Featured

Canopus, a specialized firm providing Digital Transformation Services, is the latest organization to announce adoption of the OpenChain Security Assurance Specification 1.1 (ISO/IEC DIS 18974).

“As the OpenChain Security Assurance Standard is poised to become a formal ISO standard, we are delighted to see continued traction in adoption from companies electing to be at the forefront of effective open source management,” says Shane Coughlan, OpenChain General Manager. “Canopus is a welcome addition to our growing roster of ISO/IEC DIS 18974 conformant organizations, and will serve as an inspiration to others.”

Learn More About Canopus

Canopus is a specialized firm providing SAP Consultation Services for over 120 customers. Our expert DBAs possess an average of 15 years of experience in database management and administration, thus ensuring your databases are safe, secure, and managed with the utmost level of care and expertise, specializing in SAP Systems.

Canopus has proven experience in delivering massive database migrations with very large landscapes of Global Companies. We are experts to handle online migrations with our unique and patented data migration process.

Canopus is an Expert Data Base Consulting Company that specializes in SAP, Analytics. SAP Platform Migrations and other SAP Life Cycle projects such as upgrades, Business Continuity (DR), Performance Optimization, ILM, multi-layer tuning (App, Network, DB, HW, Storage), RCA, and issue resolution for extremely tough problems in SAP environments. Having been Established in 2014 by Domain Experts.

Our Strategic Business Associates with SAP & IBM. As our expertise, SAP Online Migrations we offer consulting services for SAP. Latest Products including HANA, HYBRIS, IBM Advanced Analytics, SAP on DB2 & Mobile first.

• https://canopusgbs.com/

The OpenChain Project is delighted to welcome National Financial Technology Certification Center (Beijing) as our latest official certification partner. Our collaboration will enable more FinTech and Financial Sector organizations in China to adopt the OpenChain standards for open source license compliance and security assurance.

NFTC would like to

• organize financial institutions to participate in the collaborative efforts for updating OpenChain standards, helping financial institutions have broader exposure to and integration into the global supply chain. and
• enhance the project’s influence within the financial industry, promote the international standardization of OpenChain ISO/IEC 5230 in the field of open-source license compliance, and foster its adoption in the industry.

About NFTC

NFTC is a reputable third-party certification agency dedicated to serving the financial industry, and the first national-level certification institution in China. Established in 2011 through the decision of the People’s Bank of China (The central bank of China), and approved by the National Administration for Market Regulation and the Certification and Accreditation Administration of China, NFTC is committed to providing quality certification, testing and evaluation, and assessment services for products, services, systems, infrastructure, and other aspects of the financial industry.

• http://www.nftc.org.cn/

OpenChain Mini-Summit September 2023

September 21st 2023 at 09:00-12:00 Spanish Time (CEST)

You are invited to join the OpenChain Mini-Summit adjacent to Open Source Summit Europe.

Our focus will be on:

1. Discussing the new ISO standard for security
2. Automation for open source compliance and security

This is an hybrid physical and virtual event. It is free of charge for all participants.

Due to in-person space being limited, we invite everyone to register for the virtual event, and to email scoughlan@linuxfoundation.org if they want a seat at the physical event.

We previously planned to hold this Mini-Summit on Monday the 18th of September, but we have moved it to Thursday the 21st of September to avoid overlap with the SPDX Mini-Summit covering SPDX 3.0.

Register for the OpenChain Mini-Summit Here

https://zoom.us/meeting/register/tJIuduGpqjwjGtJqMYPosKE06BZdbKE8ddwj

We covered a lot of ground in this meeting. Check out the full recording below. The current document is here:

• https://github.com/OpenChain-Project/Reference-Material/blob/5aeebd37ddcdd2dd19d33a26b571c40277fa8435/Adoption-Preparation/Model-Provisions/openchain-standards-model-provisions.0.5.md

Andrew updated the core language substantially and it looks like we are near release:

• https://github.com/OpenChain-Project/Reference-Material/commit/5aeebd37ddcdd2dd19d33a26b571c40277fa8435

Carlo submitted a patch with new language covering the verification that a Declaration is not just pro-forma:

• https://github.com/OpenChain-Project/Reference-Material/commit/2c1623fe1c65c93b27e3570bde4c41186388faa3

We decided to move non-core language to the Risk Grid and then have that queued as an item for review and reorder after the core is published:

• https://github.com/OpenChain-Project/Reference-Material/issues/52

We also discussed what to do when we move to a milestone release document rather than this initial drafting phase:

• https://github.com/OpenChain-Project/Reference-Material/issues/53

Next Steps

We move towards release of the core language with a final Request for Comments, and then we turn our attention to updating the Risk Grid.

Collabora, a leading open source software consultancy, has become the latest organization to announce an OpenChain ISO/IEC 5230 conformant program.

“One of the key benefits of ISO standards created by the OpenChain Project is to signal the adoption and use of the processes necessary for quality compliance or security programs related to open source,” says Shane Coughlan, OpenChain General Manager. “The announcement by Collabora of an ISO/IEC 5230 conformant program is an example of their commitment to excellence around open source license compliance management. We are delighted to welcome them to our community of conformance, and we look forward to fostering a productive long-term collaboration around our shared industry.”

“Being a ISO9001:2015 and ISO27001:2017 certified organization, we are delighted to join the OpenChain Project’s extensive global community,” says Eleni Katsoula, Engineering Operations Manager at Collabora. Along with so many of Collabora’s esteemed customers being Platinum members of the OpenChain community, we look forward to promoting the project’s focus on commercial and non-commercial open source process management.”

About Collabora

Collabora is a global consultancy specializing in delivering the benefits of Open Source software to the commercial world. Whether it’s the Linux kernel, graphics, multimedia or machine learning, Collabora’s expertise spans across all key areas of Open Source software development. By harnessing the potential of community-driven projects, and re-using existing components, Collabora helps its clients focus on creating product differentiation, enabling them to develop the best solutions. From tailoring the latest Open Source technologies to your projects, to integrating Open Source methodologies into your organization, Collabora can help you navigate the ever-evolving world of Open Source. Learn more at collabora.com.

LINE Corporation is pleased to announce that it has achieved OpenChain ISO/IEC 5230 self-certification, the international standard for open source license compliance. The OpenChain Project is one of the initiatives led by Linux Foundation, a leading non-profit organization focused on fostering innovation through open source and developing best practices and standards for open source software, hardware, standards, and data.

By attaining ISO/IEC 5230 self-certification, LINE has been globally recognized as having a highly trustworthy and systematic management system for utilizing open source. Thousands of LINE developers around the world, including in South Korea, Japan, Taiwan, Thailand, and Vietnam, utilize and develop open source systems based on international standards, and LINE’s open source team strictly complies with those core obligations in open source management.

LINE also has a history of releasing its internal technologies as open source software, including Armeria, the asynchronous framework that is a core technology of the LINE messenger. In addition, LINE has been a Silver Sponsor of the Apache Software Foundation, an American nonprofit organization that supports open source, since 2022, and since 2021, LINE has hosted the LINE Open Source Sprint, an internal event where LINE developers can participate in open source projects over the course of a month. By doing activities like these, LINE not only supports the growth of individual developers, but also strives to create an open source culture that embraces collaboration with the global open source ecosystem.

“LINE has a long history of success pioneering cutting-edge technological trends in all sorts of fields, including messengers, AI, blockchain, and fintech,” said Snow Kwon, CTO of LINE Plus. “As part of this process, we strictly maintain the highest standards of open source compliance. This OpenChain certification is recognition of our longstanding capacity in this area, and a sign of our commitment to open source moving forward.”

About LINE Corporation

Based in Japan, LINE is dedicated to the mission of “Closing the Distance,” bringing together information, services and people. The LINE messaging app launched in June 2011 and since then has grown into a diverse, global ecosystem that includes AI technology, fintech and more. LINE joined the Z Holdings Group, one of the largest internet service groups in Japan, following the completion of a business integration in March 2021.

xFusion, a global leader in digital infrastructure and services, is the 100th organization to announce an OpenChain Conformant Program through our website. Certified by CAICT, an official OpenChain Partner based in China, the development underlines a strong commitment to excellence in process management.

“The OpenChain Project is delighted to welcome xFusion to our community of conformance,” says Shane Coughlan, OpenChain General Manager. “It cannot be overstated how important companies like xFusion are to the future of the open source supply chain, and their collaboration with CAICT alongside their future work in this market, provides significant encouragement for the larger community.”

About xFusion

xFusion Digital Technologies Co., Ltd. (hereinafter referred to as “xFusion”) is dedicated to providing global leading digital infrastructure and services. xFusion continuously creates value for customers and partners and accelerates the digital transformation of the industry. xFusion has 11 research institutes, 7 regional offices, and 5 major supply centers totally around the world (some still under preparation). Currently, xFusion is serving customers in 130 countries and regions, including 211 Fortune Global 500 companies and covering telecoms, finance, Internet, governments, and other industries.

Learn more:
https://www.xfusion.com/en/about

Deloitte, a global leader in providing audit and assurance, tax and legal, consulting, financial advisory, and risk advisory services to companies, is the latest official OpenChain Partner.

“Open source license and security compliance has become an essential part of our clients’ supply chains. The OpenChain project has done an excellent job in providing best practices and governance guidelines that are reflected in ISO/IEC 5230 and ISO/IEC 18974,” says Sascha Pudenz, Senior Manager at Deloitte. “We are very pleased to become a contributing member of the OpenChain community and a third-party certifier. The opportunity to support the project and spread the principles throughout our internal and external network will also help drive maturity and awareness of the importance of these standards.” adds Robert Härtwig, Director at Deloitte.

“We are delighted to welcome Deloitte to our support ecosystem,” says Shane Coughlan, OpenChain General Manager. “The provision of services like third-party certification is a vital pillar of our standardization work, and helps to ensure open source process management is effective, coherent and builds trust in the supply chain. We look forward to working closely with their team in the months and years ahead to ensure the complexity of managing technology is reduced for companies of all sizes and in all markets.”

About Deloitte

Deloitte provides industry-leading audit and assurance, tax and legal, consulting, financial advisory, and risk advisory services to nearly 90% of the Fortune Global 500® and thousands of private companies. Our professionals deliver measurable and lasting results that help reinforce public trust in capital markets, enable clients to transform and thrive, and lead the way toward a stronger economy, a more equitable society and a sustainable world. Building on its 175-plus year history, Deloitte spans more than 150 countries and territories. Learn how Deloitte’s approximately 415,000 people worldwide make an impact that matters at www.deloitte.com.

Today the OpenChain Project announces new online conformance checklists for all of our current license compliance and security assurance standards. These checklists allow any organization to quickly and privately check if they meet the requirements of a standard. They are a free service provided to the global supply chain to support trust between organizations.

Each checklist has a series of “yes” or “no” statements. If you can answer “yes” to everything, you are self-certified. If you answer “no” to some items, you know where to invest further time to build a quality program. The checklists allow you to save your progress and take up to 30 days to complete all the items.

After completing a checklist, you decide if we list you on our website or not. Of course, we hope to display more and more examples of adoption over time.

For License Compliance

---

---

For Security Assurance

---

---

For Other Variants Of These Standards

---

---