Date   

Successful GPLv3 Enforcement In Italy - Webinar Starts Now

 

Successful GPLv3 Enforcement In Italy - Webinar Starts Now

Carlo and Alberto join us live to explain how Array Law managed the case. 

Join free and without registration:

Check your time:
06:00 UTC / 07:00 CET / 08:00 BST / 14:00 CST / 15:00 KST+JST 2022-01-25 (22:00 PST previous day 2022-01-24)


OpenChain On Security

 

Over the last 12 months there have been several noteworthy concerns around open source and security. The exposure of vulnerability in software has exposed underlying issues with process management and ultimately with sustainability. The OpenChain Project, steward of ISO/IEC 5230:2020, the International Standard for open source compliance, has been at the forefront of addressing these matters.

In August 2021 we responded to market demand by releasing a Security Assurance Reference Guide. The first version of this document explained how ISO/IEC 5230 could be used through the optics of security. Like all our documentation, it was developed and released in the public arena, and subject to review and contributions from a wide array of stakeholders.

We are now working on the second iteration of this document. It does for security what ISO/IEC 5230 did for compliance: it provides a minimal, broadly applicable list of key requirements to institute a quality assurance program to address the domain space.

We do not intend to replace existing security standards. We do not intend to bloat ISO/IEC 5230. Instead, we are pursuing our proven approach of developing a real-world solution for a real-world problem that can be immediately deployed, and over time fits together with adjacent activities as neatly as a jigsaw puzzle.

For those new to this topic and wondering what OpenChain’s engagement means in practice, a summary of our Specification Work Group discussions throughout 2020-2021 is in order.

We are considering three paths for the security domain. One sees the Security Assurance Reference Guide maintaining its stance solely as a guide. Another sees the Security Assurance Reference Guide evolve into a Reference Specification that may become a de facto industry standard over time. Lastly, there is the option to have the Security Assurance Reference Guide evolve into an optional component for a future iteration of ISO/IEC 5230.

You can contribute to this activity by joining our bi-weekly global work team calls [1], our specification mailing list [2], and opening issues on the relevant repository in GitHub [3].

1.     https://www.openchainproject.org/community
2.     https://lists.openchainproject.org/g/specification
3.     https://github.com/OpenChain-Project/SecurityAssuranceGuide/tree/main/Guide/2.0

The OpenChain Project is far from alone in helping to address concerns around open source and security. The Open Source Security Foundation (OpenSSF) is a sister project at the Linux Foundation dedicated to securing the open source ecosystem. The Software Package Data Exchange Project (SPDX) maintains ISO/IEC 5962:2021, an International Standard for Software Bill of Materials. The Linux Foundation also hosts tools to help with automation in the space. We are collaborating to ensure the future of open source is secure.

You can expect a continuation of these activities throughout 2022. There will be an excellent opportunity for you to get involved during this quarter, as the OpenChain Project hosts a security summit to enable our extensive global community to share notes. To learn more about this, as well as our other activities, join one of our calls or one of our mailing lists. Everyone is welcome.

Get Started With Our Community

Attend The OpenChain Security Summit On February 17th and 18th 

The Security Summit will take place on February 17th 2022 at 17:00 PST / February 18th 2022 02:00 UTC / 09:00 CST / 10:00 JST. It will be hosted on Zoom and it will be free to attend. It will also be recorded. You can expect to come away with a clear understanding of market conditions, how the Linux Foundation is addressing them, and where OpenChain fits into the picture.

 

 


OpenChain 2022 - Our Mini-Summits Evolve Into full Summits

 

The OpenChain Project will host three summits throughout 2022. Each summit will be virtual though our positioning and agenda will reflect a different geography for each topic covered. Here is what you can expect:
  1. Security (North America)
  2. Intellectual Property (China/Japan)
  3. Automation (Germany)
The first summit will focus on Security and will take place on February 17th 2022 at 17:00 PST (February 18th 2022 02:00 UTC / 09:00 CST / 10:00 JST). It will be hosted on Zoom and it will be free to attend. It will also be recorded. You can expect to come away with a clear understanding of market conditions, how the Linux Foundation is addressing them, and where OpenChain fits into the picture.

