SlideShare a Scribd company logo

The State of Open Source for Software Alliance Germany 2023-04-14

Shane Coughlan
Shane Coughlan

This document discusses the increasing complexity of open source software use in corporate environments due to new rules and guidelines around software bills of materials and supply chain security. It notes that while open source is important for businesses, many companies have limited visibility into their software supply chains due to relying on spreadsheets rather than proper processes. Standards like OpenChain and upcoming ISO standards aim to provide best practices for open source license compliance and security assurance. Widespread adoption of these standards could help create a more predictable and secure software supply chain. The document outlines support and resources for organizations looking to implement these standards.

Software
1 of 26
Download to read offline
The State of Open Source Our Field in 2023
This talk focuses on practical corporate use of open source WARNING
Things Are Getting Complex
There Are More Rules And Guidelines ● NTIA Minimum Requirements of Software Bill of Materials (SBOM) ● White House Executive Order – SBOM again ● Cyber Resiliency Act (CRA) in the European Union – Reporting and Compliance Requirements
5.5tn Global Cost of Cyber Crime Source – CRA Explanatory Materials
Open Source Reality – We Need To Do Better ● The inclusion of far more support for SBOMs is inevitable ● This implies better tooling and record keeping in companies and projects ● It also implies more coordination around standards ● Enhanced reporting and other compliance requirements are still TBD
Why
Our Mental Model Of The Supply Chain
The Actual Supply Chain
67.4% of managers monitor their supply chain with Excel spreadsheets https://www.zippia.com/advice/supply-chain-statistics/
94% of companies do not have full visibility of their supply chain https://www.zippia.com/advice/supply-chain-statistics/
https://www.zippia.com/advice/supply-chain-statistics/
Context: This Is Important To Business 13 Open Source License Compliance and Security Assurance is a key part of supply chain management.
https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/
Open Source Reality – We Are Doing Better ● The open source supply chain is still facing many challenges ● The key thing missing for many companies are the appropriate processes to allow implementation of better, more efficient practices ● For example, before you can have an SBOM, you need a policy and you need processes to support implementation Policy, Processes and Training are key
Open Source Process Management ● In Market Q4 2016~ (de facto) Q4 2020 (ISO/IEC) OpenChain ISO/IEC 5230:2020 The International Standard for open source license compliance. ● In Market Q4 2022~ (de facto) Q3 2023 projected (ISO/IEC) ISO/IEC DIS 18974, OpenChain Security Assurance Specification The de facto standard for open source security assurance compliance. 1. High level process standards; 2. Simple, effective and suitable for companies of all sizes in all markets; 3. Openly developed by a vibrant user community and freely available to all. 16
The Standards Work Company By Company Result = A More Predictable Supply Chain
Example Adoption Of OpenChain ISO/IEC 5230:2020 18
20% of German companies with over 2,000 employees already use OpenChain ISO/IEC 5230 https://www.pwc.de/en/digitale-transformation/pwc-bitkom-study-open-source-monitor-2021.pdf
Key Companies Supporting These Standards 20
Broader Community Main Work Groups: ● Specification (Spring 2016~) ● Education (Autumn 2020~) Community Work Groups: ● Tooling (Summer 2019~) ● Export Control (Winter 2022~) ● Public Policy (Winter 2022~) Special Interest Groups: ● Automotive (Summer 2019~) ● Telecom (Spring 2021~) Regional User Groups ● Japan (Dec 2017~) ● Korea (Jan 2019~) ● India (Sept 2019~) ● China (Sept 2019~) ● Taiwan (Sept 2019~) ● Germany (Jan 2020~) ● UK (June 2020~) ● USA (Dec 2020~)
1. Self-Certification 2. Independent Assessment 3. Third-Party Certification Freedom Of Choice In Adoption
Free Self-Certification Material 23
11 Third-Party Certifiers Providing Global Coverage
Free Online Training Courses 25 1. LFC193 - 1209 total enrollments (398 digital badges issued) 4.65 out of 5 rating by users 2. LFC194 - 579 total enrollments (138 digital badges issued) 4.55 out of 5 rating by users
Be Part Of This https://www.openchainproject.org/participate

