SlideShare a Scribd company logo
1 of 47
The OpenChain
Project
Creating And Maintaining The Standards For Open Source Licensing And Security
Our Mental Model Of The Supply Chain
The Actual Supply Chain
67.4%
of managers monitor their supply chain with Excel spreadsheets
https://www.zippia.com/advice/supply-chain-statistics/
94%
of companies do not have full visibility of their supply chain
https://www.zippia.com/advice/supply-chain-statistics/
https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/ (2022)
https://www.zippia.com/advice/supply-chain-statistics/
Context: This Is Important To Business
8
Open Source License Compliance and Security Assurance
is a key part of supply chain management.
We Got Together To Improve The Supply Chain
9
(not an official VW ID.4)
Our Newest Board Member: CARIAD for VW
Members Represent Over 5.9 Trillion USD In Market Value
Broader Community
Main Work Groups:
● Specification (Spring 2016~)
● Education (Autumn 2020~)
Community Work Groups:
● Tooling (Summer 2019~)
● Export Control (Winter 2022~)
● Public Policy (Winter 2022~)
Special Interest Groups:
● Automotive (Summer 2019~)
● Telecom (Spring 2021~)
Regional User Groups
● Japan (Dec 2017~)
● Korea (Jan 2019~)
● India (Sept 2019~)
● China (Sept 2019~)
● Taiwan (Sept 2019~)
● Germany (Jan 2020~)
● UK (June 2020~)
● USA (Dec 2020~)
Platinum Member / Conformance Pending ISO/IEC 5230 + DIS 18974 Conformant
Platinum Member + ISO/IEC 5230 Conformant
Automotive Banking Cloud Consumer Industrial SaaS Service Silicon Telco
Example Verticals Impacted by OpenChain
This is a snapshot based on membership and select conformant organizations currently listed on our website. Total conformant numbers are far higher.
Example: PwC Survey shows 20% of companies in Germany with over 2,000 employees already used ISO/IEC 5230.
Snapshot Represents Over 7.5 Trillion USD In Market Value
Trillions More In Market Value Touched
(Lockheed co-chairs our spec development)
This is a non-exhaustive list of participants on some of our community lists
1,000+
Companies Working On A Better Supply Chain
Trust Built By Process Management
● OpenChain ISO/IEC 5230:2020
Since Q4 2016~ as de facto, Q4 2020~ ISO/IEC
The International Standard for open source license compliance.
● OpenChain ISO/IEC DIS 18974
Since Q4 2022~ as de facto, Q3 2023 expected ISO/IEC
The industry standard for open source security assurance compliance.
High level process standards
Simple, effective and suitable for companies of all sizes in all markets
Openly developed by a vibrant user community and freely available to all
17
The Standards Work Company By Company
Result = A More Predictable Supply Chain
1. Self-Certification
2. Independent Assessment
3. Third-Party Certification
Freedom Of Choice In Using Our Standards
Free Self-Certification Material
20
Key News Around
ISO/IEC 5230
98 Organizations With Conformant Programs On The
OpenChain Website (Totals Higher)
Total conformant numbers are far higher.
Example: PwC Survey shows 20% of companies in Germany with over 2,000 employees already used ISO/IEC 5230.
Recent Significant ISO/IEC 5230 Conformance
20%
of German companies with over 2,000 employees
already use OpenChain ISO/IEC 5230
https://www.pwc.de/en/digitale-transformation/pwc-bitkom-study-open-source-monitor-2021.pdf
Key News Around
ISO/IEC DIS 18974
Momentum Is Growing Around ISO/IEC DIS 18974
● We expect to complete the Draft International Standard (DIS) process via
JTC-1 at the end of June.
● There will be an editorial period after this.
● According to Seth from Joint Development Foundation:
“We will most likely end up passing with edits. We will clean up the editorial
things but nothing technically normative and send it back. They will spend
another month transposing the final version and give us the ISO number.”
Conformance Continues With De-Facto Standard
What Else Is
Happening?
Project Outreach Improvements
Project Participation Improvements
Project Reference Material Improvements
Producing New And Improved Material
Use Of Our Reference Material By The Market
33
Continuing Our Educational Webinars
Many Events
Including Our Standards In Publications
And So Much More…
Building The Future
Licensing and Security Specification Editing
● We are editing the next generations of our standards, with solid feedback on
issues, and changes heading in the direction of improved clarity.
● The open and closed issues are tracked via GitHub:
Licensing: https://github.com/OpenChain-Project/License-Compliance-Specification/issues
Security: https://github.com/OpenChain-Project/Security-Assurance-Specification/issues
● The draft next generation specifications are also hosted on GitHub:
Licensing: https://github.com/OpenChain-Project/License-Compliance-
Specification/blob/master/3.0/en/openchain-license-compliance-3.0.md
Security: https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security-
Assurance-Specification/2.0/en/openchain-security-specification-2.0.md
● As are the slides used for every meeting (two meetings per month):
https://github.com/OpenChain-Project/Meeting-Minutes/tree/main/Slides
Model Language For Procurement
● We launched a Legal Work Group on the 25th of April 2023.
● We are exploring model provisions for including OpenChain ISO/IEC 5230 and
OpenChain ISO/IEC DIS 18974 in procurement contracts or similar material.
The goal is to ensure people can understand options. We will not be
prescriptive, and these model provisions will remain part of the OpenChain
reference material. They will not be included in the standards themselves.
○ The call started by looking at model provisions done before via the Risk Grid.
○ The document, under public domain, has been moved to the OpenChain GitHub
for ease of access and editing.
● Our outcome was to use this basic format to structure our first round of model
provisions, and to have the option of merging the documents in the future.
Learn more: https://www.openchainproject.org/news/2023/05/15/2nd-meeting-legal-wg
Cool Commerical
Provider Data Points
OpenChain Has 11 Official Third-Party Certifiers
OpenChain Has 27 Official Service Providers
OpenChain Has 22 Official Legal Providers
OpenChain Has 12 Official Tooling Vendors
tl;dr:
Big Project, Big Community.
Plenty Commercial Support Too.
Get Started With Your Adoption and Participation
https://www.openchainproject.org/participate

More Related Content

Similar to 2023-06-cute

OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01Shane Coughlan
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainShane Coughlan
 
OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023Shane Coughlan
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11Shane Coughlan
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30Shane Coughlan
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxShane Coughlan
 
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)Shane Coughlan
 
OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17Shane Coughlan
 
OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07Shane Coughlan
 
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...hani727151
 
Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022Shane Coughlan
 
Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Shane Coughlan
 
Using OpenChain for Practical Open Source Software Supply Chain Management (O...
Using OpenChain for Practical Open Source Software Supply Chain Management (O...Using OpenChain for Practical Open Source Software Supply Chain Management (O...
Using OpenChain for Practical Open Source Software Supply Chain Management (O...Shane Coughlan
 
Standardizing Open Source Risk - LLW - 2023-04
Standardizing Open Source Risk - LLW - 2023-04Standardizing Open Source Risk - LLW - 2023-04
Standardizing Open Source Risk - LLW - 2023-04Shane Coughlan
 
IBM Connect 2013 - BP212: Apps, Apps and more Apps: Meet the Very Best Open S...
IBM Connect 2013 - BP212: Apps, Apps and more Apps: Meet the Very Best Open S...IBM Connect 2013 - BP212: Apps, Apps and more Apps: Meet the Very Best Open S...
IBM Connect 2013 - BP212: Apps, Apps and more Apps: Meet the Very Best Open S...Niklas Heidloff
 
OpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case StudiesOpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case StudiesShane Coughlan
 
OpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonOpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonShane Coughlan
 
Melbourne materials institute miicrc rapid productisation
Melbourne materials institute miicrc rapid productisationMelbourne materials institute miicrc rapid productisation
Melbourne materials institute miicrc rapid productisationUTSBusinessSchool
 

Similar to 2023-06-cute (20)

OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply Chain
 
OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
 
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
 
OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17
 
OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07
 
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
 
Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022
 
Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11
 
Using OpenChain for Practical Open Source Software Supply Chain Management (O...
Using OpenChain for Practical Open Source Software Supply Chain Management (O...Using OpenChain for Practical Open Source Software Supply Chain Management (O...
Using OpenChain for Practical Open Source Software Supply Chain Management (O...
 
Standardizing Open Source Risk - LLW - 2023-04
Standardizing Open Source Risk - LLW - 2023-04Standardizing Open Source Risk - LLW - 2023-04
Standardizing Open Source Risk - LLW - 2023-04
 
What is new in codeBeamer 7.9
What is new in codeBeamer 7.9What is new in codeBeamer 7.9
What is new in codeBeamer 7.9
 
IBM Connect 2013 - BP212: Apps, Apps and more Apps: Meet the Very Best Open S...
IBM Connect 2013 - BP212: Apps, Apps and more Apps: Meet the Very Best Open S...IBM Connect 2013 - BP212: Apps, Apps and more Apps: Meet the Very Best Open S...
IBM Connect 2013 - BP212: Apps, Apps and more Apps: Meet the Very Best Open S...
 
Mobile App Development for Startups | Phase Specific Presentation
Mobile App Development for Startups | Phase Specific PresentationMobile App Development for Startups | Phase Specific Presentation
Mobile App Development for Startups | Phase Specific Presentation
 
OpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case StudiesOpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case Studies
 
OpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonOpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - Lyon
 
Melbourne materials institute miicrc rapid productisation
Melbourne materials institute miicrc rapid productisationMelbourne materials institute miicrc rapid productisation
Melbourne materials institute miicrc rapid productisation
 

More from Shane Coughlan

OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAShane Coughlan
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingShane Coughlan
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19Shane Coughlan
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorShane Coughlan
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleShane Coughlan
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20Shane Coughlan
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06Shane Coughlan
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06Shane Coughlan
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09Shane Coughlan
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group -  2024-01-17OpenChain Legal Work Group -  2024-01-17
OpenChain Legal Work Group - 2024-01-17Shane Coughlan
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxShane Coughlan
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...Shane Coughlan
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Shane Coughlan
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesShane Coughlan
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27Shane Coughlan
 
OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeShane Coughlan
 
OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29Shane Coughlan
 
OpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCAOpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCAShane Coughlan
 
OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18Shane Coughlan
 

More from Shane Coughlan (20)

OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group -  2024-01-17OpenChain Legal Work Group -  2024-01-17
OpenChain Legal Work Group - 2024-01-17
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptx
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics Slides
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
 
OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your Code
 
OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29
 
OpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCAOpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCA
 
OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18
 

Recently uploaded

Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Soroosh Khodami
 
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product UpdatesGraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product UpdatesNeo4j
 
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdf
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdfStrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdf
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdfsteffenkarlsson2
 
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfMastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfmbmh111980
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
The Impact of PLM Software on Fashion Production
The Impact of PLM Software on Fashion ProductionThe Impact of PLM Software on Fashion Production
The Impact of PLM Software on Fashion ProductionWave PLM
 
CompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdfCompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdfFurqanuddin10
 
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdfImplementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdfVictor Lopez
 
JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)Max Lee
 
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdfA Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdfkalichargn70th171
 
What need to be mastered as AI-Powered Java Developers
What need to be mastered as AI-Powered Java DevelopersWhat need to be mastered as AI-Powered Java Developers
What need to be mastered as AI-Powered Java DevelopersEmilyJiang23
 
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...naitiksharma1124
 
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)Gáspár Nagy
 
Workforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdfWorkforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdfDeskTrack
 
APVP,apvp apvp High quality supplier safe spot transport, 98% purity
APVP,apvp apvp High quality supplier safe spot transport, 98% purityAPVP,apvp apvp High quality supplier safe spot transport, 98% purity
APVP,apvp apvp High quality supplier safe spot transport, 98% purityamy56318795
 
INGKA DIGITAL: Linked Metadata by Design
INGKA DIGITAL: Linked Metadata by DesignINGKA DIGITAL: Linked Metadata by Design
INGKA DIGITAL: Linked Metadata by DesignNeo4j
 
