The Telco Work Group is continuing to focus on matters related to SBOM Quality. Learn more about how their new guide on that topic – currently in final approval with the Steering Committee – is shaping up in these recordings.
Learn more about the Telco Work Group and their activities around topics like SBOM Quality on the dedicated mailing list:
On the 2nd of April the OpenChain AI Study Group continued its monthly AI workshop series to deep dive into the topic of AI compliance in the supply chain with experts from Qualcomm and Arm, and a chance for all parties who dial-in to ask questions or share ideas. On this call we narrowed down the focus area with a concluding decision to refine the discussion by taking the content of ISO 5230 and seeing what level of overlap there is with AI supply chain compliance. This is being done to potentially develop a proposal to the Governing Board to:
You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
Watch The Previous Meeting
The first Workshop to deep-dive into this topic and consolidate ideas was held on the 6th of March 2024:
You can find and get the dial-in details for all future AI Study Group meetings from our participate page here:
This week we have the following international meetings:
Tuesday 9th April:
– OpenChain Webinar: Eclipse Apoapsis – Introduction into the abstraction layer concept idea @ 07:00 UTC
Wednesday 10th April:
– OpenChain Webinar: LF Management & Best Practices Portal @ 00:00 UTC
– OpenChain Education Work Group – Monthly Meeting @ 16:00 UTC
Thursday 11th April:
– OpenChain AI Study Group Call – Asia Sync Call @ 08:00 UTC
You can check out all our international meetings and get instructions on adding our calendar to your client here:
emlix offers industrial-grade Linux for the digitalization and secure networking of devices, machines and plant throughout the entire product life cycle. For more than 20 years, they have been transferring system knowledge, innovations from the open source world and market knowledge into the products of more than 350 customers.
This week we have the following international meetings:
Tuesday 2nd April:
– OpenChain AI Study Group – Monthly Workshop for North America and Europe @ 14:00 UTC
– OpenChain Monthly North America / Europe Call @ 16:00 UTC
Wednesday 3rd April:
– OpenChain Automation Work Group Meeting (European Morning) @ 08:00 UTC
Thursday 4th April:
– OpenChain Telco Work Group Meeting (European Morning) @ 07:00 UTC
– OpenChain Telco Work Group Meeting (European Afternoon) @ 14:00 UTC
You can check out all our international meetings and get instructions on adding our calendar to your client here:
Newsletter – Issue 64 – March 2024
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.
Our community released the following meeting recordings via our main channel:
Note: Some community meetings are not recorded or released through other channels
The OpenChain Project maintains two ISO/IEC standards designed to help optimize business process management around open-source software. One of the standards, ISO/IEC 5230:2020, focuses on how to establish and run a quality open-source license compliance program. Another of the standards, ISO/IEC 18974:2023, focuses on how to establish and run a quality open-source security assurance program. Taken together, these standards provide a reliable, efficient and effective way to manage the open-source supply chain.
This case study will highlight the use of ISO/IEC 5230:2020 by a company providing mission-critical services to enterprise clients around the world.
For BlackBerry’s particular use-case, OSS Consultants recommended a centralized solution that enabled a single process to serve the business. This allowed BlackBerry to utilize our expertise to further develop in-house OSPO capabilities, reduce their tooling spend, and provide better holistic coverage based on a single strategy that included a single set of standards and principles.
The ISO/IEC 5230 recertification process provided an excellent opportunity to assess lessons learned and consider these not only from the company perspective, but also with respect to larger supply chain optimization.
참석사
●[Improvement] ZA/NM05 – Proposed rewording for 3.1.5
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/18
●[Improvement] Add triage entry to specific situations where vulnerability not appliable
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/29
●[New Material] What is a quality or complete SBOM for licensing or security use cases?
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/32
We held a special workshop in Shinagawa on March 18th focused on case studies about open source business process management in China. The main topic was how ISO 5230 and ISO 18974 are being used from upstream project to commercial ecosystem.
We used an operating system ecosystem called openEuler as the basis for our case studies. openEuler is an emerging operating system ecosystem in China with 36.8% of the server operating system market, 17,000+ developers and 500+ projects. It is hosted by the OpenAtom Foundation, and a healthy ecosystem of companies creating products exists around it. OpenChain ISO 5230 and OpenChain ISO 18974 are at the center of how business processes are managed in openEuler.
© 2024 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
