SlideShare a Scribd company logo
The OpenChain Project
Creating And Maintaining The Standards For Open Source Licensing And Security
Our Mental Model Of The Supply Chain
The Actual Supply Chain
67.4%
of managers monitor their supply chain with Excel spreadsheets
https://www.zippia.com/advice/supply-chain-statistics/
94%
of companies do not have full visibility of their supply chain
https://www.zippia.com/advice/supply-chain-statistics/
https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/ (2022)
https://www.zippia.com/advice/supply-chain-statistics/
Context: This Is Important To Business
8
Open Source License Compliance and Security Assurance
is a key part of supply chain management.
We Got Together To Improve The Supply Chain
9
(not an official VW ID.4)
Our Newest Board Member: CARIAD for VW
Members Represent Over 5.9 Trillion USD In Market Value
Broader Community
Main Work Groups:
● Specification (Spring 2016~)
● Education (Autumn 2020~)
Community Work Groups:
● Tooling (Summer 2019~)
● Export Control (Winter 2022~)
● Public Policy (Winter 2022~)
Special Interest Groups:
● Automotive (Summer 2019~)
● Telecom (Spring 2021~)
Regional User Groups
● Japan (Dec 2017~)
● Korea (Jan 2019~)
● India (Sept 2019~)
● China (Sept 2019~)
● Taiwan (Sept 2019~)
● Germany (Jan 2020~)
● UK (June 2020~)
● USA (Dec 2020~)
Platinum Member / Conformance Pending ISO/IEC 5230 + DIS 18974 Conformant
Platinum Member + ISO/IEC 5230 Conformant
Automotive Banking Cloud Consumer Industrial SaaS Service Silicon Telco
Example Verticals Impacted by OpenChain
This is a snapshot based on membership and select conformant organizations currently listed on our website. Total conformant numbers are far higher.
Example: PwC Survey shows 20% of companies in Germany with over 2,000 employees already used ISO/IEC 5230.
Snapshot Represents Over 7.5 Trillion USD In Market Value
Trillions More In Market Value Touched
(Lockheed co-chairs our spec development)
This is a non-exhaustive list of participants on some of our community lists
1,000+
Companies Working On A Better Supply Chain
Trust Built By Process Management
● OpenChain ISO/IEC 5230:2020
Since Q4 2016~ as de facto, Q4 2020~ ISO/IEC
The International Standard for open source license compliance.
● OpenChain ISO/IEC DIS 18974
Since Q4 2022~ as de facto, Q3 2023 expected ISO/IEC
The industry standard for open source security assurance compliance.
High level process standards
Simple, effective and suitable for companies of all sizes in all markets
Openly developed by a vibrant user community and freely available to all
17
The Standards Work Company By Company
Result = A More Predictable Supply Chain
1. Self-Certification
2. Independent Assessment
3. Third-Party Certification
Freedom Of Choice In Using Our Standards
Free Self-Certification Material
20
Key News Around
ISO/IEC 5230
98 Organizations With Conformant Programs On The
OpenChain Website (Totals Higher)
Total conformant numbers are far higher.
Example: PwC Survey shows 20% of companies in Germany with over 2,000 employees already used ISO/IEC 5230.
Recent Significant ISO/IEC 5230 Conformance
20%
of German companies with over 2,000 employees
already use OpenChain ISO/IEC 5230
https://www.pwc.de/en/digitale-transformation/pwc-bitkom-study-open-source-monitor-2021.pdf
Key News Around
ISO/IEC DIS 18974
Momentum Is Growing Around ISO/IEC DIS 18974
● We expect to complete the Draft International Standard (DIS) process via
JTC-1 at the end of June.
● There will be an editorial period after this.
● According to Seth from Joint Development Foundation:
“We will most likely end up passing with edits. We will clean up the editorial
things but nothing technically normative and send it back. They will spend
another month transposing the final version and give us the ISO number.”
Conformance Continues With De-Facto Standard
What Else Is
Happening?
Project Outreach Improvements
Project Participation Improvements
Project Reference Material Improvements
Producing New And Improved Material
Use Of Our Reference Material By The Market
33
Continuing Our Educational Webinars
Many Events
Including Our Standards In Publications
And So Much More…
Building The Future
Licensing and Security Specification Editing
● We are editing the next generations of our standards, with solid feedback on
issues, and changes heading in the direction of improved clarity.
● The open and closed issues are tracked via GitHub:
Licensing: https://github.com/OpenChain-Project/License-Compliance-Specification/issues
Security: https://github.com/OpenChain-Project/Security-Assurance-Specification/issues
● The draft next generation specifications are also hosted on GitHub:
Licensing: https://github.com/OpenChain-Project/License-Compliance-
Specification/blob/master/3.0/en/openchain-license-compliance-3.0.md
Security: https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security-
Assurance-Specification/2.0/en/openchain-security-specification-2.0.md
● As are the slides used for every meeting (two meetings per month):
https://github.com/OpenChain-Project/Meeting-Minutes/tree/main/Slides
Model Language For Procurement
● We launched a Legal Work Group on the 25th of April 2023.
● We are exploring model provisions for including OpenChain ISO/IEC 5230 and
OpenChain ISO/IEC DIS 18974 in procurement contracts or similar material.
The goal is to ensure people can understand options. We will not be
prescriptive, and these model provisions will remain part of the OpenChain
reference material. They will not be included in the standards themselves.
○ The call started by looking at model provisions done before via the Risk Grid.
○ The document, under public domain, has been moved to the OpenChain GitHub
for ease of access and editing.
● Our outcome was to use this basic format to structure our first round of model
provisions, and to have the option of merging the documents in the future.
Learn more: https://www.openchainproject.org/news/2023/05/15/2nd-meeting-legal-wg
Cool Commerical
Provider Data Points
OpenChain Has 11 Official Third-Party Certifiers
OpenChain Has 27 Official Service Providers
OpenChain Has 22 Official Legal Providers
OpenChain Has 12 Official Tooling Vendors
tl;dr:
Big Project, Big Community.
Plenty Commercial Support Too.
Get Started With Your Adoption and Participation
https://www.openchainproject.org/participate

