Shane Coughlan

The OpenChain Korea Work Group had an excellent meeting on the 28th of March 2023. This was the 17th meeting in total for the group, and the first face-to-face meeting since COVID caused a global shutdown in 2020. The meeting had a packed schedule of global overviews, local tooling, AI legal matters and more. We were kindly hosted by the LINE team at their offices in Seoul. Special thanks to Seo Yeon Lee from LINE for her coordination and to Haksung Jang from SK Telecom for his leadership of the group.

Our Korean community is notable for its excellent spirit and humor. We had great networking, plenty of jokes, and a chance to meet and greet new members. Attendees were left with a strong impression of positive things to come in 2023.

Our next Korea Work Group meeting will be hosted by Kakao. If you are interested in attending or more generally in collaborating with us, please check out the local community website and mailing list:

• https://openchain-project.github.io/OpenChain-KWG/en/

Suzhou Prism Colorful Information Technology Co., Ltd. is the latest company to complete self-certification to OpenChain ISO/IEC 5230, the International Standard for open source software license compliance.

From our UK Work Group Chair, Andrew Katz:

First of all, a big thank-you to Tom Sadler and David Buckhurst [at the BBC] for hosting the meeting yesterday. I’m sorry not to be able to make the meeting personally and I remain envious! And thank you also to all those who took the time to attend, both virtually and in person. Thank you also to Shane for a great update on everything going on in the world of OpenChain, and to Martin Yagi for the great work he’s done on the bite-sized training project. Also, thanks to Steve Kilbane for his questions and thoughts on the end-to-end compliance issue, and also to Sami for his input and agreeing to hold the fort. I hope that, for those who travelled, that you had safe and uneventful journeys home. 

I will be circulating a note shortly summarising the outcomes from the meeting, and suggesting some dates for the next meeting, which will also be a hybrid in-person/virtual event, probably at the end of May or the beginning of June. 

This post will be updated with Andrew’s notes as they become available.

During our presentation and open discussion with the LG Electronics team, we also had a chance to tour the offices and see recent awards for things like the release and growth of the FOSSLight Project.

The OpenChain Project was at LG Electronics on the 27th of March to discuss the current market and developments around trust in the supply chain.

There was a special meeting and presentation hosted at SK Telecom to SK Group companies on 2023-03-27. Haksung Jang of SK Telecom, and the leader of the Korea Work Group, kindly wrote a summary of the event. Find some of the introduction and conclusion below, with a link to the full article as well.

Take it away Haksung!

기업이 개발하는 제품 소프트웨어의 93% 이상이 오픈소스를 사용한다고 할 정도로 현대 소프트웨어 개발에 오픈소스를 사용하는 건 거의 필수적입니다. 

그런데, 사용하는 오픈소스의 53%는 라이선스 컴플라이언스 이슈가 있고, 81%는 보안 취약점을 갖고 있다는 보고가 있습니다. 

복잡한 현대 소프트웨어의 개발환경과 방대한 Software Supply Chain을 고려한다면, 

기업이 오픈소스로 제품을 개발하면서 라이선스 컴플라이언스와 보안 취약점 리스크 최소화를 위한 오픈소스 관리 노력이 필요한데요, 

Linux Foundation의 OpenChain Project는 이러한 노력을 커뮤니티 차원에서 여러 기업이 공유와 협업으로 함께 하기 위한 Project입니다.

2023년 3월 27일, OpenChain Project의 General Manager인 Shane Coughlan이 SK텔레콤을 방문하여 OpenChain Project의 주요 활동, 

오픈소스 관련 국제 표준 및 글로벌 동향에 관해 설명하는 시간을 가졌습니다.

이 자리에는 SK텔레콤 OSRB와 SK그룹 오픈소스 협의체 멤버(SK플래닛, SK쉴더스, SK(주), Supex추구협의회 등)가 참여하여 다양한 의견을 나누었는데요,

이날 Shane은 OpenChain Project에 대해 소개하고, 어떻게 글로벌 협력을 통해 Software Supply Chain에서의 오픈소스 관리 이슈를 공동으로 해결해 가는지 설명하였습니다. 

이 글에서는 주요 내용을 소개하려고 합니다.

글을 마치며

OpenChain Project는 기업의 오픈소스 관리 영역도 오픈소스의 공유와 협업 방식을 적용하여 모두 함께 적은 비용과 리소스로 높은 수준의 리스크 관리 practice를 달성하기 위한 커뮤니티입니다. 

이러한 취지에 공감하는 기업들이 모여 있는 곳이 OpenChain Korea Work Group입니다. 

OpenChain Korea Work Group에는 100명에 가까운 기업의 오픈소스 담당자들이 메일링리스트에 가입하여 활동하고 있습니다. 

마침 코로나 이후 3년만에 오프라인 모임이 3월 28일에 있었습니다. 다음 글에서 이에 대해 자세히 다루겠습니다.

Shane과의 미팅 세션 이후에는 SK텔레콤 Tech HR팀의 후원으로 맛있는 점심을 즐겼습니다. (상기님 감사합니다~ ^^ )

Our 50th webinar will feature Alexios Zavras, Chief Open Source Compliance Officer at Intel Corporation and a long-term friend and collaborator around the OpenChain Project. This time the topic will be SPDX 3.0, a significant generational update to SPDX, a sister standard to OpenChain ISO/IEC 5230 and OpenChain ISO/IEC DIS 18974.

SPDX is a Software Bill of Materials (SBOM) specification, so it operates one layer down from the fundamental processes outlined by OpenChain’s standards, and it provides an excellent way to meet our requirements for an SBOM to be used by companies. The second generation of SPDX has been an ISO/IEC standard for two years as ISO/IEC 5962. The third generation shows interesting promise as a way to manage license compliance, security and more.

Join For Free Via Our Zoom Room

• https://zoom.us/j/4377592799

Our regular monthly meeting continued our work to edit the next generation of our license compliance and security assurance specifications. Our focus this time was on some open issues around the next generation of the Security Assurance Specification.

The specific issues we covered:

Add triage entry to specific situations where vulnerability not applicable:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/29

Outcome: improved language suggested, needs work to further tighten phrasing.

Comments on the Known Vulnerability in the proposed Security Assurance Specification:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/19

Outcome: issue closed with adjustment to language in the specification.

Current draft of next generation security specification here:
https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security-Assurance-Specification/2.0/en/openchain-security-specification-2.0.md

The slides we used are below

The OpenChain Project is delighted to be part of the OSPO Summit held in Beijing during March 2023. You can check out our speech from the event below.

Learn more about the event

• https://www.bagevent.com/event/8365674