Featured

Four Hyundai Motor Group companies, joint certification of the ISO international standard for open source compliance
– Acquired ISO certifications of four companies simultaneously through collaboration of Hyundai Motor Company, Kia, Hyundai Mobis, and Hyundai Autoever … The industry’s first the international standard for open source compliance(ISO/IEC 5230:2020) joint certification … Securing public confidence in software and increasing utilization through systematic management of the entire supply chain
– Provides a comprehensive portal and user guide to support developers in the mobility field and expand the ecosystem
– “Beyond the group, we will lead the expansion and development of the open source ecosystem throughout the automobile industry”

The four Hyundai Motor Group companies were internationally recognized for having a systematic management system (compliance) for the use of open source.

Hyundai Motor Group announced on the 17th that it has simultaneously acquired the open source compliance-related standard certification(ISO/IEC 5230) from the International Organization for Standardization(ISO) through collaboration with four group companies(Hyundai Motor Company, Kia, Hyundai Mobis, and Hyundai Autoever) that make up the automotive supply chain.

In the last 20 years, the International Organization for Standardization and the International Electrotechnical Commission (IEC) adopted the standard of the ‘Open Chain Project’ led by the Linux Foundation, a non-profit organization in the United States, as the only international standard related to open source software compliance (ISO/IEC 5230). The International Organization for Standardization evaluates whether the certification is achieved by examining the appropriateness of establishing open source policies and processes, establishing a compliance system, and meeting the standards for developer education and evaluation.

When using open source for software development, there are advantages such as shortening the development period and reducing costs, but it is important to systematically manage the use of open source because problems such as security vulnerabilities and copyright disputes may occur.

Hyundai Motor Group’s open source software compliance international standard certification is characterized by the cooperation of four companies, Hyundai Motor, Kia, Hyundai Mobis, and Hyundai Autoever, that make up the automotive supply chain.

The group companies specialized in software development, component packaging, and mass production obtained ISO certification through collaboration, securing public confidence in open source software across the automotive industry for the first time in the industry.

Through a business agreement with National IT Industry Promotion Agency (NIPA), Hyundai Motor Group has expanded its open source management scope to the supply chain while providing (1) establishment of open source management system and education for experts training and (2) open source license verification service to supporting suppliers. The Hyundai Motor Group open source compliance system will be provided in the form of a comprehensive portal at the end of this month.

In addition, Hyundai Motor Group will strengthen its support by providing a guide to users who want to utilize it, and will continue to expand the open source ecosystem and promote win-win cooperation with partners in the future.

“As the importance of open source in the future mobility field is increasing day by day, we will take the lead in expanding and developing the open source ecosystem across the supply chain in automotive industry beyond the group,” said Yonghwa Kim, vice president of Hyundai Motor Company and Kia R&D Division.

Meanwhile, the Hyundai Motor Group is continuously expanding its software support activities throughout the mobility industry by providing open APIs through the Hyundai Motor Company, Kia, and Genesis Developers platforms. 

We discussed one of the most critical aspects of our project outside of the ISO/IEC 5230 standard: how do we onboard people? It covered outreach, what happens when people arrive on our site, and how we arrange community support.

We looked for input around:
(1) How should we “market” OpenChain?
(2) How can entry to our website and community work best for new participants?
(3) How can we do great community support regionally and globally?
(4) How should the Onboarding Committee of the project work in the future?

Nathan Kumagai, our onboarding chair, lead the discussion.

The OpenChain Education Mini-Summit covered:
• Our recent online courses
• The future of our playbooks
• The evolution of our reference library
• And future work group leadership

We recently held our first meeting to review the OpenChain Playbooks. Above you will find the full recording.

For context: we are collaboratively editing version 2 of these documents at this link:

https://drive.google.com/drive/folders/1li9heH3x16MmC_UxxpFhWSw1XCwsAdbF?usp=sharing

Our focus during this call was the small company playbook here:

https://docs.google.com/document/d/1x0fVeJbzWlh5vRkUfkWbkKgaiPaNtcVCIqgDESLzBbY/edit?usp=sharing

The work we did on this playbook substantially refined the approach in the early parts of the document and will be merged into the other documents (for medium and large companies) ahead of our next meeting in around a week.

Your contributions and comments are most welcome. This is a great opportunity to brief and encourage strategic management understanding and support of effective, efficient compliance.

