On a recent InnerSource Commons Community Call there was some informal discussion about outbound processes, and the conversation briefly touched on the Open Source outbound process of SAP.
Here are the public references around SAP’s Outbound Open Source Process:
It is also worth noting that a member of the SAP team is active in TODO Group, so adjacent material like A Guide to Outbound Open Source Software may also be of interest.
On the related topic of compliance tooling, a team at SAP is working on the Open Component Model (https://ocm.software/docs/overview/context/), an open source standard for defining extendable machine-readable Software Component descriptors that could be used in compliance automation. This fits neatly into the type of topic covered by the OpenChain Automation Work Group.
Huge thanks to Guilherme Dellagustin for preparing and sharing these links.
This is from one of our board members, Helio at CARIAD, and is a worthy read on the topic. As per the abstract:
The current software compliance landscape relies strongly on de-facto SBOM standards as the correct relevant documents to attest to all the end needs. One consistent issue in the generation of these documents is the data gathering among multiple sources of information, as none of the tools provide everything, the so-called magic silver bullet.
As a solution, a central placement of unique data shared by all tooling would be ideal, but achieving this with multiple tools that do not communicate with each other is highly unlikely an easily solvable task.
The idea of abstracting the SST ( Single Source of Truth ) is to provide a stable contractual interface where the data connection between tooling and storage could be decoupled and used with the discretion of developers and companies’ choice, preventing polarization and hurdles on the platform engineering architecture.
The OpenChain Telco Work Group is completing their work on a reference Telco SBOM specification.
This specification outlines certain requirements related to how an entity creates, delivers, and consumes Software Bill of Materials (SBOM), so that entities that produce and/or consume SBOMs that conform to this specification can ensure repeatability and streamlining of tools and processes for generating and consuming SBOMs.
The OpenChain Germany Work Group will hold its next meeting just after the Bitkom Forum Open Source 2023 in Erfurt, Germany on the 28th of September 2023. As always, everyone is welcome to contribute and participate. PwC will be hosting once again (thank you Marcel and team!), and we will have a series of presentations and discussions relevant to open source delivery in complex supply chains. The event will be under Chatham House Rule to encourage open discussion.
The 28th meeting of the OpenChain Japan Work Group (3rd hybrid) covered a lot of topics. There were presentations and case studies, but also breakouts and plenty of open discussion. The event was under Chatham House Rule, so recordings are not available, but Shane Coughlan (OpenChain General Manager) has released his keynote slides for everyone to review. They include the first insights from our recent OpenChain Industry Survey.
The OpenChain Project will take center stage at Bitkom Forum Open Source 2023 in Erfurt on the 27th of September. Shane Coughlan, OpenChain General Manager, will deliver the closing keynote of the event to a diverse audience of German open source thought leaders.
The OpenChain Project and our standards for licensing compliance and security assurance were featured in a recent InnerSource Commons webinar. Huge thanks to the team for inviting us.
Our export control work group continues to explore pre-existing material and how it can be made easier to find, navigate and repurpose. The focus is on reviewing the new volunteer project being set up at https://github.com/crypto-law-survey to explore the continuation of Bert’s http://www.cryptolaw.org/ as a general community resource. Check out the recording to learn more.
Key Outcome
A key outcome of this meeting was to open a series of issues for the work group members to review:
LINE Corporation is pleased to announce that it has achieved OpenChain ISO/IEC 5230 self-certification, the international standard for open source license compliance. The OpenChain Project is one of the initiatives led by Linux Foundation, a leading non-profit organization focused on fostering innovation through open source and developing best practices and standards for open source software, hardware, standards, and data.
By attaining ISO/IEC 5230 self-certification, LINE has been globally recognized as having a highly trustworthy and systematic management system for utilizing open source. Thousands of LINE developers around the world, including in South Korea, Japan, Taiwan, Thailand, and Vietnam, utilize and develop open source systems based on international standards, and LINE’s open source team strictly complies with those core obligations in open source management.
LINE also has a history of releasing its internal technologies as open source software, including Armeria, the asynchronous framework that is a core technology of the LINE messenger. In addition, LINE has been a Silver Sponsor of the Apache Software Foundation, an American nonprofit organization that supports open source, since 2022, and since 2021, LINE has hosted the LINE Open Source Sprint, an internal event where LINE developers can participate in open source projects over the course of a month. By doing activities like these, LINE not only supports the growth of individual developers, but also strives to create an open source culture that embraces collaboration with the global open source ecosystem.
“LINE has a long history of success pioneering cutting-edge technological trends in all sorts of fields, including messengers, AI, blockchain, and fintech,” said Snow Kwon, CTO of LINE Plus. “As part of this process, we strictly maintain the highest standards of open source compliance. This OpenChain certification is recognition of our longstanding capacity in this area, and a sign of our commitment to open source moving forward.”
About LINE Corporation
Based in Japan, LINE is dedicated to the mission of “Closing the Distance,” bringing together information, services and people. The LINE messaging app launched in June 2011 and since then has grown into a diverse, global ecosystem that includes AI technology, fintech and more. LINE joined the Z Holdings Group, one of the largest internet service groups in Japan, following the completion of a business integration in March 2021.
During our recent OpenChain Automotive Event we had some excellent talks. One that we decided to pull out of the main recording and release solo is ‘Complexities of Open Source in Automotive’ by Russ Eling. This type of high level overview is an excellent starting point for people in complex manufacturing industries that want to use our open source standards for licensing and security.
About Russ and OSS Consultants
OSS Consultants is an official OpenChain Partner with decades of experience. Russ at OSS Consultants has offered his time to speak with anyone that has questions about managing use of open source – even if it is as simple as how to get started on your open source journey. Simply send an email to info@ossconsultants.com to schedule a time.
