Please find the recording from our recent meeting here:
We covered a few different topics, but the key item was the explore how we could work together with SPDX as they look at adding Export Control fields into SPDX 3.1.
Thank you to everyone who attended the meeting. We had some great feedback. Check out the recording here:
Most Important Outcome
We adjusted the review / renewal period for the Security and Licensing specifications from 18 months to 12 months to align with ISO 17021 for certification of management systems. You can see the details as follows:
Security Specification (potential future ISO 18974 update):
Licensing Specification (potential future ISO 5230 update):
Next Monthly North America / Europe Call Focus Items
Maturity Model consideration for ISO 18974:
+ GM Addition
Scope – for next iteration of ISO 5230:
Review The Past
You can download the slides from this meeting and all previous meetings since we started the specification update cycle here:
Please note: this post initially contained some material related to editing the specification editing that occurred on the North America / Asia call. You can find that material on the North America / Asia call for January 2024 blog post.
We kicked off the year with a call to review the 2023 Annual Report and the 2024 “Where We Go Next” statement. This was also an opportunity to discuss the outcomes of the Steering Committee meeting in December 2023.
Get The Slides For This Meeting (and all the others) On GitHub:
The OpenChain Project was featured in the FinTech Sub-Forum of the Shanghai Open Source Summit 2023. Shane Coughlan, OpenChain General Manager, delivered a recorded speech to the audience. We would like to thank the event organizers for giving us this opportunity.
The Shanghai Computer Software Technology Development Center was approved by the former National Science and Technology Commission in 1984 and is a public institution directly under the Shanghai Academy of Sciences. Shanghai Computer Software Technology Development Center has long been committed to software technology standard research and software application technology research. It has promoted industrial development through the application of technical services and achievements, and gradually formed the core concept of “service industry, development industry”, and made many pioneering contributions to China’s software industry.
Soft Security Science and Technology Co., Ltd. was registered in Chengdu High School District in May 2021. The company focuses on software quality and security control, with SCA analysis tool, source code static test analysis tool, fuzzy test tool, and is quickly building software supply chain security solutions combined with open source governance solutions, security development solutions and software compliance solutions. It has offices in Chengdu, Beijing, Shanghai, Wuhan, and Shenzhen.
Learn more on their site:
Learn more about the Telco Work Group and their activities around topics like SBOM Quality on the dedicated mailing list:
Learn more about the Telco Work Group and their activities around topics like SBOM Quality on the dedicated mailing list:
In December 2023 interested parties held the first planning call for an OpenChain AI Study Group focused around the topic of AI Compliance matters. The outcome was a decision to formally start an AI Study Group in 2024.
That study group begins in January 2024 (this month) with a kick-off call scheduled for the 23rd of January at 16:00 GMT (UK Time). You will find this call listed in our Global Calendar. There is also a link to join the call below.
Join the call here:
The OpenChain Steering Committee is the key mechanism to formally decide on day-to-day matters related to OpenChain standardization. It recently held a meeting and has provided guidance for the OpenChain Specification Work Group and larger community.
Summary
In December 2023 the OpenChain Steering Committee reviewed the community work related to proposed updates to ISO/IEC 5230 and ISO/IEC 18974 and provided guidance that:
- The community-developed update proposals seem reasonable
- We will extend our Public Comment and Freeze Periods significantly to ensure the supply chain has time to consider the proposed changes
- The Public Comment period will change from 30 days to 6 months
- The Freeze Period will change from 14 days to 3 months
- This will be communicated in an update to FAQ and to our Specification Work Team.
- In principle, it is suggested that we target updates to our ISO standards once every five years
- This would suggest the update for ISO/IEC 5230 is likely to be ready for 2025
- ISO/IEC 18974 may be updated sooner due to a rapidly-moving market, but not at a speed that would hinder adoption of the existing and newly published version
Be Part Of Our Standardization Work
You can get started, track developments and contribute by subscribing to our Specification Work Group mailing list. We also edit the standards via our monthly North America / Europe and North America / Asia calls.
