May is coming fast, and ahead of that it is time to catch up on the recording of the most recent North America / Asia call, where we edited proposed next generation versions of our licensing and security specifications.
This webinar is a special briefing lead by Ciarán O’Riordan, Senior Policy Advisor at OpenForum Europe (OFE), on European policy matters that impact open source, business processes and risk management. OFE is a not-for-profit, Brussels-based independent think tank which explains the merits of openness in computing to policy makers and communities across Europe. Originally launched in 2002 to accelerate and broaden the use of Open Source Software (OSS) among businesses, consumers and governments, OFE’s focus has since evolved to also cover issues related to Open standards, Cybersecurity, Digital Government, Public Procurement, Intellectual Property, Cloud Computing and Internet Policy.
More Details
“The proposal for a regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, bolsters cybersecurity rules to ensure more secure hardware and software products. Hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of €5.5 trillion by 2021.” https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act
Our Speaker is Ciarán O’Riordan, Senior Policy Advisor at OpenForum Europe. His background is as a free software / open source software policy and communications expert.
OFE is a not-for-profit, Brussels-based independent think tank which explains the merits of openness in computing to policy makers and communities across Europe. Originally launched in 2002 to accelerate and broaden the use of Open Source Software (OSS) among businesses, consumers and governments, OFE’s focus has since evolved to also cover issues related to Open standards, Cybersecurity, Digital Government, Public Procurement, Intellectual Property, Cloud Computing and Internet Policy. https://openforumeurope.org/
More in the OFE Series
We held three special briefings from OFE for the OpenChain community from May to June 2024.
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
Volvo Cars has announced an OpenChain ISO/IEC 5230:2020 conformant program.
“Volvo Cars is committed to a sustainable, meaningful approach to open source engagement,” says Mary Wang, Director of Open Source at Volvo Cars. “Our adoption of ISO/IEC 5230 for helping to manage open source license compliance is part of this strategy. We look forward for working with the OpenChain Project and community as we expand the scope of our program over time, and contribute knowledge and experience to our peers and suppliers.”
“We are delighted to welcome Volvo Cars to our community of conformance,” says Shane Coughlan, OpenChain General Manager. “We are also grateful for their choice to publicly announce this program, and allow us to add their logo alongside contemporaries such as Toyota on our website. The positive momentum in the automotive industry around using ISO standards for open source supply chain management serves as an inspiration to all industries, and is an example of how open source has become not only core to software development, but also aligns with professional, sustainable management practices.”
About Volvo Cars
Volvo Cars was founded in 1927. Today, it is one of the most well-known and respected car brands in the world with sales to customers in more than 100 countries. Volvo Cars is listed on the Nasdaq Stockholm exchange, where it is traded under the ticker “VOLCAR B”.
“For life. To give people the freedom to move in a personal, sustainable and safe way.” This purpose is reflected in Volvo Cars’ ambition to become a fully electric car maker by 2030 and in its commitment to an ongoing reduction of its carbon footprint, with the ambition to be a climate-neutral company by 2040.
As of December 2023, Volvo Cars employed approximately 43,400 full-time employees. Volvo Cars’ head office, product development, marketing and administration functions are mainly located in Gothenburg, Sweden. Volvo Cars’ production plants are located in Gothenburg, Ghent (Belgium), South Carolina (US), Chengdu, Daqing and Taizhou (China). The company also has R&D and design centres in Gothenburg and Shanghai (China).
On the 2nd of April, the OpenChain AI Study Group continued its monthly AI workshop series to deep dive into the topic of AI compliance. On this call we narrowed down the focus area with a concluding decision to refine the discussion by taking the content of ISO 5230 and seeing what level of overlap there is with AI supply chain compliance. You can check out the full recording for a precise recap.
On the 11th of April, the OpenChain AI Study Group held its new regular recap meeting for Europe / Asia participants. This is not intended to push forward “the state of the art” in the discussion, but rather ensure Asian participants sync with the North America / Europe discussion, and to provide a platform for further input ahead of the next monthly workshop.
The Slides from This Call
The Recording of This Call
Track This Work
You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
As the chairpersonship batten passes from Nathan to Andrew, Andrew lead a full assessment and discussion on next steps. A ton is happening, with the last year of work including updates to the reference training slides and supplier education leaflet pending release, the Telco SBOM Quality Guide now approved for final review and release as an official OpenChain resources, and new ideas on the table.
Check Out The Full Recording
Review The Slides
Be Part Of Next Steps
Join the Education Work Group mailing list to participate in the calls and async editing:
On the 2nd of April the OpenChain AI Study Group continued its monthly AI workshop series to deep dive into the topic of AI compliance in the supply chain with experts from Qualcomm and Arm, and a chance for all parties who dial-in to ask questions or share ideas. On this call we narrowed down the focus area with a concluding decision to refine the discussion by taking the content of ISO 5230 and seeing what level of overlap there is with AI supply chain compliance. This is being done to potentially develop a proposal to the Governing Board to:
Turn into a work group;
Write a reference guide on the topic to explain the identified shared areas of concern.
Track This Work
You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
emlix offers industrial-grade Linux for the digitalization and secure networking of devices, machines and plant throughout the entire product life cycle. For more than 20 years, they have been transferring system knowledge, innovations from the open source world and market knowledge into the products of more than 350 customers.
The OpenChain Project maintains two ISO/IEC standards designed to help optimize business process management around open-source software. One of the standards, ISO/IEC 5230:2020, focuses on how to establish and run a quality open-source license compliance program. Another of the standards, ISO/IEC 18974:2023, focuses on how to establish and run a quality open-source security assurance program. Taken together, these standards provide a reliable, efficient and effective way to manage the open-source supply chain.
This case study will highlight the use of ISO/IEC 5230:2020 by a company providing mission-critical services to enterprise clients around the world.
The Direction Taken
For BlackBerry’s particular use-case, OSS Consultants recommended a centralized solution that enabled a single process to serve the business. This allowed BlackBerry to utilize our expertise to further develop in-house OSPO capabilities, reduce their tooling spend, and provide better holistic coverage based on a single strategy that included a single set of standards and principles.
Key Lesson Learned
The ISO/IEC 5230 recertification process provided an excellent opportunity to assess lessons learned and consider these not only from the company perspective, but also with respect to larger supply chain optimization.
We held a special workshop in Shinagawa on March 18th focused on case studies about open source business process management in China. The main topic was how ISO 5230 and ISO 18974 are being used from upstream project to commercial ecosystem.
We used an operating system ecosystem called openEuler as the basis for our case studies. openEuler is an emerging operating system ecosystem in China with 36.8% of the server operating system market, 17,000+ developers and 500+ projects. It is hosted by the OpenAtom Foundation, and a healthy ecosystem of companies creating products exists around it. OpenChain ISO 5230 and OpenChain ISO 18974 are at the center of how business processes are managed in openEuler.
On the 6th of March the OpenChain AI Study Group held a special AI workshop instead of the regular AI call. It provided an opportunity to deep dive into the topic with experts from Qualcomm and Arm, and a chance to ask questions or share ideas. The idea was to fold in the ideas shared thus far and seek a single coherent narrative.
Please note, at the request of attendees, this meeting was held under Chatham House Rule, and therefore a recording is not being shared.
The Formal Agenda:
– Opening comments (Dave and Matthew) – AI Model supply chain issues (Brian) — Use cases in context of regulatory backdrop — Open vs. Proprietary — War stories — Roundtable – Dataset supply chain issues (Jeff) — Use cases and pragmatic practices — Open vs. Proprietary — War stories — Roundtable – Possible Solutions – how can OpenChain best provide value to the ecosystem (All) – Closing (Dave and Matthew)
The Outcomes
It was decided that following meetings would: – Work through key use cases — Start with LLM – text to text as a first hypothetical – Work through the Huggingface Model Card example — https://huggingface.co/templates/model-card-example — Initial focus will be on what can one should supply when delivering and what one wants to see when receiving
Track This Work
You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here: