In this SBOM Study Group meeting, Ninjouji-san from Toshiba lead an overview of various regulations and guidelines, and drove discussion around what is needed for future meetings.
The OpenChain Education Work Group has been working on developing a simplified capability model to assess a company’s capability in open source license compliance against ISO 5230:2020.
In this session, we presented the simplified model, and invited questions and comments about how to improve it.
You can find the working version of the model here:
- https://docs.google.com/spreadsheets/d/1CAOD7PjNXXlnW-dkmfC9Bsb94mVyt0AdoRIqV-H3HE4/edit?usp=sharing
Alternatively, there is a static download of the model here:
We are aiming to produce a release candidate of the model for presentation at the Open Compliance Summit in Tokyo on 30th and 31st October.
Join future meetings through our Education Mailing List:
The OpenChain Japan Work Group held one of its regular community meetings with presentations, case studies and networking on the 17th of October 2024. The full recording is below.
Zhenhua Sun of ByteDance, OpenChain China Work Group Chair, presented our work at the OSCAR 2024 conference in Beijing on October 16th. This presentation builds on our existing relationship with official partners like CAICT, and previous collaboration around the OSCAR event.
Review the Slides
Osaka, Japan, October 17, 2024 – Honda, a global leader in the manufacturing of automobiles, motorcycles, and power equipment, today announces an OpenChain ISO/IEC 18974 conformant program. By adopting the international standard for open source security assurance, Honda builds on their December 2023 adoption of OpenChain ISO/IEC 5230:2020, a previous milestone in the use of the international standard for open source license compliance. Honda continues to drive long-term, sustainable innovation around the next generation of technologies.
“Honda has a remarkable position as the world’s largest motorcycle manufacturer and the world’s largest manufacturer of internal combustion engines,” says Shane Coughlan, OpenChain General Manager. “By adoption of both ISO/IEC 5230 and ISO/IEC 18974 in the last twelve months, Honda has underlined its position as a thought leader in the domain of open source. A trusted supply chain is critical, and we are fortunate to have companies like Honda driving lasting change.”
About Honda
Honda is a mobility company powered by everyone’s dreams, creating mobility that helps and inspires people, in a wide range of fields such including motorcycles, automobiles, power products and aircraft.
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Osaka NDS, a company providing business integration, software and hardware research, development and manufacturing (and other services) has announced an OpenChain ISO/IEC 5230:2020 conformant program.
“A key aspect of the OpenChain mission is engagement and adoption of our ISO standards in the supply chain,” says Shane Coughlan, OpenChain General Manager. “Osaka NDS – as a leading company in the Japanese supply chain – is an excellent example of the type of care, leadership and sustainability towards practical open source deployment that can inspire others. We welcome their adoption of ISO/IEC 5230 and looking forward to working closely together in the future.”
About Osaka NDS
・Company name: Osaka NDS Co., Ltd.
・Head office location: Sumitomo Life OBP Plaza Building 8F, 1-4-70 Shiromi, Chuo-ku, Osaka City, Osaka Prefecture 540-0001
・President: Takeshi Hirayama
・Establed: July 1993
・Capital: 30 million yen
・Contact: TEL .06-6945-6800 FAX .06-6945-6801
・Business contents: Integration business, software and hardware-related research and development, manufacturing, sales, development commissioning and dispatch of engineers for computer and peripheral equipment
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
About once a month the OpenChain Project releases a slide deck to help explain what we do. The October edition is now available in the same location as all previous editions.
If you are a community advocate, please take it and help people get an overview of our work and our latest news.
If you are a curious reader, please use it as a starting point for engagement with our work and community.
Feedback always welcome!
Get the Slides
The OpenChain AI Study Group held its regular Asia sync on the 10th of October. This focused on a recap of the earlier monthly workshop, which saw Karen Bennet from SPDX provided a briefing on AI BOM. Work also progressed on the draft scratchpad for management of AI BOMs.
Track This Work
You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
Attend Future Meetings
You can find and get the dial-in details for all future AI Study Group meetings from our participate page here:
