SlideShare ist ein Scribd-Unternehmen logo

OpenChain Germany Work Group Meeting 2022-11-16

Als PPTX, PDF herunterladen
Shane Coughlan
Shane Coughlan

OpenChain Germany Work Group Meeting 2022-11-16

Software
1 von 42
OpenChain Germany Work Group 2022-11-16
Anti-Trust Policy Notice ● Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. ● Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.
Agenda • Introductions • Specification news • SBOM news • OSPO news • Automation news • Work on standards and core material • Work on reference and supporting material • Work to support other projects • Other stuff
Introductions
Specification news
Specification Chair Rotation Underway Mark Gisi, our founding chair of the OpenChain Specification Work Group (leading the creation of ISO/IEC 5230), will formally pass the leadership torch before end of year. Because of this we are seeking two people to act as OpenChain Specification Chairs. The idea is to allow chairs to split the work and/or alternate between editing around License Compliance (ISO/IEC 5230) and Security (OpenChain Security Assurance Specification).
Specification Chair Rotation Underway Being a chair around our specifications does not require specialized experience, but of course we do have some preferences: (1) Be from a company using open source in products or services; (2) Have domain knowledge in either license compliance or security assurance; (3) Be detail-focused and unbiased; (4) Have experience building consensus in community discussions.
Specification Chair Rotation Underway (a) Participate in our monthly community calls; (b) Help lead the segment reviewing open issues or accepting new issues around the specifications; (c) Make judgement calls around what is included in the edit cycle and what is not (subject to Steering Committee approval for final decisions); (d) Coordinate with the General Manager to finalize editing around the specifications; (e) Participate in future Steering Committee meetings (4 per year from 2023) to vote on final versions of our specifications.
Specification Chair Rotation Underway Who is nominated? Steve Kilbane from Analogue Devices Jacob Wilson from Gemini Chris Wood from Lockheed Martin Helio Chissini de Castro from CARIAD.
Specification Chair Rotation Underway (1) We have two spaces in total available (co-chairs); (2) If two or fewer people are nominated before November 15th, they will become co-chairs of the specification activity around OpenChain with a one-year term; (3) If more than two people are nominated before November 15th, an election will be triggered; (4) The election will take place via email between 15th and 22nd November and will be “first past the post;” (5) Current chairs may be re-elected in the next cycle in the same manner as this time. We may, of course, adjust this process for future years depending on lessons learned from this first election cycle.
And…
Specification Editing Cycle Begins This Month Updating OpenChain ISO/IEC 5230:2020 (License Compliance) ○ Also known as OpenChain 2.1 ○ Editing on new version – third generation – starts today ○ ISO update ETA 2024 Updating OpenChain Security Assurance Specification 1.1 ○ Reminder: generation one is going into the ISO/IEC process via JTC-1 ETA mid-2023 ○ Adjacent to this, editing on new version – second generation – starts today ○ ISO update ETA 2024
SBOM news
Update from SPDX Project (thanks Kate) ● SPDX 2.3 is out, we're still working on getting the default version showing up on the web site (help welcome!) but the version is https://spdx.github.io/spdx-spec/v2.3/ ● Join in the monthly calls for details on the 3.0 model and subgroup progress ● Active work is ongoing on Build profile, AI profile, Dataset profile, (as well as security & licensing) for inclusion in 3.0. ● New license list coming soon. ● SPDX Python library rework (sponsored by OpenSSF) is progressing well. ● Open Call on Thursdays for 30 minutes, anyone wanting to join in for progress details, issue discussion, etc. is welcome ● New test suite for checking libraries is being incorporated into the SPDX repo
OSPO news
TODO Project News (thanks Ana) ● TODO and CHAOSS working together on the new OSPO Metrics Working Group ● TODO Community Survey 2022 ● OSPOlogy.live Netherlands for the Public Sector & Energy Industry (January 2023) ● Next community call: How to automate your FOSS policy and processes
