Skip to main content
Category

News

OpenChain Deep Dive – Supply Chain Best Practices in China using ISO 5230 and ISO 18974

By Featured, News

We are holding a special workshop in Shinagawa on March 18th for Japanese companies using open source. This workshop will focus on case studies about open source business process management in China. The focus will be on ISO 5230 and ISO 18974 from upstream project to commercial ecosystem.

Date and Time:
March 18th 09:00 ~ 17:00 JST

Location:
Conference Room 3D
TKP Garden City Premium Shinagawa Takanawa-guchi
Google Map Link:
https://maps.app.goo.gl/9oKzEcv9iQz9pw749
(Full address details + route guide with photos below)


Why You Should Attend

We will use an operating system ecosystem called openEuler as the basis for our case studies. openEuler is an emerging operating system ecosystem in China with 36.8% of the server operating system market, 17,000+ developers and 500+ projects. It is hosted by the OpenAtom Foundation, and a healthy ecosystem of companies creating products exists around it. OpenChain ISO 5230 and OpenChain ISO 18974 are at the center of how business processes are managed in openEuler.


Our Agenda



Join Our Event






Learn More About openEuler




Event Venue Address:


TKP Garden City Premium Shinagawa Takanawa-guchi
Keikyu Daiichi Building, 4-10-18 Takanawa, Minato-ku, Tokyo
〒108-0074

TKPガーデンシティPREMIUM品川高輪口
〒108-0074
東京都港区高輪4-10-18 京急第一ビル 

Google Map Link:
https://maps.app.goo.gl/9oKzEcv9iQz9pw749

Route Guide From JR Shinagawa Station

You can also view this guide on the official website.


Event Area Floor Plan (Workshop Room: 3D, 3rd Floor)



Room Layout for 3D


Special OpenChain AI Workshop – 2024-03-06

By Featured, News

This week we have a special AI workshop instead of the regular AI call. It will provide an opportunity to deep dive into the topic with experts from Qualcomm and Arm, and a chance to ask questions or share ideas. This event will fold in all the ideas shared thus far and seek a single coherent narrative. 

The workshop takes place at:

14:00-17:00 UTC, 2024-03-06

You can join here:

One tap mobile:

US: +12532158782,,93266805668#

Meeting ID: 93266805668
Meeting Passcode: 581201

Agenda:

Opening comments (Dave and Matthew)

AI Model supply chain issues (Brian)

  • Use cases in context of regulatory backdrop
  • Open vs. Proprietary
  • War stories
  • Roundtable

Dataset supply chain issues (Jeff)

  • Use cases and pragmatic practices
  • Open vs. Proprietary
  • War stories
  • Roundtable

Possible Solutions – how can OpenChain best provide value to the ecosystem (All)

Closing (Dave and Matthew)

OpenChain AI Study Group Call (Europe and Asia) 2024-02-29 – Full Recording

By News

Track This Work

You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:

Attend Future Meetings

You can find and get the dial-in details for all future AI Study Group meetings from our participate page here:

Circle Announces an OpenChain ISO/IEC 5230 Conformant Program

By Featured, News

Circle, a leading global financial technology firm and the issuer of USDC, the world’s largest, regulated U.S. dollar-backed stablecoin, has announced an OpenChain ISO/IEC 5230 conformant program. ISO/IEC 5230 is the international standard for open source license compliance, and provides a clear, globally recognized way to run a quality program to ensure effective, trustable supply chain management.

Circle enables businesses of all sizes to harness the power of digital currencies, public blockchains and open-source technologies for payments, commerce and financial applications worldwide. Circle’s payment stablecoins – USDC and EURC – and platforms are helping to build a new financial system that moves at internet speed, scale and cost.

 “Circle is at the forefront of bringing open internet software into the world of money,” said Trevor Baker, VP Technical Operations. “A digital dollar like USDC is a key technology that supports businesses, developers, and the future of payments. The OpenChain certification represents Circle’s commitment to maintaining the highest compliance standards for open source technology in the financial arena.” 

“The OpenChain certification journey was an incredible return on investment by streamlining our open source processes,” stated Jeff Tang, Circle’s Chief Intellectual Property Counsel. “Circle is excited to help raise the bar in blockchain development.” 

“Adopting ISO/IEC 5230 is fast becoming a litmus test for commitment to industry best practices around open source,” says Shane Coughlan, OpenChain General Manager. “I am delighted to see Circle take leadership in this area, and to provide a strong signal to the FinTech market regarding effective management of open technology. They join companies like KakaoBank in working with our standards, and I look forward to collaborating with the Circle team on next steps for the financial supply chain.”

About Circle Internet Financial, LLC

Circle is a global financial technology firm that enables businesses of all sizes to harness the power of digital currencies and public blockchains for payments, commerce and financial applications worldwide. Circle is the issuer of USDC and EURC – highly liquid, interoperable and trusted money protocols on the internet. Circle’s open and programmable platform and APIs make it easy for organizations to run their internet-scale business, whether it is making international payments, building globally-accessible Web3 apps or managing their internal treasury. Learn more at https://circle.com.

