OpenChain-Monthly-Meeting-2022-11-15

Shane Coughlan
Shane CoughlanOpenChain Program Manager à The Linux Foundation
OpenChain Monthly Meeting 2022-11-15
Anti-Trust Policy Notice ● Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. ● Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.
Regular Agenda • Introductions • Specification news • SBOM news • OSPO news • Automation news • Work on standards and core material • Work on reference and supporting material • Work to support other projects • Any other business • Close of meeting
Introductions
Specification news
Specification Chair Rotation Underway Mark Gisi, our founding chair of the OpenChain Specification Work Group (leading the creation of ISO/IEC 5230), will formally pass the leadership torch before end of year. Because of this we are seeking two people to act as OpenChain Specification Chairs. The idea is to allow chairs to split the work and/or alternate between editing around License Compliance (ISO/IEC 5230) and Security (OpenChain Security Assurance Specification).
Specification Chair Rotation Underway Being a chair around our specifications does not require specialized experience, but of course we do have some preferences: (1) Be from a company using open source in products or services; (2) Have domain knowledge in either license compliance or security assurance; (3) Be detail-focused and unbiased; (4) Have experience building consensus in community discussions.
Specification Chair Rotation Underway (a) Participate in our monthly community calls; (b) Help lead the segment reviewing open issues or accepting new issues around the specifications; (c) Make judgement calls around what is included in the edit cycle and what is not (subject to Steering Committee approval for final decisions); (d) Coordinate with the General Manager to finalize editing around the specifications; (e) Participate in future Steering Committee meetings (4 per year from 2023) to vote on final versions of our specifications.
Specification Chair Rotation Underway How do I nominate myself? Just say so via our specification mailing list: https://lists.openchainproject.org/g/specification Is anyone else currently nominated? Yes, Steve Kilbane from Analogue Devices, Jacob Wilson from Gemini, Chris Wood from Lockheed Martin and Helio Chissini de Castro from CARIAD.
Specification Chair Rotation Underway (1) We have two spaces in total available (co-chairs); (2) If two or fewer people are nominated before November 15th, they will become co-chairs of the specification activity around OpenChain with a one year term; (3) If more than two people are nominated before November 15th, an election will be triggered; (4) The election will take place via email between 15th and 22nd November and will be “first past the post;” (5) Current chairs may be re-elected in the next cycle in the same manner as this time. We may, of course, adjust this process for future years depending on lessons learned from this first election cycle.
And…
Specification Editing Cycle Begins This Month Updating OpenChain ISO/IEC 5230:2020 (License Compliance) ○ Also known as OpenChain 2.1 ○ Editing on new version – third generation – starts today ○ ISO update ETA 2024 Updating OpenChain Security Assurance Specification 1.1 ○ Reminder: generation one is going into the ISO/IEC process via JTC-1 ETA mid-2023 ○ Adjacent to this, editing on new version – second generation – starts today ○ ISO update ETA 2024
SBOM news
Update from SPDX Project (thanks Kate) ● SPDX 2.3 is out, we're still working on getting the default version showing up on the web site (help welcome!) but the version is https://spdx.github.io/spdx-spec/v2.3/ ● Join in the monthly call on Thursday Nov 3, at 8am PST for details on the 3.0 model and subgroup progress ● Active work is ongoing on Build profile, AI profile, Dataset profile, (as well as security & licensing) for inclusion in 3.0. ● New license list coming soon. ● SPDX Python library rework (sponsored by OpenSSF) is progressing well. ● Open Call on Thursdays for 30 minutes, anyone wanting to join in for progress details, issue discussion, etc. is welcome ● New test suite for checking libraries is being incorporated into the SPDX repo
OSPO news
TODO Project News (thanks Ana) ● TODO and CHAOSS working together on the new OSPO Metrics Working Group ● TODO Community Survey 2022 ● OSPOlogy.live Netherlands for the Public Sector & Energy Industry (January 2023) ● Next community call: How to automate your FOSS policy and processes
Security news
Update from OpenSSF Project (thanks David) ● Sigstore Announces General Availability at SigstoreCon https://openssf.org/press-release/2022/10/25/sigstore-announces-general-availability-at-sigstorecon/ ● OpenSSF Project Alpha-Omega Invests in the OpenJS Foundation and jQuery to Help Secure the Consumer Web https://openssf.org/blog/2022/10/24/openssf-project-alpha-omega-invests-in-the-openjs-foundation-and- jquery-to-help-secure-the-consumer-web/ ● Report Finds OpenSSF Scorecards Are Highly Effective Measures to Assess Project Security https://openssf.org/blog/2022/10/20/report-finds-openssf-scorecards-are-highly-effective-measures-to-assess- project-security/ ● How OSPOs Can Be a Key Lever for Open Source Sustainability and Security https://openssf.org/blog/2022/09/29/how-ospos-can-be-a-key-lever-for-open-source-sustainability-and- security/ ● Also: Sonatype's 8th annual "State of the Software Supply Chain Report" (2022): https://www.sonatype.com/state-of-the-software-supply-chain/introduction
Automation news
OpenChain Automation Work Group Capability Map 1.5.7: ● A way to understand what is needed (and what is available) around open source tooling for open source license compliance OpenAPI 0.2.2: ● This API specification describes the minimum requirements any API should follow to comply with the OpenChain Capability Model Both here: https://github.com/Open-Source-Compliance/Sharing-creates- value/tree/master/Tooling-Landscape/CapabilityMap
Capability Map 1.5.7
Get involved via our Automation Work Group ● First Wednesday Meeting in November @ 09:00 UTC+1 ● Third Wednesday Meeting in November @ 15:00 UTC+1 https://conf.fsfe.org/b/compliance-tooling Access Code: 199143 And join our mailing list: https://groups.io/g/oss-based-compliance-tooling
Work on standards and core material
