The OpenChain Export Control Work Group held its third meeting on the 7th of March at 08:00 UTC. The focus was on reviewing the new volunteer project being set up at https://github.com/crypto-law-survey to explore the continuation of Bert’s http://www.cryptolaw.org/ as a general community resource.
Collaborate with your peers on this topic:
This OpenChain Webinar featured a FOSDEM recap by Philippe Ombredanne of NexB for everyone who did not attend the event in Belgium at the start of 2023. In 2023 FOSDEM had over 8,000 participants and 771 presentations, making it one of the largest open source events in the world by a large margin. This webinar will be of particular interest to people exploring open source tooling for open source compliance or security.
Want to be part of this project? Join the OpenChain Germany Mailing List:
Newsletter – Issue 51 – February 2023
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. This is a community newsletter, so we accept suggestions and ideas, and you can contact us by mail at any time.
Cool Statistic To Start The Year
The OpenChain Project now has 10 official third-party certifiers for our license compliance and security assurance standards.
You can now get third-party certified with ISO/IEC 5230 or the OpenChain Security Assurance Specification 1.1 anywhere in the world… and you have plenty of choice about who to work with. Of course, you have options when adopting our standards. The most common thing is actually for companies to start with self-certification, so if you are new to this… Learn more here)
Nice Outreach News
OpenChain now has a Wikipedia page about ISO/IEC 5230. Huge thank you to Marc-Etienne Vargenau at Nokia for making this happen.
Huge Revamp Of OpenChain Material Underway
Our reference library of over 1,000 documents to help you learn about our standards, train people or suppliers around open source, get policy templates, self-certification checklists and more has been totally overhauled. It is now easier to find material, easier to share material and easy to translate material.
We have also dramatically improved our community calendar to make it much easier to find our events, webinars and more.
ISO/IEC 5230:2020 Conformance
Yes Security and Panx Project announced adoption of our ISO/IEC standard for open source license compliance via the OpenChain website. Both companies self-certified. Yes Security is the first company from Brazil to announce conformance via our website. Well done!
It was an exciting month for us on the partner side of things. First of all, we had OSPOCO and Taylor English Join The OpenChain Partner Program, and we had TIMETOACT GROUP Offer Open Source Certification Based On ISO/IEC 5230. However, the banner headline (as mentioned in the cool statistic section of this newsletter) is that we now have 10 official third-party certifiers around the world.
OpenChain Meetings And Events
Lots of recordings and minutes for those catching up this month.
Our global calls – where we edit the next generations of the license compliance and security assurance standards:
- OpenChain Monthly Meeting (North America – Europe) – 2023-02-07
- OpenChain Monthly Meeting (North America and Asia) 2023-02-21
Other community meetings:
- OpenChain Telco Special Interest Group – 2023-02-02
- OpenChain Japan Work Group Meeting #26 (Hybrid #1) – 2023-02-09
- OpenChain Education Work Group Meeting 2023-02-09
- OpenChain OSPO Subgroup Meeting / TODO Local Meetup Minutes 2023-02-10
- OpenChain OSPO Subgroup Meeting / TODO Local Meetup Minutes – 2023-02-17
- OpenChain Germany OpenChain Germany – LF Training Courses Translation Project 2024-02-24
On the “external collaboration” side of things we had an OSS Compliance in 2022 / 2023 event co-organized with FOSSID. We were also featured with a speech and Q&A session at an OpenAnolis Standardization SIG Meeting in China at the invitation of Alibaba.
This month we had two webinars. One covered new security tools and one unpacked fascinating data points around GPLv2 licensing. Did you know there have been 40 versions of the GPLv2 published on its official websites and there have been 12 different versions found in the Linux Kernel? Definitely a webinar to watch if you are interested in the licensing side of things.
- Automation Case Study #7 – VulnerableCode technical deep dive into VulnTotal
- OpenChain Webinar #48 – GPLv2 Licensing History
Want to join our calls? Watch our webinars? Just check out our global calendar.
Training Material In The Supply Chain
Last month we mentioned that Continental Corporation made LFC193 a required course for their software developers from late Q3 2022. Since then we had two other soft announcements from community members about their adoption.
For those wanting a sample of what’s on the community calendar for March…
- Coming Soon: OpenChain Webinar #49 – FOSDEM Recap – 2023-03-06
- Coming Soon: OpenChain Japan – OSPO Local Meetup – 2023-03-10 and 2023-03-24
- Coming Soon: OpenChain Export Control Work Group – Third Meeting – 2023-03-07
- Coming Soon: OpenChain Korea Work Group Meeting @ Line Plus – 2023-03-28
- Coming Soon: OpenChain UK Work Group Meeting @ BBC – 2023-03-28
- Coming Soon: OpenChain Germany Work Group Meeting – 2023-03-30
Finally… If You Want To Talk About OpenChain…
Our new community education slides are now available. You will find a full overview of the project here and speaker notes to help you talk about what we do.
Check Out All Our Previous Newsletters:
- Participate in our community mailing lists, calls, events and more (for free)
- Adopt OpenChain ISO/IEC 5230 (license compliance) or the Security Assurance Specification
- Get reference material, training material and other support
- Connect with official partners for commercial support services
- Learn more about our background and stakeholders
Legal: All trademarks belong to their respective owners. This newsletter is licensed under Creative Commons Attribution-NoDerivatives 4.0 International (CC BY-ND 4.0).
To learn more and to get help from any of our official third-party certifiers, simply visit our partner page and click on the relevant logos. That said, remember you have various options when adopting our standards. The most common route is for companies to start with self-certification, so if you are new to this… check out the checklists and questionnaires below.
Adopt ISO/IEC 5230
Adopt OpenChain Security Assurance Specification 1.1
Report Your Adoption
Do More Preparation
OpenChain Germany OpenChain Germany – LF Training Courses Translation Project 2024-02-24 – Recording
Want to be part of this project? Join the OpenChain Germany Mailing List:
The OpenChain Community Calendar has been revamped to make it much easier to find and attend our events. The new calendar view is in list format and is now present on both our landing page and our participation page.
Check It Out Here
The next OpenChain Germany Work Group meeting will be held online on Thursday 30 March 2023, from 09:00 to 11:00 CET. The meeting will be held under Chatham House conditions to ensure frank discussion. Big thanks to PwC for arranging and hosting us once again.
The preliminary agenda of the next online meeting is as follows:
- Global compliance market briefing (OpenChain)
- German market insights (PwC/all)
- Case study 1 – security market briefing
- Case study 2 – state of tooling in open-source automation
- Report on the SBOM situation
Join us for the opportunity to share knowledge, take part in frank discussion and network with German players in the Open Source world. To register for this event, please click “Registration” in the menu above
Registration is open until 29 March 2023. We’ll send you an email with further information as soon as you’ve registered for the event, followed by your login details at a later date.