News

On 2024-05-15 at 09:00 CEST, an OpenChain Webinar will dig into open source tooling for open source compliance.

As per the authors: “Ensuring software license and security compliance can be difficult. Managing open source components – especially their licensing, provenance, and vulnerability risk – is a critical part of Software Composition Analysis (SCA), which is now a prerequisite for modern organizations to comply with mandated SBOMs and other regulations.

Expensive, proprietary SCA solutions rely on proprietary data that can be outdated or just wrong. To make using open source easier for everyone, we need FOSS tools and open data for FOSS SCA.

Philippe Ombredanne will explain how using 100% open source software and open data, the AboutCode stack offers a new approach for the practical management of open source software for licensing and vulnerability risks for organizations of all sizes. Philippe will share how modular open source projects like ScanCode, VulnerableCode, and DejaCode fit together to identify components and their license, provenance, and known vulnerabilities, and aggregate this and SBOM data across products, teams, and organizations to address security, legal, and regulatory requirements for software license and security compliance in an integrated solution.

Philippe will also discuss exciting updates on new open source projects for better software supply chain integrity and security like CRAVEX, which delivers modern open source tools for developers to manage, triage, rate, review, and determine exploitability of package vulnerabilities in a package-centric world.”

Join the meeting here up to ten minutes before it starts:

• https://zoom-lfx.platform.linuxfoundation.org/meeting/98861679725?password=680cb5c0-628b-422c-97c1-f4c9f2a66cf5

The OpenChain Telco Work Group held its regular monthly calls on the 2nd of May. You can review the full recordings below.

Everyone is welcome to be part of the Telco Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/telco

On the 1st of May we held our regular meeting of the OpenChain Education Work Group. As part of the outreach activities of the OpenChain Project, it focuses on help to make it easier to understand and adopt OpenChain ISO/IEC 5230:2020 for license compliance and OpenChain ISO/IEC 18974:2023 for security assurance. Discussion ranges from handouts to education leaflets to training slides to case studies and guides. Editing is normally done on GitHub. All are welcome.

Be Part Of Next Steps

Join the Education Work Group mailing list to participate in the calls and async editing:

• https://lists.openchainproject.org/g/education

This week we have the following international meetings:

Tuesday 7th May:

– OpenChain AI Study Group – Monthly Workshop for North America and Europe @ 14:00 UTC
– OpenChain Monthly Call – North America / Europe @ 16:00 UTC

Wednesday 8th May:

– OpenChain Automation Work Group Meeting (European Morning) @ 08:00 UTC

Thursday 9th May:

– OpenChain AI Study Group Call – Asia Sync Call @ 08:00 UTC

You can check out all our international meetings and get instructions on adding our calendar to your client here:

• https://www.openchainproject.org/participate

Shane Coughlan, OpenChain General Manager, was invited to present an overview of the OpenChain Project and its ISO standards to the FINOS Open Source Readiness SIG. The full recording is below.

This week we have the following international meetings:

Wednesday 1st May:

– OpenChain @ FINOS Open Source Readiness SIG @ 14:00 UTC
– OpenChain Education Work Group – Monthly Meeting @ 16:00 UTC

Thursday 2nd May:

– OpenChain Telco Work Group Meeting (European Morning) @ 07:00 UTC
– OpenChain Telco Work Group Meeting (European Afternoon) @ 14:00 UTC

You can check out all our international meetings and get instructions on adding our calendar to your client here:

• https://www.openchainproject.org/participate