The OpenChain Korea Work Group will hold its 8th meeting on December 2nd. The event will run from 14:00 to 16:00 Korea time. Everybody is welcome to join. Dial in details below.
Agenda
No
Agenda
Speaker
Slide
1
OpenChain Update
Shane Coughlan, Linux Foundation
–
2
현대자동차 오픈소스 거버넌스 체계 구축
현대자동차 백송하
–
3
SCA(Software Composition Analysis) Market 동향
카카오 황민호(Robin)
–
4
Olive 전격 공개
카카오 황민호(Robin)
–
5
Case Study
All
–
5
OpenChain KWG Update
SK텔레콤 장학성
–
6
Free Discussion
All
–
Case Study
주제 : 오픈소스 컴플라이언스 / 보안취약점 점검 대상 분류
폰트에 대해서도 오픈소스 컴플라이언스 활동을 수행하는지? (예: Open Font)
회사가 사내 직원용 모바일 앱(안드로이드, iOS)을 배포하는지? 그렇다면 이에 대해서도 오픈소스 컴플라이언스 활동을 수행하는지?
오픈소스 보안취약점 점검 대상은 어떻게 분류하는지? 배포하는 소프트웨어 뿐만 아니라, 인프라 용, 서버 용으로 사용 중인 소프트웨어에 대해서도 점검 대상으로 포함시키는지?
The OpenChain Project hosted a special three hour mini-summit to explain the three options for compliance to the International Standard for open source compliance. Learn about self-certification, independent assessment and third-party certification from the experts in each area.
Part 1 – Self-Certification (1 hour session)
The core of the International Standard for open source license compliance is self-certification. This is a process where a company reviews the requirements of the standard and checks whether their current processes match these requirements. If necessary, a company can make adjustments to processes. Self-certification can be accomplished in several ways. The most common are:
Part 2 – Independent Compliance Assessment (1 hour session)
Companies often want assistance in adopting an International Standard. One common form is Independent Assessment, where a knowledgable service provider reviews a company’s processes and provides objective feedback on where adjustments or improvements may be necessary. The OpenChain International Standard for open source compliance has a process called “Independent Compliance Assessment” that is provided by trusted partners of the project. These partners may be law firms or service vendors. Two of our existing partners, Source Code Control (UK) and AlektoMetis (Germany), hosted a session explaining this approach and their respective service offerings.
Part 3 – Third-Party Certification (1 hour session)
In some markets third-party certification is an important part of inter-company relationships. Examples are automotive, infrastructure and aviation, where strict regulation and regular audits are well-served by formal certification by third-parties. The OpenChain International Standard for open source compliance approaches third-party certification in the same way as other International Standards. Two of our existing partners, PwC (Germany) and Orcro (UK), hosted a session explaining this approach and their respective service offerings.
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
The OpenChain India Work Group held its third meeting on the 30th of October 2020. Check out the full recording and join our future activity via our dedicated mailing list.
Balakrishna @ Bosch led the revival of the OpenChain Education Work Group with two meetings exploring the creation of online training for the International Standard for open source license compliance. Catch up and contribute via these recordings and by subscribing to our list.
Join Our Education Mailing List and Help Make This Happen
ITAM Channel, part of the ITAMOrg international membership organization for ITAM Professionals, is hosting a webinar covering OpenChain on the 12th of November.
In this webinar you will hear about how open source is used in the supply chain, the risks associated with open source and strategies to manage this. We will also discuss the latest standards such as the new ISO standard being published from the OpenChain Project with support from many of the larger vendors incl. Arm, Microsoft, Google and Qualcomm.
Event speakers are Martin Callinan of Source Code Control and Shane Coughlan, General Manager at OpenChain
On October 28th at 19:30 GMT Shane Coughlan spoke at Open Source Summit Europe 2020. His talk explored the process of building and deploying the first Linux Foundation ISO standard in fourteen years in collaboration with the Joint Development Foundation. It explained why the evolution from de facto industry standard to formal standardization was important for open source compliance in the context of areas like sales, procurement and M&A.
DLA Piper will be holding their next OSS In-house Counsel Discussion from 5 pm to 6:30 pm PST on November 11, 2020.
The legal issues in open source software are becoming more complex, with new considerations arising rapidly. This event will provide a venue managed by and for in-house counsel where they can discuss open source legal issues under the Chatham House Rule.
It will host the following discussions
1. Open Source Software Compliance in Containers by Scott Peterson of Redhat, Inc.
2. OpenChain as an ISO Standard by Shane Coughlan of the Linux Foundation
There will also be the usual summary of selected recent issues by Mark Radcliffe and Chris Stevenson of DLA Piper.
The OpenChain Project has a global community of organizations working together to make open source compliance faster, easier and more effective. We have local work teams in China, Japan, Korea, Taiwan, India and Germany, as well as international work teams covering automotive, reference tooling and education.
With physical meetings on pause due to COVID-19 we are providing enhanced support for remote meetings to our work teams, to organizations and to people who want to make use of remote conferencing. Our Zoom room provides you with video chat for up to 100 people, screen sharing and other features to run meetings, webinars and round tables. There is no cost and there are no restrictions to use as long as the topic is open source compliance.
You can book a meeting at the link below. Each meeting slot is 30 minutes. Priority is for OpenChain meetings, so other compliance discussion bookings may be adjusted if there is overlap. We do not envision this happening often.
Please note: the organizer or host should schedule a meeting on our system and then invite their attendees separately. Our booking system is just for letting organizers know which slots are available. All meetings have video and audio recorded by our system for potential later review.
The annual Open Source Summit Japan + Automotive Linux Summit will be held virtually December 2-4 on the Japan Standard Time Zone (UTC+09:00).
On December 4th at 9:40 Shane Coughlan (OpenChain, General Manager) will give a keynote on how OpenChain became the ISO/IEC International Standard for open source compliance.
This is the first formal International Standard to emerge from Linux Foundation in 14 years and the first International Standard fostered by the Joint Development Foundation. However, as the keynote will explain, it is far from the last.
inwinSTACK, a Taiwan-based provider of private, public and hybrid cloud technology, is the latest organization to announce an OpenChain conformant program. inwinSTACK has been contributing in open source community, providing services/products with open source software. Participating in workgroups of Linux Foundation among AI, Edge and Hyperledger. “OpenChain Conformance also present our commitment to open source compliance”, says Joeseph Wang, Sales VP, InwinSTACK Technologies Inc. “Licensing compliance give indemnification for our customers free from intellectual property lawsuit. We have enforced OpenChain Conformance throughout in internal CI/CD process. Also planning to pass ISO/IEC DIS 5203 in the future. Our long term policy will keep devoting in open source communities”
“We are delighted to welcome inwinSTACK to our community of conformance for several reasons,” says Shane Coughlan, OpenChain General Manager. “Their position as a cloud provider helps to underscore the utility of OpenChain in this space, where our International Standard for open source compliance has a positive impact on resource use, time to market, and effective intellection property management. Secondly, it is great to welcome another company based in Taiwan to our community, underlining our vibrant, growing local community. We look forward to working with inwinSTACK and many of their peers in the coming years.”
