Skip to main content
Category

Featured

BlackBerry: Three-Way Case Study – The use of ISO/IEC 5230:2020 by a company providing mission-critical services to enterprise clients around the world

By Featured, News

BlackBerry, OSS Consultants and OpenChain

The OpenChain Project maintains two ISO/IEC standards designed to help optimize business process management around open-source software. One of the standards, ISO/IEC 5230:2020, focuses on how to establish and run a quality open-source license compliance program. Another of the standards, ISO/IEC 18974:2023, focuses on how to establish and run a quality open-source security assurance program. Taken together, these standards provide a reliable, efficient and effective way to manage the open-source supply chain.

This case study will highlight the use of ISO/IEC 5230:2020 by a company providing mission-critical services to enterprise clients around the world.

The Direction Taken

For BlackBerry’s particular use-case, OSS Consultants recommended a centralized solution that enabled a single process to serve the business. This allowed BlackBerry to utilize our expertise to further develop in-house OSPO capabilities, reduce their tooling spend, and provide better holistic coverage based on a single strategy that included a single set of standards and principles.

Key Lesson Learned

The ISO/IEC 5230 recertification process provided an excellent opportunity to assess lessons learned and consider these not only from the company perspective, but also with respect to larger supply chain optimization.

Review and Download the Case Study

OpenChain Workshop – Supply Chain Best Practices in China using ISO 5230 and ISO 18974 – Full Recording

By Featured, News

We held a special workshop in Shinagawa on March 18th focused on case studies about open source business process management in China. The main topic was how ISO 5230 and ISO 18974 are being used from upstream project to commercial ecosystem.

We used an operating system ecosystem called openEuler as the basis for our case studies. openEuler is an emerging operating system ecosystem in China with 36.8% of the server operating system market, 17,000+ developers and 500+ projects. It is hosted by the OpenAtom Foundation, and a healthy ecosystem of companies creating products exists around it. OpenChain ISO 5230 and OpenChain ISO 18974 are at the center of how business processes are managed in openEuler.


The Agenda



The Morning Session:



The Afternoon Session:



Learn More About openEuler:


Outcomes of the Special OpenChain AI Workshop – 2024-03-06

By Featured, News

On the 6th of March the OpenChain AI Study Group held a special AI workshop instead of the regular AI call. It provided an opportunity to deep dive into the topic with experts from Qualcomm and Arm, and a chance to ask questions or share ideas. The idea was to fold in the ideas shared thus far and seek a single coherent narrative.

Please note, at the request of attendees, this meeting was held under Chatham House Rule, and therefore a recording is not being shared.

The Formal Agenda:

– Opening comments (Dave and Matthew)
– AI Model supply chain issues (Brian)
— Use cases in context of regulatory backdrop
— Open vs. Proprietary
— War stories
— Roundtable
– Dataset supply chain issues (Jeff)
— Use cases and pragmatic practices
— Open vs. Proprietary
— War stories
— Roundtable
– Possible Solutions – how can OpenChain best provide value to the ecosystem (All)
– Closing (Dave and Matthew)

The Outcomes

It was decided that following meetings would:
– Work through key use cases
— Start with LLM – text to text as a first hypothetical
– Work through the Huggingface Model Card example
https://huggingface.co/templates/model-card-example
— Initial focus will be on what can one should supply when delivering and what one wants to see when receiving

Track This Work

You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:

Attend Future Meetings

You can find and get the dial-in details for all future AI Study Group meetings from our participate page here:

KOSYAS is the first Official Third-Party Certifier in South Korea

By Featured, News

Korea System Assurance, Inc (KOSYAS), a company that provides security testing and evaluation, network and server security, cloud security, IoT security, control system security and blockchain security, has become the first official third-party certifier for OpenChain in South Korea.

KOSYAS support third-party certification around both OpenChain ISO/IEC 5230:2020 (the international standard for open source license compliance) and OpenChain ISO/IEC 18974:2023 (the international standard for open source security assurance).

“The availability of local language support and certification for the OpenChain standards is an important step in building maturity in markets,” says Shane Coughlan, OpenChain General Manager. “We are delighted to welcome KOSYAS to our partner program in the context, and we look forward to building increased support for Korean companies with them in the years ahead.”