The dates and times of the Intellectual Property Summit and the Automation Summit will be announced shortly. You can expect the former to provide a snapshot of current thinking around copyright, trademarks and patents in our domain. You can expect the latter to brief you on the state-of-the-art around automation for compliance, security and project health.

The goal - as always - is to ensure you have the information necessary to make informed, effective decisions around the open source supply chain. We seek to build trust in the quality of programs used by you, your customers and your suppliers. We are proud to have taken significant strides in our field throughout 2021. We expect to push the boundaries of what is possible once again in 2022.


Re: [openchain] ACTION REQUIRED: OpenChain Participation Certificates

 

Greetings all!

Last call. If you want a participation certificate for your contribution to OpenChain in 2021 (and before), please list yourself in this spreadsheet:
https://1drv.ms/x/s!AsXJVqby5kpnkTHvJmDpwpuZE2kP

Regards

Shane

On Dec 21, 2021, at 11:53, Shane Coughlan via lists.openchainproject.org <scoughlan=linuxfoundation.org@...> wrote:

Recently the Linux Foundation has been recognizing the amazing contributions of our community through digital certificates. For example, if you have been a speaker at an event, you will have received one.

The OpenChain Project is going to do the same. As we enter 2022, OpenChain is prepare digital certificates to show what you have been doing in our community, and to show our appreciation.

We would like you to take a moment to fill out the form here with an overview of who you are, what work groups you are part of, and how long you have been in our community:
https://1drv.ms/x/s!AsXJVqby5kpnkTHvJmDpwpuZE2kP

Please help us recognize you with an official OpenChain certificate :)




Invitation: OpenChain Bi-Weekly Webinar @ Every 4 weeks from 23:00 to 23:30 on Monday from Mon Feb 7 to Tue Jan 3, 2023 (JST) (uk-wg@lists.openchainproject.org)

 

You have been invited to the following event.

OpenChain Bi-Weekly Webinar

When
Every 4 weeks from 23:00 to 23:30 on Monday from Mon Feb 7 to Tue Jan 3, 2023 Japan Standard Time
Where
https://zoom.us/j/4377592799 (map)
Calendar
uk-wg@...
Who
scoughlan@... - creator
OpenChain Education
OpenChain Korea
OpenChain UK
OpenChain Main
OpenChain Germany
OpenChain Automotive
OpenChain Telco Work Group
OpenChain India
OpenChain Taiwan
OpenChain Specification
OpenChain Partners
OpenChain Japan

This meeting is held in the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

One tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number: https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

Going (uk-wg@...)?   All events in this series:   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account uk-wg@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More.


Invitation: OpenChain Bi-Weekly Global Call @ Every 4 weeks from 23:00 to 23:30 on Monday from Mon Jan 31 to Mon Jan 2, 2023 (JST) (uk-wg@lists.openchainproject.org)

 

You have been invited to the following event.

OpenChain Bi-Weekly Global Call

When
Every 4 weeks from 23:00 to 23:30 on Monday from Mon Jan 31 to Mon Jan 2, 2023 Japan Standard Time
Where
https://zoom.us/j/4377592799 (map)
Calendar
uk-wg@...
Who
scoughlan@... - creator
OpenChain Education
OpenChain Korea
OpenChain UK
OpenChain Main
OpenChain Germany
OpenChain Automotive
OpenChain Telco Work Group
OpenChain India
OpenChain Taiwan
OpenChain Specification
OpenChain Partners
OpenChain Japan

This meeting is held in the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

One tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number: https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

Going (uk-wg@...)?   All events in this series:   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account uk-wg@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More.


Invitation: OpenChain Bi-Weekly Webinar @ Every 4 weeks from 15:00 to 15:30 on Tuesday from Tue Jan 25 to Mon Jan 2, 2023 (JST) (uk-wg@lists.openchainproject.org)

 

You have been invited to the following event.

OpenChain Bi-Weekly Webinar

When
Every 4 weeks from 15:00 to 15:30 on Tuesday from Tue Jan 25 to Mon Jan 2, 2023 Japan Standard Time
Where
https://zoom.us/j/4377592799 (map)
Calendar
uk-wg@...
Who
scoughlan@... - creator
OpenChain Education
OpenChain Korea
OpenChain UK
OpenChain Main
OpenChain Germany
OpenChain Automotive
OpenChain Telco Work Group
OpenChain India
OpenChain Taiwan
OpenChain Specification
OpenChain Partners
OpenChain Japan

This meeting is held in the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

One tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number: https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

Going (uk-wg@...)?   All events in this series:   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account uk-wg@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More.