A Guideline to Gorgias to to Re:amaze Data Migration
A Guideline to Gorgias to to Re:amaze Data MigrationA Guideline to Gorgias to to Re:amaze Data Migration
A Guideline to Gorgias to to Re:amaze Data MigrationHelp Desk Migration
 

Recently uploaded (20)

Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024
 
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product UpdatesGraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
 
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdf
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdfStrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdf
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi.pdf
 
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfMastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
 
Top Mobile App Development Companies 2024
Top Mobile App Development Companies 2024Top Mobile App Development Companies 2024
Top Mobile App Development Companies 2024
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
The Impact of PLM Software on Fashion Production
The Impact of PLM Software on Fashion ProductionThe Impact of PLM Software on Fashion Production
The Impact of PLM Software on Fashion Production
 
CompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdfCompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdf
 
AI Hackathon.pptx
AI                        Hackathon.pptxAI                        Hackathon.pptx
AI Hackathon.pptx
 
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdfImplementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf
 
5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand
 
JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)
 
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdfA Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
 
What need to be mastered as AI-Powered Java Developers
What need to be mastered as AI-Powered Java DevelopersWhat need to be mastered as AI-Powered Java Developers
What need to be mastered as AI-Powered Java Developers
 
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
 
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
 
Workforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdfWorkforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdf
 
APVP,apvp apvp High quality supplier safe spot transport, 98% purity
APVP,apvp apvp High quality supplier safe spot transport, 98% purityAPVP,apvp apvp High quality supplier safe spot transport, 98% purity
APVP,apvp apvp High quality supplier safe spot transport, 98% purity
 
INGKA DIGITAL: Linked Metadata by Design
INGKA DIGITAL: Linked Metadata by DesignINGKA DIGITAL: Linked Metadata by Design
INGKA DIGITAL: Linked Metadata by Design
 
A Guideline to Gorgias to to Re:amaze Data Migration
A Guideline to Gorgias to to Re:amaze Data MigrationA Guideline to Gorgias to to Re:amaze Data Migration
A Guideline to Gorgias to to Re:amaze Data Migration
 

