Shane Coughlan

The OpenChain 2.1 Specification (License Compliance) / ISO/IEC 5230:2020 Standard is now available in MarkDown as part of our ongoing effort to make editing and translation of our material easier:
https://github.com/OpenChain-Project/License-Compliance-Specification/blob/master/Official/en/2.1/openchainspec-2.1.md

Spot an issue? Have a suggestion? Submit your notes here:
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/new/choose

Check currently open issues here:
https://github.com/OpenChain-Project/License-Compliance-Specification/issues

The OpenChain Automotive Work Group will host its next meeting as a virtual event on the 11th of November between 16:00-17:00 JST (2022-11-11 07:00 UTC). Everyone is welcome. This event will be an important taste of what we expect to do around the automotive supply chain in 2023.

Join us without registration here:

• https://zoom.us/j/4377592799

Agenda:

1. Introductions by Endo-san(Toyota)
2. Automotive and OSS news in 2022 by Endo-san (Toyota)
3. Developments in OpenChain by Shane-san (OpenChain)
   – Security Assurance Spec entering ISO
   – License Compliance Spec entering review in October
   – Company Playbooks (Small, Medium, Big)
   – New conformance support (online, checklists)
4. SBOM Discussion by Watanabe-san, Ito-san, Endo-san, Shane-san
   – Introduction of SBOM by Watanabe-san (Hitachi Solutions)
   – Standardization of SBOM by Ito-san (Renesas Electronics)
   – Discussion about Implementation of SBOM in the industry
5. Discussion: Next steps of Automotive WG by all
6. Close of meeting

Our Key Speakers:

Questions and comments very welcome! You can contact us and also contribute to all our activities via the OpenChain Automotive Work Group mailing list:
https://groups.io/g/openchain-automotive-work-group

In this episode, our host Karsten Hohage talks with our guest Shane Coughlan about OpenChain by the Linux Foundation and some other projects that build trust in the supply chain. Shane gives an overview of developments around open source and intellectual property over the last 20 years. We also learn about why OpenChain can be compared to shipping containers, and how organizations like the NSA have embraced Linux for secure US government operations.

Check out the full recording here:

• https://podcast.opensap.info/open-source-way/2022/10/26/linux-foundation-building-trust-in-software-supply-chains/

About The Open Source Way

A podcast with open source enthusiasts about open source trends, topics and projects.

Sometimes it is not the obvious that makes a difference. And sometimes it is not the price that determines value. Sometimes it is just a drop that drives a wave. This podcast is about the difference, value or drop that open source can be. Each episode we talk with experts about open source related topics and why they do it the open source way.

The OpenChain small company playbook (version 1) has been updated as part of our ongoing effort to make it easier to edit and translate OpenChain reference material. You can get it here:

• https://github.com/OpenChain-Project/Reference-Material/blob/master/PlayBooks/Official/Version-1/Small-Company/en/OpenChain%20PlayBook%20-%20Small%20Company.md

Do you have ideas for improving this playbook? You can submit them in this email thread or by opening an issue on GitHub:

• https://github.com/OpenChain-Project/Reference-Material/issues/new/choose

The OpenChain Project took center stage alongside our peers at OpenSSF and TODO Group during the OSPOlogy.live event hosted by Ericsson in Sweden on the 19th and 20th of October 2022. The main presentation slides are available now for your review.

Learn about the OSPOlogy.live event in Sweden:

• https://community.linuxfoundation.org/events/details/lfhq-todo-group-europe-presents-ospologylive-workshop-sweden/

We are preparing a new path to conformance document via GitHub. The current iteration is biased towards ISO/IEC 5230, the International Standard for open source license compliance. We invite you to take a look, help expand it, and especially help to add material to support the OpenChain Security Assurance Specification.

• https://github.com/OpenChain-Project/Reference-Material/blob/master/Path-to-Conformance/Official/en/path-to-conformance-version-1.md

You can contribute by opening issues:

• https://github.com/OpenChain-Project/Reference-Material/issues

Or you can join our education mailing list:

• https://lists.openchainproject.org/g/education

The OpenChain Project has a new slide template for meetings and presentations. You will find it here:

• https://github.com/OpenChain-Project/Reference-Material/tree/master/Meeting-and-Presentation-Slide-Template/Official/en

Please feel free to use this for your work groups, advocacy around the project, and to help education people inside your company or supply chain.

Please Note:

The OpenChain Project Meeting and Presentation Template contains the OpenChain trademark and can only be used for matters related to OpenChain Project activities. This template also contains The Linux Foundation trademarked logo. The Linux Foundation trademark policy can be found here:

• https://www.linuxfoundation.org/legal/trademark-usage

To use the OpenChain trademark for commercial activities please join the OpenChain Partner Program:

• https://www.openchainproject.org/partners