Featured

The OpenChain Project is running an election for co-chairs of the Specification Work Group. The election period is from today (2022-11-16) until 2022-11-22 Close of Business UTC.

Here are our current nominees:

• Steve Kilbane, Analog Devices
• Helio Chissini de Castro, CARIAD 
• Jacob Wilson, Gemini
• Chris Wood, Lockheed Martin

Everyone is invited to vote for their preferred chairs. Here is how:

1. You have two votes.
2. One is licensing focused (Steve or Helio) and one is security focused (Jacob or Chris).
3. You can vote by (a) signing up to our Specification mailing list (because this mailing list is our single source of truth for specification work) and (b) sending an email to operations@openchainproject.org with the subject “Specification Chair Elections” and the following content:

My name is NAME and my votes are as follows:
NAME for licensing
NAME for security
Regards
YOUR NAME

Some notes:

1. The email address ending your vote must be subscribed to the specification mailing list.
2. Any vote not provided in this format will be invalid.
3. You can vote for yourself.
4. You can only submit your votes once.

More Details

How we are running this election is split into two lengthy descriptions below. We are striving to do two things:

1. Create an open election process
2. Address the potential we have to have multiple domain experts sharing work

Because this is our first major election for Specification Chair, the process may have some rough edges. If there are any critical issues, we will address them.

How We Are Running The Elections

The OpenChain Governing Board is formally considering who should be appointed by the board for the position(s) of OpenChain Specification Chairperson, and invites the broader OpenChain community to provide their perspective.

In this process, the broader OpenChain community will have nominees proposed and voted on to provide a recommendation. That recommendation will be passed to the OpenChain Governing Board for review, approval and ratification at their next meeting.

The specific process on behalf of the community is to undertake a voting process after a period of nomination. The community will vote in the following manner:

Votes for chairpeople will be sent by email to operations@openchainproject.org(received by the OpenChain General Manager and Project Manager).

Each member of our specification@ can cast *one* vote. All members of main@ are entitled to join specification@. The requirement to join the specification list is to maintain that list as the “single source of truth” for our specification-editing and other core specification work.

The votes will be tallied by the General Manager and prepared for the OpenChain Governing Board to review.

The tally will be reported to the OpenChain governing board. Their feedback and final decision will be provided to the community-at-large after their next formal governing board meeting.

For the 2022 OpenChain Specification Work Group elections the following notes are provided:
(1) we are operationally splitting the specification work group into two work groups: licensing and security, reflecting our two specifications in-market.
(2) for *this* specific election, we will split the election into two threads: one license biased (two nominees) and one security biased (two nominees). The result will be two chairs to fill the co-chair positions after approval by the OpenChain Governing Board.
(3) this means everyone on specification@ should vote for:
(i) their preferred choice for license work group chair;
(I) their preferred choice for security work group chair.
(4) these votes may be cast between the 16th and 22nd of November 2022.
(5) the OpenChain Governing Board will receive the tally of votes expressing community feedback, and will review it formally at their next meeting on the 8th of December 2022.
(6) it is expected that at this juncture the community will receive a response from the OpenChain Governing Board regarding their decision(s) around specification chairperson(s) circa 9th December 2022, and our new specification chairs will begin their term of office prior to 2023.

This process may be adjusted at any time by the governing board, and feedback to improve the process is always welcome, with the optic of ensuring that we continually refine the process as time progresses.

For This Specific Election

For the nomination period, we happen to have two people well versed in license compliance (Steve and Helio) and two people with a security background (Jacob and Chris). This suggest that our co-chair election – for *this* specific election, should break into two threads: one license biased (two nominees) and one security biased (two nominees). The result will be two chairs to fill the co-chair positions after approval by the OpenChain Governing Board.

However, for clarity, the intent is not to split the development of our licensing and security specifications into two different paths. The intent is that both chairs will work on both specifications by helping to collect community feedback and so on, with this feedback being provided to the Steering Committee for formal review and ratification if and when we decide to produce new versions of our standards.

On this call we live-edited two suggestions for future versions of our license compliance and security assurance standards. In addition, we covered all the latest news in our space, and discussed how we can continually improve our collaboration with other projects doing related work. See the full recording and review the slide deck below.

The live-edited suggestion related to the licensing standard:
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/59

The live-edited suggestion related to the security standard:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/9

OpenChain-Monthly-Meeting-2022-11-15 from Shane Coughlan

The OpenChain Project has a mission to build trust in the supply chain and a focus on issues related to open source licensing, security and related topics. We maintain an ISO/IEC process standard for open source license compliance, a de facto process standard for Security Assurance, and we have a huge library of reference and training material.

To ensure that people working in the sphere of public policy can access our community knowledge (and to ensure our community can access their knowledge), we are starting a Public Policy Work Group. We will meet every few months via Zoom to discuss developments in overarching open source policy around the world.

Everyone is invited to be part of this and to contribute their experience. Our goal is to keep everyone informed of key developments, provide a space to discuss best practices, and – ultimately – to help further our mission to make a trusted open source supply chain that spans the world.

Join the Public Policy Work Group mailing list to get started:

• https://lists.openchainproject.org/g/public-policy-wg

(or just send a subscription email to public-policy-wg+subscribe@lists.openchainproject.org)

We will announce our first event in the coming weeks. It is provisionally scheduled for early December.

The OpenChain Automotive Work Group held a mini-summit on the 11th of November 2022. This event was focused on outlining the key items of interest for the industry in our sphere, and then discussing how we will address them in 2023. It was a short summit (only one hour) so time was tight, and it is clear that we have plenty to do as we begin regular quarterly meetings circa February 2023.

