Skip to main content
Category

News

Circle Announces an OpenChain ISO/IEC 5230 Conformant Program

By Featured, News

Circle, a leading global financial technology firm and the issuer of USDC, the world’s largest, regulated U.S. dollar-backed stablecoin, has announced an OpenChain ISO/IEC 5230 conformant program. ISO/IEC 5230 is the international standard for open source license compliance, and provides a clear, globally recognized way to run a quality program to ensure effective, trustable supply chain management.

Circle enables businesses of all sizes to harness the power of digital currencies, public blockchains and open-source technologies for payments, commerce and financial applications worldwide. Circle’s payment stablecoins – USDC and EURC – and platforms are helping to build a new financial system that moves at internet speed, scale and cost.

 “Circle is at the forefront of bringing open internet software into the world of money,” said Trevor Baker, VP Technical Operations. “A digital dollar like USDC is a key technology that supports businesses, developers, and the future of payments. The OpenChain certification represents Circle’s commitment to maintaining the highest compliance standards for open source technology in the financial arena.” 

“The OpenChain certification journey was an incredible return on investment by streamlining our open source processes,” stated Jeff Tang, Circle’s Chief Intellectual Property Counsel. “Circle is excited to help raise the bar in blockchain development.” 

“Adopting ISO/IEC 5230 is fast becoming a litmus test for commitment to industry best practices around open source,” says Shane Coughlan, OpenChain General Manager. “I am delighted to see Circle take leadership in this area, and to provide a strong signal to the FinTech market regarding effective management of open technology. They join companies like KakaoBank in working with our standards, and I look forward to collaborating with the Circle team on next steps for the financial supply chain.”

About Circle Internet Financial, LLC

Circle is a global financial technology firm that enables businesses of all sizes to harness the power of digital currencies and public blockchains for payments, commerce and financial applications worldwide. Circle is the issuer of USDC and EURC – highly liquid, interoperable and trusted money protocols on the internet. Circle’s open and programmable platform and APIs make it easy for organizations to run their internet-scale business, whether it is making international payments, building globally-accessible Web3 apps or managing their internal treasury. Learn more at https://circle.com.

Education Work Group Meeting – 2024-02-27 – Full Recording

By News

During our Education Work Group call this week, we focused on the supplier education leaflet and some recent suggestions from Steve Kilbane to help improve the Revision 2 draft:

We had some great ideas from Steve in a pull request here:

They were broken out into issues and closed on the call:[Improvement] Supplier Leaflet: Steve – This seems very long, overall. I think there’s scope for something much shorter and punchier

[Improvement] Supplier Leaflet: Steve – Should there be a comment about the Biden White House Executive Order, the CRA, demands from regulated industries, etc? 

[Improvement] Supplier Leaflet: Steve – Potential Improvement under “Typical Open Source Licenses”

[Improvement] Supplier Leaflet: Steve – When we’re discussion the info that needs to be provided, should we just refer to NTIA minimum requirements?

[Improvement] Supplier Leaflet: Steve – Not sure whether the reciprocal licenses section should say that it means people can share the modifications, or gain access to the modifications. Or both. 

OpenChain Newsletter #63

By Monthly Newsletter, News
logo

​ Newsletter – Issue 63 – February 2024

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

Headline News

Outreach

  • No external events this month

Webinars

Meetings

Our community released the following meeting recordings via our main channel:

Note: Some community meetings are not recorded or are released through other channels

Check Out All Our Previous Newsletters:

BlackBerry Recertification of ISO/IEC 5230:2020 and ISO/IEC 18974:2023

By Featured, News

BlackBerry, an early adopter of ISO/IEC 5230:2020 and OpenChain Security Assurance Specification 1.1 (later ISO/IEC 18974:2023), has completed regular recertification for both standards. The recertification was completed in partnership with OSS Consultants, an official OpenChain Partner, and long-term collaborator in the open source governance space.

ISO/IEC 5230 and ISO/IEC 18974 have a regular recertification process to ensure that open source programs are up-to-date and match current organizational strategy and staffing. Recertification can be done through self-certification, independent assessment or third-party certification on a regular 18 month cycle. The OpenChain Project provides extensive certification support via its website: https://www.openchainproject.org/get-started

“BlackBerry has a long history of cataloging, tracking, and securing its open source components that are bundled as part of its software supply chain. OpenChain has helped us bring together these capabilities and license compliance to have a more holistic open source management process. Having standards like OpenChain is a powerful tool that assures our customers that we take the security and integrity of our software supply chain seriously. As the security community continues to push forward with initiatives like the Software Bill of Materials, companies will need to implement standards like OpenChain to meet the demands of the growing list of customers who prioritize security.”- Christine Gadsby, VP of Product Security at BlackBerry.

“The use of standards like ISO/IEC 5230 and ISO/IEC 18974 provide a strong foundation for companies to manage their open source supply chain. The recertification process is a key part in ensuring processes are current and match products, services and strategy. BlackBerry, as a leader in the field of providing enterprise solutions, is also a leader in software governance and management. Their recertification to our standards for open source license compliance and open source security assurance underlines their stance at the forefront of sustainable, reliable software asset management.” – Shane Coughlan, OpenChain General Manager.

“OSS Consultants is pleased to have partnered with BlackBerry to attain the first whole-entity ISO/IEC 5230 conformance in North America in 2022, the first whole-entity ISO/IEC 18974 conformance in early 2023, and again now to perform the recertification of both standards. This recertification for BlackBerry demonstrates their unwavering dedication to the security and integrity of their software supply chain.” – Russ Eling, Founder & CEO at OSS Consultants

About the OpenChain Project

The OpenChain Project has been building Trust in the Supply Chain Since 2016. Our vision is a supply chain where open source is delivered with trusted and consistent process management information. Our mission is to make that happen. The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. Learn more at https://www.openchainproject.org/

About BlackBerry

BlackBerry (NYSE: BB; TSX: BB) provides intelligent security software and services to enterprises and governments around the world. The company’s software powers over 235M vehicles. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy, and is a leader in the areas of endpoint security management, encryption, and embedded systems. BlackBerry’s vision is clear – to secure a connected future you can trust.

BlackBerry. Intelligent Security. Everywhere. 

For more information, visit BlackBerry.com and follow @BlackBerry.

About OSS Consultants

OSS Consultants is a business dedicated to helping organizations of all sizes – from the world’s largest and well-known companies to small businesses and start-ups – design, implement, and manage the most efficient, comprehensive and robust open-source program offices and policies on the planet. Service offerings range from a scan and audit of your third-party and proprietary software to creating a full OSPO within your organization. Find more information at www.ossconsultants.com and follow @OSSConsultants.

Webinar: FOSS License Management – meta-osselot for OSSelot-Data in OpenEmbedded

By automation, licensing, News, Webinar

Jasper Orschulko presented the concept of the meta-osselot project ( https://github.com/iris-GmbH/meta-osselot ) and how the curated data in OSSelot may be leveraged in OpenEmbedded environments.

This webinar is part of a new series provided by the OpenChain Automation Workgroup to provide insights in good practices for community based IP audits. The good practices shall be used to align on a community wide standard for metadata curation as base for sharing FOSS License Management Data.

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #71, released on 2024-02-26.

Webinar: SPDX 3.1 – Services Profile Overview

By community, legal, licensing, News, security, standards, Webinar

Gary O’Neall of Source Auditor talked about how the new SPDX Services Profile proposal structures information. This profile is likely to have an important on business process management, as it covers topics far beyond open source compliance, with one example being fields for topics like Export Control. Gary’s deep background as a core contributor to the SPDX Project allowed him to contextualize this discussion from a historical perspective.

Coming Soon: OpenChain Webinar #74 – FOSDEM Recap – 2024-02-26 @ 09:00 CET

By News

Philippe Ombredanne from nexB will lead an overview of the FOSDEM conference held in Brussels on the 3rd and 4th of February 2024. This builds on his webinar covering the same topic last year, and it will be an excellent way to understand the conversations, presentations and knowledge shared by attendees.

Join us on Monday, February 26th, 09:00 CET / 16:00 CST / 17:00 KST + JST:
https://zoom-lfx.platform.linuxfoundation.org/meeting/96974434553?password=0e08c5f9-01d7-4202-9fbe-dacd592b82c8

This event is listed in our global calendar:
https://www.openchainproject.org/participate

OpenChain Monthly North America and Asia Meeting – 2024-02-20 – Full Recording

By Featured, News

This meeting focused on closing two open issues around the Licensing Specification (ISO/IEC 5230) as we prepare a proposed update for the Steering Committee:

Check out the full recording below:

Want to join our calls?

Want to be part of the mailing list for specification development?

OpenChain AI Study Group – North America and Europe – 2024-02-20 – Recording

By Featured, News

The latest OpenChain AI Study Group meeting was hosted by our co-chair, Matthew Crawford of Arm. Check out the full recording and get the slides below.

Get the Slides:

Learn more about the activities of this study group via their dedicated mailing list: