SlideShare a Scribd company logo

OpenChain @ LF Japan Executive Briefing - May 2024

Download as PPTX, PDF
Shane Coughlan
Shane Coughlan

OpenChain @ LF Japan Executive Briefing

1 of 41
Beyond ISO 5230 and ISO 18974 - Case Studies, AI Compliance and More
LF Management & Best Practices Portal
Stacking Standards + Solutions Process Management Standards Implementation Standards Implementation Methods
ISO/IEC 5230:2020 Open Source License Compliance
ISO/IEC 18974:2023 Open Source Security Assurance
Sister Standards - Processes for Programs ISO/IEC 5230 (License Compliance) ● Scopable program size ● Addresses inbound processes ● Addresses internal policy, training, process ● Addresses outbound processes ● Focus on process point ● Avoids prescriptive process content ISO/IEC 18974 (Security Assurance) ● Scopable program size ● Addresses inbound processes ● Addresses internal policy, training, process ● Addresses outbound processes ● Focus on process point ● Avoids prescriptive process content
One utility of ISO standards is that they act as reputable shorthand in discussions, negotiations and contracts, allowing everything from “document format” to “quality program” to be communicated easily. The OpenChain standards are an international baseline for quality in open source license open source license compliance or security assurance programs.
A Continual Heartbeat Of Adoption A Strong History Of Crossing Markets ● BlackRock, Circle and KakaoBank are three examples of crossing into finance. ● A Fellow from Lockheed Martin chairs our Specification Work Group. ● From SoC to embedded to enterprise to automotive to aviation, OpenChain standards are built, used and supported.
31% of large German companies already use or plan to adopt OpenChain ISO/IEC 5230 Source PwC: https://tinyurl.com/openchain-germany-31 Data Point
A Continual Heartbeat Of Use Companies announcing re-certification helps to boost perception of continued industry value. ● BlackBerry - public announcement in April ● SocioNext - public announcement in May (today) ● Nanjing Fujitsu Nanda Software Technology Co., Ltd informed us of their re-certification in February. ● Reminder: ISO standards can be adopted and used by any party, so we only get informed and do PR on a discretionary basis.
Market Evolution
Procurement Negotiations ISO/IEC 5230 and ISO/IEC 18974 provide a simple “ask” in procurement negotiations across all industry verticals. In the 2024/2025 period we expect: ● Increased use of industry standards instead of bespoke approaches for open source procurement ● More extensive use of OpenChain standards in procurement
Mergers and Acquisitions ISO/IEC 5230 and ISO/IEC 18974 provide a “floor” for understanding the governance approach of an M&A target with regards to open source. In the 2024/2025 period we expect: ● More legal professionals using OpenChain standards for M&A ● More documentation or case studies around the use of OpenChain standards in this area
Supply Chain Management ISO/IEC 5230 and ISO/IEC 18974 make it easy for customer companies to describe open source license compliance and security assurance. In the 2024/2025 period we expect: ● Increased supply chain requests for OpenChain conformant programs ● Emergance of open source maturity models favoring OpenChain standards ● More government policies referencing OpenChain standards
Government Policy
Addressing NIST / CISA / Executive Order ● OpenChain has always been prepared for the use of SBOMs as a market requirement. ● OpenChain ISO/IEC 5230 and ISO/IEC 18974 ask companies to have SBOMs related to open source license compliance and security assurance.
Addressing the CRA ● OpenChain has always been prepared for the type of record-keeping that Cyber Resiliency Act (CRA) raises as a market requirement. ● OpenChain ISO/IEC 5230 and ISO/IEC 18974 ask companies to create and archive verification materials related to open source license compliance and security assurance.
Relationship With Other Standards
Working With SPDX ISO/IEC 5962 + Future SPDX ISO/IEC 5230 and ISO/IEC 18974 have always required that organizations have a bill of materials for open source software passing through conformant programs. They inherently align with SPDX ISO/IEC 5962. In the 2024/2025 period we expect: ● The release of SPDX 3.0 to provide the foundation for an updated version of SPDX ISO/IEC 5962:2021. ● The SPDX 3.0 profile approach to enhance integration with ISO/IEC 5230 and ISO/IEC 18974 for interested parties.
SPDX ISO/IEC 5962:2021 ● Able to represent SBOMs from binary images and track back to the source files and snippets. ● Specification is freely available from ISO site. ● Future updates live tracked at: https://spdx.github.io/spdx-spec More information at https://spdx.dev
