News

The OpenChain Project is launching a Legal Work Group with a focus on a regular industry request: model provisions for agreements.

• Companies have asked for templates with simple language to support the use of ISO/IEC 5230 or ISO/IEC DIS 18974 in procurement agreements or contracts.
• The model provisions would explore options for requesting or explaining ISO/IEC 5230 or ISO/IEC DIS 18974.

This work group will provide a forum to do that with a particular focus on choice, translation and global applicability.

Please note: This is about creating reference material provided under CC0 licensing as part of our extensive reference library. Model provisions or clauses will not be included in future versions of the ISO/IEC standards. This is to ensure freedom of choice for companies in different markets and different geographies.

Join The Work Group (all welcome)

• https://lists.openchainproject.org/g/legal-wg

The OpenChain Germany Work Group held its latest meeting virtually with a packed schedule and a very active discussion from members. Our hosts this time were PwC, who kindly lent us their WebEx platform and arranged all the administration of the event.

Due to an exceptionally active open discussion our slide presentations were compressed, with Shane (OpenChain) and Alexios (Intel) focusing on overviews of standardization around process management and SBOMs in the market respectively. Philippe (NexB) delivered a full slide deck and you will find it shared below.

Our Recording

Our Slides

The OpenChain Korea Work Group had an excellent meeting on the 28th of March 2023. This was the 17th meeting in total for the group, and the first face-to-face meeting since COVID caused a global shutdown in 2020. The meeting had a packed schedule of global overviews, local tooling, AI legal matters and more. We were kindly hosted by the LINE team at their offices in Seoul. Special thanks to Seo Yeon Lee from LINE for her coordination and to Haksung Jang from SK Telecom for his leadership of the group.

Our Korean community is notable for its excellent spirit and humor. We had great networking, plenty of jokes, and a chance to meet and greet new members. Attendees were left with a strong impression of positive things to come in 2023.

Our next Korea Work Group meeting will be hosted by Kakao. If you are interested in attending or more generally in collaborating with us, please check out the local community website and mailing list:

• https://openchain-project.github.io/OpenChain-KWG/en/

Suzhou Prism Colorful Information Technology Co., Ltd. is the latest company to complete self-certification to OpenChain ISO/IEC 5230, the International Standard for open source software license compliance.

From our UK Work Group Chair, Andrew Katz:

First of all, a big thank-you to Tom Sadler and David Buckhurst [at the BBC] for hosting the meeting yesterday. I’m sorry not to be able to make the meeting personally and I remain envious! And thank you also to all those who took the time to attend, both virtually and in person. Thank you also to Shane for a great update on everything going on in the world of OpenChain, and to Martin Yagi for the great work he’s done on the bite-sized training project. Also, thanks to Steve Kilbane for his questions and thoughts on the end-to-end compliance issue, and also to Sami for his input and agreeing to hold the fort. I hope that, for those who travelled, that you had safe and uneventful journeys home. 

I will be circulating a note shortly summarising the outcomes from the meeting, and suggesting some dates for the next meeting, which will also be a hybrid in-person/virtual event, probably at the end of May or the beginning of June. 

This post will be updated with Andrew’s notes as they become available.

During our presentation and open discussion with the LG Electronics team, we also had a chance to tour the offices and see recent awards for things like the release and growth of the FOSSLight Project.

The OpenChain Project was at LG Electronics on the 27th of March to discuss the current market and developments around trust in the supply chain.

There was a special meeting and presentation hosted at SK Telecom to SK Group companies on 2023-03-27. Haksung Jang of SK Telecom, and the leader of the Korea Work Group, kindly wrote a summary of the event. Find some of the introduction and conclusion below, with a link to the full article as well.

Take it away Haksung!

기업이 개발하는 제품 소프트웨어의 93% 이상이 오픈소스를 사용한다고 할 정도로 현대 소프트웨어 개발에 오픈소스를 사용하는 건 거의 필수적입니다. 

그런데, 사용하는 오픈소스의 53%는 라이선스 컴플라이언스 이슈가 있고, 81%는 보안 취약점을 갖고 있다는 보고가 있습니다. 

복잡한 현대 소프트웨어의 개발환경과 방대한 Software Supply Chain을 고려한다면, 

기업이 오픈소스로 제품을 개발하면서 라이선스 컴플라이언스와 보안 취약점 리스크 최소화를 위한 오픈소스 관리 노력이 필요한데요, 

Linux Foundation의 OpenChain Project는 이러한 노력을 커뮤니티 차원에서 여러 기업이 공유와 협업으로 함께 하기 위한 Project입니다.

2023년 3월 27일, OpenChain Project의 General Manager인 Shane Coughlan이 SK텔레콤을 방문하여 OpenChain Project의 주요 활동, 

오픈소스 관련 국제 표준 및 글로벌 동향에 관해 설명하는 시간을 가졌습니다.

이 자리에는 SK텔레콤 OSRB와 SK그룹 오픈소스 협의체 멤버(SK플래닛, SK쉴더스, SK(주), Supex추구협의회 등)가 참여하여 다양한 의견을 나누었는데요,

이날 Shane은 OpenChain Project에 대해 소개하고, 어떻게 글로벌 협력을 통해 Software Supply Chain에서의 오픈소스 관리 이슈를 공동으로 해결해 가는지 설명하였습니다. 

이 글에서는 주요 내용을 소개하려고 합니다.

글을 마치며

OpenChain Project는 기업의 오픈소스 관리 영역도 오픈소스의 공유와 협업 방식을 적용하여 모두 함께 적은 비용과 리소스로 높은 수준의 리스크 관리 practice를 달성하기 위한 커뮤니티입니다. 

이러한 취지에 공감하는 기업들이 모여 있는 곳이 OpenChain Korea Work Group입니다. 

OpenChain Korea Work Group에는 100명에 가까운 기업의 오픈소스 담당자들이 메일링리스트에 가입하여 활동하고 있습니다. 

마침 코로나 이후 3년만에 오프라인 모임이 3월 28일에 있었습니다. 다음 글에서 이에 대해 자세히 다루겠습니다.

Shane과의 미팅 세션 이후에는 SK텔레콤 Tech HR팀의 후원으로 맛있는 점심을 즐겼습니다. (상기님 감사합니다~ ^^ )