Conformance

CEHLabs has announced an OpenChain ISO/IEC 5230 Conformant Program.

More About CEHLabs:

Governance Risk and Compliance (GRC) the three domains that reduce your business Information and Cyber Security Risk . The domains has different impact areas of the business, with a common goal of reducing quantifiable risk of the business falling victim to cyber security threat which if realised would impact you business into loss of trust with your customers or reputation damage. Here at CEHLabs our primary service is protecting your business from cyber threats by implementing ISO/IEC 5320:2020 of the OpenChain, NIST 800 53b revision 5, HM IS1 and IS2, Cyber Assurance Framework and Cloud First Cyber Essential Plus. In Compliance we are certified to assess under PCI-DSS and HIPPA.

• https://www.cehlab.com/

Bobble AI has submitted an OpenChain self-certification notification via the OpenChain Website.

Founded by a dynamic duo of brothers, Bobble AI is the world’s first Conversation Media Platform. Bobble.ai is on the mission of enriching everyday conversations by empowering expressions for users with a suite of Keyboard applications.

Welcome to the community of conformance!

LG Electronics (LG) now has an OpenChain Security Assurance Specification 1.1 (ISO/IEC DIS 18974) conformant program. This standard defines the key requirements of a quality open source security assurance program, and helps to both reduce errors and increase efficiency across the global supply chain. This builds on their previous adoption of ISO/IEC 5230, the International Standard for open source license compliance.

“LG Electronics has a long history in open source and a well-known open source office,” says Shane Coughlan, OpenChain General Manager. “Their governance contributions like the FOSSLight tooling to help other companies has been an inspiration in South Korea and beyond. The conformance announcement today comes from the LG Cybersecurity Governance Team and underscores a company-wide commitment to excellence. As LG joins BlackBerry and Interneuron in driving the future of open source security assurance, we both welcome this announcement, and look forward to close collaboration in the future.”

Adoption of ISO/IEC DIS 18974 was driven by the LG Cybersecurity Governance Team. They are responsible for:

• Establishing LG’s software development process (LG-SDL: Secure Development Lifecycle) to develop secure software for all LG Electronics products
• Reflecting the latest Global Standards (ETSI, ENISA, NIST, etc.) and adapting them for the LG development ecosystem
• Operating LG VulDOC (Vulnerability Detection Of Code) DevSecOps to Identify and resolve potential security vulnerabilities through various software verification methods 
• Managing the LG Product Security Response Team (PSRT) to minimize security damage to our customers through authentic communication with security registrants and external stakeholders
• Managing Third-Party developed software supply chain risk management

About LG Electronics

LG Electronics is a global innovator in technology and consumer electronics with a presence in almost every country and an international workforce of more than 74,000. LG’s four companies – Home Appliance & Air Solution, Home Entertainment, Vehicle component Solutions and Business Solutions – combined for global revenue of over KRW 80 trillion in 2022. LG is a leading manufacturer of consumer and commercial products ranging from TVs, home appliances, air solutions, monitors, service robots, automotive components and its premium LG SIGNATURE and intelligent LG ThinQ brands are familiar names world over.

About the OpenChain Project

The OpenChain Project maintains the International Standard for open source license compliance and the de-facto standard for open source security assurance. These allow companies of all sizes and in all sectors to adopt the key requirements of quality open source compliance or security assurance programs. They are open standards. All parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standards.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

ByteDance, a leading social media company, and the innovator behind TikTok, has announced an OpenChain ISO/IEC 5230 conformant program. Their adoption of the international standard for open source license compliance underlines their commitment to engagement and excellence around open source projects, platforms and solutions.

“We are delighted to welcome ByteDance to the OpenChain ISO/IEC 5230 community of conformance,” says Shane Coughlan, OpenChain General Manager. “Their team has created social networks with stunning speed of scaling in Douyin (抖音) and TikTok. This innovation has been powered by open source, and their work around building an Open Source Program Office (OSPO), communicating their work, and now using international standards speaks to a bright future. We are looking forward to next steps in our collaboration.”

Read Their Full Announcement In Simplified Chinese

• https://mp.weixin.qq.com/s/G2Jlr6gzGrY3FLWKtYz_wg

ByteDance Website

• https://www.bytedance.com/en/

About ByteDance

ByteDance was founded in 2012 by a team led by Yiming Zhang and Rubo Liang, who saw opportunities in the then-nascent mobile internet market, and aspired to build platforms that could enrich people’s lives. The company launched Toutiao, one of its flagship products, in August 2012. It followed that success with the launch of Douyin in September 2016. Approximately a year later, ByteDance accelerated globalization with the launch of its global short video product, TikTok. It quickly took off in markets like Southeast Asia, signaling a new opportunity for the company. ByteDance acquired Musical.ly in November 2017 and subsequently merged it with TikTok. Today, the TikTok platform, which is available outside of China, has become the leading destination for short-form mobile videos worldwide.

In support of its mission to Inspire Creativity and Enrich Life, ByteDance has made it easy and fun for people to connect with, create and consume content. People are also able to discover and transact with a suite of more than a dozen products and services such as TikTok, CapCut, TikTok Shop, Lark, Pico and Mobile Legends: Bang Bang, as well as products and services specific to the China market, including Toutiao, Douyin, Fanqie, Xigua, Feishu and Douyin E-commerce.

ByteDance has over 150,000 employees based out of nearly 120 cities globally, including Austin, Barcelona, Beijing, Berlin, Dubai, Dublin, Hong Kong, Jakarta, London, Los Angeles, New York, Paris, Seattle, Seoul, Shanghai, Shenzhen, Singapore, and Tokyo.

About the OpenChain Project

The OpenChain Project maintains the International Standard for open source license compliance and the de-facto standard for open source security assurance. These allow companies of all sizes and in all sectors to adopt the key requirements of quality open source compliance or security assurance programs. They are open standards. All parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standards.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

China Mobile (Suzhou) Software Technology Co., Ltd. announced an ISO/IEC 5230 conformant program at the recent OSCAR Open Source Supply Chain Salon (OSCAR开源供应链沙龙) co-hosted by CAICT and the OpenChain Project. The ISO/IEC 5230 conformant program was third-party certified by CAICT.

Learn More About The Event

• https://www.openchainproject.org/news/2023/04/04/oscar-2023

Alibaba Cloud Computing Ltd. announced an ISO/IEC 5230 conformant program at the recent OSCAR Open Source Supply Chain Salon (OSCAR开源供应链沙龙) co-hosted by CAICT and the OpenChain Project. The ISO/IEC 5230 conformant program was third-party certified by CAICT.

Learn More About The Event

• https://www.openchainproject.org/news/2023/04/04/oscar-2023

Cloudera’s Chinese subsidiary announced an ISO/IEC 5230 conformant program at the recent OSCAR Open Source Supply Chain Salon (OSCAR开源供应链沙龙) co-hosted by CAICT and the OpenChain Project. The ISO/IEC 5230 conformant program was third-party certified by CAICT.

Learn More About The Event

• https://www.openchainproject.org/news/2023/04/04/oscar-2023

SAP (NYSE:SAP), the market leader in enterprise application software, announces the adoption of OpenChain ISO/IEC 5230 – the International Standard for open source license compliance – throughout its organization. This milestone marks the first time an enterprise application software company has undergone whole entity conformance, and it has significant implications for the overall maturity and effectiveness in this market space.

“Since open source is increasingly used by more and more industries, the OpenChain standard is an important part of SAP’s management of license compliance along the software supply chain,” said Peter Giese, Director of SAP Open Source Program Office. “OpenChain provides a common standard based on industry best-practices and thereby helps to establish trust and reliability among all the participants in software supply chains.”

“SAP has an astonishing reach in the global supply chain, with its customers involved in almost 90% of trade around the world,” says Shane Coughlan, OpenChain General Manager. “Their decision to not only adopt but to apply OpenChain ISO/IEC 5230 throughout their organization is a key inflection point for the global supply chain. We are intertwined in our use of open source for shared infrastructure and platforms, and the more effective we become in its management, the more effective our overall supply chain will be. We are delighted to welcome SAP alongside entities such as Arm, Bosch and BlackBerry who have elected to undergo whole entity conformance, and alongside the hundreds of other entities applying OpenChain in narrower program scopes.”

