The OpenChain Project held its monthly North America – Asia Call on 2024-05-21. This call is focused on providing an overview of project news, acting as the main space for our Specification Work Group to develop new drafts of our standards, and to allow a recap of important activities from the Education Work Group.
The Security Assurance issue was closed but reopened, and therefore is pending finalization on the next call for the draft Security Assurance 2.0 specification.
On the 28th of May 2024, 07:00 UTC / 09:00 CEST there will be a special briefing from OpenForum Europe (OFE) on the EU AI Act. It is part of a series provided by OFE on European policy matters that impact open source, business processes and risk management.
“The AI Act is the first-ever legal framework on AI, which addresses the risks of AI and positions Europe to play a leading role globally. The AI Act aims to provide AI developers and deployers with clear requirements and obligations regarding specific uses of AI. At the same time, the regulation seeks to reduce administrative and financial burdens for business, in particular small and medium-sized enterprises (SMEs).” https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
Our Speaker is Ciarán O’Riordan, Senior Policy Advisor at OpenForum Europe. His background is as a free software / open source software policy and communications expert.
OFE is a not-for-profit, Brussels-based independent think tank which explains the merits of openness in computing to policy makers and communities across Europe. Originally launched in 2002 to accelerate and broaden the use of Open Source Software (OSS) among businesses, consumers and governments, OFE’s focus has since evolved to also cover issues related to Open standards, Cybersecurity, Digital Government, Public Procurement, Intellectual Property, Cloud Computing and Internet Policy. https://openforumeurope.org/
On the 31st of May there will be a workshop at the Hilton Shenzhen Shekou Nanhai (蛇口希尔顿南海酒店) in Shenzhen by Huawei, SecTrend and OpenChain Project on the topic of supply chain security and compliance. The core of the workshop will be discussing these questions in the context of OpenChain ISO/IEC 5230 and OpenChain ISO/IEC 18974. This event will be held in Chinese, with an opening keynote and a closing panel in English. Special thanks are due to the open source team at Huawei for helping to organize and host this event.
议题安排
9:00-9:30 签到
9:30-9:45 特邀嘉宾致辞
9:45-10:10 OpenChain-Shane Coughlan 2024 年 ISO 5230(许可)和 ISO 18974(安全)对专业人士的影响
10:10-10:35 麒麟软件-邢鹏 由案例见证我国GPL司法裁判尺度的演变
10:35-10:50 休息
10:50-11:15 广东良马律所-邹良城 从0到1,企业如何进行开源合规
11:15-11:40 openEuler、OpenHarmony-高琨、高亮 开源社区如何遵从ISO 5230(许可)和 ISO 18974(安全)
This OpenChain Webinar digs into open source tooling with open data for open source compliance.
Full Overview From The Presenters
Ensuring software license and security compliance can be difficult. Managing open source components – especially their licensing, provenance, and vulnerability risk – is a critical part of Software Composition Analysis (SCA), which is now a prerequisite for modern organizations to comply with mandated SBOMs and other regulations.
Expensive, proprietary SCA solutions rely on proprietary data that can be outdated or just wrong. To make using open source easier for everyone, we need FOSS tools and open data for FOSS SCA. Philippe Ombredanne will explain how using 100% open source software and open data, the AboutCode stack offers a new approach for the practical management of open source software for licensing and vulnerability risks for organizations of all sizes.
Philippe will share how modular open source projects like ScanCode, VulnerableCode, and DejaCode fit together to identify components and their license, provenance, and known vulnerabilities, and aggregate this and SBOM data across products, teams, and organizations to address security, legal, and regulatory requirements for software license and security compliance in an integrated solution.
Philippe will also discuss exciting updates on new open source projects for better software supply chain integrity and security like CRAVEX, which delivers modern open source tools for developers to manage, triage, rate, review, and determine exploitability of package vulnerabilities in a package-centric world.
Get The Slides
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
The OpenChain Project was represented at the AI Open Innovation Day 2024 in Tokyo by Shane Coughlan, OpenChain General Manager on 2024-05-15.
This event was hosted by the AI Alliance and The Linux Foundation. It was about the latest advances in AI in Japan and globally, and explore how open technologies and open communities are a key ingredient to the successful advancement of AI.
The AI Alliance is a new global partnership of leading organizations in AI that are supporting and accelerating open innovation, with a growing list of prominent members in Japan.
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. It hosts over 900 open source projects including dozens of AI and data projects.
This call focused on recapping the main AI Study Group workshop from the 7th of May. It covered a lot of ground, including new contributions from participants like Fujitsu, and an overview of the latest new about the OSI Open Source AI Definition from their Executive Director.
Track This Work
You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
The OpenChain Project was represented by Shane Coughlan, OpenChain General Manager, at the recent LF Japan Executive Briefing on 2024-05-14. You can find the slides presented below.
Socionext, a semiconductor and System on a Chip (SOC) company based in Japan, has completed recertification of OpenChain ISO/IEC 5230:2020 as per the 18 month cycle required by the specification. This recertification process helps to review processes and ensure they are current.
“The adoption of OpenChain standards is one important step in managing the supply chain,” says Shane Coughlan, OpenChain General Manager. “However, periodic recertification is another critical building block in creating trust. As companies evolve and markets change, the best companies adapt against clear, unambiguous measures like OpenChain ISO/IEC 5230:2020, the International Standard for open source license compliance.”
The OpenChain AI Study Group held its regular monthly workshop on the 7th of May. This workshop covered a lot of ground, including new contributions from participants like Fujitsu, and an overview of the latest new about the OSI Open Source AI Definition from their Executive Director.
Track This Work
You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
