Nathan continues to lead collaboration around the OpenChain education material. We have a lot of reference material, ranging from self-certification to training to policy material, and the community is currently preparing updates to help people get started more quickly. Our goal is not only to make adopting our license compliance and security assurance standards easier, but also to provide great material that can be repurposed for other aspects of open source management.
Yes Security…
… aims to offer high quality, performance and reliable products, ensuring the protection, security and productivity of its customers. The provision of personalized services, in an agile and assertive way is one of our main focuses, acting in the identification and resolution of problems, guiding the IT professional on the functionalities of the tools, ensuring the full use of the resources offered by it. With a close relationship with manufacturers and distributors it is possible to offer affordable projects that suit the needs of each company.
Learn More
The OpenChain Korea Work Group is holding its 17th meeting between 14:00 and 16:00 on the 28th of March 2023. This will be the first physical meeting of the work group since COVID hit in 2020. Learn more at the event link:
https://openchain-project.github.io/OpenChain-KWG/meeting/17th/
안녕하세요, OpenChain KWG 멤버 여러분! 장학성입니다.
새로운 한해를 뜻깊게 시작하고 계신가요?
2023년 1분기 모임을 코로나 이후 처음으로 다시 오프라인으로 모입니다. 두근두근!:
https://openchain-project.github.io/OpenChain-KWG/meeting/17th/
- 일시 : 2023년 3월 28일 (화), 오후 2시~4시
- 장소 : 라인플러스 (분당구 서현동)
세부 장소는 추후 공지 드리겠습니다. (장소를 제공해주신 라인플러스 이서연님 감사합니다! ^^)
This OpenChain Webinar features an overview of GPLv2 licensing fragmentation based on research initiated by Philippe Ombredanne of NexB and continued by Armijn Hemel of Tjaldur Software Governance Solutions. The key takeaway is that a significant number of variations exist (40 “vanilla” copies from the FSF or GNU website, 12 with the Linux kernel linking exception in the Linux kernel), but the impact of these variations is nuanced. The requirements do not change but the variability may throw errors for automation and review. Process awareness is required.
Check Out All Our Past Webinars Here:
Check Out The Rest Of Our Webinars
This is OpenChain Webinar #48, released on 2023-02-15.
Panx Project is:
A digital consultancy and community solutions organization. Each year we launch projects aimed to address a social, technological, or economical issue. Working with and training job seekers, startups, NGOs and enterprises on developing their own framework to leverage the latest industry standards and cutting-edge technology. Some of these clients include: Mumm, Zoho and Monginis.
Learn More
We had a fantastic meeting focused on editing previously submitted scope suggestions from ISO/IEC WG/SC 27 (Information Technology Security). This time we went over issues submitted by reviewer CERT. In addition to this, we closed an open issue syncing the definition of Open Source between the licensing (ISO 5230) and security specifications.
Co-chairs Helio and Chris lead the discussion, and we had some great contributions from the audience. It is clear that there is significant interest in reviewing the draft 3rd generation licensing standard and 2nd generation security standard. You are reminded that everyone is invited to participate on the monthly calls and via our main or specification mailing lists.
Specifically..
We closed this open source definition issue:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/20
We set this action item based on a suggestion by CERT:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/22
We decided not to pursue this suggestion by CERT:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/23
We decided not to pursue this suggestion by CERT:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/24
Watch The Recording
Check Out Our Meeting Slides
Join Our Specification Mailing List
See When Our Next Monthly Calls Take Place
The first face-to-face OpenChain Japan Work Group meeting in three years is being hosted by Hitachi Solutions and will feature our usual exceptional schedule of case studies and discussion. Big thank you to Ayumi and team for providing a great place to bring the community together. Virtual attendees are also being supported via Zoom.