Security news
Update from OpenSSF Project (thanks David) ● Sigstore Announces General Availability at SigstoreCon https://openssf.org/press-release/2022/10/25/sigstore-announces-general-availability-at-sigstorecon/ ● OpenSSF Project Alpha-Omega Invests in the OpenJS Foundation and jQuery to Help Secure the Consumer Web https://openssf.org/blog/2022/10/24/openssf-project-alpha-omega-invests-in-the-openjs-foundation-and-jquery-to-help-secure-the- consumer-web/ ● Report Finds OpenSSF Scorecards Are Highly Effective Measures to Assess Project Security https://openssf.org/blog/2022/10/20/report-finds-openssf-scorecards-are-highly-effective-measures-to-assess-project-security/ ● How OSPOs Can Be a Key Lever for Open Source Sustainability and Security https://openssf.org/blog/2022/09/29/how-ospos-can-be-a-key-lever-for-open-source-sustainability-and-security/ ● Also: Sonatype's 8th annual "State of the Software Supply Chain Report" (2022): https://www.sonatype.com/state-of-the-software-supply-chain/introduction
Automation news
OpenChain Automation Work Group Capability Map 1.5.7: ● A way to understand what is needed (and what is available) around open source tooling for open source license compliance OpenAPI 0.2.2: ● This API specification describes the minimum requirements any API should follow to comply with the OpenChain Capability Model Both here: https://github.com/Open-Source-Compliance/Sharing-creates- value/tree/master/Tooling-Landscape/CapabilityMap
Capability Map 1.5.7
Get involved via our Automation Work Group ● First Wednesday Meeting in November @ 09:00 UTC+1 ● Third Wednesday Meeting in November @ 15:00 UTC+1 https://conf.fsfe.org/b/compliance-tooling Access Code: 199143 And join our mailing list: https://groups.io/g/oss-based-compliance-tooling
Work on standards and core material
We are going to work on updating our standards This does not mean the current standards are outdated. Our ISO standard for license compliance and our de facto standard for security assurance can and should continue to be included in procurement and other negotiations. However, we are formally looking for future ideas and suggestions. We want to ensure people are stakeholders in developing the next generation of our work. You can expect the editing starting today to result in formal updates in 2024 for both the ISO standard for license compliance and the (forthcoming ISO standard for security assurance.
Our License Compliance Specification We are formally opening an editing cycle for this specification. It is intended to provide a forum for ideas, suggestions and corrections. It will result in an update to ISO/IEC 5230:2020 circa 2024. Current specification here: https://github.com/OpenChain-Project/License-Compliance- Specification/blob/master/Official/en/2.1/openchainspec-2.1.md Spot an issue? Have a suggestion? Submit your notes here: https://github.com/OpenChain-Project/License-Compliance-Specification/issues/new/choose Check currently open issues here: https://github.com/OpenChain-Project/License-Compliance-Specification/issues
Our Security Assurance Specification We are formally opening an editing cycle for this specification. It is intended to provide a forum for ideas, suggestions and corrections. It will result in an update to the OpenChain Security Assurance Specification (expected to be an ISO standard in mid-2023) for around mid-2024. Current specification here: https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security- Assurance-Specification/1.1/en/openchain-security-specification-1.1.md Spot an issue? Have a suggestion? Submit your notes here: https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/new/choose Check currently open issues here: https://github.com/OpenChain-Project/Security-Assurance-Specification/issues
Work on reference and supporting material
Welcome Nathan, our new chairperson! 🎊 🎊
Recently Released – Path to Conformance A resource previous located on our website is the Path to Conformance. The old iteration was significantly outdated due to material and our project evolving. A new iteration has been started in GitHub in MarkDown to make editing and translation a lot easier: https://github.com/OpenChain-Project/Reference-Material/blob/master/Path-to- Conformance/Official/en/path-to-conformance-version-1.md Open issues for improvement: https://github.com/OpenChain-Project/Reference-Material/issues/new/choose
Recently Released – FAQ (needs work) The FAQ on our website has been collected as a MarkDown resource and is ready for editing and expansion. A suggested priority item for the Education Work Group is to help adjust this to properly include the new OpenChain Security Assurance Specification: https://github.com/OpenChain-Project/Reference- Material/blob/master/FAQ/2.0/en/faq.md Open issues for improvement: https://github.com/OpenChain-Project/Reference-Material/issues/new/choose
Recently Released – Supplier Education Leaflet Taking the MarkDown text of the supplier education leaflet, Shane began to prepare a Version 2 draft that will include things like the Security Assurance Specification. He suggests we edit this on the monthly calls (and of course elsewhere) to try and ensure we have solid material for the supply chain that covers both our license compliance and security work. https://github.com/OpenChain-Project/Reference- Material/blob/master/Suppliers/Leaflet/Official/MarkDown/en/supply-chain-education- leaflet-version-2.md Open issues for improvement: https://github.com/OpenChain-Project/Reference-Material/issues/new/choose
Recently Released – Small Company Playbook The OpenChain small company playbook (version 1) has been updated as part of our ongoing effort to make it easier to edit and translate OpenChain reference material. You can get it here: https://github.com/OpenChain-Project/Reference- Material/blob/master/PlayBooks/Official/Version-1/Small- Company/en/OpenChain%20PlayBook%20-%20Small%20Company.md Do you have ideas for improving this playbook? You can submit them in this email thread or by opening an issue on GitHub: https://github.com/OpenChain-Project/Reference-Material/issues/new/choose
Needing Work – Medium Company Playbook The OpenChain small company playbook (version 1) has seen solid revisions that make things easier: https://github.com/OpenChain-Project/Reference- Material/blob/master/PlayBooks/Official/Version-1/Small- Company/en/OpenChain%20PlayBook%20-%20Small%20Company.md Perhaps we can include them in a future iteration of the medium company playbook? https://github.com/OpenChain-Project/Reference- Material/blob/master/PlayBooks/Official/Version-1/Medium- Company/en/OpenChain%20PlayBook%20-%20Medium%20Company.md
Work to support other projects
Future discussions we need to have Open questions: ● How do we interlink with OpenSSF more effectively? ● How do we interlink with ACT Project more effectively? ● How do we interlink with SPDX Project more effectively? ● How do we interlink with TODO Group more effectively?
Events coming up Our next big event is Open Compliance Summit, December 7th and 8th in Yokohama, Japan This event will cover license, security and export control compliance We also expect to host OpenChain, TODO and SPDX Mini-Summit adjacent Learn more: https://events.linuxfoundation.org/open-compliance-summit/
Other stuff
We have been working on how to better describe our work
Different groups within OpenChain User Groups (UG) Groups for OpenChain adopters, users, and partners to share experience and challenges in their local language with the lo Special Interest Groups (SIG) Sector or industry specific groups for sharing experiences or work on sector/industry specific challenges Working Groups (WG) Works on key OpenChain related topics of Global interest Working Groups Global in scope Special Interest Groups Global in scope but limited to a specific industry User Groups (UG) Global issues with a local scope
User Group Working Group Special Interest Group Different groups within OpenChain Working Group • Works on key OpenChain related topics of Global interest • Develops and maintains specifications old and new • Develops materials to help spread and implement OpenChain Special Interest Group • Industry specific groups focusing on: • Exchanging experience and challenges with industry peers. • Work on solving specific industry challenges User Group • Anchored in the local community • Allowing everyone the opportunity to discuss and exchange experience in the language and cultural setting most familiar to them • Creating the basis of broadening the local OpenChain community
See you next time!

