Shane Coughlan

The OpenChain Project featured prominently at this event held in China via a talk (slides below) and participation in the end panel discussion on next steps in IPR around open hardware. This is part of our long-term commitment to supporting a trusted supply chain, and an awareness that the supply chain will inevitably consist of both hardware and software.

OpenChain @ RIOS Open-Source Hardware IP Licensing and Policy Workshop from Shane Coughlan

Xmirror Security, a Chinese DevSecOps company, has joined the OpenChain Partner Program.  With a founding team specialized in network security technologies from Peking University, Xmirror Security is uniquely positioned to help clients secure the software supply chain.

From now on, Xmirror Security will support ISO 5230, the international standard for Open Source license compliance, and construct a healthy Open Source ecosystem and a trusted software supply chain in collaboration with other global corporations like Google, Microsoft and Meta.

“The OpenChain Project has been a contributor to the Open Source security ecosystem for a significant numbers of years,” says Shane Coughlan, OpenChain General Manager. “We seek to ensure trust in the supply chain, and our new partnership with XMIRROR will help to accelerate this mission in the Chinese market. We look forward to supporting companies of all sizes seeking excellent around the use of Open Source.”

Initiated by Linux Foundation, OpenChain is a project aiming at setting and maintaining the international standard for Open Source license compliance, which offers companies a more efficient solution for the consistency of Open Source license compliance. Currently, hundreds of magnates from multiple fields have joined OpenChain, building trust in Open Source among software supply chain stakeholders.

“Xmirror Security is glad to be an OpenChain partner and construct a more trusted and efficient Open Source supply chain and ecosystem together with the whole community,” says Ziya, Founder & CEO, Xmirror Security. “OpenChain shares our view of the Open Source supply chain security risks and challenges faced by corporations during digital transformation. To ‘manage Open Source risks through an Open Source solution’, we provide professional technical support and community service for corporations and developers through our Open Source SCA tool, OpenSCA. In the future, we will be hand in glove with not only OpenChain but also more Open Source partners to build up a more open, inventive and energetic Open Source community based on China software supply chain security and empower more users from diverse industries.”

More Commentary from Xmirror

While Open Source is gaining popularity in software development, the risk of Open Source components vulnerabilities and license compliance is also noteworthy. Focuses on Integrated detection and defence of continuous threats in DevSecOps software supply chain with two engines of code-vaccine and active defence technologies, our self-developed 3rd generation DevSecOps AI-Adaptive Threat Management System mainly includes both integrated development and operation agile security products covering pivotal parts from threat modelling, Open Source management, threat revealing, threat simulation as well as detection and response, and software supply chain security service characterized by the actual attack and defence confrontation. Thousands of corporations have embraced our solution for an efficient software supply chain.

Moreover, depending on its leading ability to detect Open Source application vulnerabilities, OpenSCA has been recognized as one of the most Valuable Open Source Projects in Gitee.

We attach great importance to cooperating with other organizations relevant to Open Source and software supply chain. Apart from joining OpenChain, we’ve been selected as one of the first members of Trustworthy Open Source Compliance and Software Supply Chain Security Lab launched by CAICT. Being committed to the original aspiration and mission of defending software supply chain security, Xmirror Security will actively participate in the joint contribution to the Open Source Ecosystem.

About Xmirror Security

The Xmirror Security founding team originated from the white hat hacker team of Peking University. Through years of accumulation of offensive and defensive confrontation key technologies and the accumulation of cutting-edge technologies such as deep learning, the founding team has creatively developed an intelligent adaptive threat management system for the new generation of DevSecOps IT strategic framework, with top offensive and defensive combat experience. It can ensure the life cycle of software supply chain security, promote the defense level of real business with intelligent automatic attack technology, and empower government and enterprise organizations to achieve security self-adaptation and self-growth.

The recordings from the recent Korea Work Group Meeting #14 are now available on their local website. Check them out here:

• https://openchain-project.github.io/OpenChain-KWG/meeting/14th/

You will find material covering the global project activities, local activities, SFC vs Vizio analysis and an overview from FOSSID.

You can subscribe to the Korea Work Group mailing list here and keep up with all their activities:

• https://lists.openchainproject.org/g/korea-wg

The OpenChain Project is delighted to collaborate with our sister project, TODO Group, around OSPOCon at Open Source Summit Europe. OSPOCon is where those working in open source program offices in organizations that rely on open source technologies come together to learn and share best practices, experiences and tooling to overcome challenges they face.

Open Source Summit Europe takes place between September 13th and 16th in Dublin, Ireland.

Learn More:

• https://events.linuxfoundation.org/open-source-summit-europe/about/ospocon/

The OpenChain Korea Work Group is meeting today. You will find the dial-in details and the agenda below. The meeting will be held in Korean and all are welcome to attend.

안녕하세요, OpenChain Korea Work Group 멤버 여러분! 장학성입니다. 

다음주 화요일 오후 2시에 2분기 정기 미팅이 예정되어 있습니다. : 
https://openchain-project.github.io/OpenChain-KWG/meeting/14th/

*일시

-2022. 6. 21 (화) 오후2시~

-장소 : Zoom – https://line.zoom.us/j/99864787993?pwd=UnVtMEl3L3BHZVM0STdGRlN6cG5Mdz09

pw: 123123

(회의 공간을 제공해주신 라인플러스 이서연님께 감사합니다. ^^ )

*Agenda

1 OpenChain Global Update        Shane Coughlan, Linux Foundation –

2 OpenChain KWG Update          장학성, SK텔레콤 –

3 SFC vs. Vizio, GPL 소송 판결 겉핥기        장학성, SK텔레콤 Link

4 소그룹 모임 (Case Study)          All        –

Dirk Riehle will deliver our 43rd webinar as we explore Inner Source and the OSPO. He will introduce inner source, its significance for the open source program office, and how to quantify and solve the problem of intellectual property value flows inside companies.

Join us at 06:00 UTC on the 14th of June right here:
https://zoom.us/j/4377592799

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

Compare timezones:
https://www.worldtimebuddy.com

Join via one tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number:
https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

Learn More About Our Speaker

• https://dirkriehle.com/about/