Skip to main content
Category

News

OpenChain Japan All Member Meeting #24 – 2022-07-29

By Featured, News

The OpenChain Japan Work Group will hold its 24th all member meeting (11th virtual meeting) on July 29 (Friday) between 15:00 and 16:00 Japan Standard Time (JST). The primary discussion will be around the open source program office (OSPO) of Cybertrust. OSPO activity is an emerging topic in this jurisdiction and all are welcome to participate.

Join us via Zoom:

https://zoom.us/j/99975267803?pwd=ekhxaHA3bVZUSVU5M0dVMkF2Z0pkQT09

The meeting ID is:

99975267803

The password is:

]>guXS~6

Samsung SDS Achieves ISO/IEC 5230:2020 for Open Source Compliance

By Featured, News
  • First Korean IT service company to achieve ISO/IEC 5230:2020
  • To enhance reliability with preliminary verification and threat factor prevention conducted by open source specialists
  • To provide integrated system that manages open source usage and verification history

Samsung SDS became the first among Korean IT service companies to adopt the international standard for open source compliance (ISO/IEC 5230:2020) maintained by OpenChain Project.

This certification is enabled by OpenChain Project, led by the Linux Foundation in 2016, to global companies that secured open source license compliance process and application capabilities.

Samsung SDS was acknowledged for its global competence in all evaluation criteria including open source policy and process, professional workforce, and employee training.

Although open source is a software license that makes source code available to the public, legal disputes and threats may occur if users do not comply with its license agreement or verify weak points.

Early this year, Samsung SDS expanded its team dedicated to open source software into Open Source Program Office(OSPO) and reinforced specialists in development, security, legal, and patent, in order to provide support in open source application and prevent legal disputes.

The OSPO enhances open source usage by conducting preliminary verification on threats such as security weak points and errors during the planning stage of software, application and IT infrastructure development. 

Since last year, Samsung SDS carries out a comprehensive review in cooperation with its overseas offices and Global Development Center to operate an open source verification system on a global level.

Samsung SDS will develop an integrated management system by September to manage open source status, track previous verification records, and respond to weak points. The company expects the system to further strengthen customer trust in its IT service business and solutions. 

Jongpil KIM, Executive Vice President and Leader of Development Office at Samsung SDS, said, “With the increasing use of open source software, securing reliability is important in the software supply chain. With thorough verification and abiding by the license policy, Samsung SDS will provide our customers with services and solutions they can rely on.”  

Announcing The OpenChain Partner Webinar Series

By Featured, News

The OpenChain Project is launching a new series of webinars that will explain the services available from our partners around the world. Our goal is to help you understand your options if you seek third party assistance for adoption, refinement or certification.

The first webinar has been published here:
https://www.openchainproject.org/news/2022/07/12/xmirror

In this webinar we cover the services available from a Chinese service provider call XMirror. This company provides SCA solutions and – intriguingly – has an open source version of their tooling available for anyone to use:
https://gitee.com/xmirrorsecurity

The agenda for our next two webinars is:

26th of July at 06:00 UTC:
LEX PAN LAW & OPSEQUIO

9th of August at 06:00 UTC:
EACG (TrustSource)

We also have webinars coming from:
HH Partners & Double Open
PwC
Bitsea GmbH
And more…

We hope you enjoy this new series and welcome your feedback as it progresses.

As a side note, this does not replace our existing community webinar series. That will continue throughout 2022 as usual. You can expect the new agenda for those events to be published soon.

Webinar: XMirror and their OpenChain-Related Services

By community, News, Partner Webinar, standards, Webinar

Interested in checking out the open source tooling they mentioned? Check it out here:

This series highlights offerings from various service providers throughout the global OpenChain eco-system. Each featured partner has an official relationship with the project, whereby they may use our trademark for marketing OpenChain-specific services, and in exchange they help with community outreach, education and other aspects of collaborative (and free) support.




More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2022-07-12.

OpenChain Japan Work Group Resumes Physical Meetings

By Featured, News

Sony will host a small physical meeting at their Shinagawa offices on the 14th of July between 09:20 and 10:50 as a prelude to a full in-person OpenChain Japan Work Group meeting. This is the first physical meeting for our Japan Work Group in two and a half years.

The current plan is to have around 10 people attend. This will ensure compliance with company policies and act as a stepping stone to larger gatherings.

We expect to discuss the current state of the market, our community, and concrete next steps in collaboration for 2H 2022.

OpenChain @ RIOS Open-Source Hardware IP Licensing and Policy Workshop

By Featured, News

The OpenChain Project featured prominently at this event held in China via a talk (slides below) and participation in the end panel discussion on next steps in IPR around open hardware. This is part of our long-term commitment to supporting a trusted supply chain, and an awareness that the supply chain will inevitably consist of both hardware and software.

Xmirror is the latest Official OpenChain Partner

By Featured, News

Xmirror Security, a Chinese DevSecOps company, has joined the OpenChain Partner Program.  With a founding team specialized in network security technologies from Peking University, Xmirror Security is uniquely positioned to help clients secure the software supply chain.

From now on, Xmirror Security will support ISO 5230, the international standard for Open Source license compliance, and construct a healthy Open Source ecosystem and a trusted software supply chain in collaboration with other global corporations like Google, Microsoft and Meta.

“The OpenChain Project has been a contributor to the Open Source security ecosystem for a significant numbers of years,” says Shane Coughlan, OpenChain General Manager. “We seek to ensure trust in the supply chain, and our new partnership with XMIRROR will help to accelerate this mission in the Chinese market. We look forward to supporting companies of all sizes seeking excellent around the use of Open Source.”

Initiated by Linux Foundation, OpenChain is a project aiming at setting and maintaining the international standard for Open Source license compliance, which offers companies a more efficient solution for the consistency of Open Source license compliance. Currently, hundreds of magnates from multiple fields have joined OpenChain, building trust in Open Source among software supply chain stakeholders.

“Xmirror Security is glad to be an OpenChain partner and construct a more trusted and efficient Open Source supply chain and ecosystem together with the whole community,” says Ziya, Founder & CEO, Xmirror Security. “OpenChain shares our view of the Open Source supply chain security risks and challenges faced by corporations during digital transformation. To ‘manage Open Source risks through an Open Source solution’, we provide professional technical support and community service for corporations and developers through our Open Source SCA tool, OpenSCA. In the future, we will be hand in glove with not only OpenChain but also more Open Source partners to build up a more open, inventive and energetic Open Source community based on China software supply chain security and empower more users from diverse industries.”

More Commentary from Xmirror

While Open Source is gaining popularity in software development, the risk of Open Source components vulnerabilities and license compliance is also noteworthy. Focuses on Integrated detection and defence of continuous threats in DevSecOps software supply chain with two engines of code-vaccine and active defence technologies, our self-developed 3rd generation DevSecOps AI-Adaptive Threat Management System mainly includes both integrated development and operation agile security products covering pivotal parts from threat modelling, Open Source management, threat revealing, threat simulation as well as detection and response, and software supply chain security service characterized by the actual attack and defence confrontation. Thousands of corporations have embraced our solution for an efficient software supply chain.

Moreover, depending on its leading ability to detect Open Source application vulnerabilities, OpenSCA has been recognized as one of the most Valuable Open Source Projects in Gitee.

We attach great importance to cooperating with other organizations relevant to Open Source and software supply chain. Apart from joining OpenChain, we’ve been selected as one of the first members of Trustworthy Open Source Compliance and Software Supply Chain Security Lab launched by CAICT. Being committed to the original aspiration and mission of defending software supply chain security, Xmirror Security will actively participate in the joint contribution to the Open Source Ecosystem.

About Xmirror Security

The Xmirror Security founding team originated from the white hat hacker team of Peking University. Through years of accumulation of offensive and defensive confrontation key technologies and the accumulation of cutting-edge technologies such as deep learning, the founding team has creatively developed an intelligent adaptive threat management system for the new generation of DevSecOps IT strategic framework, with top offensive and defensive combat experience. It can ensure the life cycle of software supply chain security, promote the defense level of real business with intelligent automatic attack technology, and empower government and enterprise organizations to achieve security self-adaptation and self-growth.

OpenChain Korea Work Group Meeting #14 – Recordings

By Featured, News

The recordings from the recent Korea Work Group Meeting #14 are now available on their local website. Check them out here:

You will find material covering the global project activities, local activities, SFC vs Vizio analysis and an overview from FOSSID.

You can subscribe to the Korea Work Group mailing list here and keep up with all their activities: