News

About This Webinar

Caren Kresse from OSADL will talk about sharing and reusing publicly available FOSS compliance material, as provided by the OSSelot project (https://www.osselot.org/), which requires trust in the reliability of the data. Such trust can be fostered by ensuring high quality and consistency of the data through a standardized curation process and strict review of all contributions. This presentation will demonstrate the curation process for the OSSelot project, present the resulting material, and give an example of how a contribution is reviewed.

The webinar will take place on 2024-02-14 @ 09:00 CET.

You will be able to join the webinar at this link:

• https://zoom-lfx.platform.linuxfoundation.org/meeting/98964744305?password=7fc9f4cd-6c8d-4fe8-815c-cec3b68544c7

Check Out The Rest Of Our Webinars

• https://www.openchainproject.org/webinars

CEHLabs has announced an OpenChain ISO/IEC 5230 Conformant Program.

More About CEHLabs:

Governance Risk and Compliance (GRC) the three domains that reduce your business Information and Cyber Security Risk . The domains has different impact areas of the business, with a common goal of reducing quantifiable risk of the business falling victim to cyber security threat which if realised would impact you business into loss of trust with your customers or reputation damage. Here at CEHLabs our primary service is protecting your business from cyber threats by implementing ISO/IEC 5320:2020 of the OpenChain, NIST 800 53b revision 5, HM IS1 and IS2, Cyber Assurance Framework and Cloud First Cyber Essential Plus. In Compliance we are certified to assess under PCI-DSS and HIPPA.

• https://www.cehlab.com/

This meeting features a talk about maturity models and how recent developments apply to open source and especially standards like ISO/IEC 5230:2020. The maturity model discussion was presented by Andrew Katz and Stephen Pollard of Orcro and is a direct follow-up from the panel covering this topic at the Open Compliance Summit 2023. 

Get the slides:

• https://www.slideshare.net/slideshows/openchain-legal-work-group-20240117/266006703

Keep up-to-date with the Legal Work Group via their dedicated mailing list:

• https://lists.openchainproject.org/g/legal-wg/messages

Get the slides:

• https://www.slideshare.net/slideshows/openchain-ai-study-group-20240123pptx/266006633

Learn more about the activities of this study group via their dedicated mailing list:

• https://lists.openchainproject.org/g/ai/messages

Please find the recording from our recent meeting here:

We covered a few different topics, but the key item was the explore how we could work together with SPDX as they look at adding Export Control fields into SPDX 3.1.

Get the slides:

• https://www.slideshare.net/slideshows/openchain-export-control-work-group-20240109/266007123

We had a previous presentation from SPDX on this topic here:

• https://www.openchainproject.org/news/2023/11/10/openchain-export-control-work-group-2023-11-07

The currently proposed SPDX schema is here:

• https://github.com/umm0/business_profile/blob/main/export_control_schema.md

Their mailing list to discuss this topic is here:

• https://lists.spdx.org/g/spdx-operations

The OpenChain Project was featured in the FinTech Sub-Forum of the Shanghai Open Source Summit 2023. Shane Coughlan, OpenChain General Manager, delivered a recorded speech to the audience. We would like to thank the event organizers for giving us this opportunity.

The Shanghai Computer Software Technology Development Center was approved by the former National Science and Technology Commission in 1984 and is a public institution directly under the Shanghai Academy of Sciences. Shanghai Computer Software Technology Development Center has long been committed to software technology standard research and software application technology research. It has promoted industrial development through the application of technical services and achievements, and gradually formed the core concept of “service industry, development industry”, and made many pioneering contributions to China’s software industry.

Soft Security Science and Technology Co., Ltd. was registered in Chengdu High School District in May 2021. The company focuses on software quality and security control, with SCA analysis tool, source code static test analysis tool, fuzzy test tool, and is quickly building software supply chain security solutions combined with open source governance solutions, security development solutions and software compliance solutions. It has offices in Chengdu, Beijing, Shanghai, Wuhan, and Shenzhen.

Learn more on their site:

• https://www.softsafe-tech.com/about/company-info