SPDX 3.0 Introduces Profiles – Launched April 2024 Security information - vulnerability details related to software Build related information - provenance and reproducible builds Information about AI models - ethical, security, and model data Information about datasets - AI and other data use cases Minimal subset to support industry supply chain workflows Information about copyrights and licenses - supports compliance Information specific to software Information used across all profiles
In the Automotive Industry, License Compliance verification can accomplished using SPDX Lite in spreadsheets. This can help support: ● Small software developers ● Legal teams ● Editors of manuals SPDX Lite helps to exchange SBOMs between full SBOM formats and the spreadsheet-centric License management world. SPDX Lite Created By OpenChain Japan Work Group
Broad Compatibility ● OpenChain standards are compatible with all other SBOM formats ● In general, OpenChain standards are designed to work with all other standards related to open source process management or solution implementation ● The goal is to be practical and useful for companies of all sizes and in all markets
Reference Materials
Existing Reference Material The OpenChain Project has extensive reference material on GitHub: ● Reference open source training slides ● Policy template material ● Supplier education material ● Self-certification checklists and questionnaires ● + many, many more documents
Case Studies
Training Courses
80+ Webinars covering all aspects of open source management and governance https://openchainproject.org/webinars Data Point
Forthcoming Reference Material The OpenChain Project is developing new reference material for 2024: ● Updated training slides ● Updated supplier education materials ● SBOM quality guide ● “Explainers” for different business roles ● Maturity models
Community and Commercial Support
Community Support Industry-Specific Work Groups ● Automotive (Summer ● Telecom (Spring 2021~) Regional User Groups ● Japan (Dec 2017~) ● Korea (Jan 2019~) ● India (Sept 2019~) ● China (Sept 2019~) ● Taiwan (Sept 2019~) ● Germany (Jan 2020~) ● UK (June 2020~) Main Work Groups ● Specification (Spring 2016~) ● Education (Autumn 2020~) Community Work Groups ● Tooling (Summer 2019~) ● Export Control (Winter 2022~) ● Public Policy (Winter 2022~) Community Study Groups ● AI (January 2024~)
Commercial Support Tooling / Automation Third-Party Certification Consultancies Legal Providers
OpenChain will support the continued evolution of professional open source management
Draft Future Versions of Licensing / Security Licensing Specification (3rd Generation Draft): https://github.com/OpenChain-Project/License-Compliance- Specification/blob/master/Official/en/3.0/openchain-license- Security Specification (2nd Generation Draft): https://github.com/OpenChain-Project/Security-Assurance- Assurance-Specification/2.0/en/openchain-security-specification-2.0.md
Track This: Our Monthly Calls Our current Specification Work Group Chair is Chris Wood, Fellow at Lockheed Martin. The Specification Work Group has: ● One call for North America / Europe per month ● One call for North America / Asia per month Everyone is welcome to join, learn and contribute
OpenChain will also support conversations around new areas of open collaboration and governance
Introducing Our AI Compliance Study Group Since January 2024 the OpenChain Project has facilitated an AI Compliance Study Group. They are focused on: ● Determining commonalities in AI Compliance in the Supply Chain ● Assessing whether these commonalities are suitable for development into reference material ● And ensuring all voices are heard
In Conclusion
What Is Coming Next For The Market? There has been a steady, inevitable trend for open source in the business domain: ● Open source is becoming more professional ● Open source is becoming more accountable ● Open source is becoming more sustainable In 2024/2025 the OpenChain Project expects this trend to bring open source closer to traditional Software Asset Management (SAM).
In the 2024/2025 Period 1. ISO/IEC 5230 and ISO/IEC 18974 will continue to assist in the professionalization of the supply chain, with specific impact in procurement, M&A and supply chain management 2. We will continue to grow our reference library of material to assist companies adopting and using our standards. 3. We will also support process management discussions in new domains like AI Compliance
Shane Coughlan scoughlan@linuxfoundation.org +81 80 4035 8083 Let’s Talk More