Learn More About Their Services:

OpenChain Deep Dive – Supply Chain Best Practices in China using ISO 5230 and ISO 18974

By Featured, News

We are holding a special workshop in Shinagawa on March 18th for Japanese companies using open source. This workshop will focus on case studies about open source business process management in China. The focus will be on ISO 5230 and ISO 18974 from upstream project to commercial ecosystem.

Date and Time:
March 18th 09:00 ~ 17:00 JST

Location:
Conference Room 3D
TKP Garden City Premium Shinagawa Takanawa-guchi
Google Map Link:
https://maps.app.goo.gl/9oKzEcv9iQz9pw749
(Full address details + route guide with photos below)


Why You Should Attend

We will use an operating system ecosystem called openEuler as the basis for our case studies. openEuler is an emerging operating system ecosystem in China with 36.8% of the server operating system market, 17,000+ developers and 500+ projects. It is hosted by the OpenAtom Foundation, and a healthy ecosystem of companies creating products exists around it. OpenChain ISO 5230 and OpenChain ISO 18974 are at the center of how business processes are managed in openEuler.


Our Agenda



Join Our Event






Learn More About openEuler




Event Venue Address:


TKP Garden City Premium Shinagawa Takanawa-guchi
Keikyu Daiichi Building, 4-10-18 Takanawa, Minato-ku, Tokyo
〒108-0074

TKPガーデンシティPREMIUM品川高輪口
〒108-0074
東京都港区高輪4-10-18 京急第一ビル 

Google Map Link:
https://maps.app.goo.gl/9oKzEcv9iQz9pw749

Route Guide From JR Shinagawa Station

You can also view this guide on the official website.


Event Area Floor Plan (Workshop Room: 3D, 3rd Floor)



Room Layout for 3D


Special OpenChain AI Workshop – 2024-03-06

By Featured, News

This week we have a special AI workshop instead of the regular AI call. It will provide an opportunity to deep dive into the topic with experts from Qualcomm and Arm, and a chance to ask questions or share ideas. This event will fold in all the ideas shared thus far and seek a single coherent narrative. 

The workshop takes place at:

14:00-17:00 UTC, 2024-03-06

You can join here:

One tap mobile:

US: +12532158782,,93266805668#

Meeting ID: 93266805668
Meeting Passcode: 581201

Agenda:

Opening comments (Dave and Matthew)

AI Model supply chain issues (Brian)

  • Use cases in context of regulatory backdrop
  • Open vs. Proprietary
  • War stories
  • Roundtable

Dataset supply chain issues (Jeff)

  • Use cases and pragmatic practices
  • Open vs. Proprietary
  • War stories
  • Roundtable

Possible Solutions – how can OpenChain best provide value to the ecosystem (All)

Closing (Dave and Matthew)

Circle Announces an OpenChain ISO/IEC 5230 Conformant Program

By Featured, News

Circle, a leading global financial technology firm and the issuer of USDC, the world’s largest, regulated U.S. dollar-backed stablecoin, has announced an OpenChain ISO/IEC 5230 conformant program. ISO/IEC 5230 is the international standard for open source license compliance, and provides a clear, globally recognized way to run a quality program to ensure effective, trustable supply chain management.

Circle enables businesses of all sizes to harness the power of digital currencies, public blockchains and open-source technologies for payments, commerce and financial applications worldwide. Circle’s payment stablecoins – USDC and EURC – and platforms are helping to build a new financial system that moves at internet speed, scale and cost.

 “Circle is at the forefront of bringing open internet software into the world of money,” said Trevor Baker, VP Technical Operations. “A digital dollar like USDC is a key technology that supports businesses, developers, and the future of payments. The OpenChain certification represents Circle’s commitment to maintaining the highest compliance standards for open source technology in the financial arena.” 

“The OpenChain certification journey was an incredible return on investment by streamlining our open source processes,” stated Jeff Tang, Circle’s Chief Intellectual Property Counsel. “Circle is excited to help raise the bar in blockchain development.” 

“Adopting ISO/IEC 5230 is fast becoming a litmus test for commitment to industry best practices around open source,” says Shane Coughlan, OpenChain General Manager. “I am delighted to see Circle take leadership in this area, and to provide a strong signal to the FinTech market regarding effective management of open technology. They join companies like KakaoBank in working with our standards, and I look forward to collaborating with the Circle team on next steps for the financial supply chain.”

