Revenera has announced the creation of an OpenChain ISO/IEC DIS 18974 conformant program for managing open source security assurance. This builds on previous adoption of OpenChain ISO/IEC 5230, the International Standard for open source license compliance, and underlines their on-going commitment to open source process management.
“Revenera’s adoption of the OpenChain international standard for open source security assurance, following our adoption of the standard for open source license compliance, demonstrates our dedication to being a leader in using safe, secure open source software. Revenera is one of only a handful of organizations that are OpenChain ISO/IEC DIS 18974 conformant; we are honored to be on the forefront and hope that other organizations will also pursue this standard to help secure their software supply chain,” said Alex Rybak, Senior Director of Product Management at Revenera. “As someone responsible for Revenera’s open source program office (OSPO), having both OpenChain certifications helps us define, administer, and continuously improve our program to conform to evolving industry best practices.”
“The OpenChain process management standards are designed to help businesses use open source more effectively and efficiently,” says Shane Coughlan, OpenChain General Manager. “Revenera has proven to be an enthusiastic participant in the OpenChain community of conformance, and also an active contributor to knowledge-sharing in our field. The future of collaborative technology like open source depends on this type of positive, sustainable engagement, and I look forward to our continued partnership as the supply chain evolves.”
Revenera helps product executives build better products, accelerate time to value and monetize what matters. Revenera’s leading solutions help software and technology companies drive top line revenue with modern software monetization, understand usage and compliance with software usage analytics, empower the use of open source with software composition analysis and deliver an excellent user experience—for embedded, on-premises, cloud and SaaS products. To learn more, visit www.revenera.com.
For More Information, Contact:Bret Clement
The funeral of Ueda San of Sony took place yesterday. Many of us have known him for many years. Some of us have known him for a little while. Others, perhaps, have only recently heard of him.
One important thing to know about Ueda San is that he built the open source community in Japan alongside others such as Hashimoto San, Eto San, Shibata San and the rest of the “old guard.”
Building the open source community in Japan was not easy. Previously, companies operated in silos, and it was a radical idea to throw open the doors and allow engineers to mix and mingle. There was risk, there was fear, and there was the stubborn tide of habit.
It takes an iron will to change an entire industry. Ueda San was extremely kind and gentle, but he would not yield on the importance of open collaboration. He knew the value it gave to people, to business and to society. Ueda San really believed in community and collaboration. He was tireless in promoting it, and he insisted that more and more people should be educated in its value.
Ueda San was a key part of forming the OpenChain Japan community. He was also a key driver behind our early outcomes, including the exceptional Supplier Education Leaflet. His tireless encouragement of younger generations is an example we can all learn from.
It is because of Ueda San and his contemporaries that the OpenChain Japan Work Group exists. Instead of closing doors, our board members decided to create an environment of complete openness. We built this community to network people, to share knowledge, and to fundamentally improve how companies use open source.
This is the difference between long term and short term thinking. By creating communities that freely welcome people, they can learn your values. They mirror your values. They multiply your effort. Then, together, you change far more than you could ever accomplish alone.
And now? Now we have an environment in Japan where more and more companies are adopting standard processes around open source. We have more engineers and managers meeting, talking and learning. We are all in a better position to do more things.
It is our responsibility to take that potential and apply it. It is also our responsibility to remember that the freedoms and advantages we enjoy come from the hard work of others. Without Ueda San spending thousands of hours advocating, perhaps there would be a much smaller community in Japan.
Ueda San was a dreamer who actually created new realities. He was an artist, and he saw the world as far more than numbers. Indeed, Ueda San spent countless hours capturing the beauty of nature as a photographer. When I think of him, I think of how these values drove him, and changed us all for the better.
This is the final photograph Ueda San posted on Facebook before he died. A dragonfly. What a perfect metaphor for life and for friendship. A moment of beauty. A moment that passes. All we can do is appreciate it, and treasure the memories left behind.
— Shane Coughlan, OpenChain General Manager
Canopus, a specialized firm providing Digital Transformation Services, is the latest organization to announce adoption of the OpenChain Security Assurance Specification 1.1 (ISO/IEC DIS 18974).
“As the OpenChain Security Assurance Standard is poised to become a formal ISO standard, we are delighted to see continued traction in adoption from companies electing to be at the forefront of effective open source management,” says Shane Coughlan, OpenChain General Manager. “Canopus is a welcome addition to our growing roster of ISO/IEC DIS 18974 conformant organizations, and will serve as an inspiration to others.”
Learn More About Canopus
Canopus is a specialized firm providing SAP Consultation Services for over 120 customers. Our expert DBAs possess an average of 15 years of experience in database management and administration, thus ensuring your databases are safe, secure, and managed with the utmost level of care and expertise, specializing in SAP Systems.
Canopus has proven experience in delivering massive database migrations with very large landscapes of Global Companies. We are experts to handle online migrations with our unique and patented data migration process.