OpenChain Japan Work Group【第26回全体会合】【第1回ハイブリッド会合】
★2023年2月9日(木)15:00-17:00 JST
★ハイブリッド形式(リアル会場+オンライン参加)
★リアル会場:日立大森ビル
★オンライン会場:
https://zoom.us/j/4377592799
★東芝さんの事例紹介2件と日立ソリューションズさんのOSSツール紹介1件を企画しています。
アジェンダ:
15:00 – 15:01 Opening
15:01 – 15:10 Keynote by Shane Coughlan
15:10 – 15:20 OpenChain Japan WGについて
15:20 – 15:30 日立ソリューションズのOSSへの取り組み 渡邊
15:30 – 15:45 OSS紹介:「SPDX用拡張機能 on VSCode」明石(日立ソリューションズ)
15:45 – 15:55 休憩
15:55 – 16:25 事例紹介:「オープンソースコンプライアンスのためのプロセスマネジメント標準ISO/IEC 5230の適合に向けて」忍頂寺、樽家(東芝)
16:25 – 16:55 事例紹介:「OSSライセンスコンプライアンスを遵守するためのOSS教育の整備と全社展開」小山(東芝)
16:55 Closing
IT company deepens partnership with OpenChain Project and expands open source software offering.
TIMETOACT GROUP is now an official third-party certifier for the ISO/IEC 5230 standard managed by OpenChain, enabling it to offer official certifications in addition to consulting services on open source license compliance. With the deepening of the partnership between OpenChain and TIMETOACT, customers have even more choice around services available for open source software.
The use of open source software – just like proprietary software – is based on various license terms. It is important to maintain these requirements in order to ensure smooth business operations and avoid conflicts with third parties. The OpenChain ISO/IEC 5230 international standard aims to identify the key requirements for a high-quality open source license compliance program. It enables companies to reduce their risk potential by adapting the standard through self-certification, independent assessment or third-party certification such as TIMETOACT GROUP. Within TIMETOACT GROUP, ARS software engineering specialists provide the certifications.
“We are happy to join OpenChain’s certifier network, thus providing companies of all sizes and industries with the critical components for successful open source compliance programs. This partnership grants our customers added value through the opportunity to obtain the OpenChain ISO/IEC 5230 certification seal,“ says Simon Pletschacher, Manager IT Performance Strategy at TIMETOACT GROUP.
“We are delighted to welcome TIMETOACT GROUP to our comprehensive network of certifiers, allowing us to provide companies of all sizes and industries with easy access to the essential components of superior open source compliance programs,“ says Shane Coughlan, General Manager OpenChain.
About TIMETOACT GROUP
TIMETOACT GROUP modernizes and integrates IT applications for upper mid-sized companies and corporations in order to increase their agility, efficiency and transparency. For innovative customers, TIMETOACT GROUP also develops and implements digital business models and opens up new market opportunities.
Services include: Consulting, Cloud Transformation, Data, Software and Systems Engineering in the area of Employee Experience, Business Applications and Customer Experience.
For more information see www.timetoact-group.com/en or www.timetoact-group.com/en/details/open-source-license-management
About OpenChain
The OpenChain Project has an extensive global community that involves thousands of companies collaborating to make the supply chain quicker, more effective and more efficient. We do this by maintaining ISO/IEC 5230:2020, the International Standard for open source license compliance, and our Security Assurance Reference Specification. We also have a large global community where knowledge is shared to reduce friction and increase efficiency across all aspects of open source process management.
About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage
Linux is a registered trademark of Linus Torvalds.
Press contact TIMETOACT GROUP:
Christin Louise Weber
OSPOCO and Taylor English are the latest participants in the OpenChain Project official partner program. OSPOCO provides on-demand, scalable open source program office support across community, technical and communication areas. Taylor English provides attorney oversight for all compliance matters and legal advice integrated with OSPOCO technical findings.
“We are delighted to work with OSPOCO on expanding the professional service ecosystem dedicated to OpenChain ISO/IEC 5230 and the OpenChain Security Assurance Specification,” says Shane Coughlan, OpenChain General Manager. “The increased awareness of predictable, sustainable open source process management in the supply chain is matched by an increased need for experienced providers. We look forward to investing time into ensuring growth in the North American market throughout 2023 matches the traction we have seen in Asia and Europe in 2022.”
“Following the OpenChain specifications is the best way for companies to understand and have control over their open source processes,” says Van Lindberg, CEO of OSPOCO and partner at Taylor English. “The OpenChain specifications are our blueprint for helping our clients mitigate supply chain risk and improve their open source ROI. We look forward to helping many more organizations achieve and maintain full compliance.”
Nathan will host an OpenChain Education Work Group meeting at 09:00 PST on the 9th of February with a focus on determining the key documents to present to people on the OpenChain Website, and the key documents we need to review and improve to help with onboarding and use of the standards.
Join via our usual Zoom room:
https://zoom.us/j/4377592799
