The OpenChain Telco Work Group holds meetings on a monthly schedule. These are designed to allow anyone with an interest in areas like the telecommunication industry, their actions around open source management, and the development of a telco specification for Software Bill of Materials (SBOM). All levels of experience are welcome.
Our new regular schedule is:
First Thursday @ 07:00 UTC First Thursday @ 15:00 UTC
The OpenChain Project has been very active since its formal launch in late 2016. Our global community has built an ISO/IEC standard for license compliance, launched a de facto (and soon to be ISO/IEC) standard for security. We have contributed to SBOM, OSPO, training, policy and other discussions. We built the world’s largest library of open source management reference material.
To reflect our growth and to make it easier to navigate the project we are going to make some adjustments to our work groups. Nothing too radical, but definitely something to help people find their way around more quickly, and to get the information they want faster. The image above contains a summary of the evolution approved by our Governing Board at their last meeting in September, and targeted for release during October 2022.
The changes?
The Specification Work Group will split into two parts – a Licensing Work Group for ISO/IEC 5230 and a Security Work Group for the Security Assurance Specification.
The Education Work Group and Outreach Work Group will combine into the Education Work Group.
We will launch a new Export Control Work Group and a new Policy Work Group. The former will help to navigate issues around increasing international trade tensions. The later will help us provide strategic advice around the highest level of planning for open source in legislation and business.
The dormant Conformance Work Group will be wound down and discussions regarding self-certification moved to Education Work Group, with discussions about the nuance of conformance parameters moved to our Steering Committee.
Finally (if there are no objections), we will re-brand the Reference Tooling Work Group to the Automation Work Group to help guide people hearing about automation to the right solutions.
The OpenChain Automotive Work Group will host its next meeting as a virtual event on the 11th of November between 16:00-17:00 JST (2022-11-11 07:00 UTC). Everyone is welcome and there is no need to register. We will host the meeting in our usual Zoom room: https://zoom.us/j/4377592799
Draft Agenda
(1) Introductions (2) Automotive news in 2022 (3) IP news relevant to industry (4) Developments in OpenChain – Security Assurance Spec enters ISO in October – License Compliance Spec entering review in October – Company Playbooks (Small, Medium, Big) – New conformance support (online, checklists) (5) Discussion: What is missing to support the industry (6) Discussion: Make plan to fill industry support gaps (7) Discussion: Schedule for next steps (8) Close of meeting
The OpenChain Project kicked off its new monthly community call series with the latest news around our specification, SBOMs, OSPOs and automation, before proceeding to a behind-the-scenes on our security specification ISO/IEC submission and an interactive session on updating key website materials like the FAQ and path to conformance. Ana from TODO dropped by to share the OSPO news this time around.
We always follow this agenda:
1 Introductions 2 Specification (process standards) news 3 SBOM news 4 OSPO news 5 Automation news 6 Community feedback and comments – issues for standards and core supporting material 7 Community feedback and comments – issues for reference and supporting material 8 Community feedback and comments – issues to support other projects 9 Any other business 10 Close of meeting
You can join our monthly calls (and all our other calls and events) via the OpenChain calendar. The monthly calls take place on the first Tuesday at 16:00 UTC (US/Europe) and the third Tuesday at 01:00 UTC (US/Asia):
The OpenChain Japan Work Group will host its next meeting on the 31st of October between 15:30 and 16:30 JST. This meeting will be held mostly in Japanese. All are welcome.
The OpenChain Project has a lot of meetings being run by various work groups around the world. We constantly share the outcomes of these meetings in recordings throughout our community, but today we wanted to do something a little different. Let’s dig into a whole workflow through a recent three-part call to action around MarkDown in our reference library.
Our goal was to create a workflow to allow us to transition over time from many, many different file formats to a single, easy to edit and easy to translate file format for our reference material. This would never cover 100% of the material we share, but it could cover a lot, and it would make both contributions and tracking changes a lot easier.
As part of our newly evolved situation with two specifications in market (one ISO/IEC standard for license compliance and one de facto but soon to be ISO/IEC standard for security compliance), our self-certification efforts are ripe for revamp and expansion.
We took the first step in that direction today (2022-10-05) by creating a version of the Self-Certification Questionnaire for ISO/IEC 5230 in MarkDown based on the material from the existing Self-Certification Web App located on the OpenChain Website. Huge credit to Steve @ Analogue Devices for this work.
It also provides us with a clean way to fork and create a sister self-certification questionnaire for our Security Assurance Specification, the sister standard to ISO/IEC 5230.
And now we have a call to action. Please help review the checklist and see what you think of the wording for each statement. Is it clear enough? Can you improve it? If you find bugs or opportunities for improvement, please open an issue or a pull request to help make self-certification to ISO/IEC 5230 easier than ever.
What we do will feed back into the primary website resources, and it will form the basis of new self-certification material for our Security Assurance Reference Specification.
The OpenChain Call to Action series dedicated to break-outs focusing on migrating our reference library to markdown has come to an end. We have seen substantial progress on our goal of ensuring long-term maintainability of the resource library, and in converting key resources into markdown to get us started.
Firstly, you will find updated instructions about our repository here:
The first major outcome of our activity has been completed with the release of the ISO/IEC 5230 self-certification questionnaire in markdown format here:
Your help in reviewing this material, in converting new material and in suggesting improvements to our processes is always welcome. We are now turning this activity over to the Education Work Group, and you will find that here:
The OpenChain Security Assurance Specification 1.1 is being prepared by the Joint Development Foundation for submission to ISO/IEC JTC-1 via the PAS Transposition Process. We expect the specification to graduate as an ISO/IEC International Standard in mid-2023. Meanwhile, it is ready for market adoption as a de facto industry standard.
And how to ensure sustainability of their approach
Like OpenChain ISO/IEC 5230, the International Standard for open source license compliance, the OpenChain Security Assurance Specification 1.1 is lightweight, easy to read and will be extensively supported by our global community with free reference material and conformance resources.
