Skip to main content
Category

Featured

OpenChain Security Summit 2022 – 17/18th February

By Featured, News

Learn About OpenSSF In The Current Landscape From Brian Behlendorf, General Manager Open Source Security Foundation

OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

Learn About SPDX In The Current Landscape From Kate Stewart, VP, Dependable Embedded Systems At The Linux Foundation

SPDX is an open standard for communicating software bill of material information, including provenance, license, security, and other related information.

And Learn More About Industry Responses To Log4J With A Practical Case Study About How Things Unfolded “On The Ground”

The Security Summit will take place on February 17th 2022 at 18:00 PST / February 18th 2022 02:00 UTC / 10:00 CST / 11:00 KST+JST. It will be hosted on Zoom and it will be free to attend. It will also be recorded. Join the event here:

You can expect to come away with a clear understanding of market conditions, how the Linux Foundation is addressing them, and where OpenChain fits into the picture. The goal – as always – is to ensure you have the information necessary to make informed, effective decisions around the open source supply chain.

We seek to build trust in the quality of programs used by you, your customers and your suppliers. We are proud to have taken significant strides in our field throughout 2021. We expect to push the boundaries of what is possible once again in 2022. You can learn more about what we are doing around security – including our reference assurance guide – here:

We are turning this into a Reference Security Specification via our bi-weekly global work team calls. You can via the current draft on GitHub and open issues here: 

NEC Joins The Governing Board Of The OpenChain Project

By Featured, News

Tokyo, February 10, 2022 – NEC Corporation (NEC; TSE: 6701), a leading global provider of IT and network technologies, has joined the OpenChain Project as a Platinum Member and will assume a governing board seat. The OpenChain Project builds trust in the supply chain by making open source license compliance simpler and more consistent, and maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance.

“NEC has played a significant role in the development of the global OpenChain community,” says Shane Coughlan, OpenChain General Manager. “As we welcome NEC to the OpenChain governing board we look forward to deepening our collaboration. We share a vision of a supply chain with greater trust and effectiveness. Today we have taken another important step towards that goal.”

“NEC is well aware of the importance of security and compliance in the open source supply chain and we respect OpenChain’s leadership in this field.” says Kimio Suganuma, Head of the OSS Promotion Center and Emerging SI Technology Development Division, Digital Business Platform Unit, NEC. “We have decided to join as a platinum member to show our approval and support of the open source ecosystem.”

About NEC Corporation

NEC Corporation has established itself as a leader in the integration of IT and network technologies while promoting the brand statement of “Orchestrating a brighter world.” NEC enables businesses and communities to adapt to rapid changes taking place in both society and the market as it provides for the social values of safety, security, fairness and efficiency to promote a more sustainable world where everyone has the chance to reach their full potential. For more information, visit NEC at https://www.nec.com.

About the OpenChain Project

The OpenChain Project maintains the international standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

Webinar: Netfilter and McHardy Settlement

By community, Featured, legal, licensing, News, Webinar

This webinar provided a case study of the settlement between the Netfilter Project and Patrick McHardy, a concluding chapter of the long-running “copyright trolling” concern that had caused concern in the open source community for nearly a decade.

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #36, released on 2022-02-08.

Kakao Announces OpenChain Conformant Program

By Featured, News

Today Kakao Corporation announces an OpenChain ISO/IEC 5230 conformant program. Kakao Corporation is South Korea’s mobile life platform company that provides innovative services in global mobile and internet markets.

“More industries are increasing their use of open source, which importance is increasing day after day” says Charles Chung, CTO of Kakao. “Kakao will proactively share the open source competency we have accumulated to spearhead advancements in the development ecosystem. By acquiring certification for the International Standard for open source compliance, OpenChain ISO 5230, Kakao has been recognized for our ability to use open source. The OpenChain ISO 5230 certification will also help strengthen the reputation of ‘Olive Platform’, Kakao’s open source license identification and verification service.”

“The Korean community has been instrumental in building and supporting OpenChain ISO/IEC 5230, the International standard for open source license compliance,” says Shane Coughlan, OpenChain General Manager. “We are delighted to celebrate today’s conformance announcements by Kakao and KakaoBank, underlining the leadership and energy in the local market. Our shared supply chain is becoming clearer, more trusted and more efficient thanks to these efforts.”

About Kakao

Kakao Corporation is a mobile life platform company that provides innovative services in global mobile and internet markets, building on its employees with profound knowledge and experience, technological capabilities, quality contents and highly competitive mobile traffic. Under the corporate vision, “Making a better world with people and technology”, we connect everything in our everyday lives, enabling anyone to experience innovations on a daily basis. The Kakao Corporation headquarters can be found on Jeju Island, with an integrated metropolitan office in Pangyo, where over 2,300 employees in total are working today. Daum Communications, established in 1995, and Kakao, founded in 2006, merged on October 1, 2014 to become Daum Kakao. The name of the company was changed to Kakao on September 23, 2015 to become a company that stands at the forefront of the mobile era.

