The Linux Foundation Projects
Skip to main content
Category

News

OpenChain Newsletter #71

By Monthly Newsletter, News
logo

​ Newsletter – Issue 71 – October 2024

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

Headline News

    Outreach

    Webinars

    Our community released the following meeting recordings via our main channel:

    Note: Some community meetings are not recorded or are released through other channels

    Check Out All Our Previous Newsletters:

    OpenChain Education Work Group – Monthly Meeting – 2024-11-06 – Full Recording

    By News

    In This Call…

    After a great trip to Tokyo (for the Open Compliance Summit) and Beijing, there was a lot to report on the Capability Model, and Martin Yagi has (as ever) done a great job on the explainers. See https://github.com/OpenChain-Project/Reference-Material/tree/myagi2019-explainer-drafts1/Education-For-Internal-Teams for his work on these. We are also proposing an explainer for the Capability Model.

    It is proposed to have a short work-stream involving co-ordinating the various case studies which the OpenChain Project has collated over time. We had some great examples at the Open Compliance summit and it would be fantastic to be able to incorporate these into the portfolio, and to make the portfolio as a whole more accessible and better structured.

    Be part of this:

    You can get involved with the OpenChain Education Work Group through their dedicated mailing list. At this link, you will also find connections to other working groups around the world:

    HARMAN International Announces An OpenChain ISO/IEC 5230 Conformant Program

    By Featured, News
    This image has an empty alt attribute; its file name is Harman_International_logo.svg-1.png

    “It is a pleasure to list HARMAN International in our community of conformance,” says Shane Coughlan, OpenChain General Manager. “Their alignment with ISO/IEC 5230, the international standard for open source license compliance, underscores their commitment to excellence in the use and deployment of open source software. We deeply appreciate their work, and listing them in the OpenChain Community of Conformance.”

    About HARMAN

    HARMAN (harman.com) designs and engineers connected products and solutions for automakers, consumers, and enterprises worldwide, including connected car systems, audio and visual products, enterprise automation solutions; and services supporting the Internet of Things. With leading brands including AKG®, Harman Kardon®, Infinity®, JBL®, Lexicon®, Mark Levinson® and Revel®, HARMAN is admired by audiophiles, musicians and the entertainment venues where they perform around the world. More than 50 million automobiles on the road today are equipped with HARMAN audio and connected car systems. Our software services power billions of mobile devices and systems that are connected, integrated and secure across all platforms, from work and home to car and mobile. HARMAN has a workforce of approximately 30,000 people across the Americas, Europe, and Asia. In March 2017, HARMAN became a wholly-owned subsidiary of Samsung Electronics Co., Ltd.

    About the OpenChain Project

    The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

    About The Linux Foundation

    The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

    OpenChain Project – Main Monthly North America and Europe Call – 2024-11-05 – Full Recording

    By News

    We held our regular Monthly North America and Europe Call on the 5th of November. The focus was on discussing the Public Comment period for our draft proposed updates to the licensing and security specifications, and closing any open comments / issues around the draft documents.

    We keep all the slides from our monthly calls online and they can be a useful way to access direct links and more details:

    Join Our Work

    Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
    https://lists.openchainproject.org/g/specification/

    You can find and be part of all OpenChain calls through our participation page here:
    https://openchainproject.org/participate

    OpenChain AI Study Group – Monthly Workshop for North America and Europe – 2024-11-05 – Recording

    By News

    The OpenChain AI Study Group held its regular workshop on the 5th of November. This meeting focused on discussion around the draft scratchpad for management of AI BOMs, and the conversion of this study group into a formal working group.

    Watch the Recording

    Track This Work

    You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:

    Attend Future Meetings

    You can find and get the dial-in details for all future AI Study Group meetings from our participate page here:

    Compliance and Integrity in the Software Supply Chain with Software Heritage: A Call to Action – Open Compliance Summit 2024

    By News

    During the Open Compliance Summit 2024 in Tokyo on the 31st of October, Roberto Di Cosmo (Founder & Director, Software Heritage; Chair of the Software Chapter of the French National Committee for Open Science), presented on the topic of ‘Compliance and Integrity in the Software Supply Chain with Software Heritage: A Call to Action.’

    This presentation explored how Software Heritage’s initiatives, including the SWHID (Software Hash Identifier) and the upcoming “Code Commons” project, are poised to enhance compliance across the software supply chain. By integrating with SPDX and contributing to global standards, Software Heritage not only guarantees the availability and integrity of software source code, but also drives forward the business management of open source.

