The OpenChain Automotive Work Group held a mini-summit on the 11th of November 2022. This event was focused on outlining the key items of interest for the industry in our sphere, and then discussing how we will address them in 2023. It was a short summit (only one hour) so time was tight, and it is clear that we have plenty to do as we begin regular quarterly meetings circa February 2023.
Organizations can no longer ignore the threat landscape of potential security and software compliance issues leading to negative financial impact. It’s in your best interest to create a strategy to control the risk—take proactive steps to secure the software supply chain.
Join Revenera and a panel of experts to discuss:
Trends in open source and third-party software management
Ongoing regulatory changes such as the evolving Executive Order from the U.S. government
What’s next in terms of communicating vulnerabilities through tools such as VDR and VEX
The criticality of implementing a Software Bill of Materials (SBOM) and what organizations should be doing
Real world security assurance with OpenChain best practices
What’s happening in the software supply chain in industries such as government, automotive, and medical device manufacturing
The OpenChain Automation Work Group has continued its busy schedule. Below you can find recordings of two recent meetings and details of how to join our mailing list and to attend future meetings. This is an excellent place to keep up-to-date with discussions about the types of workflow and the type of options you have for automation around ISO/IEC 5230 for license compliance or the Security Assurance Specification for security.
This was contributed by Feng Wang from SecTrend, and it joins our previous contribution of a self-certification checklist in Simplified Chinese from Zhang Jun Xia at CAICT:
Carlo Piana has done remarkable work in preparing the MarkDown conversation of our Merger and Acquisitions guide contributed by Ibrahim Haddad to the project a while ago:
In our 45th OpenChain Webinar, Michael Plagge from Eclipse will introduce the Software Defined Vehicle Project and explain more about what it means to open source in automotive and the broader global community. This has the potential to have a significant impact in a market-sector supply chain and is recommended watching for those operating in the space.
You can join us at 08:00 UTC (09:00 CET) on the 29th of November 2022. We will be using this Zoom room:
NAVER, a global ICT company, today announces the adoption of ISO/IEC 5230, the International Standard for open source license compliance. As a global leader in search, messaging, cloud, contents, metaverse and digital twin, NAVER has significant engagement with open source technology. The adoption of ISO/IEC 5230 underlines their commitment to excellence in open source process management.
“NAVER started investing in the open source field in 2008 and has continued its efforts to contribute to the open source ecosystem, and internally operates an open source governance system,” says Mincheol Song, Executive Officer of Global Platform Strategy. “With this adoption of ISO/IEC 5230, we are willing to contribute more to the open source ecosystem with OpenChain.”
“NAVER has a significant footprint in the type of domains where open source thrives,” says Shane Coughlan, OpenChain General Manager. “Their adoption of OpenChain ISO/IEC 5230, the standard for open source license compliance, has ramifications for a large part of the global open source supply chain. We are delighted by this development, and we look forward to working closely with the NAVER team to help companies in Korea and beyond use open source effectively and efficiently.”
About NAVER
Founded in 1999, NAVER is Korea’s largest Internet company with hundreds of millions of users worldwide. As a global technology company, it operates the No.1 search engine in Korea, NAVER, as well as other online services, such as LINE mobile messenger, Webtoon and Webnovel publishing, SNOW video camera app and ZEPETO metaverse platform. NAVER recorded sales of KRW 6.8 trillion (USD 5.6 billion) in 2021 and is pursuing changes and innovations in technology platforms through continuous research and development of future technologies, such as artificial intelligence, robotics and mobility.
The most recent OpenChain Monthly Community Call took place on November 1st, following our usual First Tuesday schedule. This is our monthly call with a bias towards supporting participation from North America / Europe. We have a Third Tuesday call for North America / Asia. You can check out our schedule for this and all other events on the global calendar: https://www.openchainproject.org/
See below for the recording and slides.
Key Outcomes (1) Certification support for our license and security specifications continues to grow (2) We are starting the editing cycle for the next generation of both specifications (3) This does not impact adoption – ETA for both updates is 2024 (4) But you have a chance to help shape them and can easily participate on GitHub, via these lists, and every month on our calls (5) Meanwhile, education work group is busy with a ton of material to review (6) And other areas of our project (like automation) are also doing great work (7) During our monthly calls from November onward we will be doing critical live editing (8) Your voice is welcome
FormalAgenda 1 Introductions 2 Specification (process standards) news 3 SBOM news 4 OSPO news 5 Automation news 6 Community feedback and comments – issues for standards and core supporting material 7 Community feedback and comments – issues for reference and supporting material 8 Community feedback and comments – issues to support other projects 9 Any other business 10 Close of meeting
The OpenChain Export Control Work Group will hold its first meeting on the 22nd of November at 15:00 UTC (16:00 CET).
This meeting will have the following agenda:
(1) Introductions (2) Overview of why export control matters from the perspective of open source and compliance (3) Open discussion about how our community can contribute to the field
The OpenChain Partner Webinars continue on the 29th of November with a presentation by PwC on their products and services around OpenChain ISO/IEC 5230, the International Standard for open source license compliance. You can attend this webinar without registration in our usual Zoom room:
This series highlights offerings from various service providers throughout the global OpenChain eco-system. Each featured partner has an official relationship with the project, whereby they may use our trademark for marketing OpenChain-specific services, and in exchange they help with community outreach, education and other aspects of collaborative (and free) support.