About SAP

SAP’s strategy is to help every business run as an intelligent, sustainable enterprise. As a market leader in enterprise application software, we help companies of all sizes and in all industries run at their best: SAP customers generate 87% of total global commerce. Our machine learning, Internet of Things (IoT), and advanced analytics technologies help turn customers’ businesses into intelligent enterprises. SAP helps give people and organizations deep business insight and fosters collaboration that helps them stay ahead of their competition. We simplify technology for companies so they can consume our software the way they want – without disruption. Our end-to-end suite of applications and services enables business and public customers across 25 industries globally to operate profitably, adapt continuously, and make a difference. With a global network of customers, partners, employees, and thought leaders, SAP helps the world run better and improve people’s lives. For more information, visit www.sap.com.

About the OpenChain Project 

The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

First North American Company to Adopt International
Open Source Standard Across its Entire Product Portfolio

WATERLOO, ON and SAN FRANCISCO, CA – March 17, 2022 – BlackBerry Limited (NYSE: BB; TSX: BB) today announced that it is the first company based in North America to adopt and conform to OpenChain ISO / IEC 5230:2020 across its entire product portfolio. OpenChain is the International Standard for open-source license compliance and is designed to build trust in the supply chain. BlackBerry saw the need to lead in this space to adopt a higher standard for its software supply chain.

The new accreditation will enable BlackBerry customers to have increased confidence in the company’s ability to manage the use of open source software across its Cybersecurity and IoT product portfolio. As the frequency and severity of cybersecurity attacks grow and stringent regulatory standards like President Biden’s Cybersecurity Executive Order come into effect, the need to have holistic visibility into the security of the software supply chain is of paramount importance, particularly when managing open source software.  

BlackBerry is the first company in North America to gain company-wide OpenChain ISO/IEC 5230:2020 conformance and collaborated with OSS Consultants to achieve the accreditation. OpenChain encourages self-certification, independent assessment, and third-party certification as options for entities seeking to address the risk profile of their supply chain.

“It is hard to overstate the importance of today’s announcement,” says Shane Coughlan, OpenChain General Manager. “BlackBerry has one of the deepest industry pedigrees in bringing increased peace of mind to enterprise and governmental organizations. Certifying their open source software management  underlines their commitment to excellence and serves as a beacon for other companies to follow.”

“We are extremely proud to be the first company based in North America to announce whole entity conformance to OpenChain ISO/IEC 5230:2020,” said Charles Eagan, Chief Technology Officer at BlackBerry. “BlackBerry continues to lead in securely developing software. We realized the importance of leveraging Open Source Software and recognized the need for a robust process to manage the use of it in our products.”

“As trusted consultants that have helped organizations of all sizes implement Open Source Programs, we were thrilled to partner with BlackBerry to attain the first whole-entity OpenChain conformance in North America. The OpenChain Project has set a high standard of open-source compliance within the supply chain and across the world,” said Russ Eling, CEO and Founder of OSS Consultants.”

###

About BlackBerry

BlackBerry (NYSE: BB; TSX: BB) provides intelligent security software and services to enterprises and governments around the world.  The company secures more than 500M endpoints including over 195M vehicles.  Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy solutions, and is a leader in the areas of endpoint management, endpoint security, encryption, and embedded systems.  BlackBerry’s vision is clear – to secure a connected future you can trust.

BlackBerry. Intelligent Security. Everywhere. 

For more information, visit BlackBerry.com and follow @BlackBerry.

Trademarks, including but not limited to BLACKBERRY and EMBLEM Design are the trademarks or registered trademarks of BlackBerry Limited, and the exclusive rights to such trademarks are expressly reserved.  All other trademarks are the property of their respective owners.  BlackBerry is not responsible for any third-party products or services.

About OSS Consultants:

OSS Consultants is a business dedicated to helping organizations of all sizes – from the world’s largest and well-known companies to small businesses and start-ups – design, implement, and manage the most efficient, comprehensive and robust open-source program offices and policies on the planet. Service offerings range from a scan and audit of your third-party and proprietary software to creating a full OSPO within your organization. Find more information at www.ossconsultants.com.

About the OpenChain Project 

The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

Media Contact:

BlackBerry Media Relations
+1 (519) 597-7273
mediarelations@BlackBerry.com

OSS Consultants Media Relations
info@ossconsultants.com