Skip to main content
Category

News

OpenChain Project Meetings This Week (all times UTC)

By News

This week we have the following international meetings:

Tuesday 2nd April:

– OpenChain AI Study Group – Monthly Workshop for North America and Europe @ 14:00 UTC

– OpenChain Monthly North America / Europe Call @ 16:00 UTC

Wednesday 3rd April:

– OpenChain Automation Work Group Meeting (European Morning) @ 08:00 UTC

Thursday 4th April:

– OpenChain Telco Work Group Meeting (European Morning) @ 07:00 UTC

– OpenChain Telco Work Group Meeting (European Afternoon) @ 14:00 UTC

You can check out all our international meetings and get instructions on adding our calendar to your client here:

OpenChain Newsletter #64

By Monthly Newsletter, News
logo

​ Newsletter – Issue 64 – March 2024

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

Headline News

Outreach

Webinars

Meetings

Our community released the following meeting recordings via our main channel:

Note: Some community meetings are not recorded or released through other channels

Check Out All Our Previous Newsletters:

BlackBerry: Three-Way Case Study – The use of ISO/IEC 5230:2020 by a company providing mission-critical services to enterprise clients around the world

By Featured, News

BlackBerry, OSS Consultants and OpenChain

The OpenChain Project maintains two ISO/IEC standards designed to help optimize business process management around open-source software. One of the standards, ISO/IEC 5230:2020, focuses on how to establish and run a quality open-source license compliance program. Another of the standards, ISO/IEC 18974:2023, focuses on how to establish and run a quality open-source security assurance program. Taken together, these standards provide a reliable, efficient and effective way to manage the open-source supply chain.

This case study will highlight the use of ISO/IEC 5230:2020 by a company providing mission-critical services to enterprise clients around the world.

The Direction Taken

For BlackBerry’s particular use-case, OSS Consultants recommended a centralized solution that enabled a single process to serve the business. This allowed BlackBerry to utilize our expertise to further develop in-house OSPO capabilities, reduce their tooling spend, and provide better holistic coverage based on a single strategy that included a single set of standards and principles.

Key Lesson Learned

The ISO/IEC 5230 recertification process provided an excellent opportunity to assess lessons learned and consider these not only from the company perspective, but also with respect to larger supply chain optimization.

Review and Download the Case Study

OpenChain Korea Work Group Meeting #21 – 2024-03-26

By News

일정
  • 일정: 2024-03-26 (화) 오후2시~5시장소: 카카오 판교아지트 지하1층 세미나실
  • 아젠다TimeAgendaSpeakerSlide14:00~14:10Welcome & Intro장학성, SK텔레콤-14:10~14:20OpenChain Global UpdateShane Coughlan, Linux Foundationpptx14:20~14:30OpenChain KWG Update장학성, SK텔레콤pptx14:30~14:50Tooling Subgroup 활동 및 주요 사례- 오픈소스 통합관리 포털- The AboutCode stack- SW 공급망보안 XSCAN박원재, LG전자-14:50~15:10Legal Subgroup 활동 및 주요 사례- Stability AI 집단소송 – Motion to Dismiss- GPL-2.0: 라이선스 경계 문제와 컴플라이언스- SFC v. Vizio 소송 사례- 중국의 오픈소스 2차적저작물 소송 판결 결과- LF의 오픈소스 라이선스 컴플라이언스 리포트- GPL-violations.org는 어떤 사항들을 문제삼았나?- GPL의 발전: GPL-3.0, AGPL-3.0박정숙, ETRIpdf15:10~15:30BreakAll-15:30~17:00그룹 토의- 컴플라이언스 실무- 컴플라이언스 이슈/동향- AI와 오픈소스&저작권 이슈- 오픈소스 보안취약점- 오픈소스 관리 조직- 오픈소스 기여/공개- OpenChain KWG 커뮤니티사회 : 이서연, 라인플러스-Sponsor참석사
  • 국민은행금융결제원라인플러스삼성전자안랩카카오카카오뱅크티맵모빌리티한글과컴퓨터현대모비스현대오토에버현대자동차CJ올리브네트웍스CJ주식회사ETRIkt dsLG전자NAVERNHNSK주식회사SK텔레콤
  • Photo

    Learn More

    OpenChain Monthly North America – Asia Call – 2024-03-19 – Full Recording

    By News

    This call covered the following open issues in the draft for a potential update to the Security Specification:

    ●[Improvement] ZA/NM05 – Proposed rewording for 3.1.5
    https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/18

    ●[Improvement] Add triage entry to specific situations where vulnerability not appliable
    https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/29

    ●[New Material] What is a quality or complete SBOM for licensing or security use cases?
    https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/32

    Get the Slides

    OpenChain Workshop – Supply Chain Best Practices in China using ISO 5230 and ISO 18974 – Full Recording

    By Featured, News

    We held a special workshop in Shinagawa on March 18th focused on case studies about open source business process management in China. The main topic was how ISO 5230 and ISO 18974 are being used from upstream project to commercial ecosystem.

    We used an operating system ecosystem called openEuler as the basis for our case studies. openEuler is an emerging operating system ecosystem in China with 36.8% of the server operating system market, 17,000+ developers and 500+ projects. It is hosted by the OpenAtom Foundation, and a healthy ecosystem of companies creating products exists around it. OpenChain ISO 5230 and OpenChain ISO 18974 are at the center of how business processes are managed in openEuler.


    The Agenda



    The Morning Session:



    The Afternoon Session:



    Learn More About openEuler:


    Webinar: Universal CVSS Calculator

    By automation, News, security, Webinar

    This webinar discusses a Universal CVSS Calculator released by {metæffekt} GmbH. The open-source online tool is intended to support the assessment of vulnerabilities with their various CVSS scores from multiple authorities. It was created due to the lack of CVSS calculators which could ingest multiple vectors with different CVSS versions and compare the scores consistently.

    Read The Slides

    More About Our Webinars:

    This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

    Check Out The Rest Of Our Webinars

    This is OpenChain Webinar #69, released on 2024-03-22.

    OpenChain Project Meetings This Week (all times UTC)

    By News

    This week we have the following international meetings:

    Monday 18th March:

    – OpenChain Deep Dive – Case Study of Establishing and Maintaining Supply Chain Best Practices Across a Complete Operating System Ecosystem – openEuler @ 00:00 UTC

    – OpenChain Webinar: Universal CVSS Calculator @ 09:00 UTC

    Tuesday 19th March:

    – OpenChain Monthly North America / Asia Call @ 01:00 UTC

    Wednesday 20th March:

    – OpenChain Automation Work Group Meeting (European Afternoon) @ 16:00 UTC

    You can check out all our international meetings and get instructions on adding our calendar to your client here:

    OpenChain AI Study Group Call (Europe and Asia) – 2024-03-14 – Full Recording

    By News

    On the 6th of March the OpenChain AI Study Group held a special AI workshop instead of the regular AI call. It provided an opportunity to deep dive into the topic with experts from Qualcomm and Arm, and a chance to ask questions or share ideas. The call on the 14th of March was a chance to brief OpenChain AI Study Group participants on the outcomes, and to discuss next steps.

    Track This Work

    You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:

    Attend Future Meetings

    You can find and get the dial-in details for all future AI Study Group meetings from our participate page here: