The ISO/IEC 5230 one page overview has been updated to provide simple, clear messaging about how and why the International Standard for open source license compliance provides value to companies in the supply chain.
This document is available in PDF format, PNG format or InDesign format. You may take it, use it, share it and remix it freely using the terms of the CC0 license, effectively public domain.
You can help us improve this document, translate it and convert it into new formats through the OpenChain GitHub Reference Library. We are actively seeking a MarkDown version for ease of future iteration.
Our monthly North America / Europe meeting for March saw continued discussion around the OpenChain Specification Editing Process. Helio and Chris (Co-Chairs of the Specification Work Group) explored topics related to previously mentioned and new issues. Full recording below. All activity captured on GitHub.
The OpenChain Export Control Work Group held its third meeting on the 7th of March at 08:00 UTC. The focus was on reviewing the new volunteer project being set up at https://github.com/crypto-law-survey to explore the continuation of Bert’s http://www.cryptolaw.org/ as a general community resource.
This OpenChain Webinar featured a FOSDEM recap by Philippe Ombredanne of NexB for everyone who did not attend the event in Belgium at the start of 2023. In 2023 FOSDEM had over 8,000 participants and 771 presentations, making it one of the largest open source events in the world by a large margin. This webinar will be of particular interest to people exploring open source tooling for open source compliance or security.
The OpenChain Project was present at the LF APAC Leadership Summit in Hong Kong on the 2nd and 3rd of March 2023. This event contained a detailed series of presentations from key leaders in the Linux Foundation on day 1, and hosted a great OSPO Workshop lead by Ibrahim (LF AI & Data) on day 2.
Key participants at the OSPO Workshop
Of course there was also plenty of time for networking, and LF APAC organized a wonderful cruise in Hong Kong harbor for attendees.
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. This is a community newsletter, so we accept suggestions and ideas, and you can contact us by mail at any time.
You can now get third-party certified with ISO/IEC 5230 or the OpenChain Security Assurance Specification 1.1 anywhere in the world… and you have plenty of choice about who to work with. Of course, you have options when adopting our standards. The most common thing is actually for companies to start with self-certification, so if you are new to this… Learn more here)
Our reference library of over 1,000 documents to help you learn about our standards, train people or suppliers around open source, get policy templates, self-certification checklists and more has been totally overhauled. It is now easier to find material, easier to share material and easy to translate material.
Yes Security and Panx Project announced adoption of our ISO/IEC standard for open source license compliance via the OpenChain website. Both companies self-certified. Yes Security is the first company from Brazil to announce conformance via our website. Well done!
This month we had two webinars. One covered new security tools and one unpacked fascinating data points around GPLv2 licensing. Did you know there have been 40 versions of the GPLv2 published on its official websites and there have been 12 different versions found in the Linux Kernel? Definitely a webinar to watch if you are interested in the licensing side of things.
Last month we mentioned that Continental Corporation made LFC193 a required course for their software developers from late Q3 2022. Since then we had two other soft announcements from community members about their adoption.
Coming Soon
For those wanting a sample of what’s on the community calendar for March…
To learn more and to get help from any of our official third-party certifiers, simply visit our partner page and click on the relevant logos. That said, remember you have various options when adopting our standards. The most common route is for companies to start with self-certification, so if you are new to this… check out the checklists and questionnaires below.