Kakaobank Announces OpenChain Conformant Program

By Featured, News

Today Kakaobank announces an OpenChain ISO/IEC 5230 conformant program. It is the first financial company in Korea and the second worldwide to formally adopt the International Standard for open source compliance.

“The use of open source is a trend and essential for all IT industries,” says Shin Jae-Hong, Chief Information Officer(CIO) of Kakaobank. “As Kakaobank is the first Korean financial company to be a part of OpenChain, We will accelerate innovative financial business possibilities through Ai, Big data, and Cloud based on our open source ability”

“The Korean community has been instrumental in building and supporting OpenChain ISO/IEC 5230, the International standard for open source license compliance,” says Shane Coughlan, OpenChain General Manager. “We are delighted to celebrate today’s conformance announcements by Kakao and KakaoBank, underlining the leadership and energy in the local market. Our shared supply chain is becoming clearer, more trusted and more efficient thanks to these efforts.”

About Kakaobank

Kakaobank is the biggest mobile-first bank in South Korea. Established in January 2016, the bank launched its public service in July 2017 after obtaining a final full banking license in April 2017. The bank attracted 240,000 customers within the first 24 hours of starting service. At the end of December 2021, Kakaobank holds 17.9 million users and 15.7 million account holders, around 60% of economically-active population in South Korea.

Kakaobank provides full-banking products via its mobile application, enabling customers to enjoy our services easier and faster. Kakaobank is looking to become a customer-centric bank under our slogan of “Helping you use banking services easier in your daily life” by providing a variety of essential financial products.

OpenChain On Security

By Featured, News

Over the last 12 months there have been several noteworthy concerns around open source and security. The exposure of vulnerability in software has exposed underlying issues with process management and ultimately with sustainability. The OpenChain Project, steward of ISO/IEC 5230:2020, the International Standard for open source compliance, has been at the forefront of addressing these matters.

In August 2021 we responded to market demand by releasing a Security Assurance Reference Guide. The first version of this document explained how ISO/IEC 5230 could be used through the optics of security. Like all our documentation, it was developed and released in the public arena, and subject to review and contributions from a wide array of stakeholders.

We are now working on the second iteration of this document. It does for security what ISO/IEC 5230 did for compliance: it provides a minimal, broadly applicable list of key requirements to institute a quality assurance program to address the domain space.

We do not intend to replace existing security standards. We do not intend to bloat ISO/IEC 5230. Instead, we are pursuing our proven approach of developing a real-world solution for a real-world problem that can be immediately deployed, and over time fits together with adjacent activities as neatly as a jigsaw puzzle.

For those new to this topic and wondering what OpenChain’s engagement means in practice, a summary of our Specification Work Group discussions throughout 2020-2021 is in order.

We are considering three paths for the security domain. One sees the Security Assurance Reference Guide maintaining its stance solely as a guide. Another sees the Security Assurance Reference Guide evolve into a Reference Specification that may become a de facto industry standard over time. Lastly, there is the option to have the Security Assurance Reference Guide evolve into an optional component for a future iteration of ISO/IEC 5230.

You can contribute to this activity by joining our bi-weekly global work team calls [1], our specification mailing list [2], and opening issues on the relevant repository in GitHub [3].

  1. https://www.openchainproject.org/community
  2. https://lists.openchainproject.org/g/specification
  3. https://github.com/OpenChain-Project/SecurityAssuranceGuide/tree/main/Guide/2.0

The OpenChain Project is far from alone in helping to address concerns around open source and security. The Open Source Security Foundation (OpenSSF) is a sister project at the Linux Foundation dedicated to securing the open source ecosystem. The Software Package Data Exchange Project (SPDX) maintains ISO/IEC 5962:2021, an International Standard for Software Bill of Materials. The Linux Foundation also hosts tools to help with automation in the space. We are collaborating to ensure the future of open source is secure.

You can expect a continuation of these activities throughout 2022. There will be an excellent opportunity for you to get involved during this quarter, as the OpenChain Project hosts a security summit to enable our extensive global community to share notes. To learn more about this, as well as our other activities, join one of our calls or one of our mailing lists. Everyone is welcome.

Get Started With Our Community

Attend The OpenChain Security Summit On February 17th and 18th

The Security Summit will take place on February 17th 2022 at 18:00 PST / February 18th 2022 02:00 UTC / 10:00 CST / 11:00 JST. It will be hosted on Zoom and it will be free to attend. It will also be recorded. You can expect to come away with a clear understanding of market conditions, how the Linux Foundation is addressing them, and where OpenChain fits into the picture.

OpenChain Summits 2022 – Security, Intellectual Property and Automation

By Featured, News

The OpenChain Project will host three summits throughout 2022. Each summit will be virtual though our positioning and agenda will reflect a different geography for each topic covered. Here is what you can expect:

  1. Security (North America) on the 17th and 18th of February depending on your location
  2. Intellectual Property (China/Japan) – on the 17th and 18th of March depending on your location
  3. Automation (Germany) – Schedule Announced Soon

The Security Summit will take place on February 17th 2022 at 18:00 PST / February 18th 2022 02:00 UTC / 10:00 CST / 11:00 JST. It will be hosted on Zoom and it will be free to attend. It will also be recorded. You can expect to come away with a clear understanding of market conditions, how the Linux Foundation is addressing them, and where OpenChain fits into the picture.

The Intellectual Property Summit will take place on March 17th 2022 at 18:00 PST / February 18th 2022 02:00 UTC / 10:00 CST / 11:00 JST. It will be hosted on Zoom and it will be free to attend. It will also be recorded. You can expect it to provide a snapshot of current thinking around copyright, trademarks and patents in our domain

The date and times of the Automation Summit will be announced shortly. You can expect it to brief you on the state-of-the-art around automation for compliance, security and project health.

The goal – as always – is to ensure you have the information necessary to make informed, effective decisions around the open source supply chain. We seek to build trust in the quality of programs used by you, your customers and your suppliers. We are proud to have taken significant strides in our field throughout 2021. We expect to push the boundaries of what is possible once again in 2022.

Japan Work Group: All Member Meeting #22 on the 21st of January

By Featured, News

The OpenChain Japan Work Group will hold their 22nd meeting on the 21st of January. This meeting will take place between 15:00 and 16:00 with a case study covering Mercari’s Open Source Program Office (OSPO). Big thank you, as usual, to SocioNext for hosting us.

開催案内】【第22回全体会合(第9回オンライン会合)】
次回のOpenChain Japan Workgroup全体会合の開催案内です。第22回全体会合(第9回オンライン会合)を
2022年1月21日(金)15:00-16:00に開催します。
本講演は録画無しとなりますので、是非当日ご参加ください。場所(Venue):Zoom
https://socionext.zoom.us/j/99975267803?pwd=ekhxaHA3bVZUSVU5M0dVMkF2Z0pkQT09
Meeting ID: 99975267803 / パスワード: ]>guXS~6アジェンダ:
15:00 – 15:02 Opening
15:02 – 15:10 Keynote   by ShaneCoughlan
15:10 – 15:20 OpenChain Japan WGについて
15:20 – 16:00 事例紹介: 「メルカリのOSPO立ち上げ事例」
       株式会社メルカリ
       Intellectual Property マネージャ弁理士
       上野英和
16:00 Closing今回は、事例紹介ということで、メルカリにおけるOSPO立ち上げ
を紹介して頂く予定です。 

Learn More About The Japan Work Group

Marks and Clerk France Becomes The First OpenChain Law Firm Partner in France

By Featured, News

Leading intellectual property firm, Marks and Clerk France is now able to advise clients in the implementation of open source programs, and enable them to achieve OpenChain ISO/ IEC 5230 standard.

To facilitate this advancement, Marks and Clerk France, is pleased to announce a partnership with the OpenChain Project, able to assess and advise on open source program to OpenChain ISO/ IEC 5230 standard.    

Open Source Software is becoming increasingly common in software projects of all types, bringing with it both exciting opportunities but legal risks. ISO 5230 OpenChain has been developed to allow companies of all sizes, and from all sectors, to adopt the key requirements of a quality open source compliance program, and effectively manage potential  risks. Marks and Clerk France offers considerable expertise and experience to support clients to strengthen existing processes, and build a standard compliant process from the ground up.

Enrico Priori, Managing Partner of Marks and Clerk France stated, “We are pleased to announce that Marks and Clerk France has been selected as the first OpenChain Acredited Partner in France. This partnership demonstrates the deep expertise and experience of Marks and Clerk France’s Software Licensing practice to support our clients in adopting high-quality open source compliance programs. As a firm, we are hugely committed to the strengths of the Open Source movement, and are excited to work with our clients to help them fully benefit from – and contribute to – this brave new world.”

“OpenChain ISO 5230 provides a compelling solution to quality open source compliance,” says Shane Coughlan, OpenChain General Manager. “OpenChain offers the freedom of choice for companies to conform via self-certification, independent assessment, or third party certification and we are delighted to name Marks and Clerk France as our first partner in the country.” 

About Marks and Clerk France

Marks & Clerk is the largest firm of intellectual property advisers in the UK and is recognised as one of the world’s leading IP firms.  Its patent and trade mark attorneys offer a full range of intellectual property services – covering patents, trade marks, designs and copyright – for clients ranging from SMEs and spinouts to universities and multinationals. 

Marks and Clerk France was founded in 2005 as a spin-out of the in-house Intellectual Property Law department of a major French Aerospace and Defense Group. These in-house origins have left the firm with an exceptional grasp of the needs and priorities of their clients, which has been further reinforced over the intervening years by the arrival of other professionals with a similar industrial background. This in turn has led to the accumulation of a unique expertise in the management of the risks and opportunities associated with the use of Open Source material in a commercial context.

For more information contact Mark Bell mark.bell@fr.marks-clerk.com

or visit https://www.marks-clerk.com/expertise/open-source-third-party-code/

About OpenChain

The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.