Recommended

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
Shane Coughlan
 
2023-06-cute
2023-06-cute2023-06-cute
2023-06-cute
Shane Coughlan
 
2023-06-corporate
2023-06-corporate2023-06-corporate
2023-06-corporate
Shane Coughlan
 
2023-06-classic
2023-06-classic2023-06-classic
2023-06-classic
Shane Coughlan
 
OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16
Shane Coughlan
 
OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15
Shane Coughlan
 
OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01
Shane Coughlan
 
OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27
Shane Coughlan
 

Recommended

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
Shane Coughlan
 
2023-06-cute
2023-06-cute2023-06-cute
2023-06-cute
Shane Coughlan
 
2023-06-corporate
2023-06-corporate2023-06-corporate
2023-06-corporate
Shane Coughlan
 
2023-06-classic
2023-06-classic2023-06-classic
2023-06-classic
Shane Coughlan
 
OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16
Shane Coughlan
 
OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15
Shane Coughlan
 
OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01
Shane Coughlan
 
OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27
Shane Coughlan
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
Shane Coughlan
 
Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022
Shane Coughlan
 
The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14
Shane Coughlan
 
OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023
Shane Coughlan
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply Chain
Shane Coughlan
 
OpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonOpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - Lyon
Shane Coughlan
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11
Shane Coughlan
 
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
Shane Coughlan
 
OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07
Shane Coughlan
 
OpenChain @ Bitkom Forum Open Source 2022
OpenChain @ Bitkom Forum Open Source 2022OpenChain @ Bitkom Forum Open Source 2022
OpenChain @ Bitkom Forum Open Source 2022
Shane Coughlan
 
OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17
Shane Coughlan
 
Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11
Shane Coughlan
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
Shane Coughlan
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
Shane Coughlan
 
Great Open Source Compliance For Everyone (Version 3)
Great Open Source Compliance For Everyone (Version 3)Great Open Source Compliance For Everyone (Version 3)
Great Open Source Compliance For Everyone (Version 3)
Shane Coughlan
 
'Using OpenChain as a framework for M&A transactions'
'Using OpenChain as a framework for M&A transactions''Using OpenChain as a framework for M&A transactions'
'Using OpenChain as a framework for M&A transactions'
Shane Coughlan
 
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...Open Source in ISO Building the First LF Standard in Fourteen Years and What ...
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...
Shane Coughlan
 
Complex Made Simple @ Bird&Birds OpenChain Seminar
Complex Made Simple @ Bird&Birds OpenChain SeminarComplex Made Simple @ Bird&Birds OpenChain Seminar
Complex Made Simple @ Bird&Birds OpenChain Seminar
Shane Coughlan
 
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
Shane Coughlan
 
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
Shane Coughlan
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
Shane Coughlan
 

More Related Content

Similar to OpenChain @ LF Japan Executive Briefing - May 2024

From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
Shane Coughlan
 
Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022
Shane Coughlan
 
The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14
Shane Coughlan
 
OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023
Shane Coughlan
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply Chain
Shane Coughlan
 
OpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonOpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - Lyon
Shane Coughlan
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11
Shane Coughlan
 
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
Shane Coughlan
 
OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07
Shane Coughlan
 
OpenChain @ Bitkom Forum Open Source 2022
OpenChain @ Bitkom Forum Open Source 2022OpenChain @ Bitkom Forum Open Source 2022
OpenChain @ Bitkom Forum Open Source 2022
Shane Coughlan
 
OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17
Shane Coughlan
 
Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11
Shane Coughlan
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
Shane Coughlan
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
Shane Coughlan
 
Great Open Source Compliance For Everyone (Version 3)
Great Open Source Compliance For Everyone (Version 3)Great Open Source Compliance For Everyone (Version 3)
Great Open Source Compliance For Everyone (Version 3)
Shane Coughlan
 
'Using OpenChain as a framework for M&A transactions'
'Using OpenChain as a framework for M&A transactions''Using OpenChain as a framework for M&A transactions'
'Using OpenChain as a framework for M&A transactions'
Shane Coughlan
 