Canopus is an Expert Data Base Consulting Company that specializes in SAP, Analytics. SAP Platform Migrations and other SAP Life Cycle projects such as upgrades, Business Continuity (DR), Performance Optimization, ILM, multi-layer tuning (App, Network, DB, HW, Storage), RCA, and issue resolution for extremely tough problems in SAP environments. Having been Established in 2014 by Domain Experts.
Our Strategic Business Associates with SAP & IBM. As our expertise, SAP Online Migrations we offer consulting services for SAP. Latest Products including HANA, HYBRIS, IBM Advanced Analytics, SAP on DB2 & Mobile first.
The OpenChain Project is delighted to welcome National Financial Technology Certification Center (Beijing) as our latest official certification partner. Our collaboration will enable more FinTech and Financial Sector organizations in China to adopt the OpenChain standards for open source license compliance and security assurance.
NFTC would like to
- organize financial institutions to participate in the collaborative efforts for updating OpenChain standards, helping financial institutions have broader exposure to and integration into the global supply chain. and
- enhance the project’s influence within the financial industry, promote the international standardization of OpenChain ISO/IEC 5230 in the field of open-source license compliance, and foster its adoption in the industry.
NFTC is a reputable third-party certification agency dedicated to serving the financial industry, and the first national-level certification institution in China. Established in 2011 through the decision of the People’s Bank of China (The central bank of China), and approved by the National Administration for Market Regulation and the Certification and Accreditation Administration of China, NFTC is committed to providing quality certification, testing and evaluation, and assessment services for products, services, systems, infrastructure, and other aspects of the financial industry.
OpenChain Mini-Summit September 2023
September 21st 2023 at 09:00-12:00 Spanish Time (CEST)
You are invited to join the OpenChain Mini-Summit adjacent to Open Source Summit Europe.
Our focus will be on:
- Discussing the new ISO standard for security
- Automation for open source compliance and security
This is an hybrid physical and virtual event. It is free of charge for all participants.
Due to in-person space being limited, we invite everyone to register for the virtual event, and to email email@example.com if they want a seat at the physical event.
We previously planned to hold this Mini-Summit on Monday the 18th of September, but we have moved it to Thursday the 21st of September to avoid overlap with the SPDX Mini-Summit covering SPDX 3.0.
Register for the OpenChain Mini-Summit Here
We covered a lot of ground in this meeting. Check out the full recording below. The current document is here:
Andrew updated the core language substantially and it looks like we are near release:
Carlo submitted a patch with new language covering the verification that a Declaration is not just pro-forma:
We decided to move non-core language to the Risk Grid and then have that queued as an item for review and reorder after the core is published:
We also discussed what to do when we move to a milestone release document rather than this initial drafting phase:
We move towards release of the core language with a final Request for Comments, and then we turn our attention to updating the Risk Grid.
Collabora, a leading open source software consultancy, has become the latest organization to announce an OpenChain ISO/IEC 5230 conformant program.
“One of the key benefits of ISO standards created by the OpenChain Project is to signal the adoption and use of the processes necessary for quality compliance or security programs related to open source,” says Shane Coughlan, OpenChain General Manager. “The announcement by Collabora of an ISO/IEC 5230 conformant program is an example of their commitment to excellence around open source license compliance management. We are delighted to welcome them to our community of conformance, and we look forward to fostering a productive long-term collaboration around our shared industry.”
“Being a ISO9001:2015 and ISO27001:2017 certified organization, we are delighted to join the OpenChain Project’s extensive global community,” says Eleni Katsoula, Engineering Operations Manager at Collabora. Along with so many of Collabora’s esteemed customers being Platinum members of the OpenChain community, we look forward to promoting the project’s focus on commercial and non-commercial open source process management.”
Collabora is a global consultancy specializing in delivering the benefits of Open Source software to the commercial world. Whether it’s the Linux kernel, graphics, multimedia or machine learning, Collabora’s expertise spans across all key areas of Open Source software development. By harnessing the potential of community-driven projects, and re-using existing components, Collabora helps its clients focus on creating product differentiation, enabling them to develop the best solutions. From tailoring the latest Open Source technologies to your projects, to integrating Open Source methodologies into your organization, Collabora can help you navigate the ever-evolving world of Open Source. Learn more at collabora.com.
OpenChain Webinar 55 was lead by Clare Dillon, the Executive Director of InnerSource Commons, and it highlighted the activities and value behind the InnerSource movement. InnerSource is the use of open source best practices for software development within the confines of an organization. Understanding this has become a key part of business strategy for forward-looking organizations.
Two Resource Flagged By Our Speaker
- FINOS InnerSource Special Interest Group project on InnerSource licenses – an overview:
- A great overview of Transfer Pricing from our last InnerSource Summit: https://youtu.be/91srcPMcmBY