More Related Content

Similar to 2023-06-corporate

OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01
Shane Coughlan
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply Chain
Shane Coughlan
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11
Shane Coughlan
 
OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023
Shane Coughlan
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
Shane Coughlan
 
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
Shane Coughlan
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
Shane Coughlan
 
OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17
Shane Coughlan
 
OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07
Shane Coughlan
 
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
hani727151
 
Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022
Shane Coughlan
 
Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11
Shane Coughlan
 
Standardizing Open Source Risk - LLW - 2023-04
Standardizing Open Source Risk - LLW - 2023-04Standardizing Open Source Risk - LLW - 2023-04
Standardizing Open Source Risk - LLW - 2023-04
Shane Coughlan
 
Using OpenChain for Practical Open Source Software Supply Chain Management (O...
Using OpenChain for Practical Open Source Software Supply Chain Management (O...Using OpenChain for Practical Open Source Software Supply Chain Management (O...
Using OpenChain for Practical Open Source Software Supply Chain Management (O...
Shane Coughlan
 
IBM Connect 2013 - BP212: Apps, Apps and more Apps: Meet the Very Best Open S...
IBM Connect 2013 - BP212: Apps, Apps and more Apps: Meet the Very Best Open S...IBM Connect 2013 - BP212: Apps, Apps and more Apps: Meet the Very Best Open S...
IBM Connect 2013 - BP212: Apps, Apps and more Apps: Meet the Very Best Open S...
Niklas Heidloff
 
Mobile App Development for Startups | Phase Specific Presentation
Mobile App Development for Startups | Phase Specific PresentationMobile App Development for Startups | Phase Specific Presentation
Mobile App Development for Startups | Phase Specific Presentation
Kogi Mobile | Mobile App Development
 
