On the 29th of August, the OpenChain Automotive Work Group will hold its Q3 Meeting with talks by European and Asian stakeholders. It is recommended for all parties interested in managing open source in automotive and other critical industries. This meeting is a direct follow-up to the half-year assessment we held on the 14th of June.
During our half-year assessment we had excellent presentations from OSS Consultants, Volvo Cars and Hyundai Motor Corporation. You can check out the full recording and outcomes here:
https://www.openchainproject.org/news/2023/06/29/automotive-wg-2023-06-14
Our goal with these meetings is to promote knowledge-sharing and networking between people solving key process challenges in some of the most important and regulated market sectors in the world.
Register for the 29th August Meeting
https://zoom.us/meeting/register/tJIvdOuhqDopEtyOV2mKaSQwlYhLlq2NrkT3
Canopus, a specialized firm providing Digital Transformation Services, is the latest organization to announce adoption of the OpenChain Security Assurance Specification 1.1 (ISO/IEC DIS 18974).
“As the OpenChain Security Assurance Standard is poised to become a formal ISO standard, we are delighted to see continued traction in adoption from companies electing to be at the forefront of effective open source management,” says Shane Coughlan, OpenChain General Manager. “Canopus is a welcome addition to our growing roster of ISO/IEC DIS 18974 conformant organizations, and will serve as an inspiration to others.”
Learn More About Canopus
Canopus is a specialized firm providing SAP Consultation Services for over 120 customers. Our expert DBAs possess an average of 15 years of experience in database management and administration, thus ensuring your databases are safe, secure, and managed with the utmost level of care and expertise, specializing in SAP Systems.
Canopus has proven experience in delivering massive database migrations with very large landscapes of Global Companies. We are experts to handle online migrations with our unique and patented data migration process.
Canopus is an Expert Data Base Consulting Company that specializes in SAP, Analytics. SAP Platform Migrations and other SAP Life Cycle projects such as upgrades, Business Continuity (DR), Performance Optimization, ILM, multi-layer tuning (App, Network, DB, HW, Storage), RCA, and issue resolution for extremely tough problems in SAP environments. Having been Established in 2014 by Domain Experts.
Our Strategic Business Associates with SAP & IBM. As our expertise, SAP Online Migrations we offer consulting services for SAP. Latest Products including HANA, HYBRIS, IBM Advanced Analytics, SAP on DB2 & Mobile first.
The most recent OpenChain Education Work Group call saw work continue on our training material. Check out what Nathan and team discussed in the recording below.
Interested in Helping?
Join our education mailing list to contribute thoughts, ideas and suggestions.
https://lists.openchainproject.org/g/education
The OpenChain Project is delighted to welcome National Financial Technology Certification Center (Beijing) as our latest official certification partner. Our collaboration will enable more FinTech and Financial Sector organizations in China to adopt the OpenChain standards for open source license compliance and security assurance.
NFTC would like to
- organize financial institutions to participate in the collaborative efforts for updating OpenChain standards, helping financial institutions have broader exposure to and integration into the global supply chain. and
- enhance the project’s influence within the financial industry, promote the international standardization of OpenChain ISO/IEC 5230 in the field of open-source license compliance, and foster its adoption in the industry.
About NFTC
NFTC is a reputable third-party certification agency dedicated to serving the financial industry, and the first national-level certification institution in China. Established in 2011 through the decision of the People’s Bank of China (The central bank of China), and approved by the National Administration for Market Regulation and the Certification and Accreditation Administration of China, NFTC is committed to providing quality certification, testing and evaluation, and assessment services for products, services, systems, infrastructure, and other aspects of the financial industry.
OpenChain Mini-Summit September 2023
September 21st 2023 at 09:00-12:00 Spanish Time (CEST)
You are invited to join the OpenChain Mini-Summit adjacent to Open Source Summit Europe.
Our focus will be on:
- Discussing the new ISO standard for security
- Automation for open source compliance and security
This is an hybrid physical and virtual event. It is free of charge for all participants.
Due to in-person space being limited, we invite everyone to register for the virtual event, and to email scoughlan@linuxfoundation.org if they want a seat at the physical event.
We previously planned to hold this Mini-Summit on Monday the 18th of September, but we have moved it to Thursday the 21st of September to avoid overlap with the SPDX Mini-Summit covering SPDX 3.0.
Register for the OpenChain Mini-Summit Here
https://zoom.us/meeting/register/tJIuduGpqjwjGtJqMYPosKE06BZdbKE8ddwj
= Language 語言 =
This event will be held mainly in English. Part of the sessions will be delivered in Mandarin. Please see the agenda below for details.
這次的活動將以英文為主要語言來進行,部分議程則將以中文進行,詳如議程表後標示。
= Register =
= Overview =
OpenChain 協助產業在碰觸或思索開源合規 (Open Source Compliance) 爭議或政策時,有一套流程可以提供參考!
這場工作坊將會介紹 OpenChain 專案,同時也邀請國內外的開源合規專家來分享實務經驗,特別是在日本流行起來的 SBOM (Software Bill of Materials) 及 OSPO (Open Source Program Office) 。OpenChain 的推動過程中如何會遭遇到什麼樣的困難,又有什麼克服的方法 ? 若是你正在使用、正要接觸開源軟體,或者是單純想要了解開源軟體,都歡迎你一起加入討論!
什麼是 OpenChain ?
OpenChain 已在 2020/12/16 正式成為 ISO 認證(ISO/IEC 5230:2020),透過導入 OpenChain ISO 標準,供應鏈裡各參與廠商將能清楚了解在哪個開發環節使用哪些自由開源軟體,並進一步釐清發生授權問題的解決方案。
開源軟體在全世界的應用非常廣泛,隨著開源軟體的商業化,複雜的開源授權規定也讓許多商業使用者不知所措,而層出不窮的侵權糾紛,也讓開源合規的議題逐漸受到企業重視。隸屬於 Linux Foundation Project 的 OpenChain 專案透過簡化及標準化開源合規實務,使企業、組織可更為有效滿足開源合規,從而建立產業供應鏈對開源軟體的信任。包含微軟、Google、高通、西門子、Sony 與 Uber 等都已採用OpenChain 進行開源合規管理並通過 OpenChain 認證。
= Agenda 議程 =
13:30~14:00|Check-In
14:00~14:10|Opening 開場
14:10~14:40|OpenChain – From One Standard To A Family
English / Shane Coughlan, General Manager at OpenChain Project, The Linux Foundation
14:40~15:10|如何建立開源管理機制,做到安全又合規? How to construct an open source managing system to achieve security & compliance?
Mandarin / 中文 / Singing Li, CEO, Open Culture Foundation (李欣穎,開放文化基金會執行長)
15:10~15:40|Break – Tea Time
15:40~16:10| “SBOM” and “OSPO” in JAPAN
English / Masato Endo, Group Manager of Driver Monitoring Group, Toyota.
16:10~16:40| 深入淺出國際開源資安標準 OpenChain Security Assurance Specification
Mandarin / 中文 / SZ Lin (林上智), Chief Expert, Bureau Veritas
16:40~17:00|Q & A
= Information / 相關資訊 =
- OpenChain 台灣社群官網
https://openchain-project.github.io/OpenChain-TWG/ - OpenChain 台灣社群 Telegram
https://t.me/joinchat/O6BDhVXYm17Bm8_4s-aZIg - OpenChain Project / OpenChain計畫官網
https://www.openchainproject.org
= Location / 場地位置 =
集思北科大會議中心 205 瑞特廳
地址:台北市忠孝東路 3 段 1 號-億光大樓 2 樓 ( 197 號旁邊棟)
= Contact / 聯絡信箱 =
若您對於本活動有任何的問題或意見,歡迎透過電子郵件信箱 taiwan-wg@lists.openchainproject.org 或直接到 OpenChain telegram 頻道提出。
The Export Control work group is collaborating on a pre-existing website conversion project.
This involves:
- Getting reviews going for the per-country files.
- Thinking about common attributes of country files.
This is the website we are working on converting from HTML to MarkDown:
We are working on it here:
We have a bunch of issues opened:
Since the last call we have closed a few:
- https://github.com/crypto-law-survey/crypto-law-survey/issues/14
- https://github.com/crypto-law-survey/crypto-law-survey/issues/15
- https://github.com/crypto-law-survey/crypto-law-survey/issues/6
Check out the recording below to see what we did next.
Provisional minutes. Recording below.
(1) We are doing to do a reset of the group to help people engage more, especially with regards bringing back more technical people and technical updates.
(2) First, we use the Sharing Creates Value GitHub repo as the single source of truth for organizing things from now on, including (a) new content, (b) polls for next steps and (c) arranging future meetings.
(3) We move to a new agenda that brings back the emphasis on engineering as follows:
– News (~10 mins?);
– Technical discussions unpacking open source tools etc (~30-40 mins?);
– Update on the meta level (capabilities map) (~10 mins?).
(4) We will also introduce a fix group of chairs (volunteers) to help ensure the meetings are driven forward while not overloading any one person. Redundancy and mutual support is the goal.
- Seeking a volunteer to help run the 3rd Tuesday of August 🙂
- Shane can help run both meetings in September.
- Marcel is going to help run the first meeting in October.
Other items:
Make the Global Calendar clearer – including timezone offsets – so people can use this as the single-source of truth for confirming our call times. Done. See:
https://www.openchainproject.org/participate
We covered a lot of ground in this meeting. Check out the full recording below. The current document is here:
Andrew updated the core language substantially and it looks like we are near release:
Carlo submitted a patch with new language covering the verification that a Declaration is not just pro-forma:
We decided to move non-core language to the Risk Grid and then have that queued as an item for review and reorder after the core is published:
We also discussed what to do when we move to a milestone release document rather than this initial drafting phase:
Next Steps
We move towards release of the core language with a final Request for Comments, and then we turn our attention to updating the Risk Grid.