The OpenChain Export Control Work Group will hold its first meeting on the 22nd of November at 15:00 UTC (16:00 CET).
This meeting will have the following agenda:
(1) Introductions
(2) Overview of why export control matters from the perspective of open source and compliance
(3) Open discussion about how our community can contribute to the field
All welcome. Join here:
https://zoom.us/j/93456802267
Nathan has formally been elected Chair of the Education Work Group as per the process outlined below. From November onward he will be leading our work around developing and delivering best in class reference material to support a trusted supply chain.
The OpenChain Project has always had a strong focus on sustainability. As the maintainer of two industry standards, and the facilitator of a large supply chain community, our strategic position has always been to look at multi-year horizons.
As part of this, we are aware of the need to ensure our project reflects how people and activities adjust their priorities over time. A key example is the question it how we will address continuity in our work groups as our initial chairpeople reach the natural end of their tenure.
The answer is straightforward (as with most things in this project). We will introduce elections to allow chairs to rotate in a manner that is predictable and accessible.
To begin this process, we will see a transition with our Education Work Group. Balakrisha, after a stellar period of leading the group, has expressed a desire to allow another to carry the leadership torch as the next phase of project reference and training material is developed. This coincides nearly with some work we have been doing to adjust our Outreach Work Group into the more formal Outreach committee outlined in our charter, and the question of how to direct related volunteer energy and activity.
Nathan, chair of Outreach, stepped forward as a candidate for Education Work Group. A window for other parties to nominate was opened until before October 25th 2022. The process was determined to allow that if there were no other contenders, Nathan formally became chair of the Education Work Group with a one year term. He may be re-elected in the next cycle in the same manner as this time.
Throughout this quarter and into 2023 we will gradually introduce more elections, and by 2H 2023 all the primary OpenChain work groups should have completed the introduction of chair elections.
The OpenChain Project is ready to start accepting feedback to improve our license compliance and security standards.
OpenChain Security Assurance Specification:
https://github.com/OpenChain-Project/Security-Assurance-Specification
Easy way to suggest Security Assurance Specification improvements:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/new/choose
OpenChain License Compliance Specification (ISO/IEC 5230):
https://github.com/OpenChain-Project/License-Compliance-Specification
Easy way to suggest License Compliance Specification improvements:
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/new/choose
You can also send your suggestions to our specification mailing list:
https://lists.openchainproject.org/g/specification
Notes
Pre-existing submissions for the security assurance standard:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues
Pre-existing submissions for the license compliance standard:
https://github.com/OpenChain-Project/License-Compliance-Specification/issues
The OpenChain Security Assurance Specification 1.1 self-certification checklist is now available in Simplified Chinese. A big thank you to Zhang Jun Xia from CAICT for making this happen.
This checklist is designed to help organizations adopt the de facto standard for open source security assurance. Organizations using this self-certification process will also meet the requirements of the specification when it graduates the ISO/IEC JTC-1 PAS Transposition process, with an estimated arrival time of that International Standard in mid-2023.
The checklist contains a series of “yes” or “no” statements. If you can answer “yes” to everything, you are self-certified. If you answer “no” to some items, you know where to invest further time to build a quality security assurance program.
Do you want to get the English version of the self-certification checklist?
This checklist is licensed under CC-0 (effectively public domain), so you can take it, integrate it, and remix it without any restrictions. You do not even have to provide attribution.
We welcome contributions to improve this checklist. You can contribute by opening a GitHub issue here:
https://github.com/OpenChain-Project/Reference-Material/issues
The OpenChain Security Assurance Specification 1.1 self-certification checklist is now available. This is designed to help organizations adopt the de facto standard for open source security assurance. Organizations using this self-certification process will also meet the requirements of the specification when it graduates the ISO/IEC JTC-1 PAS Transposition process, with an estimated arrival time of that International Standard in mid-2023.
The checklist contains a series of “yes” or “no” statements. If you can answer “yes” to everything, you are self-certified. If you answer “no” to some items, you know where to invest further time to build a quality program.
This checklist is licensed under CC-0 (effectively public domain), so you can take it, integrate it, and remix it without any restrictions. You do not even have to provide attribution.