Empfohlen

OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15
Shane Coughlan
 
OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01
Shane Coughlan
 
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
Shane Coughlan
 
OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023
Shane Coughlan
 
OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07
Shane Coughlan
 
2023-06-corporate
2023-06-corporate2023-06-corporate
2023-06-corporate
Shane Coughlan
 
2023-06-classic
2023-06-classic2023-06-classic
2023-06-classic
Shane Coughlan
 
2023-06-cute
2023-06-cute2023-06-cute
2023-06-cute
Shane Coughlan
 

Empfohlen

OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15
Shane Coughlan
 
OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01
Shane Coughlan
 
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
Shane Coughlan
 
OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023
Shane Coughlan
 
OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07
Shane Coughlan
 
2023-06-corporate
2023-06-corporate2023-06-corporate
2023-06-corporate
Shane Coughlan
 
2023-06-classic
2023-06-classic2023-06-classic
2023-06-classic
Shane Coughlan
 
2023-06-cute
2023-06-cute2023-06-cute
2023-06-cute
Shane Coughlan
 
OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17
Shane Coughlan
 
OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27
Shane Coughlan
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11
Shane Coughlan
 
OpenChain Monthly Meeting - North America / Asia - 2023-03-21
OpenChain Monthly Meeting - North America / Asia - 2023-03-21OpenChain Monthly Meeting - North America / Asia - 2023-03-21
OpenChain Monthly Meeting - North America / Asia - 2023-03-21
Shane Coughlan
 
OpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonOpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - Lyon
Shane Coughlan
 
OpenChain Monthly Meeting (US / Europe) 2023-01-03
OpenChain Monthly Meeting (US / Europe) 2023-01-03OpenChain Monthly Meeting (US / Europe) 2023-01-03
OpenChain Monthly Meeting (US / Europe) 2023-01-03
Shane Coughlan
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19
Shane Coughlan
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
Shane Coughlan
 
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
NASA Open Government Initiative
 
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Inclusive, Accessible Tech: Bias-Free Language in Code and ConfigurationsInclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Anne Gentle
 
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Inclusive, Accessible Tech: Bias-Free Language in Code and ConfigurationsInclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Pronovix
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
Shane Coughlan
 
OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0
Shane Coughlan
 
Great Open Source Compliance For Everyone (Version 3)
Great Open Source Compliance For Everyone (Version 3)Great Open Source Compliance For Everyone (Version 3)
Great Open Source Compliance For Everyone (Version 3)
Shane Coughlan
 
OpenChain Webinar #11 - cii-bp-badge-intro
OpenChain Webinar #11 - cii-bp-badge-introOpenChain Webinar #11 - cii-bp-badge-intro
OpenChain Webinar #11 - cii-bp-badge-intro
Shane Coughlan
 
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
Shane Coughlan
 
Why is Open Source Important to Samsung and What Are We Doing About It?
Why is Open Source Important to Samsung and What Are We Doing About It?Why is Open Source Important to Samsung and What Are We Doing About It?
Why is Open Source Important to Samsung and What Are We Doing About It?
Samsung Open Source Group
 
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
hani727151
 
OpenChain @ OSPOlogy.live Sweden 2022
OpenChain @ OSPOlogy.live Sweden 2022OpenChain @ OSPOlogy.live Sweden 2022
OpenChain @ OSPOlogy.live Sweden 2022
Shane Coughlan
 
Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022
Shane Coughlan
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
Shane Coughlan
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
Shane Coughlan
 

Weitere ähnliche Inhalte

Ähnlich wie OpenChain Germany Work Group Meeting 2022-11-16

Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Inclusive, Accessible Tech: Bias-Free Language in Code and ConfigurationsInclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Anne Gentle
 
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Inclusive, Accessible Tech: Bias-Free Language in Code and ConfigurationsInclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Pronovix
 

Ähnlich wie OpenChain Germany Work Group Meeting 2022-11-16 (20)

OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17
 
OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11
 
OpenChain Monthly Meeting - North America / Asia - 2023-03-21
OpenChain Monthly Meeting - North America / Asia - 2023-03-21OpenChain Monthly Meeting - North America / Asia - 2023-03-21
OpenChain Monthly Meeting - North America / Asia - 2023-03-21
 
OpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonOpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - Lyon
 
OpenChain Monthly Meeting (US / Europe) 2023-01-03
OpenChain Monthly Meeting (US / Europe) 2023-01-03OpenChain Monthly Meeting (US / Europe) 2023-01-03
OpenChain Monthly Meeting (US / Europe) 2023-01-03
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
 
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
 
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Inclusive, Accessible Tech: Bias-Free Language in Code and ConfigurationsInclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations
 
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Inclusive, Accessible Tech: Bias-Free Language in Code and ConfigurationsInclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
 
OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0
 
Great Open Source Compliance For Everyone (Version 3)
Great Open Source Compliance For Everyone (Version 3)Great Open Source Compliance For Everyone (Version 3)
Great Open Source Compliance For Everyone (Version 3)
 
OpenChain Webinar #11 - cii-bp-badge-intro
OpenChain Webinar #11 - cii-bp-badge-introOpenChain Webinar #11 - cii-bp-badge-intro
OpenChain Webinar #11 - cii-bp-badge-intro
 
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
 
Why is Open Source Important to Samsung and What Are We Doing About It?
Why is Open Source Important to Samsung and What Are We Doing About It?Why is Open Source Important to Samsung and What Are We Doing About It?
Why is Open Source Important to Samsung and What Are We Doing About It?
 
