Skip to main content
Category

News

FNST (FUJITSU NANJING SOFTWARE TECHNOLOGY CO., LTD.) Recertification of ISO/IEC 5230:2020

By Featured, News

Nanjing Fujitsu Nanda Software Technology Co., Ltd. (herein after called ‘FNST’), the second company in China to adopt ISO/IEC 5230:2020, has completed regular recertification for the international standard for open source license compliance. This standard defines the key requirements of a quality open source compliance program, and helps to both reduce errors and increase efficiency across the global supply chain.

ISO/IEC 5230:2020 and ISO/IEC 18974:2023, a sister standard for security assurance, have a regular recertification process to ensure that open source programs are up-to-date and match current organizational strategy and staffing. Recertification can be done through self-certification, independent assessment or third-party certification on a regular 18 month cycle. The OpenChain Project provides extensive certification support via its website: https://www.openchainproject.org/get-started

“The ISO/IEC 5230 recertification process is a key part in ensuring processes are current and match products, services and strategy. FNST’s recertification to our standard for open source license compliance is a clear demonstration of their ongoing commitment to excellence in open source management.” – Shane Coughlan, OpenChain General Manager.

About FNST

FNST is an overseas software development center of Fujitsu Limited, which was jointly established by Fujitsu Limited and Nanjing University in 1999. Since 2003, FNST has been contributing to the open source community with submission of over 18,000 patches for various fields such as Linux kernel, OpenStack and Cloud Native Computing Foundation. FNST has also been one of organizers of China Linux Kernel Developer Conference since 2011. For more information, please see https://www.fujitsu.com/cn/fnst/

About Fujitsu

Fujitsu’s purpose is to make the world more sustainable by building trust in society through innovation. As the digital transformation partner of choice for customers in over 100 countries, our 124,000 employees work to resolve some of the greatest challenges facing humanity. Our range of services and solutions draw on five key technologies: Computing, Networks, AI, Data & Security, and Converging Technologies, which we bring together to deliver sustainability transformation. Fujitsu Limited (TSE:6702) reported consolidated revenues of 3.7 trillion yen (US$28 billion) for the fiscal year ended March 31, 2023 and remains the top digital services company in Japan by market share. Find out more: www.fujitsu.com

About the OpenChain Project

The OpenChain Project has been building Trust in the Supply Chain Since 2016. Our vision is a supply chain where open source is delivered with trusted and consistent process management information. Our mission is to make that happen. The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. Learn more at https://www.openchainproject.org/

BlackBerry: Three-Way Case Study – The use of ISO/IEC 5230:2020 by a company providing mission-critical services to enterprise clients around the world

By Featured, News

BlackBerry, OSS Consultants and OpenChain

The OpenChain Project maintains two ISO/IEC standards designed to help optimize business process management around open-source software. One of the standards, ISO/IEC 5230:2020, focuses on how to establish and run a quality open-source license compliance program. Another of the standards, ISO/IEC 18974:2023, focuses on how to establish and run a quality open-source security assurance program. Taken together, these standards provide a reliable, efficient and effective way to manage the open-source supply chain.

This case study will highlight the use of ISO/IEC 5230:2020 by a company providing mission-critical services to enterprise clients around the world.

The Direction Taken

For BlackBerry’s particular use-case, OSS Consultants recommended a centralized solution that enabled a single process to serve the business. This allowed BlackBerry to utilize our expertise to further develop in-house OSPO capabilities, reduce their tooling spend, and provide better holistic coverage based on a single strategy that included a single set of standards and principles.

Key Lesson Learned

The ISO/IEC 5230 recertification process provided an excellent opportunity to assess lessons learned and consider these not only from the company perspective, but also with respect to larger supply chain optimization.

Review and Download the Case Study

OpenChain Workshop – Supply Chain Best Practices in China using ISO 5230 and ISO 18974 – Full Recording

By Featured, News

We held a special workshop in Shinagawa on March 18th focused on case studies about open source business process management in China. The main topic was how ISO 5230 and ISO 18974 are being used from upstream project to commercial ecosystem.

We used an operating system ecosystem called openEuler as the basis for our case studies. openEuler is an emerging operating system ecosystem in China with 36.8% of the server operating system market, 17,000+ developers and 500+ projects. It is hosted by the OpenAtom Foundation, and a healthy ecosystem of companies creating products exists around it. OpenChain ISO 5230 and OpenChain ISO 18974 are at the center of how business processes are managed in openEuler.


