Skip to main content
search
Category

Featured

Mar 15
Love0

CESI is the Latest OpenChain Partner and Third-Party Certifier

By Featured, News

China Electronics Standardization Institute (CESI) is the latest official partner of the OpenChain Project. From today, CESI is offering third-party certification around the standards produced by the OpenChain Project, with an initial focus on ISO/IEC 5230:2020, the International Standard for open source license compliance.

“The OpenChain Project is delighted to deepen our collaboration with CESI,” says Shane Coughlan, OpenChain General Manager. “CESI has an exceptionally important role in helping the world’s most populous country engage with, leverage and innovate around open source. Their new status as an official partner of the OpenChain Project opens doors for more companies in China to begin using our standards, and to begin benefiting from increased efficiency in their supply chains.”

“CESI is delighted to become an official partner of the OpenChain Project,” says Liyun Yang, Director of Cloud Computing Research Office. “We will offer third-party certification and assist in developing next generation versions of the OpenChain standards to help support Chinese companies, and the wider global supply chain.”

About CESI

Founded in July 1963, CESI is a nonprofit institution directly under the MII that is engaged in standardization, conformity assessment and measurement activities in the field of electronic information technologies. Authorized by government competent departments, CESI organizes the development of national and industry standards and participation in the international standardization activities in electronic information technologies. CESI provides product certification, quality system certification, experiments and tests, measurement and calibration as well as training for the public.

The objective of CESI is to become a world-renowned, domestically authoritative institution for standardization and conformity assessment in the field of electronic information technologies.

Learn More

Mar 15
Love0

TÜV NORD Taiwan is the latest OpenChain Partner

By Featured

TÜV NORD Taiwan is the latest official OpenChain Partner. TÜV NORD Taiwan was founded in 1988 and is one of the leading providers of quality, safety, information technology, and renewable energy solutions. The company has highly qualified employees and offers national and international customers the complete provide the one-stop service for local customers.

“We are delighted to being our official partnership with TÜV NORD Taiwan,” says Shane Coughlan, OpenChain General Manager. “The availability of certification and other support services is critical to ensure companies have options when using our standards for license compliance and security assurance. Especially in mission critical industries like automotive, the option of third-party certification alongside self-certification is vitally important.”

About TÜV NORD Taiwan

TÜV NORD Taiwan is one of the world’s largest technical service providers.

We owe our leading market position to our technical competence and a wide range of engineering support, testing and servicing activities in the Systems, Mobility, Certification, Energy, training and International Divisions.

With over 14,000 employees in more than 70 countries of Europe, Asia, America and Africa, the TÜV NORD GROUP is actively committed to its national and international customers. Its broad consulting, service and testing/inspection portfolio encompasses both specific individual tests/inspections and also management of complex safety solutions.

The TÜV NORD GROUP is made up of the following divisions: Mobility, Industrial Services, International, Natural Resources and Training and Human Resources. As a customer-oriented competence centre, it is in constant contact with its customers for analyzing, consulting, developing individual solutions and joint implementation with the customer.

TÜV NORD GROUP customers benefit from the broad, well-founded expertise of the consultants and inspectors. Through their understanding of the subject and the customer, the employees form the backbone of the company’s success.

Learn more:

Mar 13
Love0

OpenChain ISO/IEC Featured In Journal Of Software (软件学报)

By Featured, News

OpenChain ISO/IEC 5230:2020 is featured positively in the ‘Survey on Open-source Software Supply Chain Security’ published in the Journal Of Software (软件学报) Volume 33, Issue 3, 2023.

This article by JI Shou-Ling, WANG Qin-Ying, CHEN An-Ying, ZHAO Bin-Bin, YE Tong, ZHANG Xu-Hong, WU Jing-Zheng, LI Yun, YIN Jian-Wei and WU Yan-Jun is worth reading in full for insight from a key market space for open source.

In recent years, the vigorous development of open source software and the modern software development and supply models have greatly facilitated the rapid iteration and evolution of open source software, resulting in increased social benefits. The emerging collaborative software development model of open source has transformed the software development supply process from a relatively linear path to a complex network structure. Within open-source software’s complex and intertwined supply relationships, the overall security risk trend has significantly increased, drawing increasing attention from the academic and industrial communities. This work tries to define the new open-source software supply chain model and, based on attacks that have occurred over the past decade, summarizes the threat model and security trends of the open-source software supply chain. For securing the open-source software supply chain, this work provides a systematic overview from the perspectives of risk identification and reinforced defense and also highlight the new challenges and opportunities.

https://www.jos.org.cn/josen/article/abstract/6717

Want To Learn More About Journal Of Software?

The Journal of Software (ISSN 1000-9825) is a Chinese comprehensive academic journal of computer software which is jointly hosted by the Institute of software, the Chinese Academy of Sciences (ISCAS) and China Computer Federal (CCF). Founded in 1990, the Journal of Software focuses on the latest innovative high-level scientific and technological achievements of great significance in the field of computer software. It advocates academic democracy and promotes academic discussion and exchange of the researchers in and out of China.

Check out their website: https://www.jos.org.cn/josen/home?id=20171219032526650&name=Home

Mar 10
Love0

OpenChain Project One Slide Overview Updated

By Featured, News

The one slide overview of the OpenChain Project has been updated to provide simple, clear messaging about how and why our work provides value to companies in the supply chain.

This document is available in PDF format, PNG format, PPTX format or ODP format. You may take it, use it, share it and remix it freely using the terms of the CC0 license, effectively public domain.