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
 
OpenChain @ OSPOlogy.live Sweden 2022
OpenChain @ OSPOlogy.live Sweden 2022OpenChain @ OSPOlogy.live Sweden 2022
OpenChain @ OSPOlogy.live Sweden 2022
 
Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022
 

Mehr von Shane Coughlan

OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your Code
Shane Coughlan
 

Mehr von Shane Coughlan (20)

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptx
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics Slides
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
 
OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your Code
 
OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29
 
OpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCAOpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCA
 
OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18
 
TODO_Japan_Meetup_#7_en
TODO_Japan_Meetup_#7_enTODO_Japan_Meetup_#7_en
TODO_Japan_Meetup_#7_en
 

Kürzlich hochgeladen

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 

Kürzlich hochgeladen (20)

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 

OpenChain Germany Work Group Meeting 2022-11-16

  • 2. Anti-Trust Policy Notice ● Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. ● Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.
  • 3. Agenda • Introductions • Specification news • SBOM news • OSPO news • Automation news • Work on standards and core material • Work on reference and supporting material • Work to support other projects • Other stuff
  • 6. Specification Chair Rotation Underway Mark Gisi, our founding chair of the OpenChain Specification Work Group (leading the creation of ISO/IEC 5230), will formally pass the leadership torch before end of year. Because of this we are seeking two people to act as OpenChain Specification Chairs. The idea is to allow chairs to split the work and/or alternate between editing around License Compliance (ISO/IEC 5230) and Security (OpenChain Security Assurance Specification).
  • 7. Specification Chair Rotation Underway Being a chair around our specifications does not require specialized experience, but of course we do have some preferences: (1) Be from a company using open source in products or services; (2) Have domain knowledge in either license compliance or security assurance; (3) Be detail-focused and unbiased; (4) Have experience building consensus in community discussions.
  • 8. Specification Chair Rotation Underway (a) Participate in our monthly community calls; (b) Help lead the segment reviewing open issues or accepting new issues around the specifications; (c) Make judgement calls around what is included in the edit cycle and what is not (subject to Steering Committee approval for final decisions); (d) Coordinate with the General Manager to finalize editing around the specifications; (e) Participate in future Steering Committee meetings (4 per year from 2023) to vote on final versions of our specifications.
  • 9. Specification Chair Rotation Underway Who is nominated? Steve Kilbane from Analogue Devices Jacob Wilson from Gemini Chris Wood from Lockheed Martin Helio Chissini de Castro from CARIAD.
  • 10. Specification Chair Rotation Underway (1) We have two spaces in total available (co-chairs); (2) If two or fewer people are nominated before November 15th, they will become co-chairs of the specification activity around OpenChain with a one-year term; (3) If more than two people are nominated before November 15th, an election will be triggered; (4) The election will take place via email between 15th and 22nd November and will be “first past the post;” (5) Current chairs may be re-elected in the next cycle in the same manner as this time. We may, of course, adjust this process for future years depending on lessons learned from this first election cycle.
  • 12. Specification Editing Cycle Begins This Month Updating OpenChain ISO/IEC 5230:2020 (License Compliance) ○ Also known as OpenChain 2.1 ○ Editing on new version – third generation – starts today ○ ISO update ETA 2024 Updating OpenChain Security Assurance Specification 1.1 ○ Reminder: generation one is going into the ISO/IEC process via JTC-1 ETA mid-2023 ○ Adjacent to this, editing on new version – second generation – starts today ○ ISO update ETA 2024
  • 14. Update from SPDX Project (thanks Kate) ● SPDX 2.3 is out, we're still working on getting the default version showing up on the web site (help welcome!) but the version is https://spdx.github.io/spdx-spec/v2.3/ ● Join in the monthly calls for details on the 3.0 model and subgroup progress ● Active work is ongoing on Build profile, AI profile, Dataset profile, (as well as security & licensing) for inclusion in 3.0. ● New license list coming soon. ● SPDX Python library rework (sponsored by OpenSSF) is progressing well. ● Open Call on Thursdays for 30 minutes, anyone wanting to join in for progress details, issue discussion, etc. is welcome ● New test suite for checking libraries is being incorporated into the SPDX repo