Recommended

2023-06-classic
2023-06-classic2023-06-classic
2023-06-classicShane Coughlan
 
2023-06-cute
2023-06-cute2023-06-cute
2023-06-cuteShane Coughlan
 
2023-06-corporate
2023-06-corporate2023-06-corporate
2023-06-corporateShane Coughlan
 
OpenChain @ Bitkom Forum Open Source 2022
OpenChain @ Bitkom Forum Open Source 2022OpenChain @ Bitkom Forum Open Source 2022
OpenChain @ Bitkom Forum Open Source 2022Shane Coughlan
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30Shane Coughlan
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11Shane Coughlan
 
OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27Shane Coughlan
 
Standardizing Open Source Risk - LLW - 2023-04
Standardizing Open Source Risk - LLW - 2023-04Standardizing Open Source Risk - LLW - 2023-04
Standardizing Open Source Risk - LLW - 2023-04Shane Coughlan
 

Recommended

2023-06-classic
2023-06-classic2023-06-classic
2023-06-classicShane Coughlan
 
2023-06-cute
2023-06-cute2023-06-cute
2023-06-cuteShane Coughlan
 
2023-06-corporate
2023-06-corporate2023-06-corporate
2023-06-corporateShane Coughlan
 
OpenChain @ Bitkom Forum Open Source 2022
OpenChain @ Bitkom Forum Open Source 2022OpenChain @ Bitkom Forum Open Source 2022
OpenChain @ Bitkom Forum Open Source 2022Shane Coughlan
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30Shane Coughlan
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11Shane Coughlan
 
OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27Shane Coughlan
 
Standardizing Open Source Risk - LLW - 2023-04
Standardizing Open Source Risk - LLW - 2023-04Standardizing Open Source Risk - LLW - 2023-04
Standardizing Open Source Risk - LLW - 2023-04Shane Coughlan
 
OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023Shane Coughlan
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxShane Coughlan
 
Assocham global conference audit data standards - 28.10.2020
Assocham global conference audit data standards - 28.10.2020Assocham global conference audit data standards - 28.10.2020
Assocham global conference audit data standards - 28.10.2020Vinod Kashyap
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainShane Coughlan
 
SAP Leonardo Blockchain Services and Use-Cases
SAP Leonardo Blockchain Services and Use-CasesSAP Leonardo Blockchain Services and Use-Cases
SAP Leonardo Blockchain Services and Use-CasesNagesh Caparthy
 
Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Shane Coughlan
 
OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15Shane Coughlan
 
Cloud webinar final
Cloud webinar finalCloud webinar final
Cloud webinar finalNess Technologies
 
OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023Shane Coughlan
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...Paris Open Source Summit
 
The Modern Supply Chain: Global Challenges and Best Practices
The Modern Supply Chain: Global Challenges and Best PracticesThe Modern Supply Chain: Global Challenges and Best Practices
The Modern Supply Chain: Global Challenges and Best PracticesAggregage
 
OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01Shane Coughlan
 
Box investor presentation
Box investor presentationBox investor presentation
Box investor presentationbox2016ir
 
Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402
Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402
Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402vrij
 
OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16Shane Coughlan
 
Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Rafael Maranon
 
Rcose challenges and benefits from using software analytics in softeam
Rcose challenges and benefits from using software analytics in softeamRcose challenges and benefits from using software analytics in softeam
Rcose challenges and benefits from using software analytics in softeamAlessandra Bagnato
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyControlCase
 
How to Keep SAP Projects on Schedule with B2B Managed Services
How to Keep SAP Projects on Schedule with B2B Managed Services How to Keep SAP Projects on Schedule with B2B Managed Services
How to Keep SAP Projects on Schedule with B2B Managed Services Mark Morley, MBA
 
Startup InsurTech Award - Procede
Startup InsurTech Award - ProcedeStartup InsurTech Award - Procede
Startup InsurTech Award - ProcedeThe Digital Insurer
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
 

More Related Content

Similar to The State of Open Source for Software Alliance Germany 2023-04-14

OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023Shane Coughlan
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxShane Coughlan
 
