This webinar unpacked some of the topics related to agile development in the supply chain. A popular concept, it nevertheless relies on structure to ensure “agile” does not mean “messy.”
This is OpenChain Webinar #31, released on 2021-10-11.
The recording of our recent mini-summit is now available. Huge thanks to Mark Gisi for leading the discussion with a focus on our Security Assurance Reference Guide.
Please note: this was a face-to-face event with dial-in support. We had some audio issues on the dial-in. The recording has been adjusted to remove sections of blank space and noise.
The OpenChain Korea Work Group will hold its 11th meeting on the 2021-09-30 (Thursday) between 14:00 and 16:00 KST. You can join the meeting via Zoom: https://line.zoom.us/s/97987235521
Learn More About This Meeting
Learn More About The OpenChain Korea Work Group
Synology, a data storage and IT solutions manufacturer, is the latest organization to announce an OpenChain ISO 5230 conformant program. This builds on their commitment to excellence in products and governance as one of the leaders in the networked storage industry.
“The OpenChain Project is delighted to welcome Synology to our community of conformance,” says Shane Coughlan, OpenChain General Manager. “Their announcement builds on a successful two-year period of community growth in Taiwan, where Synology is headquartered in. We are looking forward to working with many more companies in the space.”
SK Telecom, South Korea’s largest wireless carrier, is the first telecommunications operator to adopt OpenChain ISO 5230. This leap forward in governance builds on their long-term mission to lead in technological capabilities in 5G, AI, big data analysis, IoT and quantum cryptography communications as a global ICT leader.
“SK Telecom is preparing for its transition to an AI company, and is strategically using open source to develop advanced technologies in AI, 5G, and cloud technology”, says Kim Yoon, CTO, SK Telecom. “Open source, essential for the early introduction of new technologies and rapid technological change, forms a key part of our strategy. We adopted OpenChain ISO 5230, the International Standard for open source compliance, to ensure effective process management in this space. We are also spreading our know-how around complying with open source international standards to SK affiliates and software supply chains to drive further expansion of open source ecosystems and to deliver even greater social value.”
“It is impossible to overstate the importance of SK Telecom’s adoption of OpenChain ISO 5230,” says Shane Coughlan, OpenChain General Manager. “Since their establishment in 1984, SK Telecom has been at the forefront of wireless communication technology. Their work in open source has been similarly innovative, and they have amassed exceptional talent in the space. We look forward to collaborating with SK Telecom as OpenChain ISO 5230 moves deeper in the global communications market.”
About SK Telecom
SK Telecom (NYSE:SKM) is Korea’s leading ICT company, driving innovations in the areas of mobile communications, media, security, commerce and mobility. Armed with cutting-edge ICT including AI and 5G, the company is ushering in a new level of convergence to deliver unprecedented value to customers. As the global 5G pioneer, SKT is committed to realizing the full potential of 5G through ground-breaking services that can improve people’s lives, transform businesses, and lead to a better society.
SKT boasts unrivaled leadership in the Korean mobile market with over 30 million subscribers, which account for nearly 50 percent of the market. The company now has 49 ICT subsidiaries and annual revenues approaching KRW 18.6 trillion.
About OpenChain
The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.
About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.
Linux is a registered trademark of Linus Torvalds.
This webinar highlighted an on-going automation case study by the OpenChain Automation Work Group, and how compliance programs can bake continual improvement (kaizen) into their daily work.
Check Out Our Slides
This is OpenChain Webinar #30, released on 2021-09-07.
This webinar focused on real-world usage of ISO 5230 and the practical issue of how open source governance can be addressed in high-pressure, low-resource environments like humanitarian deployments.
This is OpenChain Webinar #29, released on 2021-08-26.
Huawei, a global leader in technology and open source, has joined the board of the OpenChain Project. Alongside 20 other global companies such as Qualcomm, Google, Siemens and Toyota, Huawei will work to align the supply chain behind OpenChain ISO 5230, the International Standard for quality open source compliance.
