Skip to main content
Category

Featured

OpenChain Export Control Work Group – Third Meeting – 2023-03-07 – Recording

By Featured, News

The OpenChain Export Control Work Group held its third meeting on the 7th of March at 08:00 UTC. The focus was on reviewing the new volunteer project being set up at https://github.com/crypto-law-survey to explore the continuation of Bert’s http://www.cryptolaw.org/ as a general community resource.

Collaborate with your peers on this topic:

Webinar: FOSDEM Recap

By community, Featured, News, Webinar

This OpenChain Webinar featured a FOSDEM recap by Philippe Ombredanne of NexB for everyone who did not attend the event in Belgium at the start of 2023. In 2023 FOSDEM had over 8,000 participants and 771 presentations, making it one of the largest open source events in the world by a large margin. This webinar will be of particular interest to people exploring open source tooling for open source compliance or security.

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #49, released on 2023-03-07.

OpenChain Newsletter #51

By Featured, Monthly Newsletter, News

Newsletter – Issue 51 – February 2023

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. This is a community newsletter, so we accept suggestions and ideas, and you can contact us by mail at any time.

Cool Statistic To Start The Year

The OpenChain Project now has 10 official third-party certifiers for our license compliance and security assurance standards.

You can now get third-party certified with ISO/IEC 5230 or the OpenChain Security Assurance Specification 1.1 anywhere in the world… and you have plenty of choice about who to work with. Of course, you have options when adopting our standards. The most common thing is actually for companies to start with self-certification, so if you are new to this… Learn more here)

Nice Outreach News

OpenChain now has a Wikipedia page about ISO/IEC 5230. Huge thank you to Marc-Etienne Vargenau at Nokia for making this happen.

Huge Revamp Of OpenChain Material Underway

Our reference library of over 1,000 documents to help you learn about our standards, train people or suppliers around open source, get policy templates, self-certification checklists and more has been totally overhauled. It is now easier to find material, easier to share material and easy to translate material.

We have also dramatically improved our community calendar to make it much easier to find our events, webinars and more.

ISO/IEC 5230:2020 Conformance

Yes Security and Panx Project announced adoption of our ISO/IEC standard for open source license compliance via the OpenChain website. Both companies self-certified. Yes Security is the first company from Brazil to announce conformance via our website. Well done!

Partner News

It was an exciting month for us on the partner side of things. First of all, we had OSPOCO and Taylor English Join The OpenChain Partner Program, and we had TIMETOACT GROUP Offer Open Source Certification Based On ISO/IEC 5230. However, the banner headline (as mentioned in the cool statistic section of this newsletter) is that we now have 10 official third-party certifiers around the world.

OpenChain Meetings And Events

Lots of recordings and minutes for those catching up this month.

Our global calls – where we edit the next generations of the license compliance and security assurance standards:

Other community meetings:

On the “external collaboration” side of things we had an OSS Compliance in 2022 / 2023 event co-organized with FOSSID. We were also featured with a speech and Q&A session at an OpenAnolis Standardization SIG Meeting in China at the invitation of Alibaba.

Webinars

This month we had two webinars. One covered new security tools and one unpacked fascinating data points around GPLv2 licensing. Did you know there have been 40 versions of the GPLv2 published on its official websites and there have been 12 different versions found in the Linux Kernel? Definitely a webinar to watch if you are interested in the licensing side of things.

Want to join our calls? Watch our webinars? Just check out our global calendar.

Training Material In The Supply Chain

Last month we mentioned that Continental Corporation made LFC193 a required course for their software developers from late Q3 2022. Since then we had two other soft announcements from community members about their adoption.

Coming Soon

For those wanting a sample of what’s on the community calendar for March…

Finally… If You Want To Talk About OpenChain…

Our new community education slides are now available. You will find a full overview of the project here and speaker notes to help you talk about what we do.

Check Out All Our Previous Newsletters:
https://www.openchainproject.org/newsletter

Quick Links

Legal: All trademarks belong to their respective owners. This newsletter is licensed under Creative Commons Attribution-NoDerivatives 4.0 International (CC BY-ND 4.0).

Coming Soon: OpenChain Export Control Work Group – Third Meeting – 2023-03-07

By Featured, News

The OpenChain Export Control Work Group will hold its third meeting on the 7th of March at 08:00 UTC. The focus will be on reviewing the new volunteer project being set up at https://github.com/crypto-law-survey to help explore the continuation of Bert’s work on http://www.cryptolaw.org/ as a general community resource.

Zoom Meeting

https://zoom.us/j/93456802267Meeting ID: 93456802267

One Tap Mobile

+13052241968,,93456802267# US
+16475580588,,93456802267# Canada

Coming Soon: OpenChain Webinar #49 – FOSDEM Recap – 2023-03-06

By Featured, News

The next OpenChain Webinar will feature a FOSDEM recap by Philippe Ombredanne of NexB for everyone who did not attend the event in Belgium at the start of 2023. The webinar will take place between 10:00 and 11:00 UTC (11:00 CET – 12:00 CET) on the 6th of March 2023.

We will use the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

This call is open to every individual and company regardless of their membership of Linux Foundation or the OpenChain Project.

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

Compare timezones:
https://www.worldtimebuddy.com

Join via one tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number:
https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

OpenChain Reference Library – Complete Overhaul

By Featured, News

The OpenChain Reference Library has been significantly updated to improve navigation. This is an administrative item that was pending for a while. Its completion should make it possible (and easy!) for anyone to access our library and find material. It should also make it a lot easier for our Education Work Group to assess and improve or expand existing material.

Access The Repository

The New Structure

Some Notes

This new structure is designed to overcome discoverability issues with the previous repository and to make it easier for continual improvement both of individual documents and for the navigation of the repository as a whole. This means that your feedback, suggestions and help are most welcome. You can leave feedback and ideas for improvement as GitHub issues or via our Education Work Group mailing list.

OpenChain @ Wikipedia

By Featured, News

The OpenChain Project is officially featured on Wikipedia in three languages:

  1. English
  2. French
  3. German

Example of the text in English:

ISO/IEC 5230 (known as OpenChain) is an international standard on the key requirements for a high-quality open source license compliance program. The standard was published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in late 2020. The standard is based on the Linux Foundation OpenChain Specification 2.1. It focuses on software supply chains, easier procurement and license compliance. Organizations that meet the requirements of the standard can self-certify to ISO/IEC 17021, from an accredited certification body or after successfully completing an audit.

We would love your help in reviewing and improving this new resource to help spread understanding of our standard for open source license compliance, and expanding our presence over time to include the OpenChain Security Assurance Specification. You can do so through the normal Wikipedia editing process. Here is an example for the English page.

Huge thanks to Marc-Etienne Vargenau at Nokia for leading this process. He put a lot of effort into making this happen, and is due great credit for helping to improve the supply chain through easily available educational material.

OpenChain Monthly Meeting 2023-02-21 (North America and Asia) – Recording

By Featured, News

Our latest monthly meeting for North America / Asia continues where we left off on the North America / Europe call earlier this month (see https://www.openchainproject.org/news/2023/02/10/monthly-meeting-2023-02-07-recording). The focus was work around the next generation of the Security Assurance Specification.

Watch Our Meeting

On this call we addressed the following issues with the Security Assurance Specification 2.0 Draft:

  1. We prepared and refined definitions of remediation and mitigation:
    https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/22
  2. We included “remediation” and “mitigation” in Section 3.1.5:
    https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/25
  3. We included “mitigation” in Section 3.3.2:
    https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/26
  4. We clarified the “Get Customer” requirement in Section 3.3.2 to make the logic clearer:
    https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/27

All of the issues appear “done” but naturally you can access, review and reopen on GitHub. We will also be speaking about these topics on the next call for North America / Europe on the 1st Tuesday of March. See our Global Calendar for the precise schedule:
https://www.openchainproject.org/participate

Review Our Slides

Yes Security is the latest OpenChain ISO/IEC 5230 Conformant Organization

By Featured, News

Yes Security…

… aims to offer high quality, performance and reliable products, ensuring the protection, security and productivity of its customers. The provision of personalized services, in an agile and assertive way is one of our main focuses, acting in the identification and resolution of problems, guiding the IT professional on the functionalities of the tools, ensuring the full use of the resources offered by it. With a close relationship with manufacturers and distributors it is possible to offer affordable projects that suit the needs of each company.

Learn More