Skip to main content
search
Category

News

Jan 20
Love0

KFTC Announces an OpenChain ISO/IEC 5230 Conformant Program

By Featured, News

Korea Financial Telecommunications & Clearings Institute (KFTC), has announced an OpenChain ISO/IEC 5230 Conformant program. KFTC is a leading financial institution that provides essential infrastructure and services for the Korean financial industry.

To meet the requirements of the OpenChain ISO/IEC 5230:2020 standard, KFTC has implemented a comprehensive open source program within the organization. This includes establishing an Open Source Program Office (OSPO), enacting guidelines for open source utilization, and developing an in-house open source management platform. The platform automatically identifies open source components and licenses used in the software development lifecycle, providing guidance to employees.

“In today’s rapidly evolving IT landscape, characterized by AI, big data, and cloud computing technologies, leveraging open source software is not just beneficial—it’s essential,” said Lee Songwon, CIO of KFTC. “Based on our capabilities in open source utilization and management, KFTC will continue to foster a robust open source ecosystem through collaboration with other financial and public sector organizations across Korea.”

About KFTC (Korea Financial Telecommunications & Clearings Institute):

Korea Financial Telecommunications and Clearings Institute (KFTC), jointly founded by the Bank of Korea and commercial banks in 1986, has been a leading institution in developing and operating Korea’s national payment and settlement infrastructure. Over the years, KFTC has introduced various advanced payment systems, including the CD/ATM network and the Real-time Fund Transfer network. In the digital era, KFTC launched the Payment Gateway for e-commerce, Point of Sales (POS) networks for payment card transactions, and mobile payment networks. As the country transitioned to Open Finance, KFTC played a pivotal role in developing Korea’s Open Banking platform, enabling seamless and secure data sharing between financial institutions and fintech companies.

Learn more at https://eng.kftc.or.kr

About the OpenChain Project:

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation:

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Jan 18
Love0

COMING SOON: OpenChain webinar on a single open source stack for open source compliance and security – 2025-01-20 @ 08:00 UTC

By News

What We Will Cover:

CRA is coming. And this European regulation will impact software development worldwide. Organizations (and projects) of all sizes need efficient compliance processes to correctly identify software components and strengthen cybersecurity efforts.

The AboutCode stack of 100% open source tools and open data is engineered to automate compliance, with a practical approach. Tools like ScanCode and DejaCode paired with aggregated open databases like PurlDB and VulnerableCode ensure accurate origin, licensing, vulnerability detection, and comprehensive SBOM management. Newer projects like Massive FOSS Scan, CRAVEX, and AI-Generated Code Search deliver new performance improvements and advanced capabilities to improve the automation of compliance processes.

In this presentation, AboutCode lead maintainer Philippe Ombredanne will share the latest updates on how to use the AboutCode stack for better, faster, and more efficient license and security compliance automation.

How To Join:

or

  • One tap mobile:
    • US (iOS): +12532158782,,92010703079#,,,,209683#
    • US (Android): +12532158782;92010703079#;209683#

or

  • International numbers: https://zoom.us/u/alwnPIaVT

Meeting ID: 92010703079
Meeting Passcode: 209683

Check Out The Rest Of Our Webinars

Jan 17
Love0

RECORDING: OpenChain Monthly Specification and Education Call (Europe – Asia) – 2025-01-15

By News

Our second meeting of the Specification and Education Work Groups was a Europe and Asia call.

Check out the Meeting Slides:

Watch the Recording:

Specification Work Group:

We covered:

  1. The end of the comment period for proposed updates to ISO/IEC 5230 and ISO/IEC 18974 (2024-06-19 ~ Ending 2024-12-19) [1]
  2. What happens next in the three-month Freeze Period [2]
  3. What to expect from the Steering Committee meeting to review the Specification Drafts on 2025-02-03 adjacent to the Q1 2025 Governing Board Meeting in Brussels
  4. What is happening with the separate ISO/IEC 5230 periodic review at ISO as it reaches five years of age, and what to expect next
[1] https://hubs.la/Q031H2V_0
[2] https://hubs.la/Q031H12h0

Education Work Group:

We covered:

