Featured

The OpenChain Project collaborated with OpenForum Europe (OFE) on a three-part series of webinars covering European policy matters that impact open source, business processes and risk management. These webinars took place between May and June 2024, and are intended to provide a simple, clear and unbiased look at the impact recent European Union policy will have on companies in the open source supply chain.

Our Speaker is Ciarán O’Riordan, Senior Policy Advisor at OFE. His background is as a free software / open source software policy and communications expert.

The EU Cyber Resilience Act

More Details

“The proposal for a regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, bolsters cybersecurity rules to ensure more secure hardware and software products. Hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of €5.5 trillion by 2021.”
https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act

The EU AI Act

More Details

“The AI Act is the first-ever legal framework on AI, which addresses the risks of AI and positions Europe to play a leading role globally. The AI Act aims to provide AI developers and deployers with clear requirements and obligations regarding specific uses of AI. At the same time, the regulation seeks to reduce administrative and financial burdens for business, in particular small and medium-sized enterprises (SMEs).” 
https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai

The EU Product Liability Directive

More Details

“European Union reached provisional (political) agreement on the text for the proposed revision of the EU’s Product Liability Directive 85/374/EEC (PLD). The PLD establishes a strict liability (i.e., no fault) regime to enable claimants to seek compensation for defective products across the EU, meaning claimants do not need to establish fault to claim successfully. As a result, it is the preferred way of making product liability claims in the EU. The revision is a significant development, as the PLD dates back to 1985 and has been virtually unchanged for nearly 40 years – with only very minor amendments in 1999.”
https://products.cooley.com/2023/12/21/new-product-liability-laws-one-step-closer-in-europe/

About OpenForum Europe (OFE), Our Partners in this Series

OFE is a not-for-profit, Brussels-based independent think tank which explains the merits of openness in computing to policy makers and communities across Europe. Originally launched in 2002 to accelerate and broaden the use of Open Source Software (OSS) among businesses, consumers and governments, OFE’s focus has since evolved to also cover issues related to Open standards, Cybersecurity, Digital Government, Public Procurement, Intellectual Property, Cloud Computing and Internet Policy.
https://openforumeurope.org/

More About Our Webinar Series

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

• https://www.openchainproject.org/webinars

Today at the launch event for openEuler 24.03 LTS it was announced that openEuler has adopted OpenChain ISO/IEC 18974, the international standard for open source security assurance. This announcement from the OpenAtom Foundation and the openEuler community builds on previous collaboration with the OpenChain Project and peers in the technology industry to promote effective, efficient supply chain management. The OpenChain Project, part of The Linux Foundation ecosystem, builds ISO standards, creates reference material for their adoption, and facilitates a diverse global community of organizations collaborating to improve open source process management.

“It’s a proud moment to announce the release of openEuler 24.03 LTS. This journey has been all about building a secure, compliant, and sustainable operating system community,” says Xiong Wei, Executive Director of openEuler. “Achieving ISO 18974 self-certification from OpenChain Project is a testament to our unwavering commitment to security and excellence. This certification recognizes our top-tier standards in development processes, software supply chain, risk assessment, management, and developer security capabilities. This milestone is not just a badge; it’s a reflection of the hard work, dedication, and collaboration within our community. I want to extend my heartfelt thanks to everyone involved in this journey. Your efforts have made this achievement possible.”

“openEuler’s adoption of OpenChain ISO/IEC 18974 is a significant milestone for the professionalization of open source software,” says Shane Coughlan, OpenChain General Manager. “The OpenChain standards are designed to support process management across organizations or communities of any scale, and the growing community of conformance around ISO 5230 for license compliance and ISO 18974 for security assurance validates that model. We are delighted to work closely with our partners in openEuler in building a more professional, sustainable and accountable supply chain.”

OpenAtom and openEuler have also released a case study explaining the benefit and impact of OpenChain ISO/IEC 18974 adoption.

---

About the openEuler Project

openEuler is an open source, free Linux distribution platform. The platform provides an open community for global developers to build an open, diversified, and architecture-inclusive software ecosystem. 

About the OpenAtom Foundation

The OpenAtom Foundation is a non-profit organization dedicated to promoting the development of the global open source community. It was founded in Beijing in June 2020.

The OpenAtom Foundation is committed to being a developer-oriented open source project incubation platform as well as a technology public welfare service organization. It follows the principles of co-construction, co-governance, and sharing, systematically builds an open and collaborative framework, establishes an international open source community, facilitates industry collaboration, and empowers various industries.

About the OpenChain Project

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs

About The Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

We are delighted to announce a new case study from OpenAtom and openEuler explaining the benefit and impact of OpenChain ISO/IEC 18974 adoption.

Read the Case Study on SlideShare

Download from the OpenChain Reference Library

• https://github.com/OpenChain-Project/Reference-Material/blob/master/Case-Studies/openEuler-Case-Study-ISO-18974-Conformance.pdf

---

This case study has been published alongside the formal announcement that openEuler has adopted OpenChain ISO/IEC 18974, the international standard for open source security assurance at the openEuler 24.3 LTS launch event.

---

“It’s a proud moment to announce the release of openEuler 24.03 LTS. This journey has been all about building a secure, compliant, and sustainable operating system community,” says Xiong Wei, Executive Director of openEuler. “Achieving ISO 18974 self-certification from OpenChain Project is a testament to our unwavering commitment to security and excellence. This certification recognizes our top-tier standards in development processes, software supply chain, risk assessment, management, and developer security capabilities. This milestone is not just a badge; it’s a reflection of the hard work, dedication, and collaboration within our community. I want to extend my heartfelt thanks to everyone involved in this journey. Your efforts have made this achievement possible.”