    His presentation can be found below:

    About Software Heritage

    Software Heritage, launched by Inria in 2016 in partnership with UNESCO, is a global non profit long term initiative to collect, preserve and make easily accessible all publicly available source code. As the reference infrastructure for archiving and referencing, it offers unparalleled potential to address these challenges.

    Fujitsu’s OSS Standards Conformance and AI Management System Standardization Participation – Open Compliance Summit 2024

    By News

    During the Open Compliance Summit 2024 in Tokyo on the 30th of October, Tadayuki Osaki (Standards and OSS community Manager, Legal & Intellectual Property Unit) and Yuchang Cheng (Senior Research Manager, Artificial Intelligence Laboratory), presented on the topic of Fujitsu’s OSS Standards Conformance and AI Management System Standardization Participation.

    Their presentation can be found below:

    About Fujitsu

    Fujitsu’s purpose is to make the world more sustainable by building trust in society through innovation. As the digital transformation partner of choice for customers in over 100 countries, our 124,000 employees work to resolve some of the greatest challenges facing humanity. Our range of services and solutions draw on five key technologies: Computing, Networks, AI, Data & Security, and Converging Technologies, which we bring together to deliver sustainability transformation. Fujitsu Limited (TSE:6702) reported consolidated revenues of 3.7 trillion yen (US$26 billion) for the fiscal year ended March 31, 2024 and remains the top digital services company in Japan by market share. Find out more: www.fujitsu.com.

    Fujitsu Announces An OpenChain ISO/IEC 18974 Conformant Program

    By Featured, News

    Fujitsu, an OpenChain Platinum Member since 2019, and the first organization to publicly attain four OpenChain ISO/IEC 5230 or equivalent conformant programs, has announced an ISO/IEC 18974 conformant program. Adoption of ISO/IEC 18974, the international standard for open source security assurance, underlines their commitment to leadership in open source governance and management.

    “Fujitsu has been a key long-term contributor to the OpenChain Project,” says Shane Coughlan, OpenChain General Manager. “Their adoption of ISO/IEC 18974 is an important milestone in the market adoption of the international standard for open source security assurance, and will have a positive impact across the open source supply chain in Asia and globally.”

    About Fujitsu

    Fujitsu’s purpose is to make the world more sustainable by building trust in society through innovation. As the digital transformation partner of choice for customers in over 100 countries, our 124,000 employees work to resolve some of the greatest challenges facing humanity. Our range of services and solutions draw on five key technologies: Computing, Networks, AI, Data & Security, and Converging Technologies, which we bring together to deliver sustainability transformation. Fujitsu Limited (TSE:6702) reported consolidated revenues of 3.7 trillion yen (US$26 billion) for the fiscal year ended March 31, 2024 and remains the top digital services company in Japan by market share. Find out more: www.fujitsu.com.

    About the OpenChain Project

    The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

    About The Linux Foundation

    The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

    Webinar: SBOM Visualization – An Alternative Approach to Reviewing SBOMs

    By automation, legal, licensing, News, Webinar

    When we think about Software Build of Materials, we are looking at what might be a multi-dimensional space consisting of hierarchy, linking, modification, export restrictions, security vulnerabilities, distribution type, versions, etc. Care must be taken when setting up the SBOMs to both list the components used and to show how they are incorporated into your products. This webinar discusses how a visualization of such meta-information was implemented to display the relationships and potential risks in a quick and in easy-to-understand way. It was part of a research project funded by the Federal Ministry for Economic Affairs and Climate Protection (BMWi) and with the Bonn-Rhein-Sieg University of Applied Sciences and Bitsea.

    Watch The Recording

    About Our Speaker

    Dr. Andreas Kotulla is the Founder & CEO of Bitsea GmbH. He is specialized in auditing software systems and identifying hidden risks for companies. We support the technical due diligence and advise operators of critical infrastructure (KRITIS). He advises customers on Open-Source-Strategy, Open-Source-Governance, Open-Source-Processes, toolchains and offers an Open-Source-Program-Office (OSPO) and scanning as a managed service.

    More About Our Webinars:

    This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

    Check Out The Rest Of Our Webinars

    This OpenChain Webinar was broadcast on 2024-10-23.