Skip to main content
search
Category

Featured

Mar 13
Love0

OpenChain ISO/IEC Featured In Journal Of Software (软件学报)

By Featured, News

OpenChain ISO/IEC 5230:2020 is featured positively in the ‘Survey on Open-source Software Supply Chain Security’ published in the Journal Of Software (软件学报) Volume 33, Issue 3, 2023.

This article by JI Shou-Ling, WANG Qin-Ying, CHEN An-Ying, ZHAO Bin-Bin, YE Tong, ZHANG Xu-Hong, WU Jing-Zheng, LI Yun, YIN Jian-Wei and WU Yan-Jun is worth reading in full for insight from a key market space for open source.

In recent years, the vigorous development of open source software and the modern software development and supply models have greatly facilitated the rapid iteration and evolution of open source software, resulting in increased social benefits. The emerging collaborative software development model of open source has transformed the software development supply process from a relatively linear path to a complex network structure. Within open-source software’s complex and intertwined supply relationships, the overall security risk trend has significantly increased, drawing increasing attention from the academic and industrial communities. This work tries to define the new open-source software supply chain model and, based on attacks that have occurred over the past decade, summarizes the threat model and security trends of the open-source software supply chain. For securing the open-source software supply chain, this work provides a systematic overview from the perspectives of risk identification and reinforced defense and also highlight the new challenges and opportunities.

https://www.jos.org.cn/josen/article/abstract/6717

Want To Learn More About Journal Of Software?

The Journal of Software (ISSN 1000-9825) is a Chinese comprehensive academic journal of computer software which is jointly hosted by the Institute of software, the Chinese Academy of Sciences (ISCAS) and China Computer Federal (CCF). Founded in 1990, the Journal of Software focuses on the latest innovative high-level scientific and technological achievements of great significance in the field of computer software. It advocates academic democracy and promotes academic discussion and exchange of the researchers in and out of China.

Check out their website: https://www.jos.org.cn/josen/home?id=20171219032526650&name=Home

Mar 10
Love0

OpenChain Project One Slide Overview Updated

By Featured, News

The one slide overview of the OpenChain Project has been updated to provide simple, clear messaging about how and why our work provides value to companies in the supply chain.

This document is available in PDF format, PNG format, PPTX format or ODP format. You may take it, use it, share it and remix it freely using the terms of the CC0 license, effectively public domain.

You can help us improve this document, translate it and convert it into new formats through the OpenChain GitHub Reference Library. We are actively seeking a MarkDown version for ease of future iteration.

Mar 09
Love0

ISO/IEC 5230 One Pager Updated

By Featured, News

The ISO/IEC 5230 one page overview has been updated to provide simple, clear messaging about how and why the International Standard for open source license compliance provides value to companies in the supply chain.

This document is available in PDF format, PNG format or InDesign format. You may take it, use it, share it and remix it freely using the terms of the CC0 license, effectively public domain.

You can help us improve this document, translate it and convert it into new formats through the OpenChain GitHub Reference Library. We are actively seeking a MarkDown version for ease of future iteration.

Mar 07
Love0

OpenChain Export Control Work Group – Third Meeting – 2023-03-07 – Recording

By Featured, News

The OpenChain Export Control Work Group held its third meeting on the 7th of March at 08:00 UTC. The focus was on reviewing the new volunteer project being set up at https://github.com/crypto-law-survey to explore the continuation of Bert’s http://www.cryptolaw.org/ as a general community resource.

Collaborate with your peers on this topic:

Mar 07
Love0

Webinar: FOSDEM Recap

By community, Featured, News, Webinar

This OpenChain Webinar featured a FOSDEM recap by Philippe Ombredanne of NexB for everyone who did not attend the event in Belgium at the start of 2023. In 2023 FOSDEM had over 8,000 participants and 771 presentations, making it one of the largest open source events in the world by a large margin. This webinar will be of particular interest to people exploring open source tooling for open source compliance or security.

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #49, released on 2023-03-07.

Feb 28
Love0

OpenChain Newsletter #51

By Featured, Monthly Newsletter, News

Newsletter – Issue 51 – February 2023

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. This is a community newsletter, so we accept suggestions and ideas, and you can contact us by mail at any time.

Cool Statistic To Start The Year

The OpenChain Project now has 10 official third-party certifiers for our license compliance and security assurance standards.