“openEuler’s adoption of OpenChain ISO/IEC 18974 is a significant milestone for the professionalization of open source software,” says Shane Coughlan, OpenChain General Manager. “The OpenChain standards are designed to support process management across organizations or communities of any scale, and the growing community of conformance around ISO 5230 for license compliance and ISO 18974 for security assurance validates that model. We are delighted to work closely with our partners in openEuler in building a more professional, sustainable and accountable supply chain.”

About the openEuler Project

openEuler is an open source, free Linux distribution platform. The platform provides an open community for global developers to build an open, diversified, and architecture-inclusive software ecosystem. 

About the OpenAtom Foundation

The OpenAtom Foundation is a non-profit organization dedicated to promoting the development of the global open source community. It was founded in Beijing in June 2020.

The OpenAtom Foundation is committed to being a developer-oriented open source project incubation platform as well as a technology public welfare service organization. It follows the principles of co-construction, co-governance, and sharing, systematically builds an open and collaborative framework, establishes an international open source community, facilitates industry collaboration, and empowers various industries.

About the OpenChain Project

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs

About The Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Socionext, a semiconductor and System on a Chip (SOC) company based in
Japan, has completed recertification of OpenChain ISO/IEC 5230:2020 as per
the 18 month cycle required by the specification. This recertification process
helps to review processes and ensure they are current.

“The adoption of OpenChain standards is one important step in managing the
supply chain,” says Shane Coughlan, OpenChain General Manager. “However,
periodic recertification is another critical building block in creating trust. As
companies evolve and markets change, the best companies adapt against clear,
unambiguous measures like OpenChain ISO/IEC 5230:2020, the International
Standard for open source license compliance.”

The OpenChain AI Study Group held its regular monthly workshop on the 7th of May. This workshop covered a lot of ground, including new contributions from participants like Fujitsu, and an overview of the latest new about the OSI Open Source AI Definition from their Executive Director.

Track This Work

You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:

• https://lists.openchainproject.org/g/ai

Attend Future Meetings

You can find and get the dial-in details for all future AI Study Group meetings from our participate page here:

• https://www.openchainproject.org/participate

The OpenChain Specification Work Group held its regular monthly call on the 7th of May. You can review the full recording below.

We were working on the draft next generation security assurance specification:
https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security-Assurance-Specification/2.0/en/openchain-security-specification-2.0.md
and
The draft next generation licensing compliance specification:
https://github.com/OpenChain-Project/License-Compliance-Specification/blob/master/3.0/en/openchain-license-compliance-3.0.md

For security we were coming to a conclusion on this issue:

[Improvement] Expand definitions section for (1) Secure Software Development to include Secure Programming Techniques and (2) Security Testing to include Static and Dynamic #36
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/36

And for licensing we were coming to a conclusion on this issue:

Verification Material For Training – next iteration #38
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/38

Both issue are read to close pending any objections, and therefore there is a two-week period – before the forthcoming North America / Asia call – to review and add any notes.

We also opened one new issue for review in future calls:

[Improvement] Review Cycle Potentially Needs Adjustment #71
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/71

Join Our Work

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

May is coming fast, and ahead of that it is time to catch up on the recording of the most recent North America / Asia call, where we edited proposed next generation versions of our licensing and security specifications.

We covered two open GitHub issues on this call:

Security Assurance Review:
– Expand definitions section for (1) Secure Software Development to include Secure Programming Techniques and (2) Security Testing to include Static and Dynamic 
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/36

License Compliance Review:
– Verification Material For Training – next iteration
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/38

Check out the full recording here:

Be part of this:

You can join our calls (and our mailing lists) by following the instructions on our “Participate” page: https://openchainproject.org/participate

---

Volvo Cars has announced an OpenChain ISO/IEC 5230:2020 conformant program.

“Volvo Cars is committed to a sustainable, meaningful approach to open source engagement,” says Mary Wang, Director of Open Source at Volvo Cars. “Our adoption of ISO/IEC 5230 for helping to manage open source license compliance is part of this strategy. We look forward for working with the OpenChain Project and community as we expand the scope of our program over time, and contribute knowledge and experience to our peers and suppliers.”

“We are delighted to welcome Volvo Cars to our community of conformance,” says Shane Coughlan, OpenChain General Manager. “We are also grateful for their choice to publicly announce this program, and allow us to add their logo alongside contemporaries such as Toyota on our website. The positive momentum in the automotive industry around using ISO standards for open source supply chain management serves as an inspiration to all industries, and is an example of how open source has become not only core to software development, but also aligns with professional, sustainable management practices.”

About Volvo Cars

Volvo Cars was founded in 1927. Today, it is one of the most well-known and respected car brands in the world with sales to customers in more than 100 countries. Volvo Cars is listed on the Nasdaq Stockholm exchange, where it is traded under the ticker “VOLCAR B”. 

“For life. To give people the freedom to move in a personal, sustainable and safe way.” This purpose is reflected in Volvo Cars’ ambition to become a fully electric car maker by 2030 and in its commitment to an ongoing reduction of its carbon footprint, with the ambition to be a climate-neutral company by 2040. 

As of December 2023, Volvo Cars employed approximately 43,400 full-time employees. Volvo Cars’ head office, product development, marketing and administration functions are mainly located in Gothenburg, Sweden. Volvo Cars’ production plants are located in Gothenburg, Ghent (Belgium), South Carolina (US), Chengdu, Daqing and Taizhou (China). The company also has R&D and design centres in Gothenburg and Shanghai (China). 

Learn More About Volvo Cars

• https://www.volvocars.com