“Huawei is delighted to join the OpenChain Project . Huawei adheres open collaboration and innovation, has long been committed to establishing a compliance management system that aligns with industry best practices, and incorporating compliance management into end-to-end business activities and processes. ” Wang Yousheng, Director of Open Source & Developer Dept, Huawei. ““Huawei will be an active member in OpenChain Project , hopes through constantly enhancing mutual understanding, cooperation and trust with global developer and open source communities, to build a more secure and trustworthy open source software chain together.“
“China is the center of innovation across many types of technology, including open source,” says Shane Coughlan, OpenChain General Manager. “Huawei’s leadership in this space has helped build bridges across the world. Their decision to join the governing board of the OpenChain Project is further evidence of this, and will be pivotable in taking OpenChain ISO 5230 to the next level. This will benefit every company using open source, a shared undertaking we approach with both excitement and respect.”
About Huawei
Founded in 1987, Huawei is a leading global provider of information and communications technology (ICT) infrastructure and smart devices. We have approximately 197,000 employees and we operate in over 170 countries and regions, serving more than three billion people around the world.
Huawei’s mission is to bring digital to every person, home and organization for a fully connected, intelligent world. To this end, we will: drive ubiquitous connectivity and promote equal access to networks to lay the foundation for the intelligent world; provide the ultimate computing power to deliver ubiquitous cloud and intelligence; build powerful digital platforms to help all industries and organizations become more agile, efficient, and dynamic; redefine user experience with AI, offering consumers more personalized and intelligent experiences across all scenarios, including home, travel, office, entertainment, and fitness & health.
About OpenChain
The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.
About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.
Linux is a registered trademark of Linus Torvalds.
华为,作为全球信息技术和开源领域的领导者之一,加入了OpenChain项目的董事会。华为将同高通、谷歌、西门、丰田等其它20个全球企业一起努力协调开源软件供应链,以支持为高质量的开源软件合规而制定的 “OpenChain ISO 5230”国际标准。
“华为很高兴加入OpenChain 项目。华为坚持开放式合作与创新,同时长期致力于建立符合业界最佳实践的合规管理体系,并坚持将合规管理端到端地落实到业务活动及流程中。”华为开源与开发者部部长王有生说到:“华为将积极参与OpenChain项目,希望与全球开发者、开源社区一起,持续增强彼此的理解与互信合作,共建更加安全可信的开源软件供应链。”
“中国如今已是包括开源技术在内的多种技术的创新中心。”OpenChain的总经理Shane Coughlan说到:“华为在开源领域的领导地位,已帮助这一领域在全球范围内建立起了桥梁。他们加入OpenChain项目的董事会的决定进一步证明了这点,并将在把OpenChain ISO 5230标准提升到一个更高的水平的过程中发挥重要作用。这将使每家使用开源的公司都受益,这是我们既兴奋又尊重的共同事业。”
关于华为
华为创立于1987年,是全球领先的ICT(信息与通信)基础设施和智能终端提供商。目前华为约有19.7万员工,业务遍及170多个国家和地区,服务全球30多亿人口。
华为致力于把数字世界带入每个人、每个家庭、每个组织,构建万物互联的智能世界:让无处不在的联接,成为人人平等的权利,成为智能世界的前提和基础;为世界提供最强算力,让云无处不在,让智能无所不及;所有的行业和组织,因强大的数字平台而变得敏捷、高效、生机勃勃;通过AI重新定义体验,让消费者在家居、出行、办公、影音娱乐、运动健康等全场景获得极致的个性化智慧体验。
The OpenChain Project has a mission to establish trust in the Open Source from which Software Solutions are built. The International Standard OpenChain ISO 5230 addresses this matter from the perspective around open source license compliance. Many of the same processes are equally applicable to open source security and for this reason we are providing guidance regarding how they can be applied.
The OpenChain Security Assurance Reference Guide 1.0 has a similar format to OpenChain ISO 5230. It can be regarded as a map enabling a user to transpose the proven processes of ISO 5230 to the security domain. This first iteration of the reference guide focuses on the core process of identifying and addressing “known vulnerabilities.” Over time we will evolve the guide to refine its effectiveness.
The OpenChain Security Assurance Reference Guide should be understood as a method to complement rather than compete with security specific standards. It is quite possible that an organization is compliant with another given standard will automatically meet all the processes outlined in the OpenChain Security Assurance Reference Guide. This is by design.
As the OpenChain Project adds additional reference guides over time (e.g., quality, export compliance, malware and functional safety) the value of OpenChain ISO 5230 will grow. This work – as with all activity inside the OpenChain Project – will be undertaken by the community of user companies for the benefit of the community.
Get The Reference Guide
Send Feedback To The Specification Team
© 2024 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