Assocham global conference audit data standards - 28.10.2020
Assocham global conference audit data standards - 28.10.2020Assocham global conference audit data standards - 28.10.2020
Assocham global conference audit data standards - 28.10.2020Vinod Kashyap
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainShane Coughlan
 
SAP Leonardo Blockchain Services and Use-Cases
SAP Leonardo Blockchain Services and Use-CasesSAP Leonardo Blockchain Services and Use-Cases
SAP Leonardo Blockchain Services and Use-CasesNagesh Caparthy
 
Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Shane Coughlan
 
OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15Shane Coughlan
 
OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023Shane Coughlan
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...Paris Open Source Summit
 
The Modern Supply Chain: Global Challenges and Best Practices
The Modern Supply Chain: Global Challenges and Best PracticesThe Modern Supply Chain: Global Challenges and Best Practices
The Modern Supply Chain: Global Challenges and Best PracticesAggregage
 
OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01Shane Coughlan
 
Box investor presentation
Box investor presentationBox investor presentation
Box investor presentationbox2016ir
 
Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402
Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402
Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402vrij
 
OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16Shane Coughlan
 
Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Rafael Maranon
 
Rcose challenges and benefits from using software analytics in softeam
Rcose challenges and benefits from using software analytics in softeamRcose challenges and benefits from using software analytics in softeam
Rcose challenges and benefits from using software analytics in softeamAlessandra Bagnato
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyControlCase
 
How to Keep SAP Projects on Schedule with B2B Managed Services
How to Keep SAP Projects on Schedule with B2B Managed Services How to Keep SAP Projects on Schedule with B2B Managed Services
How to Keep SAP Projects on Schedule with B2B Managed Services Mark Morley, MBA
 
Startup InsurTech Award - Procede
Startup InsurTech Award - ProcedeStartup InsurTech Award - Procede
Startup InsurTech Award - ProcedeThe Digital Insurer
 

Similar to The State of Open Source for Software Alliance Germany 2023-04-14 (20)

OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
 
Assocham global conference audit data standards - 28.10.2020
Assocham global conference audit data standards - 28.10.2020Assocham global conference audit data standards - 28.10.2020
Assocham global conference audit data standards - 28.10.2020
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply Chain
 
SAP Leonardo Blockchain Services and Use-Cases
SAP Leonardo Blockchain Services and Use-CasesSAP Leonardo Blockchain Services and Use-Cases
SAP Leonardo Blockchain Services and Use-Cases
 
Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11
 
OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15
 
Cloud webinar final
Cloud webinar finalCloud webinar final
Cloud webinar final
 
OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
 
The Modern Supply Chain: Global Challenges and Best Practices
The Modern Supply Chain: Global Challenges and Best PracticesThe Modern Supply Chain: Global Challenges and Best Practices
The Modern Supply Chain: Global Challenges and Best Practices
 
OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01
 
Box investor presentation
Box investor presentationBox investor presentation
Box investor presentation
 
Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402
Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402
Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402
 
OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16
 
Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)
 
Rcose challenges and benefits from using software analytics in softeam
Rcose challenges and benefits from using software analytics in softeamRcose challenges and benefits from using software analytics in softeam
Rcose challenges and benefits from using software analytics in softeam
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
 
How to Keep SAP Projects on Schedule with B2B Managed Services
How to Keep SAP Projects on Schedule with B2B Managed Services How to Keep SAP Projects on Schedule with B2B Managed Services
How to Keep SAP Projects on Schedule with B2B Managed Services
 
Startup InsurTech Award - Procede
Startup InsurTech Award - ProcedeStartup InsurTech Award - Procede
Startup InsurTech Award - Procede
 

More from Shane Coughlan

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingShane Coughlan
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19Shane Coughlan
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorShane Coughlan
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleShane Coughlan
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20Shane Coughlan
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06Shane Coughlan
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06Shane Coughlan
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09Shane Coughlan
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17Shane Coughlan
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxShane Coughlan
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...Shane Coughlan
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Shane Coughlan
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesShane Coughlan
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27Shane Coughlan
 
OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeShane Coughlan
 
OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29Shane Coughlan
 
OpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCAOpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCAShane Coughlan
 
OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18Shane Coughlan
 

More from Shane Coughlan (20)

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptx
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics Slides
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
 
OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your Code
 
OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29
 
OpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCAOpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCA
 
OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18
 

Recently uploaded

Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Nitya salvi
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 

Recently uploaded (20)

Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 

The State of Open Source for Software Alliance Germany 2023-04-14

  • 1. The State of Open Source Our Field in 2023
  • 2. This talk focuses on practical corporate use of open source WARNING
  • 4. There Are More Rules And Guidelines ● NTIA Minimum Requirements of Software Bill of Materials (SBOM) ● White House Executive Order – SBOM again ● Cyber Resiliency Act (CRA) in the European Union – Reporting and Compliance Requirements
  • 5. 5.5tn Global Cost of Cyber Crime Source – CRA Explanatory Materials
  • 6. Open Source Reality – We Need To Do Better ● The inclusion of far more support for SBOMs is inevitable ● This implies better tooling and record keeping in companies and projects ● It also implies more coordination around standards ● Enhanced reporting and other compliance requirements are still TBD
  • 7. Why
  • 8. Our Mental Model Of The Supply Chain
  • 10. 67.4% of managers monitor their supply chain with Excel spreadsheets https://www.zippia.com/advice/supply-chain-statistics/
  • 11. 94% of companies do not have full visibility of their supply chain https://www.zippia.com/advice/supply-chain-statistics/
  • 13. Context: This Is Important To Business 13 Open Source License Compliance and Security Assurance is a key part of supply chain management.
  • 15. Open Source Reality – We Are Doing Better ● The open source supply chain is still facing many challenges ● The key thing missing for many companies are the appropriate processes to allow implementation of better, more efficient practices ● For example, before you can have an SBOM, you need a policy and you need processes to support implementation Policy, Processes and Training are key
  • 16. Open Source Process Management ● In Market Q4 2016~ (de facto) Q4 2020 (ISO/IEC) OpenChain ISO/IEC 5230:2020 The International Standard for open source license compliance. ● In Market Q4 2022~ (de facto) Q3 2023 projected (ISO/IEC) ISO/IEC DIS 18974, OpenChain Security Assurance Specification The de facto standard for open source security assurance compliance. 1. High level process standards; 2. Simple, effective and suitable for companies of all sizes in all markets; 3. Openly developed by a vibrant user community and freely available to all. 16
  • 17. The Standards Work Company By Company Result = A More Predictable Supply Chain
  • 18. Example Adoption Of OpenChain ISO/IEC 5230:2020 18
  • 19. 20% of German companies with over 2,000 employees already use OpenChain ISO/IEC 5230 https://www.pwc.de/en/digitale-transformation/pwc-bitkom-study-open-source-monitor-2021.pdf
  • 20. Key Companies Supporting These Standards 20
  • 21. Broader Community Main Work Groups: ● Specification (Spring 2016~) ● Education (Autumn 2020~) Community Work Groups: ● Tooling (Summer 2019~) ● Export Control (Winter 2022~) ● Public Policy (Winter 2022~) Special Interest Groups: ● Automotive (Summer 2019~) ● Telecom (Spring 2021~) Regional User Groups ● Japan (Dec 2017~) ● Korea (Jan 2019~) ● India (Sept 2019~) ● China (Sept 2019~) ● Taiwan (Sept 2019~) ● Germany (Jan 2020~) ● UK (June 2020~) ● USA (Dec 2020~)
  • 22. 1. Self-Certification 2. Independent Assessment 3. Third-Party Certification Freedom Of Choice In Adoption
  • 24. 11 Third-Party Certifiers Providing Global Coverage
  • 25. Free Online Training Courses 25 1. LFC193 - 1209 total enrollments (398 digital badges issued) 4.65 out of 5 rating by users 2. LFC194 - 579 total enrollments (138 digital badges issued) 4.55 out of 5 rating by users
  • 26. Be Part Of This https://www.openchainproject.org/participate