Featured

China Industrial Control Systems Cyber Emergency Response Team (CIC) is the latest official OpenChain Partner. They will help companies in China with process development and compliance scanning activities.

“China Industrial Control Systems Cyber Emergency Response Team ( CIC ) is delighted to become an official partner of the OpenChain Project,” said Huang Yunhua, deputy director of the CIC’s Institute of Intellectual Property. “OpenChain ISO/IEC 5230 stipulates key requirements for a high-quality open source license compliance program, which can effectively improve the level of open source supply chain security governance services. We will actively promote the application of OpenChain standards in the field of industrial and information safety, provide services for the domestic open source ecology and related enterprises, and build a more reliable open source software supply chain.”

“The OpenChain Project welcomes CIC to the official partner community today,” says Shane Coughlan, OpenChain General Manager. “This is an important development in strengthening the provision of ISO 5230 and ISO 18974 services in the Chinese market, and it is also an important development in terms of building event more bridges between China and other parts of the global supply chain. As a leader in the open source market, China and Chinese companies are critical to good governance in what we do. Our next steps together will help make open source more effective and more valuable for everyone involved.”

Visit Their Website

• https://www.cics-cert.org.cn/

TOKYO, Japan, December 07, 2023 – Honda, a global leader in the manufacturing of automobiles, motorcycles, and power equipment, today announces an OpenChain ISO/IEC 5230 conformant program. Joining other leaders in the domain of open source software, Honda continues to drive long-term, sustainable innovation around the next generation of technologies.

“Honda has a remarkable position as the world’s largest motorcycle manufacturer and the world’s largest manufacturer of internal combustion engines,” says Shane Coughlan, OpenChain General Manager. “Perhaps most notably, they have a remarkable position as a leader in innovation that helps to empower people around mobility. Open source is a key part of the future of this industry, and with today’s announcement of an OpenChain ISO/IEC 5230 program, Honda underlines its position as a thought leader in this domain. A trusted supply chain is critical, and we are fortunate to have companies like Honda driving lasting change.”

About Honda

Honda is a mobility company powered by everyone’s dreams, creating mobility that helps and inspires people, in a wide range of fields such including motorcycles, automobiles, power products and aircraft.

About the OpenChain Project

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs

About The Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

KakaoBank, a South Korean mobile-only internet bank and financial technology company, has announced the adoption of OpenChain ISO/IEC 18974 in their open source security assurance program. Founded in 2016, KakaoBank is one of the leading financial technology companies in the region. 

KakaoBank has long been an active contributor to the open source community. In collaboration with other South Korea companies, KakaoBank has continually sought to make sure practical, efficient value is obtained from the potential of open source platform technologies. Their adoption of OpenChain ISO/IEC 5230, the international standard for open source license compliance, in 2022 was an early indicator of this. The announcement of ISO/IEC 18974 adoption today underlines that commitment.

“The open source team at KakaoBank has taken great strides in demonstrating the effective management of open source for large, agile and rapidly growing business sectors,” says Shane Coughlan, OpenChain General Manager. “The financial sector provides unique challenges in both being an environment of heavy regulation and caution, and a space where rapid digital innovation is taking place. Open source provides an obvious way to ensure new platforms and technologies can be turned into great new services, and the OpenChain standards for license compliance and security assurance provide a way to manage things in a predictable, reliable manner. We are delighted to work with the visionary team at KakaoBank and we look forward to collaborating further on the development of a more trusted supply chain.” 

Korea Telecom (KT), South Korea’s largest telecommunications operator, has announced an OpenChain ISO/IEC 5230 Conformant Program. With 50,000 employees group-wide, KT has a long history in open source engagement, and has operated a dedicated team for its management since 2012. 

KT operates a significant amount of automation for open source process management, and has pioneered solutions like K-COMPASS for open source project registration, review, verification and usage. It maintains courses in its own training system call Genius to help ensure new employees and developers understand their role in promoting excellence around open source.

KT’s decision to adopt ISO/IEC 5230 was based on a strategic interest in aligning with international standards for managing the supply chain. In a year-long process adjustment, the open source team ensured that all operational activities were not disrupted, but all aspects of the KT open source program matched the requirements outlined in the International Standard for open source license compliance.

“Today’s announcement marks an important milestone not only for the Korean supply chain but also the global management of open source in the telecommunications industry,” says Shane Coughlan, OpenChain General Manager. “With companies like Ericsson and Nokia chairing the OpenChain Board and our Telco Work Group respectively, it has long been clear that our approach to standardization resonates in this market vertical. However, major conformance announcements like this as a clear lighthouse indicating the path to the future of the supply chain. I want to commend the team involved, and also to thank them for far more than announced today. KT has been part of the OpenChain community for a while, and hosted one of our workgroups in 2019 at their KT DS Seoul headquarters. They have a clear understanding of how this community works, and how it drives business value through collaboration.”

We had a super busy call focused on editing update proposals for our core specifications (licensing and security) and editing new proposals for potential future specifications (contribution and SBOM quality). Full recording below.

On OpenChain ISO/IEC 5230 (licensing) we closed this issue:

• https://github.com/OpenChain-Project/License-Compliance-Specification/issues/58

On OpenChain ISO/IEC DIS 18974 (security) we closed this issue:

• https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/17

For harmonization between ISO/IEC 5230 and ISO/IEC DIS 18974 we closed this issue:

• https://github.com/OpenChain-Project/License-Compliance-Specification/issues/68

On the proposal for a contribution specification we addressed this issue:

• https://github.com/OpenChain-Project/Contribution-Process-Specification/issues/16

Check out the slides from the call for all the relevant links:

• https://github.com/OpenChain-Project/Meeting-Minutes/blob/main/Slides/OpenChain-Monthly-Meeting-2023-10-17.pptx

A special project by the OpenChain UK Work Group

The OpenChain UK Work Group has been busy preparing a series of videos to talk about OpenChain. The videos are being released through November and you can get a sample below.

Amazing work all! Special credit to Martin Yagi for pulling this together.

A Sample of the Videos Hosted on LinkedIn

• Are you ready to dive deep into Open Source License compliance? 
• An introduction to OpenChain
• Quiz: The creation and management of a software bill of materials (SBOM)

You can follow the full series at the OpenChain UK LinkedIn page:

• https://www.linkedin.com/company/openchainuk/

Bobble AI has submitted an OpenChain self-certification notification via the OpenChain Website.

Founded by a dynamic duo of brothers, Bobble AI is the world’s first Conversation Media Platform. Bobble.ai is on the mission of enriching everyday conversations by empowering expressions for users with a suite of Keyboard applications.

Welcome to the community of conformance!