We are going to work on updating our standards This does not mean the current standards are outdated. Our ISO standard for license compliance and our de facto standard for security assurance can and should continue to be included in procurement and other negotiations. However, we are formally looking for future ideas and suggestions. We want to ensure people are stakeholders in developing the next generation of our work. You can expect the editing starting today to result in formal updates in 2024 for both the ISO standard for license compliance and the (forthcoming ISO standard for security assurance.
Our License Compliance Specification We are formally opening an editing cycle for this specification. It is intended to provide a forum for ideas, suggestions and corrections. It will result in an update to ISO/IEC 5230:2020 circa 2024. Current specification here: https://github.com/OpenChain-Project/License-Compliance- Specification/blob/master/Official/en/2.1/openchainspec-2.1.md Spot an issue? Have a suggestion? Submit your notes here: https://github.com/OpenChain-Project/License-Compliance- Specification/issues/new/choose Check currently open issues here: https://github.com/OpenChain-Project/License-Compliance-Specification/issues
Our Security Assurance Specification We are formally opening an editing cycle for this specification. It is intended to provide a forum for ideas, suggestions and corrections. It will result in an update to the OpenChain Security Assurance Specification (expected to be an ISO standard in mid-2023) for around mid-2024. Current specification here: https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security- Assurance-Specification/1.1/en/openchain-security-specification-1.1.md Spot an issue? Have a suggestion? Submit your notes here: https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/new/choose Check currently open issues here: https://github.com/OpenChain-Project/Security-Assurance-Specification/issues
Next call… live editing of issues!
Work on reference and supporting material
Welcome Nathan, our new chairperson! 🎊 🎊
Recently Released – Path to Conformance A resource previous located on our website is the Path to Conformance. The old iteration was significantly outdated due to material and our project evolving. A new iteration has been started in GitHub in MarkDown to make editing and translation a lot easier: https://github.com/OpenChain-Project/Reference-Material/blob/master/Path-to- Conformance/Official/en/path-to-conformance-version-1.md Open issues for improvement: https://github.com/OpenChain-Project/Reference-Material/issues/new/choose
Recently Released – FAQ (needs work) The FAQ on our website has been collected as a MarkDown resource and is ready for editing and expansion. A suggested priority item for the Education Work Group is to help adjust this to properly include the new OpenChain Security Assurance Specification: https://github.com/OpenChain-Project/Reference- Material/blob/master/FAQ/2.0/en/faq.md Open issues for improvement: https://github.com/OpenChain-Project/Reference-Material/issues/new/choose
Recently Released – Supplier Education Leaflet Taking the MarkDown text of the supplier education leaflet, Shane began to prepare a Version 2 draft that will include things like the Security Assurance Specification. He suggests we edit this on the monthly calls (and of course elsewhere) to try and ensure we have solid material for the supply chain that covers both our license compliance and security work. https://github.com/OpenChain-Project/Reference- Material/blob/master/Suppliers/Leaflet/Official/MarkDown/en/supply-chain-education- leaflet-version-2.md Open issues for improvement: https://github.com/OpenChain-Project/Reference-Material/issues/new/choose
Recently Released – Small Company Playbook The OpenChain small company playbook (version 1) has been updated as part of our ongoing effort to make it easier to edit and translate OpenChain reference material. You can get it here: https://github.com/OpenChain-Project/Reference- Material/blob/master/PlayBooks/Official/Version-1/Small- Company/en/OpenChain%20PlayBook%20-%20Small%20Company.md Do you have ideas for improving this playbook? You can submit them in this email thread or by opening an issue on GitHub: https://github.com/OpenChain-Project/Reference-Material/issues/new/choose
Needing Work – Medium Company Playbook The OpenChain small company playbook (version 1) has seen solid revisions that make things easier: https://github.com/OpenChain-Project/Reference- Material/blob/master/PlayBooks/Official/Version-1/Small- Company/en/OpenChain%20PlayBook%20-%20Small%20Company.md Perhaps we can include them in a future iteration of the medium company playbook? https://github.com/OpenChain-Project/Reference- Material/blob/master/PlayBooks/Official/Version-1/Medium- Company/en/OpenChain%20PlayBook%20-%20Medium%20Company.md
Next call… live editing of issues!
Work to support other projects
Deferring to next call due to time Open questions: ● How do we interlink with OpenSSF more effectively? ● How do we interlink with ACT Project more effectively? ● How do we interlink with SPDX Project more effectively? ● How do we interlink with TODO Group more effectively?
Events coming up Our next big event is Open Compliance Summit, December 7th and 8th in Yokohama, Japan This event will cover license, security and export control compliance We also expect to host OpenChain, TODO and SPDX Mini-Summit adjacent Learn more: https://events.linuxfoundation.org/open-compliance-summit/
Any other business
OpenChain-Monthly-Meeting-2022-11-15
Different groups within OpenChain User Groups (UG) Groups for OpenChain adopters, users, and partners to share experience and challenges in their local language with the lo Special Interest Groups (SIG) Sector or industry specific groups for sharing experiences or work on sector/industry specific challenges Working Groups (WG) Works on key OpenChain related topics of Global interest Working Groups Global in scope Special Interest Groups Global in scope but limited to a specific industry User Groups (UG) Global issues with a local scope
User Group Working Group Special Interest Group Different groups within OpenChain Working Group • Works on key OpenChain related topics of Global interest • Develops and maintains specifications old and new • Develops materials to help spread and implement OpenChain Special Interest Group • Industry specific groups focusing on: • Exchanging experience and challenges with industry peers. • Work on solving specific industry challenges User Group • Anchored in the local community • Allowing everyone the opportunity to discuss and exchange experience in the language and cultural setting most familiar to them • Creating the basis of broadening the local OpenChain community
Close of meeting
See you next time!
1 sur 44