We welcome contributions to improve this checklist. You can contribute by opening a GitHub issue here:
https://github.com/OpenChain-Project/Reference-Material/issues
The OpenChain Project has been very active since its formal launch in late 2016. Our global community has built an ISO/IEC standard for license compliance, launched a de facto (and soon to be ISO/IEC) standard for security. We have contributed to SBOM, OSPO, training, policy and other discussions. We built the world’s largest library of open source management reference material.
To reflect our growth and to make it easier to navigate the project we are going to make some adjustments to our work groups. Nothing too radical, but definitely something to help people find their way around more quickly, and to get the information they want faster. The image above contains a summary of the evolution approved by our Governing Board at their last meeting in September, and targeted for release during October 2022.
The changes?
Feedback?
Your feedback – as always – is most welcome. Please provide comments to our main mailing list:
https://lists.openchainproject.org/g/main
Please provide feedback by Close of Business UTC (17:00 UTC) on the 18th of October 2022.
The OpenChain Automotive Work Group will host its next meeting as a virtual event on the 11th of November between 16:00-17:00 JST (2022-11-11 07:00 UTC). Everyone is welcome and there is no need to register. We will host the meeting in our usual Zoom room:
https://zoom.us/j/4377592799
Draft Agenda
(1) Introductions
(2) Automotive news in 2022
(3) IP news relevant to industry
(4) Developments in OpenChain
– Security Assurance Spec enters ISO in October
– License Compliance Spec entering review in October
– Company Playbooks (Small, Medium, Big)
– New conformance support (online, checklists)
(5) Discussion: What is missing to support the industry
(6) Discussion: Make plan to fill industry support gaps
(7) Discussion: Schedule for next steps
(8) Close of meeting
Questions and comments very welcome! You can contact us and also contribute to all our activities via the OpenChain Automotive Work Group mailing list:
https://groups.io/g/openchain-automotive-work-group
The OpenChain Project kicked off its new monthly community call series with the latest news around our specification, SBOMs, OSPOs and automation, before proceeding to a behind-the-scenes on our security specification ISO/IEC submission and an interactive session on updating key website materials like the FAQ and path to conformance. Ana from TODO dropped by to share the OSPO news this time around.
We always follow this agenda:
1 Introductions
2 Specification (process standards) news
3 SBOM news
4 OSPO news
5 Automation news
6 Community feedback and comments – issues for standards and core supporting material
7 Community feedback and comments – issues for reference and supporting material
8 Community feedback and comments – issues to support other projects
9 Any other business
10 Close of meeting
You can join our monthly calls (and all our other calls and events) via the OpenChain calendar. The monthly calls take place on the first Tuesday at 16:00 UTC (US/Europe) and the third Tuesday at 01:00 UTC (US/Asia):
After a review cycle with ISO/IEC WG/SC27 the OpenChain Security Assurance Specification 1.1 is now available.
The OpenChain Security Assurance Specification 1.1 is being prepared by the Joint Development Foundation for submission to ISO/IEC JTC-1 via the PAS Transposition Process. We expect the specification to graduate as an ISO/IEC International Standard in mid-2023. Meanwhile, it is ready for market adoption as a de facto industry standard.
It helps organizations identify:
Like OpenChain ISO/IEC 5230, the International Standard for open source license compliance, the OpenChain Security Assurance Specification 1.1 is lightweight, easy to read and will be extensively supported by our global community with free reference material and conformance resources.
The OpenChain Project is delighted to announce the launch of our latest playbook. Focused on small companies, and created by the Education Work Group over the summer, this playbook helps you to contextualize the tasks involved with OpenChain ISO/IEC 5230 adoption. It is short, simple and directly relevant to things like:
While targeted towards small companies, the concepts used in this document are useful for medium and large companies as well. This of this as a “minimum viable product” when it comes to considering compliance programs and open source program offices.
As with all our reference material, this playbook is available free of charge and under CC-0 licensing (effectively public domain). It is currently published as a PDF, Word Document and in Open Document Format. More formats will be coming in the future.
Want to check out our other playbooks? We current have a medium company playbook available:
Want to help with our future work? Please join our education work group to help with new material.
© 2024 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
