceeding with our security specification, so our license compliance specification will be joined with a de facto sister (this month) and a fellow ISO/IEC standard circa mid-2023.

(2) We will be improving our work group structure to make it easier to engage with the topics that interest you (and avoid the ones that don’t).

(3) We are going to do export control with a mini-summit later this year. This is a topic our community has been informally discussing for a few years.

(4) We will work with LF leadership to improve the narrative regarding how the various LF process projects interlink. Our goal will be to ensure there is a single way to land on the domain and to find the information you need quickly.

(5) With the above in mind, we will be more heavily communicating the core mission of OpenChain: to build trust in the supply chain. The first domain we pushed hard to transform was licensing compliance, but it was never intended to be the only.

There is more, especially in terms of things like amazing work coming out of our reference tooling work group, and you can track that via individual emails coming soon.






Tooling Capability Map from the OpenChain Reference Tooling Work Group

 

The OpenChain Tooling Work Group has been working on a Tooling Capability Map that can help the global market better use open source tooling for open source license, security and export control compliance. You will find the most immediate impact in license compliance, but you can expect other use-cases to be increasingly addressed both inside the OpenChain Project and beyond in the coming months.

Check it out here and attached:
https://docs.google.com/presentation/d/1l224lXBb6AA7hve_mKph4ir3qbRV350LnL_X4IUbAWQ/edit?usp=sharing

Want to help build this?

Join the OpenChain Reference Tooling Work Group mailing list here:
https://groups.io/g/oss-based-compliance-tooling


REMINDER: OpenChain Summit 2022 – Dublin, Ireland – September 14th @ 11:00 Ireland Time (10:00 UTC, 12:00 CEST, 15:30 IST, 18:00 CST, 19:00 KST+JST)

 

The OpenChain Project will hold an all-day summit adjacent to Open Source Summit Europe (OSS EU) today (14th of September).

Join via Zoom:
https://zoom.us/j/4377592799

Provisional Agenda:
• 11:00 to 11:30: Opening Keynote, Andrew Katz of Orcro
• 11:30 to 12:30: The OpenChain License Compliance and Security Compliance specification material
• 12:30 to 14:30: Open source tooling for open source compliance (automation for everyone)
• 14:30 to 15:30: SBOM Deep Dive – Telco and More
• 15:30 to 16:30: OSPO and other activities (theory, practice and what is actually happening in market)
• 16:30 to 17:00: Summary Session

Physical Location:
Orion Room 1 @ Spencer Hotel, Excise Walk, International Financial Services Centre, Dublin 1, D01 X4C9, Ireland
3 minutes from Dublin Convention Center (OSS EU venue).

Map link:
https://www.google.com/maps/dir/The+Convention+Centre+Dublin,+North+Wall+Quay,+North+Wall,+Dublin+1,+Ireland/Spencer+Hotel,+Excise+Walk,+International+Financial+Services+Centre,+Dublin+1,+D01+X4C9,+Ireland/@53.3478462,-6.2425523,18z/data=!3m1!4b1!4m14!4m13!1m5!1m1!1s0x48670ef2b83165af:0x25faa23c18a1e358!2m2!1d-6.2396033!2d53.347725!1m5!1m1!1s0x485c490257b389a7:0x640fa38258dfc84d!2m2!1d-6.2433009!2d53.3480387!3e2

21 - 40 of 277