OpenChain-Monthly-Meeting-2022-11-15

Télécharger pour lire hors ligne
Logiciels

OpenChain-Monthly-Meeting-2022-11-15

Shane Coughlan
Shane CoughlanOpenChain Program Manager à The Linux Foundation

Recommandé

OpenChain Germany Work Group Meeting 2022-11-16 par
OpenChain Germany Work Group Meeting 2022-11-16OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16Shane Coughlan
4 vues42 diapositives
OpenChain Mini-Summit May 2023 par
OpenChain Mini-Summit May 2023OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023Shane Coughlan
252 vues47 diapositives
OpenChain Monthly Meeting 2023-02-21 (North America and Asia) par
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)Shane Coughlan
62 vues21 diapositives
OpenChain Monthly Meeting North America - Europe - 2023-02-07 par
OpenChain Monthly Meeting North America - Europe - 2023-02-07OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07Shane Coughlan
100 vues21 diapositives
OpenChain Japan Work Group - Meeting 27 par
OpenChain Japan Work Group - Meeting 27OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27Shane Coughlan
109 vues35 diapositives
OpenChain-Monthly-Meeting-2023-01-17 par
OpenChain-Monthly-Meeting-2023-01-17OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17Shane Coughlan
46 vues27 diapositives

Contenu connexe

Similaire à OpenChain-Monthly-Meeting-2022-11-15

2023-06-cute par
2023-06-cute2023-06-cute
2023-06-cuteShane Coughlan
42 vues47 diapositives
OpenChain Japan Work Group Meeting #28 - 2023-07-11 par
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11Shane Coughlan
50 vues32 diapositives
OpenChain Monthly Meeting - North America / Asia - 2023-03-21 par
OpenChain Monthly Meeting - North America / Asia - 2023-03-21OpenChain Monthly Meeting - North America / Asia - 2023-03-21
OpenChain Monthly Meeting - North America / Asia - 2023-03-21Shane Coughlan
72 vues26 diapositives
OpenChain Monthly Meeting (US / Europe) 2023-01-03 par
OpenChain Monthly Meeting (US / Europe) 2023-01-03OpenChain Monthly Meeting (US / Europe) 2023-01-03
OpenChain Monthly Meeting (US / Europe) 2023-01-03Shane Coughlan
76 vues25 diapositives
OpenChain Automotive Work Group Meeting #2 - Lyon par
OpenChain Automotive Work Group Meeting #2 - LyonOpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonShane Coughlan
446 vues19 diapositives
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx par
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxShane Coughlan
46 vues15 diapositives

Similaire à OpenChain-Monthly-Meeting-2022-11-15(20)