The Agenda



The Morning Session:



The Afternoon Session:



Learn More About openEuler:


Webinar: Universal CVSS Calculator

By automation, News, security, Webinar

This webinar discusses a Universal CVSS Calculator released by {metæffekt} GmbH. The open-source online tool is intended to support the assessment of vulnerabilities with their various CVSS scores from multiple authorities. It was created due to the lack of CVSS calculators which could ingest multiple vectors with different CVSS versions and compare the scores consistently.

Read The Slides

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #69, released on 2024-03-22.

OpenChain Project Meetings This Week (all times UTC)

By News

This week we have the following international meetings:

Monday 18th March:

– OpenChain Deep Dive – Case Study of Establishing and Maintaining Supply Chain Best Practices Across a Complete Operating System Ecosystem – openEuler @ 00:00 UTC

– OpenChain Webinar: Universal CVSS Calculator @ 09:00 UTC

Tuesday 19th March:

– OpenChain Monthly North America / Asia Call @ 01:00 UTC

Wednesday 20th March:

– OpenChain Automation Work Group Meeting (European Afternoon) @ 16:00 UTC

You can check out all our international meetings and get instructions on adding our calendar to your client here:

OpenChain AI Study Group Call (Europe and Asia) – 2024-03-14 – Full Recording

By News

On the 6th of March the OpenChain AI Study Group held a special AI workshop instead of the regular AI call. It provided an opportunity to deep dive into the topic with experts from Qualcomm and Arm, and a chance to ask questions or share ideas. The call on the 14th of March was a chance to brief OpenChain AI Study Group participants on the outcomes, and to discuss next steps.

Track This Work

You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:

Attend Future Meetings

You can find and get the dial-in details for all future AI Study Group meetings from our participate page here:

Webinar: Understanding GitHub Copilot

By ai, News, Webinar

This OpenChain Webinar welcomes Jiyon Yun and T. Greg Doucette of the GitHub team to discuss GitHub Copilot from the perspective of engagement by users, especially business users considering cost/benefit and risk containment from a legal perspective.

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #61, released on 2024-03-14.

Outcomes of the Special OpenChain AI Workshop – 2024-03-06

By Featured, News

On the 6th of March the OpenChain AI Study Group held a special AI workshop instead of the regular AI call. It provided an opportunity to deep dive into the topic with experts from Qualcomm and Arm, and a chance to ask questions or share ideas. The idea was to fold in the ideas shared thus far and seek a single coherent narrative.

Please note, at the request of attendees, this meeting was held under Chatham House Rule, and therefore a recording is not being shared.

The Formal Agenda:

– Opening comments (Dave and Matthew)
– AI Model supply chain issues (Brian)
— Use cases in context of regulatory backdrop
— Open vs. Proprietary
— War stories
— Roundtable
– Dataset supply chain issues (Jeff)
— Use cases and pragmatic practices
— Open vs. Proprietary
— War stories
— Roundtable
– Possible Solutions – how can OpenChain best provide value to the ecosystem (All)
– Closing (Dave and Matthew)

The Outcomes

It was decided that following meetings would:
– Work through key use cases
— Start with LLM – text to text as a first hypothetical
– Work through the Huggingface Model Card example
https://huggingface.co/templates/model-card-example
— Initial focus will be on what can one should supply when delivering and what one wants to see when receiving

Track This Work

You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:

Attend Future Meetings

You can find and get the dial-in details for all future AI Study Group meetings from our participate page here:

KOSYAS is the first Official Third-Party Certifier in South Korea

By Featured, News

Korea System Assurance, Inc (KOSYAS), a company that provides security testing and evaluation, network and server security, cloud security, IoT security, control system security and blockchain security, has become the first official third-party certifier for OpenChain in South Korea.

KOSYAS support third-party certification around both OpenChain ISO/IEC 5230:2020 (the international standard for open source license compliance) and OpenChain ISO/IEC 18974:2023 (the international standard for open source security assurance).

“The availability of local language support and certification for the OpenChain standards is an important step in building maturity in markets,” says Shane Coughlan, OpenChain General Manager. “We are delighted to welcome KOSYAS to our partner program in the context, and we look forward to building increased support for Korean companies with them in the years ahead.”

Learn More About Their Services:

Webinar: SCANOSS Export Control

By automation, community, legal, News, Partner Webinar, Webinar

This time we had a special Webinar from Julian at SCANOSS to show us how they have collected and built solutions around managing open source and export control.

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #61, released on 2024-03-14.