Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.
emlix offers industrial-grade Linux for the digitalization and secure networking of devices, machines and plant throughout the entire product life cycle. For more than 20 years, they have been transferring system knowledge, innovations from the open source world and market knowledge into the products of more than 350 customers.
This week we have the following international meetings:
Tuesday 2nd April:
– OpenChain AI Study Group – Monthly Workshop for North America and Europe @ 14:00 UTC
– OpenChain Monthly North America / Europe Call @ 16:00 UTC
Wednesday 3rd April:
– OpenChain Automation Work Group Meeting (European Morning) @ 08:00 UTC
Thursday 4th April:
– OpenChain Telco Work Group Meeting (European Morning) @ 07:00 UTC
– OpenChain Telco Work Group Meeting (European Afternoon) @ 14:00 UTC
You can check out all our international meetings and get instructions on adding our calendar to your client here:
Newsletter – Issue 64 – March 2024
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.
Our community released the following meeting recordings via our main channel:
Note: Some community meetings are not recorded or released through other channels
The OpenChain Project maintains two ISO/IEC standards designed to help optimize business process management around open-source software. One of the standards, ISO/IEC 5230:2020, focuses on how to establish and run a quality open-source license compliance program. Another of the standards, ISO/IEC 18974:2023, focuses on how to establish and run a quality open-source security assurance program. Taken together, these standards provide a reliable, efficient and effective way to manage the open-source supply chain.
This case study will highlight the use of ISO/IEC 5230:2020 by a company providing mission-critical services to enterprise clients around the world.
For BlackBerry’s particular use-case, OSS Consultants recommended a centralized solution that enabled a single process to serve the business. This allowed BlackBerry to utilize our expertise to further develop in-house OSPO capabilities, reduce their tooling spend, and provide better holistic coverage based on a single strategy that included a single set of standards and principles.
The ISO/IEC 5230 recertification process provided an excellent opportunity to assess lessons learned and consider these not only from the company perspective, but also with respect to larger supply chain optimization.
참석사
●[Improvement] ZA/NM05 – Proposed rewording for 3.1.5
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/18
●[Improvement] Add triage entry to specific situations where vulnerability not appliable
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/29
●[New Material] What is a quality or complete SBOM for licensing or security use cases?
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/32
We held a special workshop in Shinagawa on March 18th focused on case studies about open source business process management in China. The main topic was how ISO 5230 and ISO 18974 are being used from upstream project to commercial ecosystem.
We used an operating system ecosystem called openEuler as the basis for our case studies. openEuler is an emerging operating system ecosystem in China with 36.8% of the server operating system market, 17,000+ developers and 500+ projects. It is hosted by the OpenAtom Foundation, and a healthy ecosystem of companies creating products exists around it. OpenChain ISO 5230 and OpenChain ISO 18974 are at the center of how business processes are managed in openEuler.
This webinar discusses a Universal CVSS Calculator released by {metæffekt} GmbH. The open-source online tool is intended to support the assessment of vulnerabilities with their various CVSS scores from multiple authorities. It was created due to the lack of CVSS calculators which could ingest multiple vectors with different CVSS versions and compare the scores consistently.
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
This is OpenChain Webinar #69, released on 2024-03-22.
Monday 18th March:
– OpenChain Deep Dive – Case Study of Establishing and Maintaining Supply Chain Best Practices Across a Complete Operating System Ecosystem – openEuler @ 00:00 UTC
– OpenChain Webinar: Universal CVSS Calculator @ 09:00 UTC
Tuesday 19th March:
– OpenChain Monthly North America / Asia Call @ 01:00 UTC
Wednesday 20th March:
– OpenChain Automation Work Group Meeting (European Afternoon) @ 16:00 UTC
You can check out all our international meetings and get instructions on adding our calendar to your client here:
On the 6th of March the OpenChain AI Study Group held a special AI workshop instead of the regular AI call. It provided an opportunity to deep dive into the topic with experts from Qualcomm and Arm, and a chance to ask questions or share ideas. The call on the 14th of March was a chance to brief OpenChain AI Study Group participants on the outcomes, and to discuss next steps.
You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
You can find and get the dial-in details for all future AI Study Group meetings from our participate page here:
© 2024 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