  1. What happens next with the OpenChain Explainer Series – Documents (Release) and Videos (Beta) [3]
  2. The status of the Capability Model and what to expect next [4]
  3. A proposal to consider where we can go with online training for ISO/IEC 5230 (LFC 193 and LFC 194 refresh with LF Training?) and ISO/IEC 18974 (New LFC courses with LF Training?)
[3] https://hubs.la/Q031H0dQ0 (YouTube: https://tinyurl.com/5n7bja9d)
[4] https://tinyurl.com/358s8smy

Other Items:

A note on the timing of the call, and sustainability:

This call takes place between 01:30 and 02:30 in Japan to allow North American and European participants to collaborate. However, this makes it difficult for the General Manager to attend. There is a request to action one of two things:

  1. Move the meeting to a North America / Asia schedule, complementary with the other OpenChain Monthly Specification and Education Call (Europe / Asia) on 3rd Wednesdays or
  2. A community volunteer to run the meeting on a regular basis

Issue to be discussed further.

Coming Next:

We will be following up on the activities outlined above on the mailing lists, and we will continue our regular series of calls and meetings throughout the year.

Join Our Work:

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate

Jan 17
Love0

RECORDING: OpenChain AI Work Group – Monthly Workshop for North America and Europe – 2025-01-14

By News

We held the first monthly workshop for the OpenChain AI Work Group in 2025. It was a two-hour session to allow topics related to AI compliance to be discussed, explored and defined. The key focus for the Work Group is to develop and finalize a Guide to AI Bill of Material Compliance in the Supply Chain, and there is active drafting going on during each meeting.

The Draft Guide:

Full Recording:

The Draft Guide:

https://docs.google.com/document/d/1g1kdmx1bDlQ0feSeW-ZY5JRFAF-HC30a/edit

Track This Work:

You can follow and contribute to the work of the OpenChain AI Work Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:

Attend Future Meetings:

You can find and get the dial-in details for all future AI Work Group meetings from our participate page here:

Jan 10
Love0

RECORDING: OpenChain Monthly Specification and Education Call (North America and Europe) – 2025-01-08

By News

Our first meeting of the Specification and Education Work Groups started with a North America and Europe call.

Check out the Meeting Slides:

Watch the Recording:

Specification Work Group:

We covered:

  1. The end of the comment period for proposed updates to ISO/IEC 5230 and ISO/IEC 18974 (2024-06-19 ~ Ending 2024-12-19) [1]
  2. What happens next in the three-month Freeze Period [2]
  3. What to expect from the Steering Committee meeting to review the Specification Drafts on 2025-02-03 adjacent to the Q1 2025 Governing Board Meeting in Brussels
  4. What is happening with the separate ISO/IEC 5230 periodic review at ISO as it reaches five years of age, and what to expect next
[1] https://hubs.la/Q031H2V_0
[2] https://hubs.la/Q031H12h0

Education Work Group:

We covered:

  1. What happens next with the OpenChain Explainer Series – Documents (Release) and Videos (Beta) [3]
  2. The status of the Capability Model and what to expect next [4]
  3. A proposal to consider where we can go with online training for ISO/IEC 5230 (LFC 193 and LFC 194 refresh with LF Training?) and ISO/IEC 18974 (New LFC courses with LF Training?)
[3] https://hubs.la/Q031H0dQ0 (YouTube: https://tinyurl.com/5n7bja9d)
[4] https://tinyurl.com/358s8smy

Other Items:

A note on the timing of the call, and sustainability:

This call takes place between 01:30 and 02:30 in Japan to allow North American and European participants to collaborate. However, this makes it difficult for the General Manager to attend. There is a request to action one of two things:

  1. Move the meeting to a North America / Asia schedule, complementary with the other OpenChain Monthly Specification and Education Call (Europe / Asia) on 3rd Wednesdays or
  2. A community volunteer to run the meeting on a regular basis

Issue to be discussed further.

Coming Next:

We will be following up on the activities outlined above on the mailing lists, and we will continue our regular series of calls and meetings throughout the year.

Join Our Work:

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate

Dec 20
Love0

AVL List GmbH Announces an ISO/IEC 5230 Conformant Program

By Featured, News

AVL List GmbH has announced an ISO/IEC 5230 conformant program.

About AVL

AVL is a world-leading technology company specialising in development, simulation and testing in the automotive industry and other sectors such as rail, marine and energy. Through extensive research, AVL delivers concepts, technology solutions, methodologies and development tools for sustainable, safe and advanced mobility and beyond.

AVL supports international partners and customers in sustainable and digital transformation, with a focus on electrification, software, AI and automation. AVL also supports companies in energy-intensive sectors on their way to green and efficient energy generation and supply.

For more information: www.avl.com

About the OpenChain Project

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Dec 20
Love0

ETRI Recertification of ISO/IEC 5230

By Featured, News

The Electronics and Telecommunications Research Institute of South Korea (ETRI) has announced recertification of their ISO/IEC 5230 conformant program. Learn about their original ISO/IEC 5230 conformance on our previous blog post.

ETRI is a global information and communication technology (ICT) research institute under the Ministry of Science and ICT. It has led the growth of the information and communication industry in Korea for 45 years. The research institute is working to realize the concept of ‘Korea, an AI powerhouse’ with a vision of “a national intelligence research institute that creates a future society.” ETRI has been conducting open source verification as a software quality management since 2008, and established the Open Source Center as an enterprise-wide organization to support open source R&D activities, governance and compliance in 2017.

“We are delighted to have ETRI underscore their commitment to our standardization approach and the development of a more trusted open source supply chain,” says Shane Coughlan, OpenChain General Manager. “We will continue to work together in Korea and beyond to help educate, inform and inspire others in our field.”

About the OpenChain Project

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Dec 20
Love0

Webinar: DeviceCode – A Crowdsourced Device Data Parser

By automation, News, security, Webinar

When walking into a shop, there’s a lot of choice for electronic devices like WiFi routers, IP cameras, and more. Many devices are identical, or nearly so, as they come from the same manufacturer or use the same chip and code from the chipset manufacturer.

CVEs, however, often focus on individual devices rather than classes of similar devices, leaving many vulnerable ones unreported. For example, CVE-2006-2560 and CVE-2006-2561 describe the same vulnerability on devices from different vendors—likely from the same ODM. Many more devices with the same vulnerabilities are overlooked, possibly giving a false sense that only the listed devices are at risk.

Information about device hardware, such as the ODM or chipset used, isn’t easily accessible, as companies rarely disclose this. Fortunately, a wealth of data has been crowd-sourced globally via various wikis. However, this information is hard to reuse outside those specific platforms.

This is where DeviceCode comes in: it unlocks and cleans data from various wikis (as not all users input data correctly or consistently) and integrates it with other sources. This makes it possible to query by chipset, manufacturer, ODM, and even installed software. It helps answer questions like, “Which other devices are similar to a known vulnerable device?” enabling security researchers to identify additional vulnerable devices.

Watch The Webinar

About Our Speaker

Armijn Hemel, MSc, is the owner of Tjaldur Software Governance Solutions, a consultancy specializing in open-source license compliance engineering and provenance research.

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2024-12-19.

Dec 17
Love0

2024 Recap – Open Source and IP Departments: Risk Containment and Portfolio Management – Open Source Summit Europe – Full Recording

By News

About The Speech:

Product teams, R&D teams and OSPOs occasionally find themselves in an adversarial situation with IP Departments around open source and how it should be managed in an organization. This is usually due to misunderstandings about how open source provides value and how the risks associated with it can be contained. With open source increasingly necessary for organizations to compete effectively, it is important to ensure all departments understand its strategic importance, and how to manage it in the context of their KPIs and requirements. This talk will explain how to collaborate with IP Departments using the language of external risk containment and internal portfolio management, and help IP Department staff assess open source as part of a diversified IPR strategy.

Watch The Recording:

Dec 16
Love0

2024 Recap – Creating Standards – From Writing a Spec to Obtaining ISO Status – Open Source Summit Europe – Full Recording

By News

About The Speech:

This talk will explain the process of going from a blank page to an ISO standard using OpenChain ISO/IEC 5230:2020 as a case study. It will explain how the OpenChain specification team came together, how they created the first iterations of what would become ISO/IEC 5230, and how they collaborated with Joint Development Foundation (JDF) to evolve from de-facto industry standard into formal international standard through the JTC-1 PAS Transposition Process. Attendees will learn how to frame, build and deploy their own specifications and standards, with a particular focus on the practical decisions required: should this be a specification, should it be an ISO standard and what do I need to do to make this happen?

Watch The Recording:

Close Menu