KKCompany, a leading media technology group in Asia, today received the first OpenChain ISO / IEC 5230 third-party certification in Taiwan. KKCompany is cooperating with Open Culture Foundation (OCF) and Bureau Veritas to successfully meet certification requirements. Together with KKBOX, KKStream, and other relevant business units in the group, KKCompany delivers innovative products and services with open source technologies. It also sponsors open source communities and incentivizes employees to contribute their technical experiences. KKCompany will continue to support communities. With open and sharing in mind, it is committed to a trustworthy software supply chain and an open source ecosystem with technology partners.

“KKCompany believes in the power of technology to provide solutions and tackle challenges faced by various industries today,” said KKCompany Group President & COO Steve Wang. “Empowering creators has always been the core of our philosophy. We value the creations of creators and developers. This OpenChain ISO/IEC 5230 certification further demonstrated our commitment to creators and developers.”

The OpenChain Project was established in 2016 by The Linux Foundation. Its mission is to increase trust in the global supply chain around the use of open source software. The project is best known for developing ISO/IEC 5230, the International Standard for open source license compliance. The ISO/IEC standard, released in 2020, has helped to make process for managing open source more effective and efficient, reducing resources spent and increasing the speed of products to market.

“KKCompany’s OpenChain ISO/IEC 5230 third-party certification underlines their commitment to operating a quality open source compliance program,” said Shane Coughlan, OpenChain General Manager, “The processes they have adopted provide substantial benefit in reducing errors, fixing any issues that arise, and decreasing time spent bringing products and services to market. KKCompany is the first company in Taiwan to obtain third-party certification, a step that illustrates how they value creator rights and support open source technologies. With leadership from companies like KKCompany, we aspire to expand our coverage in Asia further into the supply chain, and promote excellence in open innovation.”

As supply chains in tech industries become fragmented, vertical and horizontal collaborations have become the norm. Enterprises need to monitor if their source codes comply with licensing terms, and also ensure compliances from suppliers. With OpenChain ISO/IEC 5230 and third-party audits, it is possible to integrate open source compliance into business processes. This practice reduces risks on operation and reputation, and manages software components easier.

OCF has been promoting open source codes for years. “Open source codes do not ‘reinvent the wheel’,” said OCF Chief Executive Officer Singing Li. “Open and sharing are a global trend that enhances enterprise development efficiency. OCF serves as an advisor to KKCompany in the OpenChain ISO/IEC 5230 certification process. We support the group to pass compliance and audit requirements. It’s a milestone for Taiwanese companies to align with international industry chains.”

OpenChain ISO/IEC 5230 is the first and only International Standard for open source license compliance. The standard allows companies of all sizes and sectors to adopt the key requirements of a quality open source compliance program in order to reduce inherent risk in supply chain management.

Pascal LE-RAY, the General Manager of Bureau Veritas Consumer Products Services Technology Taiwan, said, “Bureau Veritas has become the first OpenChain certifier in Greater China in 2021. We are delighted to have this opportunity to support KKCompany to successfully obtain the first ISO/IEC 5230 Certificate in Taiwan, which demonstrates that KKCompany’s capabilities in open source application is not only proven, but also effectively enhances the sense of trust within the industry. This cooperation represents collaboration between Bureau Veritas’ deep expertise and experience, and KKCompany’s effective compliance practices. Furthermore, OpenChain aids open source transparency by using software bill of material to identify and manage security vulnerabilities that synergize with cybersecurity standards to reduce compliance and security risks effectively. We look forward to continuing to promote the development of open source technology and develop an open source ecosystem in the future.”

About KKCompany

KKCompany is Asia’s leading media technology group headquartered in Taipei, Taiwan. The company’s mission is to make transformational technology accessible, affordable and enjoyable to the burgeoning global creator economy. KKCompany Receives the First OpenChain ISO/IEC 5230 International Open Source Third-Party Certification in Taiwan.For more information and updates, please visit our [Website] www.kkcompany.com / [Blog] blog.kkcompany.com

It is time for another OpenChain mini-summit! This time we are going to be discussing one of the most critical aspects of our project outside of the ISO/IEC 5230 standard for open source license compliance: 

How do we onboard people *to* the standard and to our broader community? 

This topic covers outreach, it covers what happens when people arrive on our site, and it covers how we arrange community support.

