We talk Security Assurance Reference Guide. Updated version coming soon? Looks like it.
Stay up-to-date with our telco work group mailing list:
Check out our previous meeting:
SCANOSS is the latest company to announce participation in the OpenChain Project partner program.
“The standards promoted by the OpenChain Project have helped us to converge on a more interoperable SBOM that will further reduce friction in the software supply chain,” says Alan Facey, Chief Disruptor, SCANOSS. “SCANOSS exists to enable companies of all sizes to run a quality open source compliance program without having to rely on commercial vendor tools. Our partnership with OpenChain reinforces our commitment to the open source community and the ‘freedoms’ it embodies.”
“Automation is a key aspect of effective open source compliance,” says Shane Coughlan, OpenChain General Manager. “SCANOSS joins our partner program as another global vendor supporting software bill of materials in a manner that promises increased transparency and interoperability in the supply chain. Of particular note is their commitment to providing the scanning technology itself as open source, providing an additional layer of assurance regarding sustainability in a complex, fast moving market.”
About SCANOSS
SCANOSS is an open, configurable OSS Inventory engine that was built specifically for developers, empowering them to confidently produce compliant code from the moment they begin writing, while delivering greater license and usage visibility for the broader DevOps team and supply chain partners. With its open architecture that is easy to integrate into existing processes and toolchains, SCANOSS transforms software bill of materials (SBOM) creation from ‘write now, audit later’ to an always-on analysis of live code. By freeing developers to focus on writing great, compliant code that they and their team can completely trust, applications are finished earlier, quality is consistently higher, and development costs are dramatically lower.
About OpenChain
The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.
About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.
Linux is a registered trademark of Linus Torvalds.
The OpenChain Japan Work Group is one of the most active and oldest parts of the OpenChain Project. Featuring hundreds of people and around one hundred companies, it is a key source of reference material, standard development and general knowledge-sharing. The meetings are held in Japanese but all are welcome to attend. No registration is necessary.
Venue
Zoom: https://lnkd.in/dd7isumy
Meeting ID: 99975267803
Password
]>guXS~6
Agenda
16:00 -16:02 Opening
16:02 -16:10 Keynote by Shane Coughlan
16:10 -16:20 about OpenChain Japan WG by S.Kato from Panasonic
16:20 -17:00 Case study “Growing Open Source Culture Inside Sony” by K.Sato from Sony
17:00 Closing
NEC Corporation, a Fortune 500 company and a leader in the integration of IT and network technologies, is the latest company to announce an OpenChain ISO 5230 Conformant program. This builds on their social values of safety, security, fairness and efficiency to promote a more sustainable world, and underlines a long-standing commitment to excellence in governance.
“NEC is proud to support the international standard for open source license compliance,” says Kimio Suganuma, General Manager of OSS Promotion Center. “It builds on our multi-decade support of open source in business environments. We look forward to continued collaboration with the global governance community, and helping to ensure supply chains are efficient and trustworthy.”
“NEC has been involved in the OpenChain Project for a considerable period,” says Shane Coughlan, OpenChain General Manager. “Like many companies, NEC manages complex internal and external supply chains. OpenChain ISO 5230 is ideally suited to improving effectiveness and efficiency across such supply chains, and it provides additional value in reducing friction in procurement, security and M&A. We look forward to collaborating with NEC in the months and years to come.”
About NEC Corporation
NEC Corporation has established itself as a leader in the integration of IT and network technologies while promoting the brand statement of “Orchestrating a brighter world.” NEC enables businesses and communities to adapt to rapid changes taking place in both society and the market as it provides for the social values of safety, security, fairness and efficiency to promote a more sustainable world where everyone has the chance to reach their full potential. For more information, visit NEC at https://www.nec.com.
About OpenChain
The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.
About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.
Linux is a registered trademark of Linus Torvalds.
From the Eclipse Foundation Newsroom
BRUSSELS – October 19, 2021 – The Eclipse Foundation AISBL, a global community fostering a mature, scalable, and business-friendly environment for software collaboration and innovation, has announced that it is the first open source software foundation to confirm that its open source development and license management processes are OpenChain ISO 5230 conformant. This means that all Eclipse Foundation open source projects are developed under an ISO 5230 conformant program which fulfills the license compliance requirements of the standard.