  • 16. TODO Project News (thanks Ana) ● TODO and CHAOSS working together on the new OSPO Metrics Working Group ● TODO Community Survey 2022 ● OSPOlogy.live Netherlands for the Public Sector & Energy Industry (January 2023) ● Next community call: How to automate your FOSS policy and processes
  • 18. Update from OpenSSF Project (thanks David) ● Sigstore Announces General Availability at SigstoreCon https://openssf.org/press-release/2022/10/25/sigstore-announces-general-availability-at-sigstorecon/ ● OpenSSF Project Alpha-Omega Invests in the OpenJS Foundation and jQuery to Help Secure the Consumer Web https://openssf.org/blog/2022/10/24/openssf-project-alpha-omega-invests-in-the-openjs-foundation-and-jquery-to-help-secure-the- consumer-web/ ● Report Finds OpenSSF Scorecards Are Highly Effective Measures to Assess Project Security https://openssf.org/blog/2022/10/20/report-finds-openssf-scorecards-are-highly-effective-measures-to-assess-project-security/ ● How OSPOs Can Be a Key Lever for Open Source Sustainability and Security https://openssf.org/blog/2022/09/29/how-ospos-can-be-a-key-lever-for-open-source-sustainability-and-security/ ● Also: Sonatype's 8th annual "State of the Software Supply Chain Report" (2022): https://www.sonatype.com/state-of-the-software-supply-chain/introduction
  • 20. OpenChain Automation Work Group Capability Map 1.5.7: ● A way to understand what is needed (and what is available) around open source tooling for open source license compliance OpenAPI 0.2.2: ● This API specification describes the minimum requirements any API should follow to comply with the OpenChain Capability Model Both here: https://github.com/Open-Source-Compliance/Sharing-creates- value/tree/master/Tooling-Landscape/CapabilityMap
  • 22. Get involved via our Automation Work Group ● First Wednesday Meeting in November @ 09:00 UTC+1 ● Third Wednesday Meeting in November @ 15:00 UTC+1 https://conf.fsfe.org/b/compliance-tooling Access Code: 199143 And join our mailing list: https://groups.io/g/oss-based-compliance-tooling
  • 23. Work on standards and core material
  • 24. We are going to work on updating our standards This does not mean the current standards are outdated. Our ISO standard for license compliance and our de facto standard for security assurance can and should continue to be included in procurement and other negotiations. However, we are formally looking for future ideas and suggestions. We want to ensure people are stakeholders in developing the next generation of our work. You can expect the editing starting today to result in formal updates in 2024 for both the ISO standard for license compliance and the (forthcoming ISO standard for security assurance.
  • 25. Our License Compliance Specification We are formally opening an editing cycle for this specification. It is intended to provide a forum for ideas, suggestions and corrections. It will result in an update to ISO/IEC 5230:2020 circa 2024. Current specification here: https://github.com/OpenChain-Project/License-Compliance- Specification/blob/master/Official/en/2.1/openchainspec-2.1.md Spot an issue? Have a suggestion? Submit your notes here: https://github.com/OpenChain-Project/License-Compliance-Specification/issues/new/choose Check currently open issues here: https://github.com/OpenChain-Project/License-Compliance-Specification/issues
  • 26. Our Security Assurance Specification We are formally opening an editing cycle for this specification. It is intended to provide a forum for ideas, suggestions and corrections. It will result in an update to the OpenChain Security Assurance Specification (expected to be an ISO standard in mid-2023) for around mid-2024. Current specification here: https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security- Assurance-Specification/1.1/en/openchain-security-specification-1.1.md Spot an issue? Have a suggestion? Submit your notes here: https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/new/choose Check currently open issues here: https://github.com/OpenChain-Project/Security-Assurance-Specification/issues
  • 27. Work on reference and supporting material
  • 28. Welcome Nathan, our new chairperson! 🎊 🎊