Bill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGsBill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGs
SPIN Chennai
 
Melbourne materials institute miicrc rapid productisation
Melbourne materials institute miicrc rapid productisationMelbourne materials institute miicrc rapid productisation
Melbourne materials institute miicrc rapid productisation
UTSBusinessSchool
 
OpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case StudiesOpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case Studies
Shane Coughlan
 
OpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonOpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - Lyon
Shane Coughlan
 

Similar to 2023-06-corporate (20)

OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply Chain
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11
 
OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
 
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
 
OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17
 
OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07
 
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
A_Statistical_Study_and_Analysis_to_Identify_the_Importance_of_Open-source_So...
 
Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022
 
Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11
 
Standardizing Open Source Risk - LLW - 2023-04
Standardizing Open Source Risk - LLW - 2023-04Standardizing Open Source Risk - LLW - 2023-04
Standardizing Open Source Risk - LLW - 2023-04
 
Using OpenChain for Practical Open Source Software Supply Chain Management (O...
Using OpenChain for Practical Open Source Software Supply Chain Management (O...Using OpenChain for Practical Open Source Software Supply Chain Management (O...
Using OpenChain for Practical Open Source Software Supply Chain Management (O...
 
IBM Connect 2013 - BP212: Apps, Apps and more Apps: Meet the Very Best Open S...
IBM Connect 2013 - BP212: Apps, Apps and more Apps: Meet the Very Best Open S...IBM Connect 2013 - BP212: Apps, Apps and more Apps: Meet the Very Best Open S...
IBM Connect 2013 - BP212: Apps, Apps and more Apps: Meet the Very Best Open S...
 
Mobile App Development for Startups | Phase Specific Presentation
Mobile App Development for Startups | Phase Specific PresentationMobile App Development for Startups | Phase Specific Presentation
Mobile App Development for Startups | Phase Specific Presentation
 
Bill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGsBill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGs
 
Melbourne materials institute miicrc rapid productisation
Melbourne materials institute miicrc rapid productisationMelbourne materials institute miicrc rapid productisation
Melbourne materials institute miicrc rapid productisation
 
OpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case StudiesOpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case Studies
 
OpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonOpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - Lyon
 

More from Shane Coughlan

OpenChain Webinar - Open Source Due Diligence for M&A - 2024-06-17
OpenChain Webinar - Open Source Due Diligence for M&A - 2024-06-17OpenChain Webinar - Open Source Due Diligence for M&A - 2024-06-17
OpenChain Webinar - Open Source Due Diligence for M&A - 2024-06-17
Shane Coughlan
 
Korea Work Group Meeting 22 - 2024-06-20
Korea Work Group Meeting 22 - 2024-06-20Korea Work Group Meeting 22 - 2024-06-20
Korea Work Group Meeting 22 - 2024-06-20
Shane Coughlan
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
Shane Coughlan
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
Shane Coughlan
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
Shane Coughlan
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19
Shane Coughlan
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
Shane Coughlan
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
Shane Coughlan
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
Shane Coughlan
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06
Shane Coughlan
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06
Shane Coughlan
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09
Shane Coughlan
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group -  2024-01-17OpenChain Legal Work Group -  2024-01-17
OpenChain Legal Work Group - 2024-01-17
Shane Coughlan
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptx
Shane Coughlan
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
Shane Coughlan
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
Shane Coughlan
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics Slides
Shane Coughlan
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
Shane Coughlan
 
OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your Code
Shane Coughlan
 

More from Shane Coughlan (20)

OpenChain Webinar - Open Source Due Diligence for M&A - 2024-06-17
OpenChain Webinar - Open Source Due Diligence for M&A - 2024-06-17OpenChain Webinar - Open Source Due Diligence for M&A - 2024-06-17
OpenChain Webinar - Open Source Due Diligence for M&A - 2024-06-17
 
Korea Work Group Meeting 22 - 2024-06-20
Korea Work Group Meeting 22 - 2024-06-20Korea Work Group Meeting 22 - 2024-06-20
Korea Work Group Meeting 22 - 2024-06-20
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group -  2024-01-17OpenChain Legal Work Group -  2024-01-17
OpenChain Legal Work Group - 2024-01-17
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptx
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics Slides
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
 
OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your Code
 

Recently uploaded

Google ML-Kit - Understanding on-device machine learning
Google ML-Kit - Understanding on-device machine learningGoogle ML-Kit - Understanding on-device machine learning
Google ML-Kit - Understanding on-device machine learning
VishrutGoyani1
 
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
ThousandEyes
 
Artificial intelligence in customer services or chatbots
Artificial intelligence  in customer services or chatbotsArtificial intelligence  in customer services or chatbots
Artificial intelligence in customer services or chatbots
kayash1656
 
Introduction_to_Security_Assessments.ppt
Introduction_to_Security_Assessments.pptIntroduction_to_Security_Assessments.ppt
Introduction_to_Security_Assessments.ppt
sudsdeep
 
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
aslasdfmkhan4750
 
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...
Hironori Washizaki
 
Safe Work Permit Management Software for Hot Work Permits
Safe Work Permit Management Software for Hot Work PermitsSafe Work Permit Management Software for Hot Work Permits
Safe Work Permit Management Software for Hot Work Permits
sheqnetworkmarketing
 
NYGGS 360: A Complete ERP for Construction Innovation
NYGGS 360: A Complete ERP for Construction InnovationNYGGS 360: A Complete ERP for Construction Innovation
NYGGS 360: A Complete ERP for Construction Innovation
NYGGS Construction ERP Software
 
NBFC Software: Optimize Your Non-Banking Financial Company
NBFC Software: Optimize Your Non-Banking Financial CompanyNBFC Software: Optimize Your Non-Banking Financial Company
NBFC Software: Optimize Your Non-Banking Financial Company
NBFC Softwares
 
welcome to presentation on Google Apps
welcome to   presentation on Google Appswelcome to   presentation on Google Apps
welcome to presentation on Google Apps
AsifKarimJim
 
Top 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your WebsiteTop 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your Website
e-Definers Technology
 
Splunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptxSplunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptx
sudsdeep
 
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docxComprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
Aardwolf Security
 
Unleashing the Future: Building a Scalable and Up-to-Date GenAI Chatbot with ...
Unleashing the Future: Building a Scalable and Up-to-Date GenAI Chatbot with ...Unleashing the Future: Building a Scalable and Up-to-Date GenAI Chatbot with ...
Unleashing the Future: Building a Scalable and Up-to-Date GenAI Chatbot with ...
confluent
 
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdfAWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdf
karim wahed
 
當測試開始左移
當測試開始左移當測試開始左移
當測試開始左移
Jersey (CHE-PING) Su
 
ThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and DjangoThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and Django
akshesh doshi
 
ANSYS Mechanical APDL Introductory Tutorials.pdf
ANSYS Mechanical APDL Introductory Tutorials.pdfANSYS Mechanical APDL Introductory Tutorials.pdf
ANSYS Mechanical APDL Introductory Tutorials.pdf
sachin chaurasia
 
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptxWired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
SimonedeGijt
 
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
rachitkumar09887
 

Recently uploaded (20)

Google ML-Kit - Understanding on-device machine learning
Google ML-Kit - Understanding on-device machine learningGoogle ML-Kit - Understanding on-device machine learning
Google ML-Kit - Understanding on-device machine learning
 
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
 
Artificial intelligence in customer services or chatbots
Artificial intelligence  in customer services or chatbotsArtificial intelligence  in customer services or chatbots
Artificial intelligence in customer services or chatbots
 
Introduction_to_Security_Assessments.ppt
Introduction_to_Security_Assessments.pptIntroduction_to_Security_Assessments.ppt
Introduction_to_Security_Assessments.ppt
 
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
Independent Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class H...
 
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...
 
Safe Work Permit Management Software for Hot Work Permits
Safe Work Permit Management Software for Hot Work PermitsSafe Work Permit Management Software for Hot Work Permits
Safe Work Permit Management Software for Hot Work Permits
 
NYGGS 360: A Complete ERP for Construction Innovation
NYGGS 360: A Complete ERP for Construction InnovationNYGGS 360: A Complete ERP for Construction Innovation
NYGGS 360: A Complete ERP for Construction Innovation
 
NBFC Software: Optimize Your Non-Banking Financial Company
NBFC Software: Optimize Your Non-Banking Financial CompanyNBFC Software: Optimize Your Non-Banking Financial Company
NBFC Software: Optimize Your Non-Banking Financial Company
 
welcome to presentation on Google Apps
welcome to   presentation on Google Appswelcome to   presentation on Google Apps
welcome to presentation on Google Apps
 
Top 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your WebsiteTop 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your Website
 
Splunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptxSplunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptx
 
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docxComprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
 
Unleashing the Future: Building a Scalable and Up-to-Date GenAI Chatbot with ...
Unleashing the Future: Building a Scalable and Up-to-Date GenAI Chatbot with ...Unleashing the Future: Building a Scalable and Up-to-Date GenAI Chatbot with ...
Unleashing the Future: Building a Scalable and Up-to-Date GenAI Chatbot with ...
 
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdfAWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) .pdf
 
當測試開始左移
當測試開始左移當測試開始左移
當測試開始左移
 
ThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and DjangoThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and Django
 
ANSYS Mechanical APDL Introductory Tutorials.pdf
ANSYS Mechanical APDL Introductory Tutorials.pdfANSYS Mechanical APDL Introductory Tutorials.pdf
ANSYS Mechanical APDL Introductory Tutorials.pdf
 
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptxWired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
 