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...Open Source in ISO Building the First LF Standard in Fourteen Years and What ...
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...
Shane Coughlan
 
Complex Made Simple @ Bird&Birds OpenChain Seminar
Complex Made Simple @ Bird&Birds OpenChain SeminarComplex Made Simple @ Bird&Birds OpenChain Seminar
Complex Made Simple @ Bird&Birds OpenChain Seminar
Shane Coughlan
 
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
Shane Coughlan
 

Similar to OpenChain @ LF Japan Executive Briefing - May 2024 (20)

From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
 
Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022Alibaba Standardization Summit 2022
Alibaba Standardization Summit 2022
 
The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14
 
OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply Chain
 
OpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonOpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - Lyon
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11
 
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
 
OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07
 
OpenChain @ Bitkom Forum Open Source 2022
OpenChain @ Bitkom Forum Open Source 2022OpenChain @ Bitkom Forum Open Source 2022
OpenChain @ Bitkom Forum Open Source 2022
 
OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17
 
Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 
Great Open Source Compliance For Everyone (Version 3)
Great Open Source Compliance For Everyone (Version 3)Great Open Source Compliance For Everyone (Version 3)
Great Open Source Compliance For Everyone (Version 3)
 
'Using OpenChain as a framework for M&A transactions'
'Using OpenChain as a framework for M&A transactions''Using OpenChain as a framework for M&A transactions'
'Using OpenChain as a framework for M&A transactions'
 
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...Open Source in ISO Building the First LF Standard in Fourteen Years and What ...
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...
 
Complex Made Simple @ Bird&Birds OpenChain Seminar
Complex Made Simple @ Bird&Birds OpenChain SeminarComplex Made Simple @ Bird&Birds OpenChain Seminar
Complex Made Simple @ Bird&Birds OpenChain Seminar
 
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
 

More from Shane Coughlan

OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
Shane Coughlan
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
Shane Coughlan
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19
Shane Coughlan
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
Shane Coughlan
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
Shane Coughlan
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
Shane Coughlan
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06
Shane Coughlan
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06
Shane Coughlan
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09
Shane Coughlan
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17
Shane Coughlan
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptx
Shane Coughlan
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
Shane Coughlan
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
Shane Coughlan
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics Slides
Shane Coughlan
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
Shane Coughlan
 
OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your Code
Shane Coughlan
 
OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29
Shane Coughlan
 
OpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCAOpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCA
Shane Coughlan
 
OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18
Shane Coughlan
 
TODO_Japan_Meetup_#7_en
TODO_Japan_Meetup_#7_enTODO_Japan_Meetup_#7_en
TODO_Japan_Meetup_#7_en
Shane Coughlan
 

More from Shane Coughlan (20)

OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptx
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics Slides
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
 
OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your Code
 
OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29
 
OpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCAOpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCA
 
OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18
 
TODO_Japan_Meetup_#7_en
TODO_Japan_Meetup_#7_enTODO_Japan_Meetup_#7_en
TODO_Japan_Meetup_#7_en
 

Recently uploaded

What is Augmented Reality Image Tracking
What is Augmented Reality Image TrackingWhat is Augmented Reality Image Tracking
What is Augmented Reality Image Tracking
pavan998932
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Crescat
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
Remote DBA Services
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Peter Muessig
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
Green Software Development
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
Google
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
Green Software Development
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
Deuglo Infosystem Pvt Ltd
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
Yara Milbes
 
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdfRevolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
Undress Baby
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
SOCRadar
 
What is Master Data Management by PiLog Group
What is Master Data Management by PiLog GroupWhat is Master Data Management by PiLog Group
What is Master Data Management by PiLog Group
aymanquadri279
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
lorraineandreiamcidl
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
timtebeek1
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
ICS
 

Recently uploaded (20)

What is Augmented Reality Image Tracking
What is Augmented Reality Image TrackingWhat is Augmented Reality Image Tracking
What is Augmented Reality Image Tracking
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
 
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdfRevolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
 
What is Master Data Management by PiLog Group
What is Master Data Management by PiLog GroupWhat is Master Data Management by PiLog Group
What is Master Data Management by PiLog Group
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
 

OpenChain @ LF Japan Executive Briefing - May 2024

  • 1. Beyond ISO 5230 and ISO 18974 - Case Studies, AI Compliance and More
  • 2. LF Management & Best Practices Portal
  • 3. Stacking Standards + Solutions Process Management Standards Implementation Standards Implementation Methods
  • 4. ISO/IEC 5230:2020 Open Source License Compliance
  • 5. ISO/IEC 18974:2023 Open Source Security Assurance
  • 6. Sister Standards - Processes for Programs ISO/IEC 5230 (License Compliance) ● Scopable program size ● Addresses inbound processes ● Addresses internal policy, training, process ● Addresses outbound processes ● Focus on process point ● Avoids prescriptive process content ISO/IEC 18974 (Security Assurance) ● Scopable program size ● Addresses inbound processes ● Addresses internal policy, training, process ● Addresses outbound processes ● Focus on process point ● Avoids prescriptive process content
  • 7. One utility of ISO standards is that they act as reputable shorthand in discussions, negotiations and contracts, allowing everything from “document format” to “quality program” to be communicated easily. The OpenChain standards are an international baseline for quality in open source license open source license compliance or security assurance programs.
  • 8. A Continual Heartbeat Of Adoption A Strong History Of Crossing Markets ● BlackRock, Circle and KakaoBank are three examples of crossing into finance. ● A Fellow from Lockheed Martin chairs our Specification Work Group. ● From SoC to embedded to enterprise to automotive to aviation, OpenChain standards are built, used and supported.
  • 9. 31% of large German companies already use or plan to adopt OpenChain ISO/IEC 5230 Source PwC: https://tinyurl.com/openchain-germany-31 Data Point
  • 10. A Continual Heartbeat Of Use Companies announcing re-certification helps to boost perception of continued industry value. ● BlackBerry - public announcement in April ● SocioNext - public announcement in May (today) ● Nanjing Fujitsu Nanda Software Technology Co., Ltd informed us of their re-certification in February. ● Reminder: ISO standards can be adopted and used by any party, so we only get informed and do PR on a discretionary basis.
  • 12. Procurement Negotiations ISO/IEC 5230 and ISO/IEC 18974 provide a simple “ask” in procurement negotiations across all industry verticals. In the 2024/2025 period we expect: ● Increased use of industry standards instead of bespoke approaches for open source procurement ● More extensive use of OpenChain standards in procurement
  • 13. Mergers and Acquisitions ISO/IEC 5230 and ISO/IEC 18974 provide a “floor” for understanding the governance approach of an M&A target with regards to open source. In the 2024/2025 period we expect: ● More legal professionals using OpenChain standards for M&A ● More documentation or case studies around the use of OpenChain standards in this area
  • 14. Supply Chain Management ISO/IEC 5230 and ISO/IEC 18974 make it easy for customer companies to describe open source license compliance and security assurance. In the 2024/2025 period we expect: ● Increased supply chain requests for OpenChain conformant programs ● Emergance of open source maturity models favoring OpenChain standards ● More government policies referencing OpenChain standards
  • 16. Addressing NIST / CISA / Executive Order ● OpenChain has always been prepared for the use of SBOMs as a market requirement. ● OpenChain ISO/IEC 5230 and ISO/IEC 18974 ask companies to have SBOMs related to open source license compliance and security assurance.
  • 17. Addressing the CRA ● OpenChain has always been prepared for the type of record-keeping that Cyber Resiliency Act (CRA) raises as a market requirement. ● OpenChain ISO/IEC 5230 and ISO/IEC 18974 ask companies to create and archive verification materials related to open source license compliance and security assurance.
  • 19. Working With SPDX ISO/IEC 5962 + Future SPDX ISO/IEC 5230 and ISO/IEC 18974 have always required that organizations have a bill of materials for open source software passing through conformant programs. They inherently align with SPDX ISO/IEC 5962. In the 2024/2025 period we expect: ● The release of SPDX 3.0 to provide the foundation for an updated version of SPDX ISO/IEC 5962:2021. ● The SPDX 3.0 profile approach to enhance integration with ISO/IEC 5230 and ISO/IEC 18974 for interested parties.
  • 20. SPDX ISO/IEC 5962:2021 ● Able to represent SBOMs from binary images and track back to the source files and snippets. ● Specification is freely available from ISO site. ● Future updates live tracked at: https://spdx.github.io/spdx-spec More information at https://spdx.dev
  • 21. SPDX 3.0 Introduces Profiles – Launched April 2024 Security information - vulnerability details related to software Build related information - provenance and reproducible builds Information about AI models - ethical, security, and model data Information about datasets - AI and other data use cases Minimal subset to support industry supply chain workflows Information about copyrights and licenses - supports compliance Information specific to software Information used across all profiles
  • 22. In the Automotive Industry, License Compliance verification can accomplished using SPDX Lite in spreadsheets. This can help support: ● Small software developers ● Legal teams ● Editors of manuals SPDX Lite helps to exchange SBOMs between full SBOM formats and the spreadsheet-centric License management world. SPDX Lite Created By OpenChain Japan Work Group
  • 23. Broad Compatibility ● OpenChain standards are compatible with all other SBOM formats ● In general, OpenChain standards are designed to work with all other standards related to open source process management or solution implementation ● The goal is to be practical and useful for companies of all sizes and in all markets
  • 25. Existing Reference Material The OpenChain Project has extensive reference material on GitHub: ● Reference open source training slides ● Policy template material ● Supplier education material ● Self-certification checklists and questionnaires ● + many, many more documents
  • 28. 80+ Webinars covering all aspects of open source management and governance https://openchainproject.org/webinars Data Point
  • 29. Forthcoming Reference Material The OpenChain Project is developing new reference material for 2024: ● Updated training slides ● Updated supplier education materials ● SBOM quality guide ● “Explainers” for different business roles ● Maturity models
  • 31. Community Support Industry-Specific Work Groups ● Automotive (Summer ● Telecom (Spring 2021~) Regional User Groups ● Japan (Dec 2017~) ● Korea (Jan 2019~) ● India (Sept 2019~) ● China (Sept 2019~) ● Taiwan (Sept 2019~) ● Germany (Jan 2020~) ● UK (June 2020~) Main Work Groups ● Specification (Spring 2016~) ● Education (Autumn 2020~) Community Work Groups ● Tooling (Summer 2019~) ● Export Control (Winter 2022~) ● Public Policy (Winter 2022~) Community Study Groups ● AI (January 2024~)
  • 32. Commercial Support Tooling / Automation Third-Party Certification Consultancies Legal Providers
  • 33. OpenChain will support the continued evolution of professional open source management
  • 34. Draft Future Versions of Licensing / Security Licensing Specification (3rd Generation Draft): https://github.com/OpenChain-Project/License-Compliance- Specification/blob/master/Official/en/3.0/openchain-license- Security Specification (2nd Generation Draft): https://github.com/OpenChain-Project/Security-Assurance- Assurance-Specification/2.0/en/openchain-security-specification-2.0.md
  • 35. Track This: Our Monthly Calls Our current Specification Work Group Chair is Chris Wood, Fellow at Lockheed Martin. The Specification Work Group has: ● One call for North America / Europe per month ● One call for North America / Asia per month Everyone is welcome to join, learn and contribute
  • 36. OpenChain will also support conversations around new areas of open collaboration and governance
  • 37. Introducing Our AI Compliance Study Group Since January 2024 the OpenChain Project has facilitated an AI Compliance Study Group. They are focused on: ● Determining commonalities in AI Compliance in the Supply Chain ● Assessing whether these commonalities are suitable for development into reference material ● And ensuring all voices are heard
  • 39. What Is Coming Next For The Market? There has been a steady, inevitable trend for open source in the business domain: ● Open source is becoming more professional ● Open source is becoming more accountable ● Open source is becoming more sustainable In 2024/2025 the OpenChain Project expects this trend to bring open source closer to traditional Software Asset Management (SAM).
  • 40. In the 2024/2025 Period 1. ISO/IEC 5230 and ISO/IEC 18974 will continue to assist in the professionalization of the supply chain, with specific impact in procurement, M&A and supply chain management 2. We will continue to grow our reference library of material to assist companies adopting and using our standards. 3. We will also support process management discussions in new domains like AI Compliance