Featured

The founders of AlektoMetis, Prof. Dr. Andreas Bärwald and Nicole Pappler have been closely connected to the OpenChain project for several years. After successfully creating and launching the OpenChain 3rd party certification during their time at the TÜV SÜD Group, they now continue to provide software centric consulting and assessment services with AlektoMetis.

“We are very happy to be a partner of the OpenChain project.” says Prof. Dr. Andreas Bärwald, CEO of AlektoMetis. “This will enable us to continue our longstanding successful partnership in our new professional home and to work with our customers and cooperation partners. Open Source related topics are of increasing importance for our customers. Considering that nowadays added value is implemented mainly by software, competence with respect to software becomes increasingly important to companies of all sizes and industries. Including open source licensed components allows companies to concentrate on the creation of value by their own intellectual property while relying on open source for standard tasks. This requires a suitable FOSS governance process in the companies. On the basis of OpenChain we can support our customers exactly here”.

“Building a trusted supply chain depends greatly on having trusted partners,” says Shane Coughlan, OpenChain General Manager. “We need to know that our fellow user companies have adopted or are adopting the key requirements of quality open source compliance programs. We need to know that there is reference material to help them in this process. Lastly, we need to know that there is strong support infrastructure to ensure they can get solid legal, professional and certification advice as needed. Nicole and Andreas have long had a substantial presence and contribution to the OpenChain Project on the latter point, and our new official partnership is another milestone in building out this international standard.”

“The OpenChain community is quite a welcoming and inspiring place and I’m really excited to be part of the OpenChain partner network, seeing it growing and looking for the time to come.” Says Nicole Pappler, AlektoMetis representative in the OpenChain project. “Both engineering, quality management and legal experts are working together to create guidance and clear criteria to enable the license compliant usage of and contribution to open source projects for every industry player, no matter what size and background. It will be my very pleasure to contribute to OpenChain to see the three pillars of OpenChain certification –  self certification, independent compliance assessment and 3rd party certification –  grow into a most useful policy in the supply and release chain.”

About AlektoMetis

AlektoMetis, founded in 2019, offers consulting and assessment services in the areas of functional safety, software quality and processes. The associated AlektoMetis Academy will offer extensive online and offline seminars starting in the second half of 2020. Nicole Pappler represents AlektoMetis in the open source working group of the German IT industry association Bitkom, where she is a member of the board. Furthermore AlektoMetis supports the German working group of the OpenChain project.

AlektoMetis is a brand of
PAPPSTARpromotion GmbH         
Nürnberger Str. 2
91717 Wassertrüdingen
Germany
www.PAPPSTARpromotion.de / 
www.AlektoMetis.com 

Mieux vaut prévenir que guérir

The OpenChain Specification 2.0, the latest version of our industry standard for open source compliance, is now available in French. This official translation provides a reference to assist with understanding and engagement throughout companies.

OpenChain 2.0 is the latest version of our standard and it is functionally identical the the forthcoming ISO standard. This means that any company that conforms with OpenChain 2.0 will also be conformant with the ISO standard on release.

Big Thanks To Our Local Contributors

• Tristan FAURE
• Bruno GRASSET
• Benjamin JEAN
• Laurent JOUBERT
• Lionel LOUBET
• Camille MOULIN
• Harmonie VO VIET ANH

Special thanks to Camille, Tristan and Benjamin for finalizing this version.

Get the OpenChain Specification 2.0 in French

• https://github.com/OpenChain-Project/Specification/raw/master/Community/fr/2.0/OpenChain-2.0-Translation-FR.pdf

Join Our Translation Effort on GitHub

• https://github.com/OpenChain-Project/Specification/tree/master/Community/fr

Get this guide and many more documents in the OpenChain Reference Library: https://github.com/OpenChain-Project/Reference-Material

The OpenChain Project Korea Work Group held its fifth meeting remotely on the 17th of March. A recording of Shane Coughlan’s opening speech is now available in English. While our project faces blanket disruptions to physical meetings, our community is using mailing lists, telephone conferences and other online collaboration tools to ensure we keep up momentum. Great thanks are due to everyone who is leading this effort!

Keep Up With The Korean Work Group

• https://openchain-project.github.io/OpenChain-KWG

Join The Korean Mailing List

• https://lists.openchainproject.org/g/korea-wg

The OpenChain Project is delighted to highlight that Yoma Bank is the latest organization to have a publicly announced OpenChain conformant program. Yoma Bank joins many other companies from a diverse range of market sectors collaborating to make open source compliance faster, more effective and more efficient.

Founded in 1993, Yoma Bank is Myanmar’s most progressive domestic bank. It offers savings products, a wide range of loans and business solutions to individuals, SMEs and local corporate clients to fund their business operations in Myanmar.  With over 25 years of being responsible bank, Yoma Bank has been consistently making significant investments in strategic priorities- people, technology and corporate governance. Yoma Bank stands in the top 5 banks in Myanmar by assets with 3000+ employees and 80+ branches across the country. 

