News

Block, a global technology company with a focus on financial services, today joined OpenChain’s Governing Board. Block, made up of Square, Cash App, Spiral, TIDAL, and TBD, builds tools that help make the economy more accessible for everyone. The OpenChain Project has been building trust in the supply chain since 2016. It maintains OpenChain ISO/IEC 5230, the International Standard for open source license compliance. This is a simple, effective standard suitable for companies of all sizes in all markets. It is developed openly by a vibrant user community and freely available to all.

“Welcoming Block to the OpenChain Governing board is a landmark moment for our project,” says Shane Coughlan, General Manager at OpenChain. “The financial sector is one of the areas where regulation is most important, and where getting things done correctly is of vital significance. Managing the supply chain is an issue here as it is everywhere, and OpenChain standard for open source compliance helps to mitigate this challenge. We are proud to be part of the solution for Block and we look forward to working with many other financial companies in the future.”

“Managing supply chains is not something that a company does alone. It is a combined industry effort to reduce errors and to increase efficiency,” says Max Sills, Counsel at Block. “At Block, we recognize that OpenChain is a critical part of this in the open source ecosystem, and we see immense value in being part of the strategic management around the ISO standard and the global community. We look forward to helping the open source supply chain become more efficient and more effective together.”

About Block

​Block (NYSE: SQ) is a global technology company with a focus on financial services. Made up of Square, Cash App, Spiral, TIDAL, and TBD], we build tools to help more people access the economy. Square helps sellers run and grow their businesses with its integrated ecosystem of commerce solutions, business software, and banking services. With Cash App, anyone can easily send, spend, or invest their money in stocks or Bitcoin. Spiral (formerly Square Crypto) builds and funds free, open-source Bitcoin projects. Artists use TIDAL to help them succeed as entrepreneurs and connect more deeply with fans. TBD is building an open developer platform to make it easier to access Bitcoin and other blockchain technologies without having to go through an institution.

About the OpenChain Project

The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

Shane Coughlan, OpenChain General Manager, will take the lead in a FOSSA webinar on the 16th of March.

From their site:

Software supply chain security has dominated the headlines in recent months following a series of events (including the SolarWinds hack and the Biden Administration’s executive order). But maintaining the integrity of your software supply chain is about more than just traditional vulnerability remediation. Our modern threat landscape has elevated the importance of supply chain sustainability, which includes areas like software provenance and lifecycle management in addition to known vulnerability mitigation.

Join Shane Coughlan, GM of OpenChain (a Linux Foundation project) for a conversation on the importance of supply chain sustainability and practical steps your organization can take to strengthen supply chain integrity.

We’ll discuss:

• The evolution of software supply chain threats
• The importance of software provenance, such as package origin, maintainers, and quality
• Questions to ask vendors to gauge the sustainability of proprietary software
• Indicators of sustainable open source software

Register here:

• https://www.brighttalk.com/webcast/17752/533959?utm_source=FOSSA&utm_medium=brighttalk&utm_campaign=533959

Open source, security, supply chain, sustainability. In this informal discussion we had a chance to cover it all.

Learn About OpenSSF In The Current Landscape From Brian Behlendorf, General Manager Open Source Security Foundation

OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

Learn About SPDX In The Current Landscape From Kate Stewart, VP, Dependable Embedded Systems At The Linux Foundation

SPDX is an open standard for communicating software bill of material information, including provenance, license, security, and other related information.

And Learn More About Industry Responses To Log4J With A Practical Case Study About How Things Unfolded “On The Ground”

You can expect to come away with a clear understanding of market conditions, how the Linux Foundation is addressing them, and where OpenChain fits into the picture. The goal – as always – is to ensure you have the information necessary to make informed, effective decisions around the open source supply chain.

We seek to build trust in the quality of programs used by you, your customers and your suppliers. We are proud to have taken significant strides in our field throughout 2021. We expect to push the boundaries of what is possible once again in 2022. You can learn more about what we are doing around security – including our reference assurance guide – here:

• https://www.openchainproject.org/news/2022/01/19/openchain-on-security

We are turning this into a Reference Security Specification via our bi-weekly global work team calls. You can via the current draft on GitHub and open issues here: 

• https://github.com/OpenChain-Project/SecurityAssuranceGuide/tree/main/Guide/2.0

The OpenChain Open Source Policy Template helps apply the key requirements for a quality open source compliance program. It provides sample policy text that helps organisations select, classify, incorporate and publish open source code with a focus on legal compliance of open source.

This template has been available in English for several years thanks to the hard work of Andrew Katz, the teams at Moorcrofts and Orcro, and the broader OpenChain community. Now, thanks to Masahiko Hayashi and the team at NEC, this policy template is available in Japanese.

This is an excellent resource to help you conform to OpenChain ISO/IEC 5230:2020 or to simply improve your internal process management for open source.

Download the Japanese version here:

• https://github.com/OpenChain-Project/Reference-Material/blob/master/Open-Source-Policy/Official/2.1/ja/Open-Source-Policy-Template-ja-OpenChain2.1-ISO5230-JA.docx

Download the English version here:

• https://github.com/OpenChain-Project/Reference-Material/blob/master/Open-Source-Policy/Official/2.1/en/Open-Source-Policy-Template-en-OpenChain2.1-ISO5230.xlsx

Contribute to this work on GitHub:

• https://github.com/OpenChain-Project/Reference-Material/tree/master/Open-Source-Policy/Official