On the 2nd of April the OpenChain AI Study Group continued its monthly AI workshop series to deep dive into the topic of AI compliance in the supply chain with experts from Qualcomm and Arm, and a chance for all parties who dial-in to ask questions or share ideas. On this call we narrowed down the focus area with a concluding decision to refine the discussion by taking the content of ISO 5230 and seeing what level of overlap there is with AI supply chain compliance. This is being done to potentially develop a proposal to the Governing Board to:
Turn into a work group;
Write a reference guide on the topic to explain the identified shared areas of concern.
Track This Work
You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
emlix offers industrial-grade Linux for the digitalization and secure networking of devices, machines and plant throughout the entire product life cycle. For more than 20 years, they have been transferring system knowledge, innovations from the open source world and market knowledge into the products of more than 350 customers.
The OpenChain Project maintains two ISO/IEC standards designed to help optimize business process management around open-source software. One of the standards, ISO/IEC 5230:2020, focuses on how to establish and run a quality open-source license compliance program. Another of the standards, ISO/IEC 18974:2023, focuses on how to establish and run a quality open-source security assurance program. Taken together, these standards provide a reliable, efficient and effective way to manage the open-source supply chain.
This case study will highlight the use of ISO/IEC 5230:2020 by a company providing mission-critical services to enterprise clients around the world.
The Direction Taken
For BlackBerry’s particular use-case, OSS Consultants recommended a centralized solution that enabled a single process to serve the business. This allowed BlackBerry to utilize our expertise to further develop in-house OSPO capabilities, reduce their tooling spend, and provide better holistic coverage based on a single strategy that included a single set of standards and principles.
Key Lesson Learned
The ISO/IEC 5230 recertification process provided an excellent opportunity to assess lessons learned and consider these not only from the company perspective, but also with respect to larger supply chain optimization.
We held a special workshop in Shinagawa on March 18th focused on case studies about open source business process management in China. The main topic was how ISO 5230 and ISO 18974 are being used from upstream project to commercial ecosystem.
We used an operating system ecosystem called openEuler as the basis for our case studies. openEuler is an emerging operating system ecosystem in China with 36.8% of the server operating system market, 17,000+ developers and 500+ projects. It is hosted by the OpenAtom Foundation, and a healthy ecosystem of companies creating products exists around it. OpenChain ISO 5230 and OpenChain ISO 18974 are at the center of how business processes are managed in openEuler.
On the 6th of March the OpenChain AI Study Group held a special AI workshop instead of the regular AI call. It provided an opportunity to deep dive into the topic with experts from Qualcomm and Arm, and a chance to ask questions or share ideas. The idea was to fold in the ideas shared thus far and seek a single coherent narrative.
Please note, at the request of attendees, this meeting was held under Chatham House Rule, and therefore a recording is not being shared.
The Formal Agenda:
– Opening comments (Dave and Matthew) – AI Model supply chain issues (Brian) — Use cases in context of regulatory backdrop — Open vs. Proprietary — War stories — Roundtable – Dataset supply chain issues (Jeff) — Use cases and pragmatic practices — Open vs. Proprietary — War stories — Roundtable – Possible Solutions – how can OpenChain best provide value to the ecosystem (All) – Closing (Dave and Matthew)
The Outcomes
It was decided that following meetings would: – Work through key use cases — Start with LLM – text to text as a first hypothetical – Work through the Huggingface Model Card example — https://huggingface.co/templates/model-card-example — Initial focus will be on what can one should supply when delivering and what one wants to see when receiving
Track This Work
You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
Korea System Assurance, Inc (KOSYAS), a company that provides security testing and evaluation, network and server security, cloud security, IoT security, control system security and blockchain security, has become the first official third-party certifier for OpenChain in South Korea.
KOSYAS support third-party certification around both OpenChain ISO/IEC 5230:2020 (the international standard for open source license compliance) and OpenChain ISO/IEC 18974:2023 (the international standard for open source security assurance).
“The availability of local language support and certification for the OpenChain standards is an important step in building maturity in markets,” says Shane Coughlan, OpenChain General Manager. “We are delighted to welcome KOSYAS to our partner program in the context, and we look forward to building increased support for Korean companies with them in the years ahead.”
As usual, the focus of our main monthly call was a recap of project news and then practical specification development work. Chris Wood, current co-chair of the Specification Work Group (and nominated chair from April 2024 onward) lead a discussion reviewing and editing draft proposals for future versions of our specifications.
We are holding a special workshop in Shinagawa on March 18th for Japanese companies using open source. This workshop will focus on case studies about open source business process management in China. The focus will be on ISO 5230 and ISO 18974 from upstream project to commercial ecosystem.
We will use an operating system ecosystem called openEuler as the basis for our case studies. openEuler is an emerging operating system ecosystem in China with 36.8% of the server operating system market, 17,000+ developers and 500+ projects. It is hosted by the OpenAtom Foundation, and a healthy ecosystem of companies creating products exists around it. OpenChain ISO 5230 and OpenChain ISO 18974 are at the center of how business processes are managed in openEuler.
This week we have a special AI workshop instead of the regular AI call. It will provide an opportunity to deep dive into the topic with experts from Qualcomm and Arm, and a chance to ask questions or share ideas. This event will fold in all the ideas shared thus far and seek a single coherent narrative.
Circle, a leading global financial technology firm and the issuer of USDC, the world’s largest, regulated U.S. dollar-backed stablecoin, has announced an OpenChain ISO/IEC 5230 conformant program. ISO/IEC 5230 is the international standard for open source license compliance, and provides a clear, globally recognized way to run a quality program to ensure effective, trustable supply chain management.
Circle enables businesses of all sizes to harness the power of digital currencies, public blockchains and open-source technologies for payments, commerce and financial applications worldwide. Circle’s payment stablecoins – USDC and EURC – and platforms are helping to build a new financial system that moves at internet speed, scale and cost.
“Circle is at the forefront of bringing open internet software into the world of money,” said Trevor Baker, VP Technical Operations. “A digital dollar like USDC is a key technology that supports businesses, developers, and the future of payments. The OpenChain certification represents Circle’s commitment to maintaining the highest compliance standards for open source technology in the financial arena.”
“The OpenChain certification journey was an incredible return on investment by streamlining our open source processes,” stated Jeff Tang, Circle’s Chief Intellectual Property Counsel. “Circle is excited to help raise the bar in blockchain development.”
“Adopting ISO/IEC 5230 is fast becoming a litmus test for commitment to industry best practices around open source,” says Shane Coughlan, OpenChain General Manager. “I am delighted to see Circle take leadership in this area, and to provide a strong signal to the FinTech market regarding effective management of open technology. They join companies like KakaoBank in working with our standards, and I look forward to collaborating with the Circle team on next steps for the financial supply chain.”
About Circle Internet Financial, LLC
Circle is a global financial technology firm that enables businesses of all sizes to harness the power of digital currencies and public blockchains for payments, commerce and financial applications worldwide. Circle is the issuer of USDC and EURC – highly liquid, interoperable and trusted money protocols on the internet. Circle’s open and programmable platform and APIs make it easy for organizations to run their internet-scale business, whether it is making international payments, building globally-accessible Web3 apps or managing their internal treasury. Learn more at https://circle.com.
