Featured

Socionext, a semiconductor and System on a Chip (SOC) company based in
Japan, has completed recertification of OpenChain ISO/IEC 5230:2020 as per
the 18 month cycle required by the specification. This recertification process
helps to review processes and ensure they are current.

“The adoption of OpenChain standards is one important step in managing the
supply chain,” says Shane Coughlan, OpenChain General Manager. “However,
periodic recertification is another critical building block in creating trust. As
companies evolve and markets change, the best companies adapt against clear,
unambiguous measures like OpenChain ISO/IEC 5230:2020, the International
Standard for open source license compliance.”

The OpenChain AI Study Group held its regular monthly workshop on the 7th of May. This workshop covered a lot of ground, including new contributions from participants like Fujitsu, and an overview of the latest new about the OSI Open Source AI Definition from their Executive Director.

Track This Work

You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:

• https://lists.openchainproject.org/g/ai

Attend Future Meetings

You can find and get the dial-in details for all future AI Study Group meetings from our participate page here:

• https://www.openchainproject.org/participate

The OpenChain Specification Work Group held its regular monthly call on the 7th of May. You can review the full recording below.

We were working on the draft next generation security assurance specification:
https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security-Assurance-Specification/2.0/en/openchain-security-specification-2.0.md
and
The draft next generation licensing compliance specification:
https://github.com/OpenChain-Project/License-Compliance-Specification/blob/master/3.0/en/openchain-license-compliance-3.0.md

For security we were coming to a conclusion on this issue:

[Improvement] Expand definitions section for (1) Secure Software Development to include Secure Programming Techniques and (2) Security Testing to include Static and Dynamic #36
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/36

And for licensing we were coming to a conclusion on this issue:

Verification Material For Training – next iteration #38
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/38

Both issue are read to close pending any objections, and therefore there is a two-week period – before the forthcoming North America / Asia call – to review and add any notes.

We also opened one new issue for review in future calls:

[Improvement] Review Cycle Potentially Needs Adjustment #71
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/71

Join Our Work

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

May is coming fast, and ahead of that it is time to catch up on the recording of the most recent North America / Asia call, where we edited proposed next generation versions of our licensing and security specifications.

We covered two open GitHub issues on this call:

Security Assurance Review:
– Expand definitions section for (1) Secure Software Development to include Secure Programming Techniques and (2) Security Testing to include Static and Dynamic 
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/36

License Compliance Review:
– Verification Material For Training – next iteration
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/38

Check out the full recording here:

Be part of this:

You can join our calls (and our mailing lists) by following the instructions on our “Participate” page: https://openchainproject.org/participate

---

Volvo Cars has announced an OpenChain ISO/IEC 5230:2020 conformant program.

“Volvo Cars is committed to a sustainable, meaningful approach to open source engagement,” says Mary Wang, Director of Open Source at Volvo Cars. “Our adoption of ISO/IEC 5230 for helping to manage open source license compliance is part of this strategy. We look forward for working with the OpenChain Project and community as we expand the scope of our program over time, and contribute knowledge and experience to our peers and suppliers.”

“We are delighted to welcome Volvo Cars to our community of conformance,” says Shane Coughlan, OpenChain General Manager. “We are also grateful for their choice to publicly announce this program, and allow us to add their logo alongside contemporaries such as Toyota on our website. The positive momentum in the automotive industry around using ISO standards for open source supply chain management serves as an inspiration to all industries, and is an example of how open source has become not only core to software development, but also aligns with professional, sustainable management practices.”

About Volvo Cars

Volvo Cars was founded in 1927. Today, it is one of the most well-known and respected car brands in the world with sales to customers in more than 100 countries. Volvo Cars is listed on the Nasdaq Stockholm exchange, where it is traded under the ticker “VOLCAR B”. 

“For life. To give people the freedom to move in a personal, sustainable and safe way.” This purpose is reflected in Volvo Cars’ ambition to become a fully electric car maker by 2030 and in its commitment to an ongoing reduction of its carbon footprint, with the ambition to be a climate-neutral company by 2040. 

As of December 2023, Volvo Cars employed approximately 43,400 full-time employees. Volvo Cars’ head office, product development, marketing and administration functions are mainly located in Gothenburg, Sweden. Volvo Cars’ production plants are located in Gothenburg, Ghent (Belgium), South Carolina (US), Chengdu, Daqing and Taizhou (China). The company also has R&D and design centres in Gothenburg and Shanghai (China). 

Learn More About Volvo Cars

• https://www.volvocars.com

On the 2nd of April, the OpenChain AI Study Group continued its monthly AI workshop series to deep dive into the topic of AI compliance. On this call we narrowed down the focus area with a concluding decision to refine the discussion by taking the content of ISO 5230 and seeing what level of overlap there is with AI supply chain compliance. You can check out the full recording for a precise recap.

On the 11th of April, the OpenChain AI Study Group held its new regular recap meeting for Europe / Asia participants. This is not intended to push forward “the state of the art” in the discussion, but rather ensure Asian participants sync with the North America / Europe discussion, and to provide a platform for further input ahead of the next monthly workshop.

The Slides from This Call

OpenChain AI Study Group – Europe and Asia Recap – 2024-04-11 – Full Recording from Shane Coughlan

The Recording of This Call

Track This Work

You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:

• https://lists.openchainproject.org/g/ai

Watch The Previous Meeting

The first Workshop to deep-dive into this topic and consolidate ideas was held on the 6th of March 2024:

• https://www.openchainproject.org/news/2024/03/13/outcomes-ai-workshop-2024-03-06

Attend Future Meetings

You can find and get the dial-in details for all future AI Study Group meetings from our participate page here:

• https://www.openchainproject.org/participate

As the chairpersonship batten passes from Nathan to Andrew, Andrew lead a full assessment and discussion on next steps. A ton is happening, with the last year of work including updates to the reference training slides and supplier education leaflet pending release, the Telco SBOM Quality Guide now approved for final review and release as an official OpenChain resources, and new ideas on the table.

Check Out The Full Recording

Review The Slides

OpenChain Education Work Group Monthly Meeting – 2024-04-10 – Full Recording from Shane Coughlan

Be Part Of Next Steps

Join the Education Work Group mailing list to participate in the calls and async editing:

• https://lists.openchainproject.org/g/education

On the 2nd of April the OpenChain AI Study Group continued its monthly AI workshop series to deep dive into the topic of AI compliance in the supply chain with experts from Qualcomm and Arm, and a chance for all parties who dial-in to ask questions or share ideas. On this call we narrowed down the focus area with a concluding decision to refine the discussion by taking the content of ISO 5230 and seeing what level of overlap there is with AI supply chain compliance. This is being done to potentially develop a proposal to the Governing Board to:

• Turn into a work group;
• Write a reference guide on the topic to explain the identified shared areas of concern.

Track This Work

You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:

• https://lists.openchainproject.org/g/ai

Watch The Previous Meeting

The first Workshop to deep-dive into this topic and consolidate ideas was held on the 6th of March 2024:

• https://www.openchainproject.org/news/2024/03/13/outcomes-ai-workshop-2024-03-06

Attend Future Meetings

You can find and get the dial-in details for all future AI Study Group meetings from our participate page here:

• https://www.openchainproject.org/participate