“Yoma Bank is a natural fit for OpenChain conformance,” says Shane Coughlan, OpenChain General Manager. “Their commitment to quality, to ethical banking, and to innovation will be familiar to every company working in the open source community. We look forward to using this opportunity to build out more relationships in Myanmar and beyond.”

More About Yoma Bank

Yoma Bank strives to fulfill its mission to “Build a better Myanmar for its people” financing the needs of Myanmar families and businesses. All the operations led by the Bank are centered around its core values such as Customer, Integrity, Respect, Teamwork and Innovation. Yoma Bank has also established strong partnership with both local and international organisations leveraging strategic advantages in its services. For more information, please visit www.yomabank.com.

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable, and efficient for participants of the software supply chain.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

###

Linux is a registered trademark of Linus Torvalds.

All other trademarks belong to their respective owners.

The OpenChain Project is delighted to highlight that Yoma Bank is the latest organization to have a publicly announced OpenChain conformant program. Yoma Bank joins many other companies from a diverse range of market sectors collaborating to make open source compliance faster, more effective and more efficient.

Founded in 1993, Yoma Bank is Myanmar’s most progressive domestic bank. It offers savings products, a wide range of loans and business solutions to individuals, SMEs and local corporate clients to fund their business operations in Myanmar.  With over 25 years of being responsible bank, Yoma Bank has been consistently making significant investments in strategic priorities- people, technology and corporate governance. Yoma Bank stands in the top 5 banks in Myanmar by assets with 3000+ employees and 80+ branches across the country. 

“Yoma Bank is a natural fit for OpenChain conformance,” says Shane Coughlan, OpenChain General Manager. “Their commitment to quality, to ethical banking, and to innovation will be familiar to every company working in the open source community. We look forward to using this opportunity to build out more relationships in Myanmar and beyond.”

More About Yoma Bank

Yoma Bank strives to fulfill its mission to “Build a better Myanmar for its people” financing the needs of Myanmar families and businesses. All the operations led by the Bank are centered around its core values such as Customer, Integrity, Respect, Teamwork and Innovation. Yoma Bank has also established strong partnership with both local and international organisations leveraging strategic advantages in its services. For more information, please visit www.yomabank.com.

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable, and efficient for participants of the software supply chain.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

###

Linux is a registered trademark of Linus Torvalds.

All other trademarks belong to their respective owners.

Taipei, Taiwan, Feb 18, 2020—The OpenChain Project, an initiative by the Linux’s Foundation to streamline open source compliance, announced today that Moxa Inc. has joined as a Platinum member. As a leading provider of industrial edge-to-cloud connectivity and computing solutions for Industrial Internet of Things (IIoT) environments, Moxa has demonstrated its continuous commitment to open source compliance to enable advanced industrial networking and communications applications for the IIoT world.

The OpenChain Project aims to build trust in open source by making open source license compliance simpler and more consistent across supplies chains. The OpenChain Specification defines inflection points in business workflows where a compliance process, policy, or training should exist to minimize the potential for errors and maximize the efficiency of bringing solutions to the market. The OpenChain Specification is being prepared for submission to ISO and evolve from a de facto standard into a formal standard.

“Moxa is thrilled to join the OpenChain Project to demonstrate our commitment in supporting open source compliance standard,” said Andy Cheng, President of Strategic Business Unit at Moxa. “Moxa has been a strong supporter of the Linux Foundation for some of its important projects such as Civil Infrastructure Project (CIP) for long-term support Linux distribution. We are now looking forward to working closely with the OpenChain community for industry standards of open source compliance.”

As a Platinum member, Moxa will be the first Taiwan-based company to join the OpenChain’s board, expanding the project’s reach across multiple industries. An array of industry-leading companies have already joined the Platinum membership program, including Arm Holdings, Bosch, Cisco, Comcast, Facebook, Fujitsu, Google, Harman International, Hitachi, Microsoft, Panasonic, Qualcomm, Siemens, Sony, Toshiba, Toyota, Uber, and Western Digital.

“We have been working with Moxa for a considerable period of time as Moxa has actively participated in OpenChain community during its key growth phase over the last two years,” said Shane Coughlan, OpenChain General Manager. “Our announcement today underlines the commitment on all our parts to further deepening collaboration and understanding. When we have a great opportunity in 2020 to build incredible bridges across the Mandarin-speaking world to ensure great open source compliance, I believe Moxa is a critical, timely partner to help us accomplish this goal.”

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable, and efficient for participants of the software supply chain.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

About Moxa

Moxa is a leading provider of edge connectivity, industrial computing, and network infrastructure solutions for enabling connectivity for the Industrial Internet of Things. With over 30 years of industry experience, Moxa has connected more than 65 million devices worldwide and has a distribution and service network that reaches customers in more than 80 countries. Moxa delivers lasting business value by empowering industry with reliable networks and sincere service for industrial communications infrastructures. Information about Moxa’s solutions is available at www.moxa.com.

