The OpenChain Project collaborated with LF Training on Introduction to Open Source License Compliance Management (LFC193), a free online training course intended to help people build the basic knowledge needed to get started in open source licensing management. Martin Yagi from the OpenChain UK Work Group has created a series of bite-sized videos to help summarise key points from the course. You can view them all below.
The OpenChain Project also has a more advanced course created in collaboration with LF Training called Implementing Open Source License Compliance Management (LFC194).
The OpenChain AI Study Group held its regular monthly workshop on the 2nd of July. This workshop included an overview of outcomes from the recent OpenChain Governing Board meeting regarding the AI Study Group, a presentation by Laurie Grant @ Qualcomm on ISO/IEC 42001, as well as other discussions to narrow down areas of shared concern and interest regarding AI compliance in the supply chain.
Track This Work
You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
We held our regular Monthly North America and Europe Call this week. The focus was on discussing the Public Comment period for our draft proposed updates to the licensing and security specifications.
Check Out The Recording
We keep all the slides from our monthly calls online and they can be a useful way to access direct links and more details:
OpenChain Project Announces Public Comment Period for Draft Updates to Compliance and Security Specifications
Starting 2024-06-19 ~ Ending 2024-12-19
The OpenChain Project has announced the beginning of its six month Public Comment Period for proposed draft updates to the open source license compliance (ISO/IEC 5230:2020) and open source security assurance (ISO/IEC 18974:2023) specifications.
During the Public Comment Period everyone is invited to review and comment on the specifications. As an open project developing open standards, we host the draft documents on our GitHub repositories.
You can comment on this process by joining our monthly calls or via our Specification Mailing list. You can also leave comments via GitHub issues as detailed below.
The OpenChain Steering Committee is made up of voting members from our Governing Board + the chair of the Specification Work Group.
The Steering Committee will be moving to a regular quarterly meeting schedule, and as part of that I will be publishing the video minutes to ensure visibility during our Public Comment Period of potential future drafts of ISO/IEC 5230 and ISO/IEC 18974.
This recording shows the first formal Steering Committee meeting since the Specification Work Group moved from community drafting into the formal Public Comment period. It is focused on considering the proposed changes and reviewing the process of public comments and future freeze period as per the FAQ:
The OpenChain Specification Work Group held its regular North America and Asia monthly call on the 18th of June. This call has a regular agenda of reviewing project news, working on our draft future specifications, looking at reference or education material, and opening the floor to other topics.
Watch The Recording
The following issues were closed during this call:
We closed all open issues and formally moved into a Public Comment period for both draft specifications as potential updates to ISO/IEC 5230:2020 and ISO/IEC 18974:2023. Learn more:
This webinar features a speaker who has “been there” as we discuss best practices before, during, and after the due diligence phase to ensure post-close success. We cover: (a) Why open source due diligence is key in tech transactions, (b) Lessons learned on how to perform open source due diligence, (c) How to leverage diligence findings in post-close integration.
Watch The Recording
Check Out The Slides
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
The OpenChain Korea Work Group meeting kindly hosted by CJ in Korea had a fantastic series of case studies presented by local community members. As usual, Shane Coughlan, OpenChina General Manager, gave a presentation on the overall state of our global community. You can find his keynote slides below.
The OpenChain AI Study Group holds a two hour webinar at the beginning of each month for participants in North America and Europe. Around one week later, there is a one hour sync call for North America and Asia. This is a great way to get a summary of activity, and a great way to start getting involved in our work to consider AI Compliance in the supply chain.
Watch the Recording
Track This Work
You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
The OpenChain Project has announced the beginning of its six month Public Comment Period for proposed draft updates to the open source license compliance (ISO/IEC 5230:2020) and open source security assurance (ISO/IEC 18974:2023) specifications.
During the Public Comment Period everyone is invited to review and comment on the specifications. As an open project developing open standards, we host the draft documents on our GitHub repositories.
You can comment on this process by joining our monthly calls or via our Specification Mailing list. You can also leave comments via GitHub issues as detailed below.
A brief outline of our current steps is that the project will:
Open a Public Comments Period nine months before our target completion date. This runs for 6 months and only accepts minor updates such as typos or grammar corrections that do not change the requirements of the content. We do not accept any material changes during this period. All other feedback and recommendations are queue for consideration during the next version release cycle.
Open a Freeze Period three months before our target completion date to allow a 3 month review of any changes made during the Public Comments Period.
If a consensus expresses concerns over any changes made during the Public Comments period we would
i) make changes to accommodate those concerns followed by
ii) an additional 14 day Public Comments period; followed by
iii) another 14 day Freeze period. Anyone with significant reservations on the final draft should state their position/concerns via the spec mailing list. The changes will be accepted once we achieve consensus for the final draft.
In the event we do not have consensus on the final version – we would repeat the following cycle until we have consensus:
i) accommodate changes to address majority concerns;
ii) 14 day Public Comments period; followed by
iii) a 14 day Freeze period cycle.
Send the completed draft specification to the OpenChain Steering Committee for formal review and a vote on whether to accept the community recommendations for an updated or new specification.
In principle, we target updates to our ISO standards once every five years
Please Note: the final decision on content and release of OpenChain Project specifications lies with the OpenChain Steering Committee.
The OpenChain Project collaborated with OpenForum Europe (OFE) on a three-part series of webinars covering European policy matters that impact open source, business processes and risk management. These webinars took place between May and June 2024, and are intended to provide a simple, clear and unbiased look at the impact recent European Union policy will have on companies in the open source supply chain.
Our Speaker is Ciarán O’Riordan, Senior Policy Advisor at OFE. His background is as a free software / open source software policy and communications expert.
The EU Cyber Resilience Act
More Details
“The proposal for a regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, bolsters cybersecurity rules to ensure more secure hardware and software products. Hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of €5.5 trillion by 2021.” https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act
The EU AI Act
More Details
“The AI Act is the first-ever legal framework on AI, which addresses the risks of AI and positions Europe to play a leading role globally. The AI Act aims to provide AI developers and deployers with clear requirements and obligations regarding specific uses of AI. At the same time, the regulation seeks to reduce administrative and financial burdens for business, in particular small and medium-sized enterprises (SMEs).” https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
The EU Product Liability Directive
More Details
“European Union reached provisional (political) agreement on the text for the proposed revision of the EU’s Product Liability Directive 85/374/EEC (PLD). The PLD establishes a strict liability (i.e., no fault) regime to enable claimants to seek compensation for defective products across the EU, meaning claimants do not need to establish fault to claim successfully. As a result, it is the preferred way of making product liability claims in the EU. The revision is a significant development, as the PLD dates back to 1985 and has been virtually unchanged for nearly 40 years – with only very minor amendments in 1999.” https://products.cooley.com/2023/12/21/new-product-liability-laws-one-step-closer-in-europe/
About OpenForum Europe (OFE), Our Partners in this Series
OFE is a not-for-profit, Brussels-based independent think tank which explains the merits of openness in computing to policy makers and communities across Europe. Originally launched in 2002 to accelerate and broaden the use of Open Source Software (OSS) among businesses, consumers and governments, OFE’s focus has since evolved to also cover issues related to Open standards, Cybersecurity, Digital Government, Public Procurement, Intellectual Property, Cloud Computing and Internet Policy. https://openforumeurope.org/
More About Our Webinar Series
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