You can contact us and also contribute to all our activities via the OpenChain Automotive Work Group mailing list:
https://groups.io/g/openchain-automotive-work-group

The self-certification questionnaire for OpenChain Security Assurance Reference Specification 1.1 is now available in Simplified Chinese:

• https://github.com/OpenChain-Project/Reference-Material/blob/master/Self-Certification/Questionnaire/Security-Assurance-1.1/zh-Hans/Security-Assurance-1-1-Questionnaire-Version-1.md

This was contributed by Feng Wang from SecTrend, and it joins our previous contribution of a self-certification checklist in Simplified Chinese from Zhang Jun Xia at CAICT:

• https://github.com/OpenChain-Project/Reference-Material/blob/master/Self-Certification/Checklist/Security-Assurance-1.1/zh-Hans/Security-Assurance-1-1-Checklist-Version-2.md

Both documents can be used to adopt our Security Assurance Specification by any company of any size.

In our 45th OpenChain Webinar, Michael Plagge from Eclipse will introduce the Software Defined Vehicle Project and explain more about what it means to open source in automotive and the broader global community. This has the potential to have a significant impact in a market-sector supply chain and is recommended watching for those operating in the space.

You can join us at 08:00 UTC (09:00 CET) on the 29th of November 2022. We will be using this Zoom room:

• https://zoom.us/j/4377592799

NAVER, a global ICT company, today announces the adoption of ISO/IEC 5230, the International Standard for open source license compliance. As a global leader in search, messaging, cloud, contents, metaverse and digital twin, NAVER has significant engagement with open source technology. The adoption of ISO/IEC 5230 underlines their commitment to excellence in open source process management.

“NAVER started investing in the open source field in 2008 and has continued its efforts to contribute to the open source ecosystem, and internally operates an open source governance system,” says Mincheol Song, Executive Officer of Global Platform Strategy. “With this adoption of ISO/IEC 5230, we are willing to contribute more to the open source ecosystem with OpenChain.”

“NAVER has a significant footprint in the type of domains where open source thrives,” says Shane Coughlan, OpenChain General Manager. “Their adoption of OpenChain ISO/IEC 5230, the standard for open source license compliance, has ramifications for a large part of the global open source supply chain. We are delighted by this development, and we look forward to working closely with the NAVER team to help companies in Korea and beyond use open source effectively and efficiently.”

About NAVER

Founded in 1999, NAVER is Korea’s largest Internet company with hundreds of millions of users worldwide. As a global technology company, it operates the No.1 search engine in Korea, NAVER, as well as other online services, such as LINE mobile messenger, Webtoon and Webnovel publishing, SNOW video camera app and ZEPETO metaverse platform. NAVER recorded sales of KRW 6.8 trillion (USD 5.6 billion) in 2021 and is pursuing changes and innovations in technology platforms through continuous research and development of future technologies, such as artificial intelligence, robotics and mobility.

The OpenChain Export Control Work Group will hold its first meeting on the 22nd of November at 15:00 UTC (16:00 CET).

This meeting will have the following agenda:

(1) Introductions
(2) Overview of why export control matters from the perspective of open source and compliance
(3) Open discussion about how our community can contribute to the field

All welcome. Join here:
https://zoom.us/j/93456802267

Nathan has formally been elected Chair of the Education Work Group as per the process outlined below. From November onward he will be leading our work around developing and delivering best in class reference material to support a trusted supply chain.

The Election Process Used

The OpenChain Project has always had a strong focus on sustainability. As the maintainer of two industry standards, and the facilitator of a large supply chain community, our strategic position has always been to look at multi-year horizons.

As part of this, we are aware of the need to ensure our project reflects how people and activities adjust their priorities over time. A key example is the question it how we will address continuity in our work groups as our initial chairpeople reach the natural end of their tenure.

The answer is straightforward (as with most things in this project). We will introduce elections to allow chairs to rotate in a manner that is predictable and accessible.

To begin this process, we will see a transition with our Education Work Group. Balakrisha, after a stellar period of leading the group, has expressed a desire to allow another to carry the leadership torch as the next phase of project reference and training material is developed. This coincides nearly with some work we have been doing to adjust our Outreach Work Group into the more formal Outreach committee outlined in our charter, and the question of how to direct related volunteer energy and activity.

Nathan, chair of Outreach, stepped forward as a candidate for Education Work Group. A window for other parties to nominate was opened until before October 25th 2022. The process was determined to allow that if there were no other contenders, Nathan formally became chair of the Education Work Group with a one year term. He may be re-elected in the next cycle in the same manner as this time.

Throughout this quarter and into 2023 we will gradually introduce more elections, and by 2H 2023 all the primary OpenChain work groups should have completed the introduction of chair elections.

The OpenChain Project is ready to start accepting feedback to improve our license compliance and security standards.

OpenChain Security Assurance Specification:
https://github.com/OpenChain-Project/Security-Assurance-Specification

Easy way to suggest Security Assurance Specification improvements:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/new/choose

OpenChain License Compliance Specification (ISO/IEC 5230):
https://github.com/OpenChain-Project/License-Compliance-Specification

Easy way to suggest License Compliance Specification improvements:
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/new/choose

You can also send your suggestions to our specification mailing list:
https://lists.openchainproject.org/g/specification

Notes

• The next generation of our license compliance standard will update ISO/IEC 5230.
• Our security assurance standard (generation 1) is scheduled to become an ISO/IEC standard in mid-2023. The update to generation 2 will trigger an update to the new ISO/IEC standard for late 2023~mid-2024.
• You will find extensive feedback on our standards already exists on GitHub and you can easily review that before submitting a suggestion for improvement.

Pre-existing submissions for the security assurance standard:

https://github.com/OpenChain-Project/Security-Assurance-Specification/issues

Pre-existing submissions for the license compliance standard:

https://github.com/OpenChain-Project/License-Compliance-Specification/issues