News

Shane Coughlan, OpenChain General Manager, will take the lead in a FOSSA webinar on the 16th of March.

From their site:

Software supply chain security has dominated the headlines in recent months following a series of events (including the SolarWinds hack and the Biden Administration’s executive order). But maintaining the integrity of your software supply chain is about more than just traditional vulnerability remediation. Our modern threat landscape has elevated the importance of supply chain sustainability, which includes areas like software provenance and lifecycle management in addition to known vulnerability mitigation.

Join Shane Coughlan, GM of OpenChain (a Linux Foundation project) for a conversation on the importance of supply chain sustainability and practical steps your organization can take to strengthen supply chain integrity.

We’ll discuss:

• The evolution of software supply chain threats
• The importance of software provenance, such as package origin, maintainers, and quality
• Questions to ask vendors to gauge the sustainability of proprietary software
• Indicators of sustainable open source software

Register here:

• https://www.brighttalk.com/webcast/17752/533959?utm_source=FOSSA&utm_medium=brighttalk&utm_campaign=533959

Open source, security, supply chain, sustainability. In this informal discussion we had a chance to cover it all.

Learn About OpenSSF In The Current Landscape From Brian Behlendorf, General Manager Open Source Security Foundation

OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

Learn About SPDX In The Current Landscape From Kate Stewart, VP, Dependable Embedded Systems At The Linux Foundation

SPDX is an open standard for communicating software bill of material information, including provenance, license, security, and other related information.

And Learn More About Industry Responses To Log4J With A Practical Case Study About How Things Unfolded “On The Ground”

You can expect to come away with a clear understanding of market conditions, how the Linux Foundation is addressing them, and where OpenChain fits into the picture. The goal – as always – is to ensure you have the information necessary to make informed, effective decisions around the open source supply chain.

We seek to build trust in the quality of programs used by you, your customers and your suppliers. We are proud to have taken significant strides in our field throughout 2021. We expect to push the boundaries of what is possible once again in 2022. You can learn more about what we are doing around security – including our reference assurance guide – here:

• https://www.openchainproject.org/news/2022/01/19/openchain-on-security

We are turning this into a Reference Security Specification via our bi-weekly global work team calls. You can via the current draft on GitHub and open issues here: 

• https://github.com/OpenChain-Project/SecurityAssuranceGuide/tree/main/Guide/2.0

The OpenChain Open Source Policy Template helps apply the key requirements for a quality open source compliance program. It provides sample policy text that helps organisations select, classify, incorporate and publish open source code with a focus on legal compliance of open source.

This template has been available in English for several years thanks to the hard work of Andrew Katz, the teams at Moorcrofts and Orcro, and the broader OpenChain community. Now, thanks to Masahiko Hayashi and the team at NEC, this policy template is available in Japanese.

This is an excellent resource to help you conform to OpenChain ISO/IEC 5230:2020 or to simply improve your internal process management for open source.

Download the Japanese version here:

• https://github.com/OpenChain-Project/Reference-Material/blob/master/Open-Source-Policy/Official/2.1/ja/Open-Source-Policy-Template-ja-OpenChain2.1-ISO5230-JA.docx

Download the English version here:

• https://github.com/OpenChain-Project/Reference-Material/blob/master/Open-Source-Policy/Official/2.1/en/Open-Source-Policy-Template-en-OpenChain2.1-ISO5230.xlsx

Contribute to this work on GitHub:

• https://github.com/OpenChain-Project/Reference-Material/tree/master/Open-Source-Policy/Official

HONOR, a leading global provider of smart devices, officially joined the OpenChain Project as a Platinum Member. HONOR will continue to devote efforts to help maintain OpenChain ISO/IEC 5230, the International Standard for open source license compliance.

中文版: 荣耀加入 OpenChain项目理事会 

“HONOR is delighted to join the OpenChain Project. HONOR has consistently taken compliance management as the basis of business process. HONOR adheres to the principle of open innovation to provide high quality smart devices that exceeds the expectations of customers around the world,” said Samuel Deng, President of Research & Development Mgmt Dept, HONOR Device Co., Ltd. “HONOR will actively participate in the OpenChain project to work with global partners to build a more secure and efficient open source software management system. ”

“HONOR will playing an essential role in the OpenChain Project in 2022 and beyond,” says Shane Coughlan, OpenChain General Manager. “Chloe and the rest of the team will be providing strategic guidance on our governing board, building on their existing engagement across our global community. Our shared mission is to build greater trust in the supply chain, and this represents another significant milestone in our ability to execute effectively.”

About HONOR

HONOR is a leading global provider of smart devices. It is dedicated to becoming a global iconic technology brand and creating a new intelligent world for everyone through its powerful products and services. With an unwavering focus on R&D, it is committed to developing technology that empowers people around the globe to go beyond, giving them the freedom to achieve and do more. Offering a range of high-quality smartphones, tablets, laptops and wearables to suit every budget, HONOR’s portfolio of innovative, premium and reliable products enable people to become a better version of themselves.

For more information, please visit HONOR online at www.hihonor.com.
https://community.hihonor.com/
https://www.facebook.com/honorglobal/
https://twitter.com/Honorglobal
https://www.instagram.com/honorglobal/
https://www.youtube.com/c/HonorOfficial

About the OpenChain Project

The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.