The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.
This edition of the newsletter was created and shared by Qiuyue Qi of OpenSCA, and we provide our thanks for the contribution!
Main News
Deloitte joined the OpenChain Project as an official partner.
There are three webinars this month: two regular ones talked respectively about trusted network initiative (#52) and OpenSCA (#53), and a special one focused on automotive.
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.
This edition of the newsletter was created and shared by Qiuyue Qi of OpenSCA, and we provide our thanks for the contribution!
Main News
Let’s welcome CARIAD to the board and NORDEMANN as a new partner:
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.
This edition of the newsletter was created and shared by Qiuyue Qi of OpenSCA, and we provide our thanks for the contribution!
Enlargement
Cloudera, Alibaba Cloud, China Mobile, SAIC Z-ONE and ByteDance have all announced conformance with ISO/IEC 5230.
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.
This edition of the newsletter was created and shared by Qiuyue Qi of OpenSCA, and we provide our thanks for the contribution!
Enlargement
Socionext & Suzhou Prism Colorful Information Technology Co., Ltd. have all announced conformance with ISO/IEC 5230.
The OpenChain Project has had open discussions with LG Electronics and SK Group, presented at LF APAC Leadership Summit and delivered a speech at OSPO Summit.
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. This is a community newsletter, so we accept suggestions and ideas, and you can contact us by mail at any time.
You can now get third-party certified with ISO/IEC 5230 or the OpenChain Security Assurance Specification 1.1 anywhere in the world… and you have plenty of choice about who to work with. Of course, you have options when adopting our standards. The most common thing is actually for companies to start with self-certification, so if you are new to this… Learn more here)
Our reference library of over 1,000 documents to help you learn about our standards, train people or suppliers around open source, get policy templates, self-certification checklists and more has been totally overhauled. It is now easier to find material, easier to share material and easy to translate material.
Yes Security and Panx Project announced adoption of our ISO/IEC standard for open source license compliance via the OpenChain website. Both companies self-certified. Yes Security is the first company from Brazil to announce conformance via our website. Well done!
This month we had two webinars. One covered new security tools and one unpacked fascinating data points around GPLv2 licensing. Did you know there have been 40 versions of the GPLv2 published on its official websites and there have been 12 different versions found in the Linux Kernel? Definitely a webinar to watch if you are interested in the licensing side of things.
Last month we mentioned that Continental Corporation made LFC193 a required course for their software developers from late Q3 2022. Since then we had two other soft announcements from community members about their adoption.
Coming Soon
For those wanting a sample of what’s on the community calendar for March…
After focusing on rolling news in 2022, the OpenChain Newsletter is back to provide a monthly summary of our work. You can expect an overview of what the OpenChain Project is doing to build trust around license compliance and security in the open source supply chain. You will also find other news directly related to our field. We accept suggestions and ideas. Just mail us at any time.
Cool Statistic To Start The Year
20% of German companies with over 2,000 employees have already implemented OpenChain ISO/IEC 5230:2020, the International Standard for open source license compliance. Source: Bitkom Open Source Monitor 2021
Google Announces ISO/IEC 5230:2020 Conformant Program
We ended Q4 2022 with some exciting news. Google, an OpenChain Governing Board member and early adopter of the first generation OpenChain standard for open source license compliance, announced formal adoption of ISO/IEC 5230, the International Standard for open source license compliance.
Meanwhile, Around Security…
We have submitted the OpenChain Security Assurance Specification to the ISO/IEC JTC-1 PAS Transposition Process. We expect it to graduate as an ISO/IEC standard around mid-2023.
Security Assurance Specification Gains Additional Support
At the end of December 2022 we saw some significant announcements regarding support for the OpenChain Security Assurance Specification:
This support continued to grow in January 2023 with an announcement from Bitsea about their new services for customers around adoption.
OpenChain Meetings, Webinars And Events
Our monthly meetings kicked off with next generation specification reviews for North America / Europe and North American / Asia. We are seeing some solid discussion around the open issues on both the license compliance and security specifications. It is recommended to take part in these meetings if you have ideas, suggestions or comments about where you want our standards to go next.
The global calendar is also a great way to keep track of our webinars. We started the year with a great one: OpenChain Webinar #47 covered OSSelot: The Open Source Curation Database. OSSelot is a new project incubated by OSADL in Germany and promises to be an important part of automation tooling support moving forward.
Our Training Material Continues To Support The Market
In 2021 and 2022 the OpenChain Education Work Group released online courses in collaboration with LF Training. During January we received some updates providing context for market impact.
It is also noteworthy that Continental Corporation made LFC193 a required course for their software developers from late Q3 2022. This is a concrete example of a company leveraging free resources provided by OpenChain Project and The Linux Foundation to support their open source governance processes.
Our newsletter contains some of the highlights from the last month of activity in the project. Plenty more happened. Check out the full stream here: https://www.openchainproject.org/news
OpenChain @ Q1 Survey Results
Find the fascinating results of our Q1 community survey here:
Our newsletter contains some of the highlights from the last month of activity in the project. Plenty more happened. Check out the full stream here: https://www.openchainproject.org/news
OpenChain @ The Japanese Ministry of Trade (METI) on Open Source
You can watch OpenChain Webinars #21 & 22 on OpenChain as an Inclusive Community & Linux License Clean-Up Disorder Dispelled + ISO 5230 in the Context of Security:
Our newsletter contains some of the highlights from the last month of activity in the project. Plenty more happened. Check out the full stream here: https://www.openchainproject.org/news
Our newsletter contains some of the highlights from the last month of activity in the project. Plenty more happened. Check out the full stream here: https://www.openchainproject.org/news
OpenChain @ Quarterly Survey
The Q1 Survey is live for 2 weeks. This is the key way we collect feedback to help improve our support of ISO 5230 and our broader ecosystem, and should only take 10 minutes to complete.
You can watch OpenChain Webinars #17 & 18 on LFX: Tools to Build and Scale Sustainable Technologies, & Exploring Sustainable Community Management Through FreeDOS, respectively:
