OSPOCO and Taylor English are the latest participants in the OpenChain Project official partner program. OSPOCO provides on-demand, scalable open source program office support across community, technical and communication areas. Taylor English provides attorney oversight for all compliance matters and legal advice integrated with OSPOCO technical findings.
“We are delighted to work with OSPOCO on expanding the professional service ecosystem dedicated to OpenChain ISO/IEC 5230 and the OpenChain Security Assurance Specification,” says Shane Coughlan, OpenChain General Manager. “The increased awareness of predictable, sustainable open source process management in the supply chain is matched by an increased need for experienced providers. We look forward to investing time into ensuring growth in the North American market throughout 2023 matches the traction we have seen in Asia and Europe in 2022.”
“Following the OpenChain specifications is the best way for companies to understand and have control over their open source processes,” says Van Lindberg, CEO of OSPOCO and partner at Taylor English. “The OpenChain specifications are our blueprint for helping our clients mitigate supply chain risk and improve their open source ROI. We look forward to helping many more organizations achieve and maintain full compliance.”
Nathan will host an OpenChain Education Work Group meeting at 09:00 PST on the 9th of February with a focus on determining the key documents to present to people on the OpenChain Website, and the key documents we need to review and improve to help with onboarding and use of the standards.
The OpenChain Project has developed a set of overview slides to help you understand and explain our work across the supply chain. Please feel free to download and use these slides, and we also welcome suggestions for improvement.
Special event today: OSS Compliance in 2022 / 2023 – a Japanese and International Market Briefing in collaboration with FossID AB. We are looking forward to a full schedule with a strong focus on practical business intelligence.
After focusing on rolling news in 2022, the OpenChain Newsletter is back to provide a monthly summary of our work. You can expect an overview of what the OpenChain Project is doing to build trust around license compliance and security in the open source supply chain. You will also find other news directly related to our field. We accept suggestions and ideas. Just mail us at any time.
Cool Statistic To Start The Year
20% of German companies with over 2,000 employees have already implemented OpenChain ISO/IEC 5230:2020, the International Standard for open source license compliance. Source: Bitkom Open Source Monitor 2021
Google Announces ISO/IEC 5230:2020 Conformant Program
We ended Q4 2022 with some exciting news. Google, an OpenChain Governing Board member and early adopter of the first generation OpenChain standard for open source license compliance, announced formal adoption of ISO/IEC 5230, the International Standard for open source license compliance.
Meanwhile, Around Security…
We have submitted the OpenChain Security Assurance Specification to the ISO/IEC JTC-1 PAS Transposition Process. We expect it to graduate as an ISO/IEC standard around mid-2023.
Security Assurance Specification Gains Additional Support
At the end of December 2022 we saw some significant announcements regarding support for the OpenChain Security Assurance Specification:
This support continued to grow in January 2023 with an announcement from Bitsea about their new services for customers around adoption.
OpenChain Meetings, Webinars And Events
Our monthly meetings kicked off with next generation specification reviews for North America / Europe and North American / Asia. We are seeing some solid discussion around the open issues on both the license compliance and security specifications. It is recommended to take part in these meetings if you have ideas, suggestions or comments about where you want our standards to go next.
The global calendar is also a great way to keep track of our webinars. We started the year with a great one: OpenChain Webinar #47 covered OSSelot: The Open Source Curation Database. OSSelot is a new project incubated by OSADL in Germany and promises to be an important part of automation tooling support moving forward.
Our Training Material Continues To Support The Market
In 2021 and 2022 the OpenChain Education Work Group released online courses in collaboration with LF Training. During January we received some updates providing context for market impact.
It is also noteworthy that Continental Corporation made LFC193 a required course for their software developers from late Q3 2022. This is a concrete example of a company leveraging free resources provided by OpenChain Project and The Linux Foundation to support their open source governance processes.
