Andrew Katz, Managing Partner at Moorcrofts and CEO of Orcro (both OpenChain partners), will lead an OpenUK webinar on the topic of OpenChain in M&A. This issue is increasingly important in our eco-system, reflecting that outside of product procurement, structured open source compliance approaches are in demand and offer significant benefits.
MAY 27, SAN FRANCISCO – Today the OpenChain Project is delighted to announce OPPO as our latest Platinum Member. As a Platinum Member of the project OPPO will provide strategic oversight on the governing board, the steering committee and the outreach committee. While OpenChain has had an active China Work Group since 2019, OPPO is the first work group participant to join the project governing board, and their contribution will be invaluable as OpenChain becomes an ISO standard.
“The OpenChain Project has been extremely fortunate in working with a wide range of Chinese companies during the last 18 months,” says Shane Coughlan, OpenChain General Manager. “Our deep relationship with OPPO is a direct consequence of this, and with their help we are looking forward to inspiring and leading a diverse range of Chinese innovators, international manufacturers and global supply chain companies towards adoption of our industry standard. In the next few months we will see some transformative activities around OpenChain and more generally open source compliance. OpenChain will become an ISO standard. SPDX will increasingly be deployed for Software Bill of Materials. Open Source Reference Tooling will emerge for multiple sectors. I am looking forward to working with the team at OPPO to help ensure that companies of every size and in every market can continually have access to the most efficient, effective and appropriate approaches to managing open source.”
“OPPO is delighted to join the OpenChain Project and establish a deeper engagement with the global open source community as our business and research effort grow,” Andy Wu, Vice President and President of Software Engineering Business Unit, OPPO. “With the presence of our smartphone and services in more than 40 global markets and research institutes across the world, OPPO looks forward to working with developers and partners through open source development and OpenChain Project, with its efficient and comprehensive solutions, tremendously increased the efficiency of our collaborative innovation. OPPO values openness and collaboration greatly and will be an active member in OpenChain Project to contribute to its long-term success and adoption with fellow partners.”
OPPO is a leading global smart device brand. Since the launch of its first mobile phone – “Smiley Face” – in 2008, OPPO has been in relentless pursuit of the perfect synergy of aesthetic satisfaction and innovative technology. Today, OPPO provides a wide range of smart devices spearheaded by the Find X and Reno series. Beyond devices, OPPO provides its users with the ColorOS operating system and internet services like OPPO Cloud and OPPO+. OPPO operates in more than 40 countries and regions, with 6 Research Institutes and 4 R&D Centers worldwide, as well as an International Design Center in London. More than 40,000 of OPPO’s employees are dedicated to creating a better life for customers around the world.
About the OpenChain Project
The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.
About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.
The OpenChain Project has launched a series of bi-weekly free webinars that provide access to people and knowledge that we would otherwise obtain at events. We held our fourth meeting on Monday the 18th of May at 5pm Pacific with two guest speakers.
This time we unpacked how the newly released SPDX 2.2. SPDX, as a leading industry standard for Software Bill of Materials, plays a pivotal role in the implementation of practical manual and automated compliance programs.
Kate Stewart, Sr. Director of Strategic Programs at the Linux Foundation, explained how SPDX 2.2 works and what it means for the community. Kate has been a key driver of this standard over the last 10 years and can answer all your questions about what the current standard means, what projects support it, and the current state of the tooling landscape.
Yoshiyuki Ito, Principal Expert at RENESAS Electronics, provided an overview of SPDX Lite. This is a “Profile” for the SPDX 2.2 standard that helps companies deploy the Software Bill of Materials to match certain workflows, particularly with respect to suppliers to large companies using existing processes. Ito San and others in the OpenChain Japan Work Group created SDPX Lite to help ensure that the standard could seek adoption in as many production environments as possible with minimal friction.
Sami Atabani, one of the founders of the OpenChain Project and our board member from Arm, will provide a webinar to the OpenUK Future Leaders’ Training series on OpenChain compliance. Catch him at 12pm UK Time (GMT+1) on May 22nd.
In the last few days Linux Foundation has publicly announced Joint Development Foundation (JDF) as an ISO/IEC JTC 1 PAS submitter and provided more information on how JDF will support OpenChain and other specifications to become ISO standards moving forward. This is an extremely important media inflection point for our community and for the broader global collaborations creating effective, adopted and mature de facto standards.
While the basic news is not new to the OpenChain community (you know we are using JDF to submit a ISO standard and you know that OpenChain is the first standard going this route), blog posts by The Linux Foundation and the media coverage is very useful for helping to explain our work to others. Some key excerpts below.
“This week, we are proud to announce that the Joint Development Foundation (JDF), which became part of the Linux Foundation family in 2019, has been accepted as an ISO/IEC JTC 1 PAS (“Publicly Available Specification”) Submitter. The OpenChain Specification is the first specification submitted for JTC 1 review and recognition as an international standard. The JDF was formed to simplify the process of creating new technical specification collaboration efforts. Standards and specifications are vitally important for the creation or advancement of new technologies, ensuring that the resulting products are well defined, provide predictable performance and that different implementations can interoperate with one another.”