You can now get third-party certified with ISO/IEC 5230 or the OpenChain Security Assurance Specification 1.1 anywhere in the world… and you have plenty of choice about who to work with. Of course, you have options when adopting our standards. The most common thing is actually for companies to start with self-certification, so if you are new to this… Learn more here)

Nice Outreach News

OpenChain now has a Wikipedia page about ISO/IEC 5230. Huge thank you to Marc-Etienne Vargenau at Nokia for making this happen.

Huge Revamp Of OpenChain Material Underway

Our reference library of over 1,000 documents to help you learn about our standards, train people or suppliers around open source, get policy templates, self-certification checklists and more has been totally overhauled. It is now easier to find material, easier to share material and easy to translate material.

We have also dramatically improved our community calendar to make it much easier to find our events, webinars and more.

ISO/IEC 5230:2020 Conformance

Yes Security and Panx Project announced adoption of our ISO/IEC standard for open source license compliance via the OpenChain website. Both companies self-certified. Yes Security is the first company from Brazil to announce conformance via our website. Well done!

Partner News

It was an exciting month for us on the partner side of things. First of all, we had OSPOCO and Taylor English Join The OpenChain Partner Program, and we had TIMETOACT GROUP Offer Open Source Certification Based On ISO/IEC 5230. However, the banner headline (as mentioned in the cool statistic section of this newsletter) is that we now have 10 official third-party certifiers around the world.

OpenChain Meetings And Events

Lots of recordings and minutes for those catching up this month.

Our global calls – where we edit the next generations of the license compliance and security assurance standards:

Other community meetings:

On the “external collaboration” side of things we had an OSS Compliance in 2022 / 2023 event co-organized with FOSSID. We were also featured with a speech and Q&A session at an OpenAnolis Standardization SIG Meeting in China at the invitation of Alibaba.

Webinars

This month we had two webinars. One covered new security tools and one unpacked fascinating data points around GPLv2 licensing. Did you know there have been 40 versions of the GPLv2 published on its official websites and there have been 12 different versions found in the Linux Kernel? Definitely a webinar to watch if you are interested in the licensing side of things.

Want to join our calls? Watch our webinars? Just check out our global calendar.

Training Material In The Supply Chain

Last month we mentioned that Continental Corporation made LFC193 a required course for their software developers from late Q3 2022. Since then we had two other soft announcements from community members about their adoption.

Coming Soon

For those wanting a sample of what’s on the community calendar for March…

Finally… If You Want To Talk About OpenChain…

Our new community education slides are now available. You will find a full overview of the project here and speaker notes to help you talk about what we do.

Check Out All Our Previous Newsletters:
https://www.openchainproject.org/newsletter

Quick Links

Legal: All trademarks belong to their respective owners. This newsletter is licensed under Creative Commons Attribution-NoDerivatives 4.0 International (CC BY-ND 4.0).

Feb 27
Love0

Coming Soon: OpenChain Export Control Work Group – Third Meeting – 2023-03-07

By Featured, News

The OpenChain Export Control Work Group will hold its third meeting on the 7th of March at 08:00 UTC. The focus will be on reviewing the new volunteer project being set up at https://github.com/crypto-law-survey to help explore the continuation of Bert’s work on http://www.cryptolaw.org/ as a general community resource.

Zoom Meeting

https://zoom.us/j/93456802267Meeting ID: 93456802267

One Tap Mobile

+13052241968,,93456802267# US
+16475580588,,93456802267# Canada

Feb 27
Love0

Coming Soon: OpenChain Webinar #49 – FOSDEM Recap – 2023-03-06

By Featured, News

The next OpenChain Webinar will feature a FOSDEM recap by Philippe Ombredanne of NexB for everyone who did not attend the event in Belgium at the start of 2023. The webinar will take place between 10:00 and 11:00 UTC (11:00 CET – 12:00 CET) on the 6th of March 2023.

We will use the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

This call is open to every individual and company regardless of their membership of Linux Foundation or the OpenChain Project.

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

Compare timezones:
https://www.worldtimebuddy.com

Join via one tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number:
https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

Feb 24
Love0

OpenChain Reference Library – Complete Overhaul

By Featured, News

The OpenChain Reference Library has been significantly updated to improve navigation. This is an administrative item that was pending for a while. Its completion should make it possible (and easy!) for anyone to access our library and find material. It should also make it a lot easier for our Education Work Group to assess and improve or expand existing material.

Access The Repository

The New Structure

Some Notes

This new structure is designed to overcome discoverability issues with the previous repository and to make it easier for continual improvement both of individual documents and for the navigation of the repository as a whole. This means that your feedback, suggestions and help are most welcome. You can leave feedback and ideas for improvement as GitHub issues or via our Education Work Group mailing list.

Close Menu