###

Linux is a registered trademark of Linus Torvalds.

The Moxa logo is a registered trademark of Moxa Inc. All other trademarks mentioned in this document are the property of their respective owners.

This case study unpacks how the open source team at Arm used the OpenChain industry standard to simplify and speed their compliance process.

It includes detailed information on the approach selected, the timescales used, and the outcomes reached. It will be useful for any company currently considering or undergoing OpenChain self-certification, compliance assessment or third-party certification.

Review the Case Study

OpenChain Conformance: Arm Case Study from Shane Coughlan

Download the Case Study

• https://github.com/OpenChain-Project/Reference-Material/blob/master/Case-Studies/Community/Arm-OpenChain-Conformance.pdf

Thanks to the hard work of Denis Dorotenko at Yandex (https://dorotenko.pro/english/) the OpenChain Specification 2.0 has a draft translation in Russian. This will be converted to an official translation once it completes peer review.

Get the Draft OpenChain Specification 2.0 in Russian

• https://github.com/OpenChain-Project/Specification-Translations/raw/master/ru/2.0/OpenChainSpec-2.0.TranslationTemplate(ru)%20edited%202020-02-11%20clean.docx

Contribute to New Versions

• Via the main project mailing list:
  main@lists.openchainproject.org
• Via Github:
  https://github.com/OpenChain-Project/Specification-Translations/tree/master/ru

Get these guides and many more documents in the OpenChain Reference Library.

1. News
Oliver gave an overview about “what happened since last meeting”:
On 6th of Feb there was the kick off meeting of the OpenChain German Work Group. More than 35 persons attended the meeting. Main results were:
             1. the work group agreed on working on a guideline and layout of an OSS disclosure document
             2. the work group will work on translations of the existing material, there is already work in progress. Please see https://github.com/OCSpecGermanTranslation/OpenChain-SuppierLeaflet-GermanTranslation/tree/master/supplier-leaflet/de
             3. the work group has a “rolling chair” model – i.e. the host of the particular meeting is automatically the chair of the work group

Oliver started working on a charter, contribution guideline, code of conduct and updated the README of our project. The current state of work can be analyzed, improved, commented etc. in the branch https://github.com/Open-Source-Compliance/Sharing-creates-value/tree/onboarding-new-persons

Please follow the link, read the documents and please provide comments and improvements. The branch is called onboarding-new-persons

Sami suggested to add a “code example” what we expect in the context of reuse conformant contributions. Further he suggested to add a phrase like “other licenses of already existing code.
Sami volunteered to let our logo to be checked whether our logo is fine from a trademark point of view

2. Summary of the Unconference about OSS tooling in Brussels
Michael gave an overview about the unconference on OSS compliance tooling which took place on 31st of January in Brussels. Material and photos are available in our repo, please check https://github.com/Open-Source-Compliance/Sharing-creates-value/tree/master/Tooling-Landscape/Meeting-Material/Meeting-20200131

2.1. Code matching
One result of the code matching session was that there need to be a definition what is exactly to be understood by code matching. Some see code matching as the task “I have a binary package and need to find the corresponding source”. Others see it “I want to check source code whether it contains source code originating for 3rd parties.

2.2. sw360
This session centered around using and installing sw360.

2.3. Container Scanning
All attendees agreed that license compliance is a problem. The attendees agreed to start working on guidelines and best practices for container handling and container license compliance.

2.4. Big Picture
Please have a look at the slides.

2.5. Glue Code
Please have a look at the slides.

2.6. Requirements
Please have a look at the slides.

3. What approaches are existing for license compliant containers
We were not able to discuss the topic “3. What approaches are existing for license compliant containers” and decided to dedicate the next meeting entirely to container compliance

4. Next Meeting
26th of Feb 2020
Agenda: What approaches are existing for license compliant containers

Keep Up-To-Date and Participate

• https://groups.io/g/oss-based-compliance-tooling

The 5th meeting of the OpenChain Korean Work Group will be hosted by Kakao in Seoul. A big thank you to Violet from Kakao and all our work group members.

1. Organizer : Kakao (Contact : Violet – violet.blue@kakaocorp.com )
2. Venue: Kakao Pangyo Office (7F, N-dong, 235 Pangyo Station-ro, Bundang-gu, Seongnam-si, Gyeonggi-do)
3. Date: March 19, 2020

Agenda

No	Agenda	Speaker	Slide
1	OpenChain Update	Shane Coughlan, Linux Foundation
2	카카오 오픈소스 검증 시스템 Olive 소개	카카오 황은경
3	오픈소스 기여자 만들기, 참 쉽죠?	라인 이서연	https://www.soscon.net/content/data/session/Day%201_1630_1.pdf
4	업데이트 중

More Information on the Korea Mailing List

• https://lists.openchainproject.org/g/korea-wg