This week we have the following international meetings:
Tuesday 16th April:
– OpenChain Monthly North America / Asia Call @ 01:00 UTC
You can check out all our international meetings and get instructions on adding our calendar to your client here:
Security Assurance
The focus was on developing the Draft Security Assurance Specification 2.0, which may become an update to ISO/IEC 18974:2023 over time.
We closed the following issues:
[Improvement] ZA/NM05 – Proposed rewording for 3.1.5https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/18
Add triage entry to specific situations where vulnerability not applicable
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/29
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/32
We opened the following issues:
Expand definitions section for (1) Secure Software Development to include Secure Programming Techniques and (2) Security Testing to include Static and Dynamic
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/36
License Compliance
We also had a look at the Draft License Compliance Specification 3.0, which may become an update to ISO/IEC 5230:2020 over time.
We closed the following issues:
3.8 supplied software – for discussion in subsequent iteration
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/40
We have additional work to do on the following issues:
Verification Material For Training – next iteration
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/38
On the 2nd of April, the OpenChain AI Study Group continued its monthly AI workshop series to deep dive into the topic of AI compliance. On this call we narrowed down the focus area with a concluding decision to refine the discussion by taking the content of ISO 5230 and seeing what level of overlap there is with AI supply chain compliance. You can check out the full recording for a precise recap.
On the 11th of April, the OpenChain AI Study Group held its new regular recap meeting for Europe / Asia participants. This is not intended to push forward “the state of the art” in the discussion, but rather ensure Asian participants sync with the North America / Europe discussion, and to provide a platform for further input ahead of the next monthly workshop.
The Slides from This Call
The Recording of This Call
Track This Work
You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
Watch The Previous Meeting
The first Workshop to deep-dive into this topic and consolidate ideas was held on the 6th of March 2024:
Attend Future Meetings
You can find and get the dial-in details for all future AI Study Group meetings from our participate page here:
As the chairpersonship batten passes from Nathan to Andrew, Andrew lead a full assessment and discussion on next steps. A ton is happening, with the last year of work including updates to the reference training slides and supplier education leaflet pending release, the Telco SBOM Quality Guide now approved for final review and release as an official OpenChain resources, and new ideas on the table.
Check Out The Full Recording
Review The Slides
Be Part Of Next Steps
Join the Education Work Group mailing list to participate in the calls and async editing:
The Telco Work Group is continuing to focus on matters related to SBOM Quality. Learn more about how their new guide on that topic – currently in final approval with the Steering Committee – is shaping up in these recordings.
Morning Meeting
Afternoon Meeting
Learn More About This Group
Learn more about the Telco Work Group and their activities around topics like SBOM Quality on the dedicated mailing list:
On the 2nd of April the OpenChain AI Study Group continued its monthly AI workshop series to deep dive into the topic of AI compliance in the supply chain with experts from Qualcomm and Arm, and a chance for all parties who dial-in to ask questions or share ideas. On this call we narrowed down the focus area with a concluding decision to refine the discussion by taking the content of ISO 5230 and seeing what level of overlap there is with AI supply chain compliance. This is being done to potentially develop a proposal to the Governing Board to:
- Turn into a work group;
- Write a reference guide on the topic to explain the identified shared areas of concern.
Track This Work
You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
Watch The Previous Meeting
The first Workshop to deep-dive into this topic and consolidate ideas was held on the 6th of March 2024:
Attend Future Meetings
You can find and get the dial-in details for all future AI Study Group meetings from our participate page here:
This week we have the following international meetings:
Tuesday 9th April:
– OpenChain Webinar: Eclipse Apoapsis – Introduction into the abstraction layer concept idea @ 07:00 UTC
Wednesday 10th April:
– OpenChain Webinar: LF Management & Best Practices Portal @ 00:00 UTC
– OpenChain Education Work Group – Monthly Meeting @ 16:00 UTC
Thursday 11th April:
– OpenChain AI Study Group Call – Asia Sync Call @ 08:00 UTC
You can check out all our international meetings and get instructions on adding our calendar to your client here:
emlix offers industrial-grade Linux for the digitalization and secure networking of devices, machines and plant throughout the entire product life cycle. For more than 20 years, they have been transferring system knowledge, innovations from the open source world and market knowledge into the products of more than 350 customers.
Check out their website:
This week we have the following international meetings:
Tuesday 2nd April:
– OpenChain AI Study Group – Monthly Workshop for North America and Europe @ 14:00 UTC
– OpenChain Monthly North America / Europe Call @ 16:00 UTC
Wednesday 3rd April:
– OpenChain Automation Work Group Meeting (European Morning) @ 08:00 UTC
Thursday 4th April:
– OpenChain Telco Work Group Meeting (European Morning) @ 07:00 UTC
– OpenChain Telco Work Group Meeting (European Afternoon) @ 14:00 UTC
You can check out all our international meetings and get instructions on adding our calendar to your client here:
Newsletter – Issue 64 – March 2024
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.
Headline News
- KOSYAS is the first Official Third-Party Certifier in South Korea
- BlackBerry: Three-Way Case Study – The use of ISO/IEC 5230:2020 by a company providing mission-critical services to enterprise clients around the world
Outreach
Webinars
- Webinar: SCANOSS Export Control
- Webinar: Understanding GitHub Copilot
- Webinar: Universal CVSS Calculator
Meetings
Our community released the following meeting recordings via our main channel:
- OpenChain AI Study Group Call (Europe and Asia) 2024-02-29
- OpenChain Monthly North America and Europe Call – 2024-03-05
- OpenChain Education Work Group Meeting – 2024-03-05
- Outcomes of the Special OpenChain AI Workshop – 2024-03-06
- OpenChain Telco Work Group Meeting (European Morning) – 2024-03-07
- OpenChain AI Study Group Call (Europe and Asia) – 2024-03-14
- OpenChain Monthly North America – Asia Call – 2024-03-19
Note: Some community meetings are not recorded or released through other channels