Invitation: OpenChain Bi-Weekly Global Call @ Every 4 weeks from 15:00 to 15:30 on Tuesday from Tue Jan 18 to Sun Jan 1, 2023 (JST) (uk-wg@lists.openchainproject.org)

 

You have been invited to the following event.

OpenChain Bi-Weekly Global Call

When
Every 4 weeks from 15:00 to 15:30 on Tuesday from Tue Jan 18 to Sun Jan 1, 2023 Japan Standard Time
Where
https://zoom.us/j/4377592799 (map)
Calendar
uk-wg@...
Who
scoughlan@... - creator
OpenChain Education
korea-wg@...
uk-wg@...
main@...
germany-wg@...
OpenChain Automotive
OpenChain Telco Work Group
india-wg@...
taiwan-wg@...
OpenChain Specification
OpenChain Partners
japan-wg@...
This meeting is held in the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

One tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number: https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

Going (uk-wg@...)?   All events in this series:   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account uk-wg@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More.


OPENCHAIN CALENDAR 2022

 

We “rebooted” the OpenChain Global Calendar for 2022. This allowed our community to remove any orphan invitations lingering in clients. Our refreshed calendar is now going live.

You can add the whole calendar to your productivity client of choice. This is our recommended method to ensure orphan invitations are minimized:
https://calendar.google.com/calendar/embed?src=c_08seb6095ofjtfr5fjb5tabgl4%40group.calendar.google.com&ctz=Asia%2FTokyo

However, there is also a “push” option. All the OpenChain mailing lists will be included in calendar invites so - to start the year - you can choose that path to stay connected with everything we do.

Our bi-weekly global calls start on the 18th of January. Our bi-weekly webinars start on the 25th of January. I look forward to seeing you there.

Regards

Shane


Shane Coughlan
General Manager, OpenChain
e: scoughlan@...
p: +81 (0) 80 4035 8083
w: www.linuxfoundation.org

Schedule a call:
https://meetings.hubspot.com/scoughlan


OpenChain in 2022

 

The OpenChain Project and the OpenChain ISO/IEC 5230:2020 international standard had an exceptional 2021. From conformance announcements to new members, it was clear that the market was ready to gather around a shared solution for effective, efficient use of open source in supply chains.

The question is “what next?”

The answer is “a lot.”

We have three new governing board members to announce, new certifiers, new partners, new conformant organizations and – perhaps most important for the long-term – deeper engagement on the policy level across multiple countries.

As a member of our community you can expect to continue receiving support from global and national work groups, ever improving material to help with the adoption and use of OpenChain ISO/IEC 5230:2020, and to be kept up-to-date on everything important in the compliance sphere via our webinars.

From a strategic perspective we are executing on the vision shared at the beginning of 2021: to scale engagement from thousands to tens of thousands of companies. With recent developments regarding open source, security and supply chain management the necessity of this is ever more clear.

There are three things to watch for in Q1 2022:
• The new board member announcements and their implications for geographies and sectors,
• Updated materials for suppliers to make OpenChain ISO/IEC 5230:2020 adoption even easier,
• Announcements regarding how we will work even more closely with others in the compliance and security domain.

Thank you for all your support in 2021. I look forward to collaborating with you to make 2022 another milestone in our field.


The Institute of Software of the Chinese Academy of Sciences is the Second Third Party Certifier in China

 

Good day everyone, far and wide!

We open 2022 with continued exciting news in China. The Institute of Software of the Chinese Academy of Sciences has joined our partner program as the second official third-party certifier based in the Chinese Mainland. This builds on a strong year of supply chain infrastructure creation in 2021 and is an indicator of what is to come throughout 2022:
https://www.openchainproject.org/featured/2022/01/10/iscas-certifier


REMINDER: Resetting the OpenChain calendars for 2022

 

All our events are done. Our calendar and invites will be rebooted in January. Please check you do not have any orphan calendar items. Delete everything 🙂

==

The OpenChain Project has had a tremendous 2021. Our local and global events have been both focused and relentless, pushing the boundaries on the largest corpus of compliance information, the largest automation case study and the largest compliance community in the world.