2023-06-cute

  • 1. The OpenChain Project Creating And Maintaining The Standards For Open Source Licensing And Security
  • 2. Our Mental Model Of The Supply Chain
  • 4. 67.4% of managers monitor their supply chain with Excel spreadsheets https://www.zippia.com/advice/supply-chain-statistics/
  • 5. 94% of companies do not have full visibility of their supply chain https://www.zippia.com/advice/supply-chain-statistics/
  • 8. Context: This Is Important To Business 8 Open Source License Compliance and Security Assurance is a key part of supply chain management.
  • 9. We Got Together To Improve The Supply Chain 9
  • 10. (not an official VW ID.4) Our Newest Board Member: CARIAD for VW
  • 11. Members Represent Over 5.9 Trillion USD In Market Value
  • 12. Broader Community Main Work Groups: ● Specification (Spring 2016~) ● Education (Autumn 2020~) Community Work Groups: ● Tooling (Summer 2019~) ● Export Control (Winter 2022~) ● Public Policy (Winter 2022~) Special Interest Groups: ● Automotive (Summer 2019~) ● Telecom (Spring 2021~) Regional User Groups ● Japan (Dec 2017~) ● Korea (Jan 2019~) ● India (Sept 2019~) ● China (Sept 2019~) ● Taiwan (Sept 2019~) ● Germany (Jan 2020~) ● UK (June 2020~) ● USA (Dec 2020~)
  • 13. Platinum Member / Conformance Pending ISO/IEC 5230 + DIS 18974 Conformant Platinum Member + ISO/IEC 5230 Conformant Automotive Banking Cloud Consumer Industrial SaaS Service Silicon Telco Example Verticals Impacted by OpenChain This is a snapshot based on membership and select conformant organizations currently listed on our website. Total conformant numbers are far higher. Example: PwC Survey shows 20% of companies in Germany with over 2,000 employees already used ISO/IEC 5230.
  • 14. Snapshot Represents Over 7.5 Trillion USD In Market Value
  • 15. Trillions More In Market Value Touched (Lockheed co-chairs our spec development) This is a non-exhaustive list of participants on some of our community lists
  • 16. 1,000+ Companies Working On A Better Supply Chain
  • 17. Trust Built By Process Management ● OpenChain ISO/IEC 5230:2020 Since Q4 2016~ as de facto, Q4 2020~ ISO/IEC The International Standard for open source license compliance. ● OpenChain ISO/IEC DIS 18974 Since Q4 2022~ as de facto, Q3 2023 expected ISO/IEC The industry standard for open source security assurance compliance. High level process standards Simple, effective and suitable for companies of all sizes in all markets Openly developed by a vibrant user community and freely available to all 17
  • 18. The Standards Work Company By Company Result = A More Predictable Supply Chain
  • 19. 1. Self-Certification 2. Independent Assessment 3. Third-Party Certification Freedom Of Choice In Using Our Standards
  • 22. 98 Organizations With Conformant Programs On The OpenChain Website (Totals Higher) Total conformant numbers are far higher. Example: PwC Survey shows 20% of companies in Germany with over 2,000 employees already used ISO/IEC 5230.
  • 23. Recent Significant ISO/IEC 5230 Conformance
  • 24. 20% of German companies with over 2,000 employees already use OpenChain ISO/IEC 5230 https://www.pwc.de/en/digitale-transformation/pwc-bitkom-study-open-source-monitor-2021.pdf
  • 26. Momentum Is Growing Around ISO/IEC DIS 18974 ● We expect to complete the Draft International Standard (DIS) process via JTC-1 at the end of June. ● There will be an editorial period after this. ● According to Seth from Joint Development Foundation: “We will most likely end up passing with edits. We will clean up the editorial things but nothing technically normative and send it back. They will spend another month transposing the final version and give us the ISO number.”
  • 27. Conformance Continues With De-Facto Standard
  • 32. Producing New And Improved Material
  • 33. Use Of Our Reference Material By The Market 33
  • 36. Including Our Standards In Publications
  • 37. And So Much More…
  • 39. Licensing and Security Specification Editing ● We are editing the next generations of our standards, with solid feedback on issues, and changes heading in the direction of improved clarity. ● The open and closed issues are tracked via GitHub: Licensing: https://github.com/OpenChain-Project/License-Compliance-Specification/issues Security: https://github.com/OpenChain-Project/Security-Assurance-Specification/issues ● The draft next generation specifications are also hosted on GitHub: Licensing: https://github.com/OpenChain-Project/License-Compliance- Specification/blob/master/3.0/en/openchain-license-compliance-3.0.md Security: https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security- Assurance-Specification/2.0/en/openchain-security-specification-2.0.md ● As are the slides used for every meeting (two meetings per month): https://github.com/OpenChain-Project/Meeting-Minutes/tree/main/Slides
  • 40. Model Language For Procurement ● We launched a Legal Work Group on the 25th of April 2023. ● We are exploring model provisions for including OpenChain ISO/IEC 5230 and OpenChain ISO/IEC DIS 18974 in procurement contracts or similar material. The goal is to ensure people can understand options. We will not be prescriptive, and these model provisions will remain part of the OpenChain reference material. They will not be included in the standards themselves. ○ The call started by looking at model provisions done before via the Risk Grid. ○ The document, under public domain, has been moved to the OpenChain GitHub for ease of access and editing. ● Our outcome was to use this basic format to structure our first round of model provisions, and to have the option of merging the documents in the future. Learn more: https://www.openchainproject.org/news/2023/05/15/2nd-meeting-legal-wg
  • 42. OpenChain Has 11 Official Third-Party Certifiers
  • 43. OpenChain Has 27 Official Service Providers
  • 44. OpenChain Has 22 Official Legal Providers
  • 45. OpenChain Has 12 Official Tooling Vendors
  • 46. tl;dr: Big Project, Big Community. Plenty Commercial Support Too.
  • 47. Get Started With Your Adoption and Participation https://www.openchainproject.org/participate