2023-06-cute par Shane Coughlan
2023-06-cute2023-06-cute
2023-06-cute
Shane Coughlan42 vues
OpenChain Japan Work Group Meeting #28 - 2023-07-11 par Shane Coughlan
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11
Shane Coughlan50 vues
OpenChain Monthly Meeting - North America / Asia - 2023-03-21 par Shane Coughlan
OpenChain Monthly Meeting - North America / Asia - 2023-03-21OpenChain Monthly Meeting - North America / Asia - 2023-03-21
OpenChain Monthly Meeting - North America / Asia - 2023-03-21
Shane Coughlan72 vues
OpenChain Monthly Meeting (US / Europe) 2023-01-03 par Shane Coughlan
OpenChain Monthly Meeting (US / Europe) 2023-01-03OpenChain Monthly Meeting (US / Europe) 2023-01-03
OpenChain Monthly Meeting (US / Europe) 2023-01-03
Shane Coughlan76 vues
OpenChain Automotive Work Group Meeting #2 - Lyon par Shane Coughlan
OpenChain Automotive Work Group Meeting #2 - LyonOpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - Lyon
Shane Coughlan446 vues
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx par Shane Coughlan
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
Shane Coughlan46 vues
FOSSLight Community Day 2023-11-30 par Shane Coughlan
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
Shane Coughlan5 vues
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations par Anne Gentle
Inclusive, Accessible Tech: Bias-Free Language in Code and ConfigurationsInclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Anne Gentle24 vues
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17 par Shane Coughlan
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
Shane Coughlan268 vues
Great Open Source Compliance For Everyone (Version 3) par Shane Coughlan
Great Open Source Compliance For Everyone (Version 3)Great Open Source Compliance For Everyone (Version 3)
Great Open Source Compliance For Everyone (Version 3)
Shane Coughlan148 vues
ASWF Open Source Forum 2020 par AcademySoftwareFoundation
ASWF Open Source Forum 2020ASWF Open Source Forum 2020
ASWF Open Source Forum 2020
AcademySoftwareFoundation414 vues
OpenChain @ OSPOlogy.live Sweden 2022 par Shane Coughlan
OpenChain @ OSPOlogy.live Sweden 2022OpenChain @ OSPOlogy.live Sweden 2022
OpenChain @ OSPOlogy.live Sweden 2022
Shane Coughlan59 vues
Alibaba Standardization Summit 2022 par Shane Coughlan
Alibaba Standardization Summit 2022Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022
Shane Coughlan49 vues
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations par Pronovix
Inclusive, Accessible Tech: Bias-Free Language in Code and ConfigurationsInclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations
Pronovix146 vues
The State of Open Source for Software Alliance Germany 2023-04-14 par Shane Coughlan
The State of Open Source for Software Alliance Germany 2023-04-14The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14
Shane Coughlan59 vues
Enterprise IoT solution in 30 days par Manolis Nikiforakis
Enterprise IoT solution in 30 days Enterprise IoT solution in 30 days
Enterprise IoT solution in 30 days
Manolis Nikiforakis737 vues
2011 NASA Open Source Summit - Forge.mil par NASA Open Government Initiative
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
NASA Open Government Initiative2K vues
Free and Open Source Software - Challenges for the Automotive Supply Chain par Shane Coughlan
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply Chain
Shane Coughlan207 vues
Openchain Third Monday Agenda 02-18-2019 par Shane Coughlan
Openchain Third Monday Agenda 02-18-2019Openchain Third Monday Agenda 02-18-2019
Openchain Third Monday Agenda 02-18-2019
Shane Coughlan47 vues
Why is Open Source Important to Samsung and What Are We Doing About It? par Samsung Open Source Group
Why is Open Source Important to Samsung and What Are We Doing About It?Why is Open Source Important to Samsung and What Are We Doing About It?
Why is Open Source Important to Samsung and What Are We Doing About It?
Samsung Open Source Group904 vues

Plus de Shane Coughlan

OpenChain Legal Work Group - 2023-06-29 par
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29Shane Coughlan
134 vues7 diapositives
OpenChain Webinar #53 – OpenSCA par
OpenChain Webinar #53 – OpenSCAOpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCAShane Coughlan
124 vues19 diapositives
OpenChain Korea Work Group Meeting #18 par
OpenChain Korea Work Group Meeting #18OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18Shane Coughlan
86 vues17 diapositives
legal-work-group-2023-05-25 par
legal-work-group-2023-05-25legal-work-group-2023-05-25
legal-work-group-2023-05-25Shane Coughlan
50 vues7 diapositives
FOSSLight at the OpenChain Mini-Summit May 2023 par
FOSSLight at the OpenChain Mini-Summit May 2023FOSSLight at the OpenChain Mini-Summit May 2023
FOSSLight at the OpenChain Mini-Summit May 2023Shane Coughlan
232 vues17 diapositives
OpenChain Mini-Summit 2023 - State of Tooling in Open Source Automation par
OpenChain Mini-Summit 2023 - State of Tooling in Open Source AutomationOpenChain Mini-Summit 2023 - State of Tooling in Open Source Automation
OpenChain Mini-Summit 2023 - State of Tooling in Open Source AutomationShane Coughlan
245 vues22 diapositives

Plus de Shane Coughlan(16)

