We were working on the latest version of the Security Assurance Reference Guide. It is now available for review:
This is version 2.0 Draft 3 2022-02-15. The document is in the editing phase. You can expect adjustments. And… you can leave issues! Just open one on GitHub to help us process the next revision of the document.
Learn About OpenSSF In The Current Landscape From Brian Behlendorf, General Manager Open Source Security Foundation
OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.
Learn About SPDX In The Current Landscape From Kate Stewart, VP, Dependable Embedded Systems At The Linux Foundation
SPDX is an open standard for communicating software bill of material information, including provenance, license, security, and other related information.
And Learn More About Industry Responses To Log4J With A Practical Case Study About How Things Unfolded “On The Ground”
The Security Summit will take place on February 17th 2022 at 18:00 PST / February 18th 2022 02:00 UTC / 10:00 CST / 11:00 KST+JST. It will be hosted on Zoom and it will be free to attend. It will also be recorded. Join the event here:
You can expect to come away with a clear understanding of market conditions, how the Linux Foundation is addressing them, and where OpenChain fits into the picture. The goal – as always – is to ensure you have the information necessary to make informed, effective decisions around the open source supply chain.
We seek to build trust in the quality of programs used by you, your customers and your suppliers. We are proud to have taken significant strides in our field throughout 2021. We expect to push the boundaries of what is possible once again in 2022. You can learn more about what we are doing around security – including our reference assurance guide – here:
We are turning this into a Reference Security Specification via our bi-weekly global work team calls. You can via the current draft on GitHub and open issues here:
Tokyo, February 10, 2022 – NEC Corporation (NEC; TSE: 6701), a leading global provider of IT and network technologies, has joined the OpenChain Project as a Platinum Member and will assume a governing board seat. The OpenChain Project builds trust in the supply chain by making open source license compliance simpler and more consistent, and maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance.
“NEC has played a significant role in the development of the global OpenChain community,” says Shane Coughlan, OpenChain General Manager. “As we welcome NEC to the OpenChain governing board we look forward to deepening our collaboration. We share a vision of a supply chain with greater trust and effectiveness. Today we have taken another important step towards that goal.”
“NEC is well aware of the importance of security and compliance in the open source supply chain and we respect OpenChain’s leadership in this field.” says Kimio Suganuma, Head of the OSS Promotion Center and Emerging SI Technology Development Division, Digital Business Platform Unit, NEC. “We have decided to join as a platinum member to show our approval and support of the open source ecosystem.”
About NEC Corporation
NEC Corporation has established itself as a leader in the integration of IT and network technologies while promoting the brand statement of “Orchestrating a brighter world.” NEC enables businesses and communities to adapt to rapid changes taking place in both society and the market as it provides for the social values of safety, security, fairness and efficiency to promote a more sustainable world where everyone has the chance to reach their full potential. For more information, visit NEC at https://www.nec.com.
About the OpenChain Project
The OpenChain Project maintains the international standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.
About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.
Linux is a registered trademark of Linus Torvalds.
This webinar provided a case study of the settlement between the Netfilter Project and Patrick McHardy, a concluding chapter of the long-running “copyright trolling” concern that had caused concern in the open source community for nearly a decade.
This is OpenChain Webinar #36, released on 2022-02-08.
You will find the recordings and the slides below this text.
As a short update to all of you, I have taken the action point to put together a short Charter/work item tracker document for us. It also serves as an informal MoM from yesterdays meeting summarizing the discussions we had and where we currently stand on some of the issues. As soon as I figure out where we should upload that I will do so and invite you all to participate in editing the document. We have some clear actions from yesterday’s meetings that I hope we can work together on in the coming weeks until our next meeting.
On the very top of that list is to look at SPDX and its different “modules” to determine what level of granularity is needed in the telco environment. As was also pointed out in the meetings we need to grow our community to include more members from the CSP side. I think that once we have our charter uploaded that becomes easier as it helps us explain what we are about. Getting the requirements from all parts of the supply chain as well as understanding the capabilities to deliver to those requirements is clearly key for success here.
Jimmy Ahlberg, Chair of the Telecommunications Work Group
Morning CET Meeting:
Afternoon CET Meeting:
The Slides:
You can join the telco mailing list here:
This webinar provided a practical case-study of a GPLv3 enforcement case in Italy, allowing viewers to understand how such situations unfold, and what they mean for open source governance and management.
This is OpenChain Webinar #35, released on 2022-01-26.
© 2024 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