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
 

2023-06-corporate

  • 1. The OpenChain Project Creating And Maintaining The Standards For Open Source Licensing And Security
  • 2. Our Mental Model Of The Supply Chain
  • 4. 67.4% of managers monitor their supply chain with Excel spreadsheets https://www.zippia.com/advice/supply-chain-statistics/
  • 5. 94% of companies do not have full visibility of their supply chain https://www.zippia.com/advice/supply-chain-statistics/
  • 8. Context: This Is Important To Business 8 Open Source License Compliance and Security Assurance is a key part of supply chain management.
  • 9. We Got Together To Improve The Supply Chain 9
  • 10. (not an official VW ID.4) Our Newest Board Member: CARIAD for VW
  • 11. Members Represent Over 5.9 Trillion USD In Market Value
  • 12. Broader Community Main Work Groups: ● Specification (Spring 2016~) ● Education (Autumn 2020~) Community Work Groups: ● Tooling (Summer 2019~) ● Export Control (Winter 2022~) ● Public Policy (Winter 2022~) Special Interest Groups: ● Automotive (Summer 2019~) ● Telecom (Spring 2021~) Regional User Groups ● Japan (Dec 2017~) ● Korea (Jan 2019~) ● India (Sept 2019~) ● China (Sept 2019~) ● Taiwan (Sept 2019~) ● Germany (Jan 2020~) ● UK (June 2020~) ● USA (Dec 2020~)
  • 13. Platinum Member / Conformance Pending ISO/IEC 5230 + DIS 18974 Conformant Platinum Member + ISO/IEC 5230 Conformant Automotive Banking Cloud Consumer Industrial SaaS Service Silicon Telco Example Verticals Impacted by OpenChain This is a snapshot based on membership and select conformant organizations currently listed on our website. Total conformant numbers are far higher. Example: PwC Survey shows 20% of companies in Germany with over 2,000 employees already used ISO/IEC 5230.
  • 14. Snapshot Represents Over 7.5 Trillion USD In Market Value
  • 15. Trillions More In Market Value Touched (Lockheed co-chairs our spec development) This is a non-exhaustive list of participants on some of our community lists
  • 16. 1,000+ Companies Working On A Better Supply Chain
  • 17. Trust Built By Process Management ● OpenChain ISO/IEC 5230:2020 Since Q4 2016~ as de facto, Q4 2020~ ISO/IEC The International Standard for open source license compliance. ● OpenChain ISO/IEC DIS 18974 Since Q4 2022~ as de facto, Q3 2023 expected ISO/IEC The industry standard for open source security assurance compliance. High level process standards Simple, effective and suitable for companies of all sizes in all markets Openly developed by a vibrant user community and freely available to all 17
  • 18. The Standards Work Company By Company Result = A More Predictable Supply Chain
  • 19. 1. Self-Certification 2. Independent Assessment 3. Third-Party Certification Freedom Of Choice In Using Our Standards
  • 22. 98 Organizations With Conformant Programs On The OpenChain Website (Totals Higher) Total conformant numbers are far higher. Example: PwC Survey shows 20% of companies in Germany with over 2,000 employees already used ISO/IEC 5230.
  • 23. Recent Significant ISO/IEC 5230 Conformance
  • 24. 20% of German companies with over 2,000 employees already use OpenChain ISO/IEC 5230 https://www.pwc.de/en/digitale-transformation/pwc-bitkom-study-open-source-monitor-2021.pdf
  • 26. Momentum Is Growing Around ISO/IEC DIS 18974 ● We expect to complete the Draft International Standard (DIS) process via JTC-1 at the end of June. ● There will be an editorial period after this. ● According to Seth from Joint Development Foundation: “We will most likely end up passing with edits. We will clean up the editorial things but nothing technically normative and send it back. They will spend another month transposing the final version and give us the ISO number.”
  • 27. Conformance Continues With De-Facto Standard
  • 32. Producing New And Improved Material
  • 33. Use Of Our Reference Material By The Market 33
  • 36. Including Our Standards In Publications
  • 37. And So Much More…
  • 39. Licensing and Security Specification Editing ● We are editing the next generations of our standards, with solid feedback on issues, and changes heading in the direction of improved clarity. ● The open and closed issues are tracked via GitHub: Licensing: https://github.com/OpenChain-Project/License-Compliance-Specification/issues Security: https://github.com/OpenChain-Project/Security-Assurance-Specification/issues ● The draft next generation specifications are also hosted on GitHub: Licensing: https://github.com/OpenChain-Project/License-Compliance- Specification/blob/master/3.0/en/openchain-license-compliance-3.0.md Security: https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security- Assurance-Specification/2.0/en/openchain-security-specification-2.0.md ● As are the slides used for every meeting (two meetings per month): https://github.com/OpenChain-Project/Meeting-Minutes/tree/main/Slides
  • 40. Model Language For Procurement ● We launched a Legal Work Group on the 25th of April 2023. ● We are exploring model provisions for including OpenChain ISO/IEC 5230 and OpenChain ISO/IEC DIS 18974 in procurement contracts or similar material. The goal is to ensure people can understand options. We will not be prescriptive, and these model provisions will remain part of the OpenChain reference material. They will not be included in the standards themselves. ○ The call started by looking at model provisions done before via the Risk Grid. ○ The document, under public domain, has been moved to the OpenChain GitHub for ease of access and editing. ● Our outcome was to use this basic format to structure our first round of model provisions, and to have the option of merging the documents in the future. Learn more: https://www.openchainproject.org/news/2023/05/15/2nd-meeting-legal-wg
  • 42. OpenChain Has 11 Official Third-Party Certifiers
  • 43. OpenChain Has 27 Official Service Providers
  • 44. OpenChain Has 22 Official Legal Providers
  • 45. OpenChain Has 12 Official Tooling Vendors
  • 46. tl;dr: Big Project, Big Community. Plenty Commercial Support Too.
  • 47. Get Started With Your Adoption and Participation https://www.openchainproject.org/participate