OpenChain Legal Work Group - 2023-06-29 par Shane Coughlan
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29
Shane Coughlan134 vues
OpenChain Webinar #53 – OpenSCA par Shane Coughlan
OpenChain Webinar #53 – OpenSCAOpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCA
Shane Coughlan124 vues
OpenChain Korea Work Group Meeting #18 par Shane Coughlan
OpenChain Korea Work Group Meeting #18OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18
Shane Coughlan86 vues
legal-work-group-2023-05-25 par Shane Coughlan
legal-work-group-2023-05-25legal-work-group-2023-05-25
legal-work-group-2023-05-25
Shane Coughlan50 vues
FOSSLight at the OpenChain Mini-Summit May 2023 par Shane Coughlan
FOSSLight at the OpenChain Mini-Summit May 2023FOSSLight at the OpenChain Mini-Summit May 2023
FOSSLight at the OpenChain Mini-Summit May 2023
Shane Coughlan232 vues
OpenChain Mini-Summit 2023 - State of Tooling in Open Source Automation par Shane Coughlan
OpenChain Mini-Summit 2023 - State of Tooling in Open Source AutomationOpenChain Mini-Summit 2023 - State of Tooling in Open Source Automation
OpenChain Mini-Summit 2023 - State of Tooling in Open Source Automation
Shane Coughlan245 vues
How the Linux Foundation Standards for Compliance and Security will Fix Your ... par Shane Coughlan
How the Linux Foundation Standards for Compliance and Security will Fix Your ...How the Linux Foundation Standards for Compliance and Security will Fix Your ...
How the Linux Foundation Standards for Compliance and Security will Fix Your ...
Shane Coughlan51 vues
Standardizing Open Source Risk - LLW - 2023-04 par Shane Coughlan
Standardizing Open Source Risk - LLW - 2023-04Standardizing Open Source Risk - LLW - 2023-04
Standardizing Open Source Risk - LLW - 2023-04
Shane Coughlan29 vues
OpenChain Education Work Group - 2023-04-13 par Shane Coughlan
OpenChain Education Work Group - 2023-04-13OpenChain Education Work Group - 2023-04-13
OpenChain Education Work Group - 2023-04-13
Shane Coughlan33 vues
OpenChain North America and Europe Meeting - 2023-04-04 par Shane Coughlan
OpenChain North America and Europe Meeting - 2023-04-04OpenChain North America and Europe Meeting - 2023-04-04
OpenChain North America and Europe Meeting - 2023-04-04
Shane Coughlan24 vues
OpenChain Webinar #50 - An Overview of SPDX 3.0 par Shane Coughlan
OpenChain Webinar #50 - An Overview of SPDX 3.0OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0
Shane Coughlan391 vues
“State of the Tooling” in Open Source Automation par Shane Coughlan
“State of the Tooling” in Open Source Automation“State of the Tooling” in Open Source Automation
“State of the Tooling” in Open Source Automation
Shane Coughlan44 vues
OpenChain Overview Slides - 02-2023 par Shane Coughlan
OpenChain Overview Slides - 02-2023OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023
Shane Coughlan183 vues
Open Compliance Summit - Export Control Informal Discussion par Shane Coughlan
Open Compliance Summit - Export Control Informal DiscussionOpen Compliance Summit - Export Control Informal Discussion
Open Compliance Summit - Export Control Informal Discussion
Shane Coughlan45 vues
Open Compliance Summit 2022 – State of the Union from Mike Dolan, SVP and GM ... par Shane Coughlan
Open Compliance Summit 2022 – State of the Union from Mike Dolan, SVP and GM ...Open Compliance Summit 2022 – State of the Union from Mike Dolan, SVP and GM ...
Open Compliance Summit 2022 – State of the Union from Mike Dolan, SVP and GM ...
Shane Coughlan35 vues
Open Compliance Summit 2022 - Opening Keynote par Shane Coughlan
Open Compliance Summit 2022 - Opening KeynoteOpen Compliance Summit 2022 - Opening Keynote
Open Compliance Summit 2022 - Opening Keynote
Shane Coughlan104 vues

Dernier

Using Qt under LGPL-3.0 par
Using Qt under LGPL-3.0Using Qt under LGPL-3.0
Using Qt under LGPL-3.0Burkhard Stubert
12 vues11 diapositives
MS PowerPoint.pptx par
MS PowerPoint.pptxMS PowerPoint.pptx
MS PowerPoint.pptxLitty Sylus
5 vues14 diapositives
Introduction to Git Source Control par
Introduction to Git Source ControlIntroduction to Git Source Control
Introduction to Git Source ControlJohn Valentino
5 vues18 diapositives
Advanced API Mocking Techniques par
Advanced API Mocking TechniquesAdvanced API Mocking Techniques
Advanced API Mocking TechniquesDimpy Adhikary
23 vues11 diapositives
BushraDBR: An Automatic Approach to Retrieving Duplicate Bug Reports par
BushraDBR: An Automatic Approach to Retrieving Duplicate Bug ReportsBushraDBR: An Automatic Approach to Retrieving Duplicate Bug Reports
BushraDBR: An Automatic Approach to Retrieving Duplicate Bug ReportsRa'Fat Al-Msie'deen
8 vues49 diapositives
Ports-and-Adapters Architecture for Embedded HMI par
Ports-and-Adapters Architecture for Embedded HMIPorts-and-Adapters Architecture for Embedded HMI
Ports-and-Adapters Architecture for Embedded HMIBurkhard Stubert
21 vues19 diapositives

Dernier(20)