Education Work Group Meeting – 2024-02-27 – Full Recording

By News

During our Education Work Group call this week, we focused on the supplier education leaflet and some recent suggestions from Steve Kilbane to help improve the Revision 2 draft:

We had some great ideas from Steve in a pull request here:

They were broken out into issues and closed on the call:[Improvement] Supplier Leaflet: Steve – This seems very long, overall. I think there’s scope for something much shorter and punchier

[Improvement] Supplier Leaflet: Steve – Should there be a comment about the Biden White House Executive Order, the CRA, demands from regulated industries, etc? 

[Improvement] Supplier Leaflet: Steve – Potential Improvement under “Typical Open Source Licenses”

[Improvement] Supplier Leaflet: Steve – When we’re discussion the info that needs to be provided, should we just refer to NTIA minimum requirements?

[Improvement] Supplier Leaflet: Steve – Not sure whether the reciprocal licenses section should say that it means people can share the modifications, or gain access to the modifications. Or both. 

OpenChain Newsletter #63

By Monthly Newsletter, News
logo

​ Newsletter – Issue 63 – February 2024

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

Headline News

Outreach

  • No external events this month

Webinars

Meetings

Our community released the following meeting recordings via our main channel:

Note: Some community meetings are not recorded or are released through other channels

Check Out All Our Previous Newsletters:

BlackBerry Recertification of ISO/IEC 5230:2020 and ISO/IEC 18974:2023

By Featured, News

BlackBerry, an early adopter of ISO/IEC 5230:2020 and OpenChain Security Assurance Specification 1.1 (later ISO/IEC 18974:2023), has completed regular recertification for both standards. The recertification was completed in partnership with OSS Consultants, an official OpenChain Partner, and long-term collaborator in the open source governance space.

ISO/IEC 5230 and ISO/IEC 18974 have a regular recertification process to ensure that open source programs are up-to-date and match current organizational strategy and staffing. Recertification can be done through self-certification, independent assessment or third-party certification on a regular 18 month cycle. The OpenChain Project provides extensive certification support via its website: https://www.openchainproject.org/get-started

“BlackBerry has a long history of cataloging, tracking, and securing its open source components that are bundled as part of its software supply chain. OpenChain has helped us bring together these capabilities and license compliance to have a more holistic open source management process. Having standards like OpenChain is a powerful tool that assures our customers that we take the security and integrity of our software supply chain seriously. As the security community continues to push forward with initiatives like the Software Bill of Materials, companies will need to implement standards like OpenChain to meet the demands of the growing list of customers who prioritize security.”- Christine Gadsby, VP of Product Security at BlackBerry.

“The use of standards like ISO/IEC 5230 and ISO/IEC 18974 provide a strong foundation for companies to manage their open source supply chain. The recertification process is a key part in ensuring processes are current and match products, services and strategy. BlackBerry, as a leader in the field of providing enterprise solutions, is also a leader in software governance and management. Their recertification to our standards for open source license compliance and open source security assurance underlines their stance at the forefront of sustainable, reliable software asset management.” – Shane Coughlan, OpenChain General Manager.

“OSS Consultants is pleased to have partnered with BlackBerry to attain the first whole-entity ISO/IEC 5230 conformance in North America in 2022, the first whole-entity ISO/IEC 18974 conformance in early 2023, and again now to perform the recertification of both standards. This recertification for BlackBerry demonstrates their unwavering dedication to the security and integrity of their software supply chain.” – Russ Eling, Founder & CEO at OSS Consultants

About the OpenChain Project

The OpenChain Project has been building Trust in the Supply Chain Since 2016. Our vision is a supply chain where open source is delivered with trusted and consistent process management information. Our mission is to make that happen. The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. Learn more at https://www.openchainproject.org/

About BlackBerry

BlackBerry (NYSE: BB; TSX: BB) provides intelligent security software and services to enterprises and governments around the world. The company’s software powers over 235M vehicles. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy, and is a leader in the areas of endpoint security management, encryption, and embedded systems. BlackBerry’s vision is clear – to secure a connected future you can trust.

BlackBerry. Intelligent Security. Everywhere. 

For more information, visit BlackBerry.com and follow @BlackBerry.

About OSS Consultants

OSS Consultants is a business dedicated to helping organizations of all sizes – from the world’s largest and well-known companies to small businesses and start-ups – design, implement, and manage the most efficient, comprehensive and robust open-source program offices and policies on the planet. Service offerings range from a scan and audit of your third-party and proprietary software to creating a full OSPO within your organization. Find more information at www.ossconsultants.com and follow @OSSConsultants.

Webinar: FOSS License Management – meta-osselot for OSSelot-Data in OpenEmbedded

By automation, licensing, News, Webinar

Jasper Orschulko presented the concept of the meta-osselot project ( https://github.com/iris-GmbH/meta-osselot ) and how the curated data in OSSelot may be leveraged in OpenEmbedded environments.

This webinar is part of a new series provided by the OpenChain Automation Workgroup to provide insights in good practices for community based IP audits. The good practices shall be used to align on a community wide standard for metadata curation as base for sharing FOSS License Management Data.

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #71, released on 2024-02-26.

Webinar: SPDX 3.1 – Services Profile Overview

By community, legal, licensing, News, security, standards, Webinar

Gary O’Neall of Source Auditor talked about how the new SPDX Services Profile proposal structures information. This profile is likely to have an important on business process management, as it covers topics far beyond open source compliance, with one example being fields for topics like Export Control. Gary’s deep background as a core contributor to the SPDX Project allowed him to contextualize this discussion from a historical perspective.