  • 29. Recently Released – Path to Conformance A resource previous located on our website is the Path to Conformance. The old iteration was significantly outdated due to material and our project evolving. A new iteration has been started in GitHub in MarkDown to make editing and translation a lot easier: https://github.com/OpenChain-Project/Reference-Material/blob/master/Path-to- Conformance/Official/en/path-to-conformance-version-1.md Open issues for improvement: https://github.com/OpenChain-Project/Reference-Material/issues/new/choose
  • 30. Recently Released – FAQ (needs work) The FAQ on our website has been collected as a MarkDown resource and is ready for editing and expansion. A suggested priority item for the Education Work Group is to help adjust this to properly include the new OpenChain Security Assurance Specification: https://github.com/OpenChain-Project/Reference- Material/blob/master/FAQ/2.0/en/faq.md Open issues for improvement: https://github.com/OpenChain-Project/Reference-Material/issues/new/choose
  • 31. Recently Released – Supplier Education Leaflet Taking the MarkDown text of the supplier education leaflet, Shane began to prepare a Version 2 draft that will include things like the Security Assurance Specification. He suggests we edit this on the monthly calls (and of course elsewhere) to try and ensure we have solid material for the supply chain that covers both our license compliance and security work. https://github.com/OpenChain-Project/Reference- Material/blob/master/Suppliers/Leaflet/Official/MarkDown/en/supply-chain-education- leaflet-version-2.md Open issues for improvement: https://github.com/OpenChain-Project/Reference-Material/issues/new/choose
  • 32. Recently Released – Small Company Playbook The OpenChain small company playbook (version 1) has been updated as part of our ongoing effort to make it easier to edit and translate OpenChain reference material. You can get it here: https://github.com/OpenChain-Project/Reference- Material/blob/master/PlayBooks/Official/Version-1/Small- Company/en/OpenChain%20PlayBook%20-%20Small%20Company.md Do you have ideas for improving this playbook? You can submit them in this email thread or by opening an issue on GitHub: https://github.com/OpenChain-Project/Reference-Material/issues/new/choose
  • 33. Needing Work – Medium Company Playbook The OpenChain small company playbook (version 1) has seen solid revisions that make things easier: https://github.com/OpenChain-Project/Reference- Material/blob/master/PlayBooks/Official/Version-1/Small- Company/en/OpenChain%20PlayBook%20-%20Small%20Company.md Perhaps we can include them in a future iteration of the medium company playbook? https://github.com/OpenChain-Project/Reference- Material/blob/master/PlayBooks/Official/Version-1/Medium- Company/en/OpenChain%20PlayBook%20-%20Medium%20Company.md
  • 34. Work to support other projects
  • 35. Future discussions we need to have Open questions: ● How do we interlink with OpenSSF more effectively? ● How do we interlink with ACT Project more effectively? ● How do we interlink with SPDX Project more effectively? ● How do we interlink with TODO Group more effectively?
  • 36. Events coming up Our next big event is Open Compliance Summit, December 7th and 8th in Yokohama, Japan This event will cover license, security and export control compliance We also expect to host OpenChain, TODO and SPDX Mini-Summit adjacent Learn more: https://events.linuxfoundation.org/open-compliance-summit/
  • 38. We have been working on how to better describe our work
  • 39.
  • 40. Different groups within OpenChain User Groups (UG) Groups for OpenChain adopters, users, and partners to share experience and challenges in their local language with the lo Special Interest Groups (SIG) Sector or industry specific groups for sharing experiences or work on sector/industry specific challenges Working Groups (WG) Works on key OpenChain related topics of Global interest Working Groups Global in scope Special Interest Groups Global in scope but limited to a specific industry User Groups (UG) Global issues with a local scope
  • 41. User Group Working Group Special Interest Group Different groups within OpenChain Working Group • Works on key OpenChain related topics of Global interest • Develops and maintains specifications old and new • Develops materials to help spread and implement OpenChain Special Interest Group • Industry specific groups focusing on: • Exchanging experience and challenges with industry peers. • Work on solving specific industry challenges User Group • Anchored in the local community • Allowing everyone the opportunity to discuss and exchange experience in the language and cultural setting most familiar to them • Creating the basis of broadening the local OpenChain community
  • 42. See you next time!