News

Device and IoT manufacturers must manage risk around the rapidly growing dependency on open source software, which directly impacts trust among software supply chain vendors and suppliers. How a software bill of materials (SBOM) plays a critical role, discusses Mark Gisi, director of the open source program office at Wind River Systems.

Imagine that you’ve injured yourself. You think you’ve broken a bone—maybe a toe. You go to a doctor to determine what’s happened and how to treat the injury. 

Who would you trust more? The doctor who just looks at the outside of your foot or the doctor who orders and reads an x-ray for clarity into what’s actually going on inside. 

Just as x-rays provide insight to what’s happening in your body, an open source software bill of materials (SBOM) provides details of what’s going on inside your software and how to handle it. 

Device and IoT manufacturers need to effectively manage risk around the rapidly growing dependency on open source software (OSS), which directly impacts trust among software supply chain vendors and suppliers. For this reason, the SBOM is a cornerstone of every robust software composition analysis (SCA) program. Here we’ll look at why that is, the critical role the SBOM plays in establishing trust around the use of open source, and why a quality SBOM is essential to the success of both internal and external stakeholders.

Read the full article here

The OpenChain Korea Work Group will hold its 10th meeting on the 22nd of June between 15:00 and 17:00 KST. The agenda will be published on the dedicated event page shortly. All welcome. No registration necessary. The meeting will be conducted in Korean.

Keep Connected To The Korea Work Group

• https://lists.openchainproject.org/g/korea-wg/topics

Check Out The Details

• https://openchain-project.github.io/OpenChain-KWG/meeting/10th/

Check out this article on ZDNet to learn more about how OpenChain ISO 5230 and other LF projects fit into the recent US Executive Order on Cybersecurity.

• https://www.zdnet.com/article/linux-and-open-source-communities-rise-to-bidens-cybersecurity-challenge/

“Open source software license compliance must not be overlooked. Following the trends in the use of ISO/IEC 5230:2020, it is fair to predict more companies and industries will demand conformance as well as integrate the standard into their supply chain work practices. Cybersecurity breaches are a serious threat to all types of businesses. In the last twelve months four in ten businesses report having cybersecurity breaches or attacks in the UK. Although ISO/IEC 5230:2020 does not contain an express provision regarding cybersecurity, conformance to the standard makes the tracking of security vulnerabilities much easier. Adherence to the ISO standard now, puts your organisation ahead of the curve and places you ahead of non-conformant competitors.”

Read The Full Article

• https://sourcecodecontrol.co/iso-5230-openchain/

“Open source adoption is increasing rapidly within the financial services industry. Thanks to cutting edge technologies, affordability, flexibility, and the power of the open source community – more and more financial institutions are encouraged to integrate open source components into their investment and more data processing systems. Meanwhile, the industry’s growing list of compliance initiatives and regulations dramatically changes the way financial companies rely on technology to help improve governance and compliance structures. In this webinar our experts will discuss the challenges the financial services industry faces when it comes to open source compliance, a look at regulation trusted standards and how companies that want to stay ahead of the game must leverage technology to automate important security and compliance processes.”

Register for Free

• https://www.whitesourcesoftware.com/accelerating-innovation-with-open-source-in-the-financial-sector/?utm_origin=alliance&utm_source=openchain

UK State of Open Survey Seeks Feedback:

OpenUK.UK/StateofOpen

Everyone based in the UK is welcome, and if you know what IT your company uses it will take about 10 minutes to complete. It’s purposely simple.

Survey closes June 10th.

When Using OSS, Track These Three Artifacts