We would really value your input in this event as we discuss:

1. How should we “market” OpenChain ISO/IEC 5230?
2. How can entry to our website and community work best for new participants?
3. How can we do great community support regionally and globally?
4. How should the Onboarding Committee of the project work in the future?

Nathan Kumagai, our chair, will lead the discussion.

Register in advance for this Mini-Summit:

• https://zoom.us/webinar/register/WN_U-szKnZDSq6VCyzL0k4FlA

After registering, you will receive a confirmation email containing information about joining the webinar.

Check your timezone:

• PDT United States Pacific UTC-07:00
• UTC Coordinated Universal Time UTC
• CET Central European Time UTC+01:00
• IST India Standard Time UTC+05:30
• CST China Standard Time UTC+08:00
• KST Korea Standard Time UTC+09:00
• JST Japan Standard Time UTC+09:00

Compare timezones:

• https://www.worldtimebuddy.com

The OpenChain Japan Work Group will hold its 24th all member meeting (11th virtual meeting) on July 29 (Friday) between 15:00 and 16:00 Japan Standard Time (JST). The primary discussion will be around the open source program office (OSPO) of Cybertrust. OSPO activity is an emerging topic in this jurisdiction and all are welcome to participate.

Join us via Zoom:

https://zoom.us/j/99975267803?pwd=ekhxaHA3bVZUSVU5M0dVMkF2Z0pkQT09

The meeting ID is:

99975267803

The password is:

]>guXS~6

• First Korean IT service company to achieve ISO/IEC 5230:2020
• To enhance reliability with preliminary verification and threat factor prevention conducted by open source specialists
• To provide integrated system that manages open source usage and verification history

Samsung SDS became the first among Korean IT service companies to adopt the international standard for open source compliance (ISO/IEC 5230:2020) maintained by OpenChain Project.

This certification is enabled by OpenChain Project, led by the Linux Foundation in 2016, to global companies that secured open source license compliance process and application capabilities.

Samsung SDS was acknowledged for its global competence in all evaluation criteria including open source policy and process, professional workforce, and employee training.

Although open source is a software license that makes source code available to the public, legal disputes and threats may occur if users do not comply with its license agreement or verify weak points.

Early this year, Samsung SDS expanded its team dedicated to open source software into Open Source Program Office(OSPO) and reinforced specialists in development, security, legal, and patent, in order to provide support in open source application and prevent legal disputes.

The OSPO enhances open source usage by conducting preliminary verification on threats such as security weak points and errors during the planning stage of software, application and IT infrastructure development. 

Since last year, Samsung SDS carries out a comprehensive review in cooperation with its overseas offices and Global Development Center to operate an open source verification system on a global level.

Samsung SDS will develop an integrated management system by September to manage open source status, track previous verification records, and respond to weak points. The company expects the system to further strengthen customer trust in its IT service business and solutions. 

Jongpil KIM, Executive Vice President and Leader of Development Office at Samsung SDS, said, “With the increasing use of open source software, securing reliability is important in the software supply chain. With thorough verification and abiding by the license policy, Samsung SDS will provide our customers with services and solutions they can rely on.”  

The OpenChain Project is launching a new series of webinars that will explain the services available from our partners around the world. Our goal is to help you understand your options if you seek third party assistance for adoption, refinement or certification.

The first webinar has been published here:
https://www.openchainproject.org/news/2022/07/12/xmirror

In this webinar we cover the services available from a Chinese service provider call XMirror. This company provides SCA solutions and – intriguingly – has an open source version of their tooling available for anyone to use:
https://gitee.com/xmirrorsecurity

The agenda for our next two webinars is:

26th of July at 06:00 UTC:
LEX PAN LAW & OPSEQUIO

9th of August at 06:00 UTC:
EACG (TrustSource)

We also have webinars coming from:
HH Partners & Double Open
PwC
Bitsea GmbH
And more…

We hope you enjoy this new series and welcome your feedback as it progresses.

As a side note, this does not replace our existing community webinar series. That will continue throughout 2022 as usual. You can expect the new agenda for those events to be published soon.

Sony will host a small physical meeting at their Shinagawa offices on the 14th of July between 09:20 and 10:50 as a prelude to a full in-person OpenChain Japan Work Group meeting. This is the first physical meeting for our Japan Work Group in two and a half years.

The current plan is to have around 10 people attend. This will ensure compliance with company policies and act as a stepping stone to larger gatherings.

We expect to discuss the current state of the market, our community, and concrete next steps in collaboration for 2H 2022.