Using Qt under LGPL-3.0 par Burkhard Stubert
Using Qt under LGPL-3.0Using Qt under LGPL-3.0
Using Qt under LGPL-3.0
Burkhard Stubert12 vues
MS PowerPoint.pptx par Litty Sylus
MS PowerPoint.pptxMS PowerPoint.pptx
MS PowerPoint.pptx
Litty Sylus5 vues
Introduction to Git Source Control par John Valentino
Introduction to Git Source ControlIntroduction to Git Source Control
Introduction to Git Source Control
John Valentino5 vues
Advanced API Mocking Techniques par Dimpy Adhikary
Advanced API Mocking TechniquesAdvanced API Mocking Techniques
Advanced API Mocking Techniques
Dimpy Adhikary23 vues
BushraDBR: An Automatic Approach to Retrieving Duplicate Bug Reports par Ra'Fat Al-Msie'deen
BushraDBR: An Automatic Approach to Retrieving Duplicate Bug ReportsBushraDBR: An Automatic Approach to Retrieving Duplicate Bug Reports
BushraDBR: An Automatic Approach to Retrieving Duplicate Bug Reports
Ra'Fat Al-Msie'deen8 vues
Ports-and-Adapters Architecture for Embedded HMI par Burkhard Stubert
Ports-and-Adapters Architecture for Embedded HMIPorts-and-Adapters Architecture for Embedded HMI
Ports-and-Adapters Architecture for Embedded HMI
Burkhard Stubert21 vues
Airline Booking Software par SharmiMehta
Airline Booking SoftwareAirline Booking Software
Airline Booking Software
SharmiMehta6 vues
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated... par TomHalpin9
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...
TomHalpin96 vues
Gen Apps on Google Cloud PaLM2 and Codey APIs in Action par Márton Kodok
Gen Apps on Google Cloud PaLM2 and Codey APIs in ActionGen Apps on Google Cloud PaLM2 and Codey APIs in Action
Gen Apps on Google Cloud PaLM2 and Codey APIs in Action
Márton Kodok11 vues
Quality Engineer: A Day in the Life par John Valentino
Quality Engineer: A Day in the LifeQuality Engineer: A Day in the Life
Quality Engineer: A Day in the Life
John Valentino6 vues
360 graden fabriek par info33492
360 graden fabriek360 graden fabriek
360 graden fabriek
info33492138 vues
Keep par Geniusee
KeepKeep
Keep
Geniusee78 vues
EV Charging App Case par iCoderz Solutions
EV Charging App Case EV Charging App Case
EV Charging App Case
iCoderz Solutions8 vues
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with... par sparkfabrik
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...
sparkfabrik8 vues
.NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra... par Marc Müller
.NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra....NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra...
.NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra...
Marc Müller41 vues
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium... par Lisi Hocke
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...
Lisi Hocke35 vues
2023-November-Schneider Electric-Meetup-BCN Admin Group.pptx par animuscrm
2023-November-Schneider Electric-Meetup-BCN Admin Group.pptx2023-November-Schneider Electric-Meetup-BCN Admin Group.pptx
2023-November-Schneider Electric-Meetup-BCN Admin Group.pptx
animuscrm15 vues
Sprint 226 par ManageIQ
Sprint 226Sprint 226
Sprint 226
ManageIQ8 vues
Dapr Unleashed: Accelerating Microservice Development par Miroslav Janeski
Dapr Unleashed: Accelerating Microservice DevelopmentDapr Unleashed: Accelerating Microservice Development
Dapr Unleashed: Accelerating Microservice Development
Miroslav Janeski12 vues
tecnologia18.docx par nosi6702
tecnologia18.docxtecnologia18.docx
tecnologia18.docx
nosi67025 vues