As we enter 2022 it is time to catch our breath. There are two ways this will happen.

(1) To make room for everyone’s holiday schedule, our Bi-Weekly Webinars on the 20th of December and the 4th of January are cancelled, along with our Bi-Weekly Work Group call on the 27th of December. We resume our meetings and our webinars from the 11th of January.

(2) We are rebooting our calendar. After five years of intense activity and multiple mail clients, people are finding orphans. Please delete ALL meetings related to OpenChain in your calendar. Anything after the Korean Work Group meeting on the 20th of December is invalid. You will get an updated calendar starting 4th of January.

I am looking forward to the new year, where we will be doing a lot to drive the industry forward both refreshed and with fully accurate scheduling :)

Regards

Shane


ACTION REQUIRED: OpenChain Participation Certificates

 

Recently the Linux Foundation has been recognizing the amazing contributions of our community through digital certificates. For example, if you have been a speaker at an event, you will have received one.

The OpenChain Project is going to do the same. As we enter 2022, OpenChain is prepare digital certificates to show what you have been doing in our community, and to show our appreciation.

We would like you to take a moment to fill out the form here with an overview of who you are, what work groups you are part of, and how long you have been in our community:
https://1drv.ms/x/s!AsXJVqby5kpnkTHvJmDpwpuZE2kP

Please help us recognize you with an official OpenChain certificate :)


Local Work Groups - $2,500 USD local budget

 

Hello all!

As we head into 2021 I wanted to make a small announcement. In 2022 each country work group will have a $2,500 USD budget for things like event catering, swag (t-shirts, stickers, etc) or other community activities.

Here is how it will work:
(1) You (local team) make a proposal with an estimated cost
(2) I review it
(3) We make it happen

Our goal is to supercharge our return to face-to-face meetings. Let’s make the new year super fun.

Regards

Shane


Re: Resetting the OpenChain calendars for 2022

 

Correction:

To make room for everyone’s holiday schedule, our Bi-Weekly Webinars the 20th of December and the 4th of January are cancelled, along with our Bi-Weekly Work Group call on the 27th of December. We resume our meetings and our webinars from the 11th of January.

🤦‍♂️🙇

On Dec 17, 2021, at 12:11, Shane Coughlan <scoughlan@...> wrote:

The OpenChain Project has had a tremendous 2021. Our local and global events have been both focused and relentless, pushing the boundaries on the largest corpus of compliance information, the largest automation case study and the largest compliance community in the world.

As we enter 2022 it is time to catch our breath. There are two ways this will happen.

(1) To make room for everyone’s holiday schedule, our Bi-Weekly on the 20th of December and the 4th of January are cancelled, along with our Bi-Weekly Work Group call on the 27th of December. We resume our meetings and our webinars from the 11th of January.

(2) We are rebooting our calendar. After five years of intense activity and multiple mail clients, people are finding orphans. Please delete ALL meetings related to OpenChain in your calendar. Anything after the Korean Work Group meeting on the 20th of December is invalid. You will get an updated calendar starting 4th of January.

I am looking forward to the new year, where we will be doing a lot to drive the industry forward both refreshed and with fully accurate scheduling :)

Regards

Shane


Resetting the OpenChain calendars for 2022

 

The OpenChain Project has had a tremendous 2021. Our local and global events have been both focused and relentless, pushing the boundaries on the largest corpus of compliance information, the largest automation case study and the largest compliance community in the world.

As we enter 2022 it is time to catch our breath. There are two ways this will happen.

(1) To make room for everyone’s holiday schedule, our Bi-Weekly on the 20th of December and the 4th of January are cancelled, along with our Bi-Weekly Work Group call on the 27th of December. We resume our meetings and our webinars from the 11th of January.

(2) We are rebooting our calendar. After five years of intense activity and multiple mail clients, people are finding orphans. Please delete ALL meetings related to OpenChain in your calendar. Anything after the Korean Work Group meeting on the 20th of December is invalid. You will get an updated calendar starting 4th of January.