We have seen some great media coverage. One of the best articles can be found in Linux Insider. A key quotation below:
“JDF projects now have a clear path from open source project or specification to an internationally recognized standard. The OpenChain specification is JDF’s first standard to be submitted. The OpenChain standard is a specification that identifies the key requirements of an open source compliance program. It is designed to build trust between companies in the supply chain while reducing internal resource costs. The outcome is increased trust and consistency in open source software across the supply chain. International standardization will help to guide the evolution of the OpenChain Specification from de facto to de jure standard, a process that will assist procurement, sales and other departments to engage with OpenChain-related activities, according to [Seth Newberry, executive director of the JDF].”
Finally, if you are wondering why OpenChain is talking about this PR now, about seven days from release, the answer is pretty simple. I (Shane Coughlan, General Manager) wanted to check out the media coverage and select the most concise, clearly messaged article to share. I believe this blog post and mailing list post, and the links it references, provide an excellent on-boarding point for a wider audience. People in procurement. People in sales. People in marketing. Please do share this message.
I am happy to take questions at any time at firstname.lastname@example.org or via a scheduled call using the link below.
My name is Hiro Fukuchi, I am the leader of the planning subgroup. This article introduces the all member meeting held by the OpenChain Japan workgroup. The planning subgroup plans the meeting every time.
All member meeting
Active and inclusive meetings
OpenChain Japan workgroupでは、2、3か月に1回の割合で全体会合を開催し続けています。誰でも参加できるオープンな会合です。workgroupに参加されている企業が自発的にホストを申し出て下さり、2017年12月のworkgroup開始時から2019年9月までに11回の会合を開催することができました。この間には、小規模のAd Hoc会合も3回開催しています。
The OpenChain Japan workgroup have been continuing to hold an all member meeting every two to three months since its beginning. Everyone can join the meeting. Member companies of the Japan workgroup hosted the meetings. From December 2017 to December 2019, we had 12 meetings and 3 ad hoc meetings.
At the all member meetings, there are sessions such as, introduction to the OpenChain project, the Japan workgroup and the subgroup activities, a keynote speech by a guest speaker, lightning talk. Every time, we received 50 to 60 attendees. We have successfully made the meetings friendly and inclusive.
Hosting a meeting by a member company is very important for Japan workgroup to promote our activity in Japan. Hosting a meeting needs an organizational support from a company. In many cases, throughout the preparation of a meeting or watching other companies’ activities, the company had a significant recognition of the importance of our activity. Sometimes, we saw a personal activity changed to an organizational activity. Hosting a meeting is a good opportunity to show a company’s attitude toward open source.
Regional and global activity.
Japan workgroup is regional and global activity. We discuss in Japanese language, but we are publishing our outcomes in Japanese and English language via the website and the GitHub site.
The all member meeting is of critical importance for the Japan workgroup to foster an active and inclusive community, because meeting in person builds trust between members in an open source community. A physical meeting gives an opportunity to share thoughts and feelings, discuss honestly and create a new idea. This process builds trust each other.
The OpenChain Project aims to build the trusted supply chain. The supply chain requires trusted relationship between suppliers and recipients. For the OpenChain Project, building trust is of critical importance.
The supply chain extends globally, so that we need to build trust with the global community. The Japan workgroup invited guest speakers from Europe, Korea and Taiwan to our all member meetings. The Japan workgroup members visited workshops held in China and Taiwan to share our experiences.
Continuing meetings gives power and momentum to the activity. Power and momentum give energy to our activity, and to invite new people. Meeting with new people begins a new relationship, so that our activity will be able to continue to expand.
Please join our activity
全体会合に参加してJapan workgroup活動の雰囲気を自分自身で体験し、活動の輪に加わって頂ければ幸いです。新しく参加された方が会合での発言をきっかけに活動に深く関わられることも多いです。OpenChain Japan workgroupの活動を通じて、信頼できるサプライチェーンが実現されていくことを願っています。
It is our pleasure if we can provide an opportunity for newcomers to join our all member meeting and experience the active and inclusive atmosphere by themselves.
The OpenChain Project has launched a series of bi-weekly free webinars that provide access to people and knowledge that we would otherwise obtain at events. We hold our fourth meeting on Monday the 18h of May at 5pm Pacific with two guest speakers.
This time we are unpacking the newly released SPDX 2.2. SPDX, as a leading industry standard for Software Bill of Materials, plays a pivotal role in the implementation of practical manual and automated compliance programs.
Kate Stewart, Sr. Director of Strategic Programs at the Linux Foundation, will explain how SPDX 2.2 works and what it means for the community. Kate has been a key driver of this standard over the last 10 years and can answer all your questions about what the current standard means, what projects support it, and the current state of the tooling landscape.
Yoshiyuki Ito, Principal Expert at RENESAS Electronics, will provide an overview of SPDX Lite. This is a “Profile” for the SPDX 2.2 standard that helps companies deploy the Software Bill of Materials to match certain workflows, particularly with respect to suppliers to large companies using existing processes. Ito San and others in the OpenChain Japan Work Group created SDPX Lite to help ensure that the standard could seek adoption in as many production environments as possible with minimal friction.
Each talk will run for 10~15 minutes and there will be plenty of time for questions, comments and suggestions. As with all OpenChain Project activities, our goal is to facilitate knowledge-sharing between peers.
Everyone is invited to join this free webinar via zoom. It will also be recorded and made available later on our website.