Featured

The next OpenChain Webinar will feature a FOSDEM recap by Philippe Ombredanne of NexB for everyone who did not attend the event in Belgium at the start of 2023. The webinar will take place between 10:00 and 11:00 UTC (11:00 CET – 12:00 CET) on the 6th of March 2023.

We will use the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

This call is open to every individual and company regardless of their membership of Linux Foundation or the OpenChain Project.

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

Compare timezones:
https://www.worldtimebuddy.com

Join via one tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number:
https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

The OpenChain Reference Library has been significantly updated to improve navigation. This is an administrative item that was pending for a while. Its completion should make it possible (and easy!) for anyone to access our library and find material. It should also make it a lot easier for our Education Work Group to assess and improve or expand existing material.

Access The Repository

• https://github.com/OpenChain-Project/Reference-Material

The New Structure

• Adoption-Case-Studies
• Adoption-Preparation
• Education-For-Internal-Teams
• Education-For-Suppliers
• General-Compliance-Support-Material
• General-Tooling-Support-Material
• Getting-Started
• Official-Project-FAQ
• Official-Project-Templates
• Self-Certification
• Training-Courses

Some Notes

This new structure is designed to overcome discoverability issues with the previous repository and to make it easier for continual improvement both of individual documents and for the navigation of the repository as a whole. This means that your feedback, suggestions and help are most welcome. You can leave feedback and ideas for improvement as GitHub issues or via our Education Work Group mailing list.

The OpenChain Project is officially featured on Wikipedia in three languages:

1. English
2. French
3. German

Example of the text in English:

ISO/IEC 5230 (known as OpenChain) is an international standard on the key requirements for a high-quality open source license compliance program. The standard was published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in late 2020. The standard is based on the Linux Foundation OpenChain Specification 2.1. It focuses on software supply chains, easier procurement and license compliance. Organizations that meet the requirements of the standard can self-certify to ISO/IEC 17021, from an accredited certification body or after successfully completing an audit.

We would love your help in reviewing and improving this new resource to help spread understanding of our standard for open source license compliance, and expanding our presence over time to include the OpenChain Security Assurance Specification. You can do so through the normal Wikipedia editing process. Here is an example for the English page.

Huge thanks to Marc-Etienne Vargenau at Nokia for leading this process. He put a lot of effort into making this happen, and is due great credit for helping to improve the supply chain through easily available educational material.

Our latest monthly meeting for North America / Asia continues where we left off on the North America / Europe call earlier this month (see https://www.openchainproject.org/news/2023/02/10/monthly-meeting-2023-02-07-recording). The focus was work around the next generation of the Security Assurance Specification.

Watch Our Meeting

On this call we addressed the following issues with the Security Assurance Specification 2.0 Draft:

1. We prepared and refined definitions of remediation and mitigation:
   https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/22
2. We included “remediation” and “mitigation” in Section 3.1.5:
   https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/25
3. We included “mitigation” in Section 3.3.2:
   https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/26
4. We clarified the “Get Customer” requirement in Section 3.3.2 to make the logic clearer:
   https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/27
   

All of the issues appear “done” but naturally you can access, review and reopen on GitHub. We will also be speaking about these topics on the next call for North America / Europe on the 1st Tuesday of March. See our Global Calendar for the precise schedule:
https://www.openchainproject.org/participate

Review Our Slides

OpenChain Monthly Meeting 2023-02-21 (North America and Asia) from Shane Coughlan

Yes Security…

… aims to offer high quality, performance and reliable products, ensuring the protection, security and productivity of its customers. The provision of personalized services, in an agile and assertive way is one of our main focuses, acting in the identification and resolution of problems, guiding the IT professional on the functionalities of the tools, ensuring the full use of the resources offered by it. With a close relationship with manufacturers and distributors it is possible to offer affordable projects that suit the needs of each company.

Learn More

• https://yessecurity.com.br

The OpenChain Korea Work Group is holding its 17th meeting between 14:00 and 16:00 on the 28th of March 2023. This will be the first physical meeting of the work group since COVID hit in 2020. Learn more at the event link:
https://openchain-project.github.io/OpenChain-KWG/meeting/17th/

안녕하세요, OpenChain KWG 멤버 여러분! 장학성입니다.
새로운 한해를 뜻깊게 시작하고 계신가요?

2023년 1분기 모임을 코로나 이후 처음으로 다시 오프라인으로 모입니다. 두근두근!:
https://openchain-project.github.io/OpenChain-KWG/meeting/17th/

• 일시 : 2023년 3월 28일 (화), 오후 2시~4시
• 장소 : 라인플러스 (분당구 서현동)
  세부 장소는 추후 공지 드리겠습니다. (장소를 제공해주신 라인플러스 이서연님 감사합니다! ^^)

Panx Project is:

A digital consultancy and community solutions organization. Each year we launch projects aimed to address a social, technological, or economical issue. Working with and training job seekers, startups, NGOs and enterprises on developing their own framework to leverage the latest industry standards and cutting-edge technology. Some of these clients include: Mumm, Zoho and Monginis.

Learn More

• https://panx.io

We had a fantastic meeting focused on editing previously submitted scope suggestions from ISO/IEC WG/SC 27 (Information Technology Security). This time we went over issues submitted by reviewer CERT. In addition to this, we closed an open issue syncing the definition of Open Source between the licensing (ISO 5230) and security specifications.

Co-chairs Helio and Chris lead the discussion, and we had some great contributions from the audience. It is clear that there is significant interest in reviewing the draft 3rd generation licensing standard and 2nd generation security standard. You are reminded that everyone is invited to participate on the monthly calls and via our main or specification mailing lists.

Specifically..

We closed this open source definition issue:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/20

We set this action item based on a suggestion by CERT:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/22

We decided not to pursue this suggestion by CERT:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/23

We decided not to pursue this suggestion by CERT:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/24

Watch The Recording

Check Out Our Meeting Slides

OpenChain Monthly Meeting North America – Europe – 2023-02-07 from Shane Coughlan

Join Our Specification Mailing List

• https://lists.openchainproject.org/g/specification

See When Our Next Monthly Calls Take Place

• https://www.openchainproject.org/participate

The first face-to-face OpenChain Japan Work Group meeting in three years is being hosted by Hitachi Solutions and will feature our usual exceptional schedule of case studies and discussion. Big thank you to Ayumi and team for providing a great place to bring the community together. Virtual attendees are also being supported via Zoom.

OpenChain Japan Work Group【第26回全体会合】【第1回ハイブリッド会合】
　★2023年2月9日(木)15:00-17:00 JST
　★ハイブリッド形式（リアル会場＋オンライン参加）
　★リアル会場：日立大森ビル
　★オンライン会場：
　　　https://zoom.us/j/4377592799
　★東芝さんの事例紹介2件と日立ソリューションズさんのOSSツール紹介1件を企画しています。
アジェンダ:
15:00 – 15:01 　Opening
15:01 – 15:10 　Keynote by Shane Coughlan
15:10 – 15:20 　OpenChain Japan WGについて
15:20 – 15:30 　日立ソリューションズのOSSへの取り組み　渡邊　
15:30 – 15:45 　OSS紹介：「SPDX用拡張機能 on VSCode」明石（日立ソリューションズ）
15:45 – 15:55 　休憩
15:55 – 16:25 　事例紹介：「オープンソースコンプライアンスのためのプロセスマネジメント標準ISO/IEC 5230の適合に向けて」忍頂寺、樽家（東芝）
16:25 – 16:55 　事例紹介：「OSSライセンスコンプライアンスを遵守するためのOSS教育の整備と全社展開」小山（東芝）
16：55 Closing