You can help us improve this document, translate it and convert it into new formats through the OpenChain GitHub Reference Library. We are actively seeking a MarkDown version for ease of future iteration.

Mar 09
Love0

ISO/IEC 5230 One Pager Updated

By Featured, News

The ISO/IEC 5230 one page overview has been updated to provide simple, clear messaging about how and why the International Standard for open source license compliance provides value to companies in the supply chain.

This document is available in PDF format, PNG format or InDesign format. You may take it, use it, share it and remix it freely using the terms of the CC0 license, effectively public domain.

You can help us improve this document, translate it and convert it into new formats through the OpenChain GitHub Reference Library. We are actively seeking a MarkDown version for ease of future iteration.

Mar 07
Love0

OpenChain Export Control Work Group – Third Meeting – 2023-03-07 – Recording

By Featured, News

The OpenChain Export Control Work Group held its third meeting on the 7th of March at 08:00 UTC. The focus was on reviewing the new volunteer project being set up at https://github.com/crypto-law-survey to explore the continuation of Bert’s http://www.cryptolaw.org/ as a general community resource.

Collaborate with your peers on this topic:

Mar 07
Love0

Webinar: FOSDEM Recap

By community, Featured, News, Webinar

This OpenChain Webinar featured a FOSDEM recap by Philippe Ombredanne of NexB for everyone who did not attend the event in Belgium at the start of 2023. In 2023 FOSDEM had over 8,000 participants and 771 presentations, making it one of the largest open source events in the world by a large margin. This webinar will be of particular interest to people exploring open source tooling for open source compliance or security.

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #49, released on 2023-03-07.

Feb 28
Love0

OpenChain Newsletter #51

By Featured, Monthly Newsletter, News

Newsletter – Issue 51 – February 2023

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. This is a community newsletter, so we accept suggestions and ideas, and you can contact us by mail at any time.

Cool Statistic To Start The Year

The OpenChain Project now has 10 official third-party certifiers for our license compliance and security assurance standards.

You can now get third-party certified with ISO/IEC 5230 or the OpenChain Security Assurance Specification 1.1 anywhere in the world… and you have plenty of choice about who to work with. Of course, you have options when adopting our standards. The most common thing is actually for companies to start with self-certification, so if you are new to this… Learn more here)

Nice Outreach News

OpenChain now has a Wikipedia page about ISO/IEC 5230. Huge thank you to Marc-Etienne Vargenau at Nokia for making this happen.

Huge Revamp Of OpenChain Material Underway

Our reference library of over 1,000 documents to help you learn about our standards, train people or suppliers around open source, get policy templates, self-certification checklists and more has been totally overhauled. It is now easier to find material, easier to share material and easy to translate material.

We have also dramatically improved our community calendar to make it much easier to find our events, webinars and more.

ISO/IEC 5230:2020 Conformance

Yes Security and Panx Project announced adoption of our ISO/IEC standard for open source license compliance via the OpenChain website. Both companies self-certified. Yes Security is the first company from Brazil to announce conformance via our website. Well done!

Partner News

It was an exciting month for us on the partner side of things. First of all, we had OSPOCO and Taylor English Join The OpenChain Partner Program, and we had TIMETOACT GROUP Offer Open Source Certification Based On ISO/IEC 5230. However, the banner headline (as mentioned in the cool statistic section of this newsletter) is that we now have 10 official third-party certifiers around the world.

OpenChain Meetings And Events

Lots of recordings and minutes for those catching up this month.

Our global calls – where we edit the next generations of the license compliance and security assurance standards:

Other community meetings:

On the “external collaboration” side of things we had an OSS Compliance in 2022 / 2023 event co-organized with FOSSID. We were also featured with a speech and Q&A session at an OpenAnolis Standardization SIG Meeting in China at the invitation of Alibaba.

Webinars

This month we had two webinars. One covered new security tools and one unpacked fascinating data points around GPLv2 licensing. Did you know there have been 40 versions of the GPLv2 published on its official websites and there have been 12 different versions found in the Linux Kernel? Definitely a webinar to watch if you are interested in the licensing side of things.

Want to join our calls? Watch our webinars? Just check out our global calendar.

Training Material In The Supply Chain

Last month we mentioned that Continental Corporation made LFC193 a required course for their software developers from late Q3 2022. Since then we had two other soft announcements from community members about their adoption.

Coming Soon

For those wanting a sample of what’s on the community calendar for March…

Finally… If You Want To Talk About OpenChain…

Our new community education slides are now available. You will find a full overview of the project here and speaker notes to help you talk about what we do.

Check Out All Our Previous Newsletters:
https://www.openchainproject.org/newsletter

Quick Links

Legal: All trademarks belong to their respective owners. This newsletter is licensed under Creative Commons Attribution-NoDerivatives 4.0 International (CC BY-ND 4.0).

Feb 27
Love0

Coming Soon: OpenChain Export Control Work Group – Third Meeting – 2023-03-07

By Featured, News

The OpenChain Export Control Work Group will hold its third meeting on the 7th of March at 08:00 UTC. The focus will be on reviewing the new volunteer project being set up at https://github.com/crypto-law-survey to help explore the continuation of Bert’s work on http://www.cryptolaw.org/ as a general community resource.

Zoom Meeting

https://zoom.us/j/93456802267Meeting ID: 93456802267

One Tap Mobile

+13052241968,,93456802267# US
+16475580588,,93456802267# Canada

Close Menu