This webinar highlights a new open source tool for open source compliance and security that originates in China. This tool was created by a company called XMIRROR. The open source CLI offers SPDX support, so is immediate interest to tooling communities around the world, particularly from the perspective of integration with open source tooling frontend solutions.
This is OpenChain Webinar #53, released on 2023-06-29.
This webinar features an update on ClearlyDefined by Nick Vidal at the Open Source Initiative (OSI). A lot has happened since we last covered this project for open source metadata, including the move to a new home at OSI.
ClearlyDefined and its parent organization, the Open Source Initiative, are on a mission to help FOSS projects thrive by being clearly defined. Lack of clarity around licenses and security vulnerabilities reduces engagement – that means fewer users, fewer contributors and a smaller community.
As such, the goals of the project are to:
This is OpenChain Webinar #51, released on 2023-04-26.
This webinar features Alexios Zavras, Chief Open Source Compliance Officer at Intel Corporation and a long-term friend and collaborator around the OpenChain Project. This time the topic was SPDX 3.0, a significant generational update to SPDX, a sister standard to OpenChain ISO/IEC 5230 and OpenChain ISO/IEC DIS 18974.
SPDX is a Software Bill of Materials (SBOM) specification, so it operates one layer down from the fundamental processes outlined by OpenChain’s standards, and it provides an excellent way to meet our requirements for an SBOM to be used by companies. The second generation of SPDX has been an ISO/IEC standard for two years as ISO/IEC 5962. The third generation shows interesting promise as a way to manage license compliance, security and more.
This is OpenChain Webinar #50, released on 2023-04-31.
This OpenChain Webinar features OSSelot, an open source curation database recently launched by OSADL in Germany. This project addresses one of the most requested features around open source automation for open source compliance: an open, public database supporting SBOM (via SPDX ISO/IEC 5962) for common software packages. This could be a game-changer.
Check Out The Project Website:
This is OpenChain Webinar #47, released on 2023-01-25.
This webinar explores how SCA and tooling vendors in China are addressing the local market, and how open source risk can be managed around M&A.
This is OpenChain Webinar #42, released on 2022-06-14.
This webinar covers FOSSLight, a new open source project for open source license compliance from the Korean community. This is a quiet landmark for the OpenChain Project: our first non-English global webinar is presented in Korean with Simplified Chinese and Japanese subtitles.
There is one request that comes with this webinar: if you are interested in FOSSlight please considering helping to translate it into more languages.
Learn more on GitHub
This is OpenChain Webinar #40, released on 2022-04-06.
This webinar returned to automation topics with a review of how clearing can be made faster by using techniques like proximity matching. While approaches like this inherently depend on the technical ability of user companies, and their individual determinations of accuracy or risk, they do suggest avenues to increase efficiency-at-scale.
This is OpenChain Webinar #39, released on 2022-04-22.
This webinar highlighted an on-going automation case study by the OpenChain Automation Work Group, and how compliance programs can bake continual improvement (kaizen) into their daily work.
Check Out Our Slides
This is OpenChain Webinar #30, released on 2021-09-07.
This webinar covered a lot of ground with open hardware, new open source automation from Korea and methods of using SPDX with the Yocto Project. It provided a solid way to “take the pulse” of a certain moment in open source governance.
Plus…
The LG Electronics video on FOSSLight
The full LG Electronics presentation
This is OpenChain Webinar #26, released on 2021-07-07.
LFX is a toolkit from The Linux Foundation built to facilitate every aspect of open source development. Get a full overview of project analytic tools, IP risk containment, security and Crowdfunding. This webinar helps to unpack what that means for you.
Heads Up
The crowdfunding was previously a separate project called CommunityBridge.
This is OpenChain Webinar #17, released on 2021-02-01.
© 2024 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
