Shane Coughlan

In the last few days Linux Foundation has publicly announced Joint Development Foundation (JDF) as an ISO/IEC JTC 1 PAS submitter and provided more information on how JDF will support OpenChain and other specifications to become ISO standards moving forward. This is an extremely important media inflection point for our community and for the broader global collaborations creating effective, adopted and mature de facto standards.

While the basic news is not new to the OpenChain community (you know we are using JDF to submit a ISO standard and you know that OpenChain is the first standard going this route), blog posts by The Linux Foundation and the media coverage is very useful for helping to explain our work to others. Some key excerpts below.

“This week, we are proud to announce that the Joint Development Foundation (JDF), which became part of the Linux Foundation family in 2019, has been accepted as an ISO/IEC JTC 1 PAS (“Publicly Available Specification”) Submitter. The OpenChain Specification is the first specification submitted for JTC 1 review and recognition as an international standard. The JDF was formed to simplify the process of creating new technical specification collaboration efforts.  Standards and specifications are vitally important for the creation or advancement of new technologies, ensuring that the resulting products are well defined, provide predictable performance and that different implementations can interoperate with one another.”

Read More

• https://www.linuxfoundation.org/blog/2020/05/joint-development-foundation-recognized-as-an-iso-iec-jtc-1-pas-submitter-and-submits-openchain-for-international-review/

Read More in Japanese

• https://www.linuxfoundation.jp/blog/2020/05/joint-development-foundation-recognized-as-an-iso-iec-jtc-1-pas-submitter-and-submits-openchain-for-international-review/

We have seen some great media coverage. One of the best articles can be found in Linux Insider. A key quotation below:

“JDF projects now have a clear path from open source project or specification to an internationally recognized standard. The OpenChain specification is JDF’s first standard to be submitted. The OpenChain standard is a specification that identifies the key requirements of an open source compliance program. It is designed to build trust between companies in the supply chain while reducing internal resource costs. The outcome is increased trust and consistency in open source software across the supply chain. International standardization will help to guide the evolution of the OpenChain Specification from de facto to de jure standard, a process that will assist procurement, sales and other departments to engage with OpenChain-related activities, according to [Seth Newberry, executive director of the JDF].”

Read the Full Article

• https://linuxinsider.com/story/linux-foundation-joins-ranks-of-international-standards-submitters-86672.html

Finally, if you are wondering why OpenChain is talking about this PR now, about seven days from release, the answer is pretty simple. I (Shane Coughlan, General Manager) wanted to check out the media coverage and select the most concise, clearly messaged article to share. I believe this blog post and mailing list post, and the links it references, provide an excellent on-boarding point for a wider audience. People in procurement. People in sales. People in marketing. Please do share this message.

I am happy to take questions at any time at scoughlan@linuxfoundation.org or via a scheduled call using the link below.

• https://calendly.com/shanecoughlan

The OpenChain Project has launched a series of bi-weekly free webinars that provide access to people and knowledge that we would otherwise obtain at events. We hold our fourth meeting on Monday the 18h of May at 5pm Pacific with two guest speakers.

This time we are unpacking the newly released SPDX 2.2. SPDX, as a leading industry standard for Software Bill of Materials, plays a pivotal role in the implementation of practical manual and automated compliance programs.

Kate Stewart, Sr. Director of Strategic Programs at the Linux Foundation, will explain how SPDX 2.2 works and what it means for the community. Kate has been a key driver of this standard over the last 10 years and can answer all your questions about what the current standard means, what projects support it, and the current state of the tooling landscape.

Yoshiyuki Ito, Principal Expert at RENESAS Electronics, will provide an overview of SPDX Lite. This is a “Profile” for the SPDX 2.2 standard that helps companies deploy the Software Bill of Materials to match certain workflows, particularly with respect to suppliers to large companies using existing processes. Ito San and others in the OpenChain Japan Work Group created SDPX Lite to help ensure that the standard could seek adoption in as many production environments as possible with minimal friction.

Each talk will run for 10~15 minutes and there will be plenty of time for questions, comments and suggestions. As with all OpenChain Project activities, our goal is to facilitate knowledge-sharing between peers.

Everyone is invited to join this free webinar via zoom. It will also be recorded and made available later on our website.

Join Our Zoom Meeting

• https://zoom.us/j/9990120120

Password *

• 123456

One Tap Telephone (no screensharing)

• +358 9 4245 1488,,9990120120# Finland
• +33 7 5678 4048,,9990120120# France
• +49 69 7104 9922,,9990120120# Germany
• +852 5808 6088,,9990120120# Hong Kong
• +39 069 480 6488,,9990120120# Italy
• +353 6 163 9031,,9990120120# Ireland
• +81 524 564 439,,9990120120# Japan
• +82 2 6105 4111,,9990120120# Korea
• +34 917 873 431,,9990120120# Spain
• +46 850 539 728,,9990120120# Sweden
• +41 43 210 71 08,,9990120120# Switzerland
• +44 330 088 5830,,9990120120# UK
• +16699006833,,9990120120# US (San Jose)
• +12532158782,,9990120120# US

Find your local number: https://zoom.us/u/abeUqy3kYQ
Not all countries have available numbers.

After dialing the local number enter 9990120120#

The OpenChain Reference Tooling Work Group held its 15th meeting on the 13th of May. This meeting covered general updates in the tooling space and a deep dive into TERN for container compliance.

Catch up on minutes from all previous meetings

• https://github.com/Open-Source-Compliance/Sharing-creates-value/tree/master/Tooling-Landscape/Meeting-Material

OpenChain Webinar 3 was held on the First Monday of May 2020 and featured talks on contribution policies, M&A and due diligence.

View the Webinar

The speakers have made their slides available to the community. Please find the slides below in the order which they were presented.

Contribution Policies (Tobie @ UnlockOpen)

'Open source contribution policies that don’t suck!' from Shane Coughlan

M&A (Leon and Tony at GTC Law)

'A brief introduction to the impact of open source software on M&A and other transactions' from Shane Coughlan

Due Diligence (Andrew @ Orcro)

'Using OpenChain as a framework for M&A transactions' from Shane Coughlan

The OpenChain Project was introduced by Shane Coughlan, General Manager at the latest NTIA Software Bill of Materials Framing Group meeting. The OpenChain industry standard provides a framework for companies to implement efficient compliance activities, including identification on ingest and export, using manual or automated approaches. Software bill of materials play a large part in optimizing this space, especially in the supply chain.

Watch the Presentation

Get Involved in the NTIA Discussion

• https://lists.sei.cmu.edu/mailman/listinfo/ntia-sbom-framing

OpenChain provides introduction slides to help individuals and organizations understand our mission and goal. These slides include speaker notes to help our community present to interested parties. The latest version is now available for viewing, downloading and sharing.

A Brief Introduction to OpenChain – May 2020 from Shane Coughlan

The full recording of the Virtual All Member Meeting #1 is now available (Japanese language).