This OpenChain Webinar features OSSelot, an open source curation database recently launched by OSADL in Germany. This project addresses one of the most requested features around open source automation for open source compliance: an open, public database supporting SBOM (via SPDX ISO/IEC 5962) for common software packages. This could be a game-changer.
BlackBerry Limited (NYSE: BB; TSX: BB) announces adoption of the OpenChain Security Assurance Specification 1.1, creating a series of landmarks in doing so. BlackBerry is the first whole entity to announce conformance, the first conformance in the Americas, the first multinational company conformance, and first entity to achieve conformance with both OpenChain/ISO5230:2020 and OpenChain Security Assurance 1.1 with an OpenChain Partner, OSS Consultants. This announcement builds on their previous adoption of OpenChain ISO/IEC 5230:2020, the international standard for open source license compliance. OpenChain Security Assurance Specification 1.1 is the sister standard to ISO/IEC 5230, and is also slated to become an ISO standard later in 2023.
OpenChain has a collaborative global community of companies working to build a more effective and efficient supply chain to create trust between entities around open source; working to increase trust in the open source supply chain. With thousands of people from hundreds of companies actively involved, it is a key part of the governance fabric behind open source technology. BlackBerry is the first company in North America to gain company-wide OpenChain Security Assurance conformance, and the first to collaborate with an official OpenChain Partner Company, OSS Consultants.
“BlackBerry has long been synonymous with excellence in process management, and their engagement with OpenChain standards underlines this,” says Shane Coughlan, OpenChain General Manager. “Their previous whole-entity adoption of ISO/IEC 5230, the international standard for open source license compliance, set an important market example. Their market-leadership is continued today with the world’s first whole entity adoption of the OpenChain Security Assurance Specification, the industry standard for open source security assurance. We look forward to working closely together in continuing to drive sustainable, efficient software supply chains.”
“BlackBerry has one of the deepest commitments in this industry to bringing increased peace of mind to enterprise and governmental organizations,” said Russ Eling, CEO OSS Consultants. “This added certification highlights BlackBerry’s position as a trusted supply chain vendor and serves as an example for others to follow. BlackBerry was able to meet the specification through its existing policies and processes due to its long history and commitments to responsible management of open source. BlackBerry has a team of experts who have developed their practices, tooling, and operational capability to manage the vulnerabilities that arise within open source libraries.”
About BlackBerry
BlackBerry (NYSE: BB; TSX: BB) provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including 215M vehicles. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy solutions, and is a leader in the areas of endpoint security, endpoint management, encryption, and embedded systems. BlackBerry’s vision is clear — to secure a connected future you can trust.
BlackBerry. Intelligent Security. Everywhere. For more information, visit BlackBerry.com and follow @BlackBerry.
Trademarks, including but not limited to BLACKBERRY, EMBLEM Design and QNX are the trademarks or registered trademarks of BlackBerry Limited, its subsidiaries and/or affiliates, used under license, and the exclusive rights to such trademarks are expressly reserved.
About OSS Consultants:
OSS Consultants is a business dedicated to helping organizations of all sizes – from the world’s largest and well-known companies to small businesses and start-ups – design, implement, and manage the most efficient, comprehensive and robust open-source program offices and policies on the planet. Service offerings range from a scan and audit of your third-party and proprietary software to creating a full OSPO within your organization. Find more information at www.ossconsultants.com.
About the OpenChain Project
The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.
About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.
Linux is a registered trademark of Linus Torvalds.
Our Zoom meetings are an excellent way to track and contribute to how we present OpenChain specifications and their supporting material to the world. This recording helps set context.
Remember: you can also join our education work group to contribute via email here:
Oskar and Jon will be visiting Japan with other people from the newly independent FOSSID to help provide a market overview. The meeting takes place on the 2nd of February between 10:00 and 14:00 in Shinagawa. Of course I will be there with an OpenChain talk.
This will be a market strategy event, focused on getting knowledge from abroad because our travel is limited. It is also suitable for business managers and decision-makers or legal people.