“Certifying that our development process is OpenChain ISO 5230 conformant is another step in showcasing our foundation’s role in the global open source ecosystem which is critical to today’s innovation-driven economy,” said Mike Milinkovich, Executive Director of the Eclipse Foundation. “We are thrilled to provide our worldwide contributors, users, adopters, and stakeholders the opportunity to benefit from a more efficient and effective open source supply chain.”
OpenChain ISO 5230 is a simple, clear and effective process management standard for open source license compliance. The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program.
Interested parties can find out more about this open standard here – https://www.openchainproject.org/about
Supporting Quotes
Bosch
“Open Source is at the center of many products within Bosch,” says Marcel Kurzmann, representative of Bosch in the OpenChain Governing Board, Robert Bosch GmbH. “Having OpenChain compliant supply chains is a key building block for an efficient handling of the Open Source parts. Thus, we welcome the initiative of the Eclipse Foundation to develop Open Source projects in an OpenChain compliant way.”
SAP
“Open source is at the heart of many SAP solutions and our innovation strategies in segments such as Industry 4.0,” said Peter Giese, Director of SAP Open Source Program Office, SAP. “Being able to both contribute to and consume Eclipse Foundation projects developed under OpenChain conformant processes simplifies and enhances the open source supply chain for us, our partners and customers.”
Daimler
“FOSS is everywhere! It is in the vehicles we sell, in the mobile apps we provide, in our backend systems and websites, and even used on the shop floor every day. To foster OpenChain conformance in our open source supply chain we recommend our software suppliers to get certified and commit to this ISO standard”, says Christian Wege, member of FOSS CoC at Daimler.
OpenChain Project
“The heart of open source is collaboration and Eclipse Foundation is an exemplary example of where such collaboration takes place,” says Shane Coughlan, OpenChain General Manager. “I look forward to our ongoing engagement as we help foster a new phase in open source supply chains. We are reaching an era where OpenChain ISO 5230 and related standards are the key to rapid, clear management of code.”
About the Eclipse Foundation
The Eclipse Foundation provides our global community of individuals and organizations with a mature, scalable, and business-friendly environment for open source software collaboration and innovation. The Foundation is home to the Eclipse IDE, Jakarta EE, and over 400 open source projects, including runtimes, tools, and frameworks for cloud and edge applications, IoT, AI, automotive, systems engineering, distributed ledger technologies, open processor designs, and many others. The Eclipse Foundation is an international non-profit association supported by over 330 members, including industry leaders who value open source as a key enabler for their business strategies. To learn more, follow us on Twitter @EclipseFdn, LinkedIn or visit eclipse.org.
Third-party trademarks mentioned are the property of their respective owners.
###
Media contacts
Schwartz Public Relations for the Eclipse Foundation, AISBL
Julia Rauch / Sophie Dechansreiter / Tobias Weiß
Sendlinger Straße 42A
80331 Munich
EclipseFoundation@schwartzpr.de
+49 (89) 211 871 – 43 / -35 / -70
Nichols Communications for the Eclipse Foundation, AISBL
Jay Nichols
jay@nicholscomm.com
+1 408-772-1551
This webinar unpacked some of the topics related to agile development in the supply chain. A popular concept, it nevertheless relies on structure to ensure “agile” does not mean “messy.”
Check Out The Rest Of Our Webinars
This is OpenChain Webinar #31, released on 2021-10-11.
The recording of our recent mini-summit is now available. Huge thanks to Mark Gisi for leading the discussion with a focus on our Security Assurance Reference Guide.
Please note: this was a face-to-face event with dial-in support. We had some audio issues on the dial-in. The recording has been adjusted to remove sections of blank space and noise.
The OpenChain Korea Work Group will hold its 11th meeting on the 2021-09-30 (Thursday) between 14:00 and 16:00 KST. You can join the meeting via Zoom: https://line.zoom.us/s/97987235521
Learn More About This Meeting
Learn More About The OpenChain Korea Work Group