OpenChain-Monthly-Meeting-2022-11-15

  • 2. Anti-Trust Policy Notice ● Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. ● Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.
  • 3. Regular Agenda • Introductions • Specification news • SBOM news • OSPO news • Automation news • Work on standards and core material • Work on reference and supporting material • Work to support other projects • Any other business • Close of meeting
  • 6. Specification Chair Rotation Underway Mark Gisi, our founding chair of the OpenChain Specification Work Group (leading the creation of ISO/IEC 5230), will formally pass the leadership torch before end of year. Because of this we are seeking two people to act as OpenChain Specification Chairs. The idea is to allow chairs to split the work and/or alternate between editing around License Compliance (ISO/IEC 5230) and Security (OpenChain Security Assurance Specification).
  • 7. Specification Chair Rotation Underway Being a chair around our specifications does not require specialized experience, but of course we do have some preferences: (1) Be from a company using open source in products or services; (2) Have domain knowledge in either license compliance or security assurance; (3) Be detail-focused and unbiased; (4) Have experience building consensus in community discussions.
  • 8. Specification Chair Rotation Underway (a) Participate in our monthly community calls; (b) Help lead the segment reviewing open issues or accepting new issues around the specifications; (c) Make judgement calls around what is included in the edit cycle and what is not (subject to Steering Committee approval for final decisions); (d) Coordinate with the General Manager to finalize editing around the specifications; (e) Participate in future Steering Committee meetings (4 per year from 2023) to vote on final versions of our specifications.
  • 9. Specification Chair Rotation Underway How do I nominate myself? Just say so via our specification mailing list: https://lists.openchainproject.org/g/specification Is anyone else currently nominated? Yes, Steve Kilbane from Analogue Devices, Jacob Wilson from Gemini, Chris Wood from Lockheed Martin and Helio Chissini de Castro from CARIAD.
  • 10. Specification Chair Rotation Underway (1) We have two spaces in total available (co-chairs); (2) If two or fewer people are nominated before November 15th, they will become co-chairs of the specification activity around OpenChain with a one year term; (3) If more than two people are nominated before November 15th, an election will be triggered; (4) The election will take place via email between 15th and 22nd November and will be “first past the post;” (5) Current chairs may be re-elected in the next cycle in the same manner as this time. We may, of course, adjust this process for future years depending on lessons learned from this first election cycle.
  • 12. Specification Editing Cycle Begins This Month Updating OpenChain ISO/IEC 5230:2020 (License Compliance) ○ Also known as OpenChain 2.1 ○ Editing on new version – third generation – starts today ○ ISO update ETA 2024 Updating OpenChain Security Assurance Specification 1.1 ○ Reminder: generation one is going into the ISO/IEC process via JTC-1 ETA mid-2023 ○ Adjacent to this, editing on new version – second generation – starts today ○ ISO update ETA 2024
  • 14. Update from SPDX Project (thanks Kate) ● SPDX 2.3 is out, we're still working on getting the default version showing up on the web site (help welcome!) but the version is https://spdx.github.io/spdx-spec/v2.3/ ● Join in the monthly call on Thursday Nov 3, at 8am PST for details on the 3.0 model and subgroup progress ● Active work is ongoing on Build profile, AI profile, Dataset profile, (as well as security & licensing) for inclusion in 3.0. ● New license list coming soon. ● SPDX Python library rework (sponsored by OpenSSF) is progressing well. ● Open Call on Thursdays for 30 minutes, anyone wanting to join in for progress details, issue discussion, etc. is welcome ● New test suite for checking libraries is being incorporated into the SPDX repo
  • 16. TODO Project News (thanks Ana) ● TODO and CHAOSS working together on the new OSPO Metrics Working Group ● TODO Community Survey 2022 ● OSPOlogy.live Netherlands for the Public Sector & Energy Industry (January 2023) ● Next community call: How to automate your FOSS policy and processes
  • 18. Update from OpenSSF Project (thanks David) ● Sigstore Announces General Availability at SigstoreCon https://openssf.org/press-release/2022/10/25/sigstore-announces-general-availability-at-sigstorecon/ ● OpenSSF Project Alpha-Omega Invests in the OpenJS Foundation and jQuery to Help Secure the Consumer Web https://openssf.org/blog/2022/10/24/openssf-project-alpha-omega-invests-in-the-openjs-foundation-and- jquery-to-help-secure-the-consumer-web/ ● Report Finds OpenSSF Scorecards Are Highly Effective Measures to Assess Project Security https://openssf.org/blog/2022/10/20/report-finds-openssf-scorecards-are-highly-effective-measures-to-assess- project-security/ ● How OSPOs Can Be a Key Lever for Open Source Sustainability and Security https://openssf.org/blog/2022/09/29/how-ospos-can-be-a-key-lever-for-open-source-sustainability-and- security/ ● Also: Sonatype's 8th annual "State of the Software Supply Chain Report" (2022): https://www.sonatype.com/state-of-the-software-supply-chain/introduction
  • 20. OpenChain Automation Work Group Capability Map 1.5.7: ● A way to understand what is needed (and what is available) around open source tooling for open source license compliance OpenAPI 0.2.2: ● This API specification describes the minimum requirements any API should follow to comply with the OpenChain Capability Model Both here: https://github.com/Open-Source-Compliance/Sharing-creates- value/tree/master/Tooling-Landscape/CapabilityMap
  • 22. Get involved via our Automation Work Group ● First Wednesday Meeting in November @ 09:00 UTC+1 ● Third Wednesday Meeting in November @ 15:00 UTC+1 https://conf.fsfe.org/b/compliance-tooling Access Code: 199143 And join our mailing list: https://groups.io/g/oss-based-compliance-tooling
  • 23. Work on standards and core material
  • 24. We are going to work on updating our standards This does not mean the current standards are outdated. Our ISO standard for license compliance and our de facto standard for security assurance can and should continue to be included in procurement and other negotiations. However, we are formally looking for future ideas and suggestions. We want to ensure people are stakeholders in developing the next generation of our work. You can expect the editing starting today to result in formal updates in 2024 for both the ISO standard for license compliance and the (forthcoming ISO standard for security assurance.
  • 25. Our License Compliance Specification We are formally opening an editing cycle for this specification. It is intended to provide a forum for ideas, suggestions and corrections. It will result in an update to ISO/IEC 5230:2020 circa 2024. Current specification here: https://github.com/OpenChain-Project/License-Compliance- Specification/blob/master/Official/en/2.1/openchainspec-2.1.md Spot an issue? Have a suggestion? Submit your notes here: https://github.com/OpenChain-Project/License-Compliance- Specification/issues/new/choose Check currently open issues here: https://github.com/OpenChain-Project/License-Compliance-Specification/issues
  • 26. Our Security Assurance Specification We are formally opening an editing cycle for this specification. It is intended to provide a forum for ideas, suggestions and corrections. It will result in an update to the OpenChain Security Assurance Specification (expected to be an ISO standard in mid-2023) for around mid-2024. Current specification here: https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security- Assurance-Specification/1.1/en/openchain-security-specification-1.1.md Spot an issue? Have a suggestion? Submit your notes here: https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/new/choose Check currently open issues here: https://github.com/OpenChain-Project/Security-Assurance-Specification/issues
  • 27. Next call… live editing of issues!
  • 28. Work on reference and supporting material
  • 29. Welcome Nathan, our new chairperson! 🎊 🎊
  • 30. Recently Released – Path to Conformance A resource previous located on our website is the Path to Conformance. The old iteration was significantly outdated due to material and our project evolving. A new iteration has been started in GitHub in MarkDown to make editing and translation a lot easier: https://github.com/OpenChain-Project/Reference-Material/blob/master/Path-to- Conformance/Official/en/path-to-conformance-version-1.md Open issues for improvement: https://github.com/OpenChain-Project/Reference-Material/issues/new/choose
  • 31. Recently Released – FAQ (needs work) The FAQ on our website has been collected as a MarkDown resource and is ready for editing and expansion. A suggested priority item for the Education Work Group is to help adjust this to properly include the new OpenChain Security Assurance Specification: https://github.com/OpenChain-Project/Reference- Material/blob/master/FAQ/2.0/en/faq.md Open issues for improvement: https://github.com/OpenChain-Project/Reference-Material/issues/new/choose
  • 32. Recently Released – Supplier Education Leaflet Taking the MarkDown text of the supplier education leaflet, Shane began to prepare a Version 2 draft that will include things like the Security Assurance Specification. He suggests we edit this on the monthly calls (and of course elsewhere) to try and ensure we have solid material for the supply chain that covers both our license compliance and security work. https://github.com/OpenChain-Project/Reference- Material/blob/master/Suppliers/Leaflet/Official/MarkDown/en/supply-chain-education- leaflet-version-2.md Open issues for improvement: https://github.com/OpenChain-Project/Reference-Material/issues/new/choose
  • 33. Recently Released – Small Company Playbook The OpenChain small company playbook (version 1) has been updated as part of our ongoing effort to make it easier to edit and translate OpenChain reference material. You can get it here: https://github.com/OpenChain-Project/Reference- Material/blob/master/PlayBooks/Official/Version-1/Small- Company/en/OpenChain%20PlayBook%20-%20Small%20Company.md Do you have ideas for improving this playbook? You can submit them in this email thread or by opening an issue on GitHub: https://github.com/OpenChain-Project/Reference-Material/issues/new/choose
  • 34. Needing Work – Medium Company Playbook The OpenChain small company playbook (version 1) has seen solid revisions that make things easier: https://github.com/OpenChain-Project/Reference- Material/blob/master/PlayBooks/Official/Version-1/Small- Company/en/OpenChain%20PlayBook%20-%20Small%20Company.md Perhaps we can include them in a future iteration of the medium company playbook? https://github.com/OpenChain-Project/Reference- Material/blob/master/PlayBooks/Official/Version-1/Medium- Company/en/OpenChain%20PlayBook%20-%20Medium%20Company.md
  • 35. Next call… live editing of issues!
  • 36. Work to support other projects
  • 37. Deferring to next call due to time Open questions: ● How do we interlink with OpenSSF more effectively? ● How do we interlink with ACT Project more effectively? ● How do we interlink with SPDX Project more effectively? ● How do we interlink with TODO Group more effectively?
  • 38. Events coming up Our next big event is Open Compliance Summit, December 7th and 8th in Yokohama, Japan This event will cover license, security and export control compliance We also expect to host OpenChain, TODO and SPDX Mini-Summit adjacent Learn more: https://events.linuxfoundation.org/open-compliance-summit/
  • 41. Different groups within OpenChain User Groups (UG) Groups for OpenChain adopters, users, and partners to share experience and challenges in their local language with the lo Special Interest Groups (SIG) Sector or industry specific groups for sharing experiences or work on sector/industry specific challenges Working Groups (WG) Works on key OpenChain related topics of Global interest Working Groups Global in scope Special Interest Groups Global in scope but limited to a specific industry User Groups (UG) Global issues with a local scope
  • 42. User Group Working Group Special Interest Group Different groups within OpenChain Working Group • Works on key OpenChain related topics of Global interest • Develops and maintains specifications old and new • Develops materials to help spread and implement OpenChain Special Interest Group • Industry specific groups focusing on: • Exchanging experience and challenges with industry peers. • Work on solving specific industry challenges User Group • Anchored in the local community • Allowing everyone the opportunity to discuss and exchange experience in the language and cultural setting most familiar to them • Creating the basis of broadening the local OpenChain community
  • 44. See you next time!