Skip to main content
Category

Featured

OpenChain Newsletter #51

By Featured, Monthly Newsletter, News

Newsletter – Issue 51 – February 2023

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. This is a community newsletter, so we accept suggestions and ideas, and you can contact us by mail at any time.

Cool Statistic To Start The Year

The OpenChain Project now has 10 official third-party certifiers for our license compliance and security assurance standards.

You can now get third-party certified with ISO/IEC 5230 or the OpenChain Security Assurance Specification 1.1 anywhere in the world… and you have plenty of choice about who to work with. Of course, you have options when adopting our standards. The most common thing is actually for companies to start with self-certification, so if you are new to this… Learn more here)

Nice Outreach News

OpenChain now has a Wikipedia page about ISO/IEC 5230. Huge thank you to Marc-Etienne Vargenau at Nokia for making this happen.

Huge Revamp Of OpenChain Material Underway

Our reference library of over 1,000 documents to help you learn about our standards, train people or suppliers around open source, get policy templates, self-certification checklists and more has been totally overhauled. It is now easier to find material, easier to share material and easy to translate material.

We have also dramatically improved our community calendar to make it much easier to find our events, webinars and more.

ISO/IEC 5230:2020 Conformance

Yes Security and Panx Project announced adoption of our ISO/IEC standard for open source license compliance via the OpenChain website. Both companies self-certified. Yes Security is the first company from Brazil to announce conformance via our website. Well done!

Partner News

It was an exciting month for us on the partner side of things. First of all, we had OSPOCO and Taylor English Join The OpenChain Partner Program, and we had TIMETOACT GROUP Offer Open Source Certification Based On ISO/IEC 5230. However, the banner headline (as mentioned in the cool statistic section of this newsletter) is that we now have 10 official third-party certifiers around the world.

OpenChain Meetings And Events

Lots of recordings and minutes for those catching up this month.

Our global calls – where we edit the next generations of the license compliance and security assurance standards:

Other community meetings:

On the “external collaboration” side of things we had an OSS Compliance in 2022 / 2023 event co-organized with FOSSID. We were also featured with a speech and Q&A session at an OpenAnolis Standardization SIG Meeting in China at the invitation of Alibaba.

Webinars

This month we had two webinars. One covered new security tools and one unpacked fascinating data points around GPLv2 licensing. Did you know there have been 40 versions of the GPLv2 published on its official websites and there have been 12 different versions found in the Linux Kernel? Definitely a webinar to watch if you are interested in the licensing side of things.

Want to join our calls? Watch our webinars? Just check out our global calendar.

Training Material In The Supply Chain

Last month we mentioned that Continental Corporation made LFC193 a required course for their software developers from late Q3 2022. Since then we had two other soft announcements from community members about their adoption.

Coming Soon

For those wanting a sample of what’s on the community calendar for March…

Finally… If You Want To Talk About OpenChain…

Our new community education slides are now available. You will find a full overview of the project here and speaker notes to help you talk about what we do.

Check Out All Our Previous Newsletters:
https://www.openchainproject.org/newsletter

Quick Links

Legal: All trademarks belong to their respective owners. This newsletter is licensed under Creative Commons Attribution-NoDerivatives 4.0 International (CC BY-ND 4.0).

Coming Soon: OpenChain Export Control Work Group – Third Meeting – 2023-03-07

By Featured, News

The OpenChain Export Control Work Group will hold its third meeting on the 7th of March at 08:00 UTC. The focus will be on reviewing the new volunteer project being set up at https://github.com/crypto-law-survey to help explore the continuation of Bert’s work on http://www.cryptolaw.org/ as a general community resource.

Zoom Meeting

https://zoom.us/j/93456802267Meeting ID: 93456802267

One Tap Mobile

+13052241968,,93456802267# US
+16475580588,,93456802267# Canada

Coming Soon: OpenChain Webinar #49 – FOSDEM Recap – 2023-03-06

By Featured, News

The next OpenChain Webinar will feature a FOSDEM recap by Philippe Ombredanne of NexB for everyone who did not attend the event in Belgium at the start of 2023. The webinar will take place between 10:00 and 11:00 UTC (11:00 CET – 12:00 CET) on the 6th of March 2023.

We will use the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

This call is open to every individual and company regardless of their membership of Linux Foundation or the OpenChain Project.

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

Compare timezones:
https://www.worldtimebuddy.com

Join via one tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number:
https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

OpenChain Reference Library – Complete Overhaul

By Featured, News

The OpenChain Reference Library has been significantly updated to improve navigation. This is an administrative item that was pending for a while. Its completion should make it possible (and easy!) for anyone to access our library and find material. It should also make it a lot easier for our Education Work Group to assess and improve or expand existing material.

Access The Repository

The New Structure

Some Notes

This new structure is designed to overcome discoverability issues with the previous repository and to make it easier for continual improvement both of individual documents and for the navigation of the repository as a whole. This means that your feedback, suggestions and help are most welcome. You can leave feedback and ideas for improvement as GitHub issues or via our Education Work Group mailing list.

OpenChain @ Wikipedia

By Featured, News

The OpenChain Project is officially featured on Wikipedia in three languages:

  1. English
  2. French
  3. German

Example of the text in English:

ISO/IEC 5230 (known as OpenChain) is an international standard on the key requirements for a high-quality open source license compliance program. The standard was published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in late 2020. The standard is based on the Linux Foundation OpenChain Specification 2.1. It focuses on software supply chains, easier procurement and license compliance. Organizations that meet the requirements of the standard can self-certify to ISO/IEC 17021, from an accredited certification body or after successfully completing an audit.

We would love your help in reviewing and improving this new resource to help spread understanding of our standard for open source license compliance, and expanding our presence over time to include the OpenChain Security Assurance Specification. You can do so through the normal Wikipedia editing process. Here is an example for the English page.

Huge thanks to Marc-Etienne Vargenau at Nokia for leading this process. He put a lot of effort into making this happen, and is due great credit for helping to improve the supply chain through easily available educational material.

OpenChain Monthly Meeting 2023-02-21 (North America and Asia) – Recording

By Featured, News

Our latest monthly meeting for North America / Asia continues where we left off on the North America / Europe call earlier this month (see https://www.openchainproject.org/news/2023/02/10/monthly-meeting-2023-02-07-recording). The focus was work around the next generation of the Security Assurance Specification.

Watch Our Meeting

On this call we addressed the following issues with the Security Assurance Specification 2.0 Draft:

  1. We prepared and refined definitions of remediation and mitigation:
    https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/22
  2. We included “remediation” and “mitigation” in Section 3.1.5:
    https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/25
  3. We included “mitigation” in Section 3.3.2:
    https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/26
  4. We clarified the “Get Customer” requirement in Section 3.3.2 to make the logic clearer:
    https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/27

All of the issues appear “done” but naturally you can access, review and reopen on GitHub. We will also be speaking about these topics on the next call for North America / Europe on the 1st Tuesday of March. See our Global Calendar for the precise schedule:
https://www.openchainproject.org/participate

Review Our Slides

Yes Security is the latest OpenChain ISO/IEC 5230 Conformant Organization

By Featured, News

Yes Security…

… aims to offer high quality, performance and reliable products, ensuring the protection, security and productivity of its customers. The provision of personalized services, in an agile and assertive way is one of our main focuses, acting in the identification and resolution of problems, guiding the IT professional on the functionalities of the tools, ensuring the full use of the resources offered by it. With a close relationship with manufacturers and distributors it is possible to offer affordable projects that suit the needs of each company.

Learn More

OpenChain Korea Work Group Meeting #17 – First Physical Meeting Since COVID! – 2023-03-28

By Featured, News

The OpenChain Korea Work Group is holding its 17th meeting between 14:00 and 16:00 on the 28th of March 2023. This will be the first physical meeting of the work group since COVID hit in 2020. Learn more at the event link:
https://openchain-project.github.io/OpenChain-KWG/meeting/17th/

안녕하세요, OpenChain KWG 멤버 여러분! 장학성입니다.
새로운 한해를 뜻깊게 시작하고 계신가요?

2023년 1분기 모임을 코로나 이후 처음으로 다시 오프라인으로 모입니다. 두근두근!:
https://openchain-project.github.io/OpenChain-KWG/meeting/17th/

  • 일시 : 2023년 3월 28일 (화), 오후 2시~4시
  • 장소 : 라인플러스 (분당구 서현동)
    세부 장소는 추후 공지 드리겠습니다. (장소를 제공해주신 라인플러스 이서연님 감사합니다! ^^)

OpenChain Webinar #48 – GPLv2 Licensing History

By Featured, News, Webinar

This OpenChain Webinar features an overview of GPLv2 licensing fragmentation based on research initiated by Philippe Ombredanne of NexB and continued by Armijn Hemel of Tjaldur Software Governance Solutions. The key takeaway is that a significant number of variations exist (40 “vanilla” copies from the FSF or GNU website, 12 with the Linux kernel linking exception in the Linux kernel), but the impact of these variations is nuanced. The requirements do not change but the variability may throw errors for automation and review. Process awareness is required.

Check Out All Our Past Webinars Here:

Panx Project is the latest OpenChain ISO/IEC 5230 Conformant Organization

By Featured, News

Panx Project is:

A digital consultancy and community solutions organization. Each year we launch projects aimed to address a social, technological, or economical issue. Working with and training job seekers, startups, NGOs and enterprises on developing their own framework to leverage the latest industry standards and cutting-edge technology. Some of these clients include: Mumm, Zoho and Monginis.

Learn More