I am looking forward to the new year, where we will be doing a lot to drive the industry forward both refreshed and with fully accurate scheduling :)

Regards

Shane


The First OpenChain Online Training With Individual Certification Is Available

 

The OpenChain Education Work Group and LF Training have collaborated on Introduction to Open Source License Compliance Management (LFC193), a free course with individual certification is now available.

Who Is It For

This course is intended for developers, project managers and executive decision makers who already know the basics of what open source software is and how copyrights work and are ready to take the next step towards building a formal compliance program for their organization.

What You’ll Learn

This course provides a reference example of how an open source compliance program should be structured. It is designed to be used in the context of OpenChain ISO/IEC 5230:2020 but can be used for any open source compliance program. The course provides knowledge from the basics of intellectual property through to key concepts of an open source review. It is based on real-world experience and focuses on outcomes that are directly applicable to product and service deployment. The outcome of this course will be a clear understanding of how to use compliance as business optimization, reducing resource use and increasing efficiency.

What It Prepares You For

This course enables you to deal with the basics of open source license compliance management. You will be able to assess the current status of your company and begin planning improvements to processes. If you are a project manager, engineer or management personnel with a responsibility for architecture and strategy, this course will be particularly useful.

Get Started Here
https://training.linuxfoundation.org/training/introduction-to-open-source-license-compliance-management-lfc193/

Huge kudos to Balakrishna and everyone else in the Education Work Team for making this happen :)


OpenChain PlayBook – Medium Company

 

The first OpenChain PlayBook is now available. It focuses on showing how a medium size company can go from considering to using OpenChain ISO/IEC 5230:2020.
https://www.openchainproject.org/featured/2021/12/16/playbook-medium-company

The OpenChain PlayBooks are intended to help you understand the types of decisions made by managers in companies adopting OpenChain ISO/IEC 5230:2020. We cover examples of the decision-process in small, medium and large companies. Our examples are based on companies (a) in the technology industry, (b) in the middle of the supply chain and (c) shipping physical products containing software.


OpenChain Person of the Year: Mark Gisi

 

As we head into the holiday season I wanted to take a moment and thank everyone for an exceptional year. The OpenChain Project has accomplished incredible things, from altering the status quo in the tooling landscape (and making it better) through to preparing our first online training course. Too many people to count assisted in this process. However, I wanted to give special thanks and acknowledgement to Mark Gisi, chairperson of the Specification Work Group. This year he lead an effort to conclusively bridge the gap between OpenChain ISO/IEC 5230 and the security domain.

This work was far more than speculative: companies around the world began using our ISO/IEC standard to accomplish security goals, especially in light of recent international developments. The situation was both supported and challenged by the market reality of deployment before full community cohesion. For large companies this is never a serious concern, but for small companies trying to get up-to-speed it is our job (and our pleasure) to make sure they can match their peers, their suppliers and their customers as soon as possible.

Mark took this all in his stride and coordinated a multi-month effort with exceptional consensus to produce our Security Assurance Reference Guide in August. Since that date the guide has been available to all parties for review, and Mark further shepherded feedback from that review to determine if updates were needed in the near term. They were not, because you all hit it out of the ballpark, and we got this artifact to market at precisely the right time to address topics like the US Executive Order.

Mark, thank you.

Now, Mark is far from the only person who has done exceptional things. I want to particularly thank Balakrishna for shepherding our first online training course (with certification) through reviews by many, many parties. We go live on the 16th December, tomorrow, and change the market in that direction. The course, of course, is free. I also want to thank Oliver, who has been running the OpenChain Reference Tooling Work Group on a breathtaking schedule of bi-weekly meetings. The sheer amount of information collected and experience shared eclipses anything done before in that domain. And finally in this list (but not in terms of amazing contribution), I want to thank Max for running the OpenChain Automation Case Study, which took all the ingredients around the world, and showed how to make them turnkey, how to many them work in the supply chain, and how to contextualize it as business intelligence.

See you all tomorrow at the Open Compliance Summit, and if not then, soon.

Regards

Shane


OpenChain Webinar #34 – The TODO Group

 

Our 34th webinar features Ana from the TODO Group digging into why Open Source Program Offices are useful, how TODO Group supports setting up and running these offices, and what is coming in the future.

Check it out here:
https://www.openchainproject.org/news/2021/12/09/webinar-34

Thanks Ana! Great presentation.