About Circle Internet Financial, LLC

Circle is a global financial technology firm that enables businesses of all sizes to harness the power of digital currencies and public blockchains for payments, commerce and financial applications worldwide. Circle is the issuer of USDC and EURC – highly liquid, interoperable and trusted money protocols on the internet. Circle’s open and programmable platform and APIs make it easy for organizations to run their internet-scale business, whether it is making international payments, building globally-accessible Web3 apps or managing their internal treasury. Learn more at https://circle.com.

BlackBerry Recertification of ISO/IEC 5230:2020 and ISO/IEC 18974:2023

By Featured, News

BlackBerry, an early adopter of ISO/IEC 5230:2020 and OpenChain Security Assurance Specification 1.1 (later ISO/IEC 18974:2023), has completed regular recertification for both standards. The recertification was completed in partnership with OSS Consultants, an official OpenChain Partner, and long-term collaborator in the open source governance space.

ISO/IEC 5230 and ISO/IEC 18974 have a regular recertification process to ensure that open source programs are up-to-date and match current organizational strategy and staffing. Recertification can be done through self-certification, independent assessment or third-party certification on a regular 18 month cycle. The OpenChain Project provides extensive certification support via its website: https://www.openchainproject.org/get-started

“BlackBerry has a long history of cataloging, tracking, and securing its open source components that are bundled as part of its software supply chain. OpenChain has helped us bring together these capabilities and license compliance to have a more holistic open source management process. Having standards like OpenChain is a powerful tool that assures our customers that we take the security and integrity of our software supply chain seriously. As the security community continues to push forward with initiatives like the Software Bill of Materials, companies will need to implement standards like OpenChain to meet the demands of the growing list of customers who prioritize security.”- Christine Gadsby, VP of Product Security at BlackBerry.

“The use of standards like ISO/IEC 5230 and ISO/IEC 18974 provide a strong foundation for companies to manage their open source supply chain. The recertification process is a key part in ensuring processes are current and match products, services and strategy. BlackBerry, as a leader in the field of providing enterprise solutions, is also a leader in software governance and management. Their recertification to our standards for open source license compliance and open source security assurance underlines their stance at the forefront of sustainable, reliable software asset management.” – Shane Coughlan, OpenChain General Manager.

“OSS Consultants is pleased to have partnered with BlackBerry to attain the first whole-entity ISO/IEC 5230 conformance in North America in 2022, the first whole-entity ISO/IEC 18974 conformance in early 2023, and again now to perform the recertification of both standards. This recertification for BlackBerry demonstrates their unwavering dedication to the security and integrity of their software supply chain.” – Russ Eling, Founder & CEO at OSS Consultants

About the OpenChain Project

The OpenChain Project has been building Trust in the Supply Chain Since 2016. Our vision is a supply chain where open source is delivered with trusted and consistent process management information. Our mission is to make that happen. The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. Learn more at https://www.openchainproject.org/

About BlackBerry

BlackBerry (NYSE: BB; TSX: BB) provides intelligent security software and services to enterprises and governments around the world. The company’s software powers over 235M vehicles. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy, and is a leader in the areas of endpoint security management, encryption, and embedded systems. BlackBerry’s vision is clear – to secure a connected future you can trust.

BlackBerry. Intelligent Security. Everywhere. 

For more information, visit BlackBerry.com and follow @BlackBerry.

About OSS Consultants

OSS Consultants is a business dedicated to helping organizations of all sizes – from the world’s largest and well-known companies to small businesses and start-ups – design, implement, and manage the most efficient, comprehensive and robust open-source program offices and policies on the planet. Service offerings range from a scan and audit of your third-party and proprietary software to creating a full OSPO within your organization. Find more information at www.ossconsultants.com and follow @OSSConsultants.

OpenChain Monthly North America and Asia Meeting – 2024-02-20 – Full Recording

By Featured, News

This meeting focused on closing two open issues around the Licensing Specification (ISO/IEC 5230) as we prepare a proposed update for the Steering Committee:

Check out the full recording below:

Want to join our calls?

Want to be part of the mailing list for specification development?