The OpenChain Project aims to create and maintain standards for open source licensing and security. It has over 1,000 company members representing trillions in market value. The project develops specifications like ISO 5230 for open source license compliance and a new DIS 18974 for security assurance. It provides free materials to help companies self-certify their supply chain processes and offers third-party certification. The project is expanding its standards, outreach, and community participation to build a more transparent and secure software supply chain.
The document summarizes the OpenChain Project, which creates and maintains standards for open source licensing and security. It discusses the project's goals of improving supply chain visibility and management through standards like ISO 5230 for licensing and the forthcoming ISO 18974 for security. It provides an overview of the project's community and commercial support network, which includes hundreds of companies, certifiers, service providers, and tooling vendors working to establish best practices for open source compliance.
This document provides an overview of the OpenChain Project, which establishes standards for open source licensing and security. It discusses the OpenChain standards for license compliance (ISO/IEC 5230) and security assurance (ISO/IEC DIS 18974). It highlights that over 1,000 companies are working to improve supply chain management through OpenChain. It also summarizes news and developments around OpenChain standards adoption and certification.
OpenChain Germany Work Group Meeting 2022-11-16Shane Coughlan
The document summarizes the agenda for an OpenChain Germany Work Group meeting on 2022-11-16. It includes sections on anti-trust policy, introductions, specification news including an upcoming chair rotation, SBOM news from SPDX, OSPO news from TODO, security news from OpenSSF, automation news including the Capability Map and OpenAPI spec, and plans to work on OpenChain standards and reference materials. Attendees are reminded to adhere to anti-trust guidelines and the meeting will involve updates and planning work related to various OpenChain subprojects and standards.
The OpenChain Monthly Meeting covered the following topics:
1) An anti-trust notice was provided reminding attendees that Linux Foundation meetings must comply with competition laws.
2) Two new OpenChain Specification Chairs are being selected to replace the founding chair and split responsibilities between the license compliance and security assurance specifications.
3) Editing cycles are beginning for updating the OpenChain license compliance and security assurance specifications, with expected ISO updates in 2024.
The OpenChain monthly meeting covered the following topics:
1) An anti-trust policy notice was provided to remind attendees about complying with antitrust laws during the meeting.
2) The specification chair rotation was underway, with two new chairs being selected to replace the founding chair. Nominations were being accepted.
3) Editing cycles for updating the OpenChain license compliance specification and security assurance specification began. Issues could be submitted on GitHub for consideration.
4) Various project updates were provided, including on SPDX, OSPO metrics, security tools, and automation capabilities. Work also began on standard materials like the path to conformance and FAQ documents.
This document summarizes the OpenChain Japan Work Group Meeting #27. It welcomed new members and thanked hosts. OpenChain membership represents over $5.9 trillion in market value and its standards help various industries like automotive, banking, and cloud computing. Key updates included progress on ISO/IEC 5230 and DIS 18974 standards, and 98 organizations achieving ISO/IEC 5230 conformance. Work continued on improving OpenChain specifications and activities like webinars. A legal work group was formed to develop model procurement language incorporating OpenChain standards.
The OpenChain Project aims to create and maintain standards for open source licensing and security. It has over 1,000 company members representing trillions in market value. The project develops specifications like ISO 5230 for open source license compliance and a new DIS 18974 for security assurance. It provides free materials to help companies self-certify their supply chain processes and offers third-party certification. The project is expanding its standards, outreach, and community participation to build a more transparent and secure software supply chain.
The document summarizes the OpenChain Project, which creates and maintains standards for open source licensing and security. It discusses the project's goals of improving supply chain visibility and management through standards like ISO 5230 for licensing and the forthcoming ISO 18974 for security. It provides an overview of the project's community and commercial support network, which includes hundreds of companies, certifiers, service providers, and tooling vendors working to establish best practices for open source compliance.
This document provides an overview of the OpenChain Project, which establishes standards for open source licensing and security. It discusses the OpenChain standards for license compliance (ISO/IEC 5230) and security assurance (ISO/IEC DIS 18974). It highlights that over 1,000 companies are working to improve supply chain management through OpenChain. It also summarizes news and developments around OpenChain standards adoption and certification.
OpenChain Germany Work Group Meeting 2022-11-16Shane Coughlan
The document summarizes the agenda for an OpenChain Germany Work Group meeting on 2022-11-16. It includes sections on anti-trust policy, introductions, specification news including an upcoming chair rotation, SBOM news from SPDX, OSPO news from TODO, security news from OpenSSF, automation news including the Capability Map and OpenAPI spec, and plans to work on OpenChain standards and reference materials. Attendees are reminded to adhere to anti-trust guidelines and the meeting will involve updates and planning work related to various OpenChain subprojects and standards.
The OpenChain Monthly Meeting covered the following topics:
1) An anti-trust notice was provided reminding attendees that Linux Foundation meetings must comply with competition laws.
2) Two new OpenChain Specification Chairs are being selected to replace the founding chair and split responsibilities between the license compliance and security assurance specifications.
3) Editing cycles are beginning for updating the OpenChain license compliance and security assurance specifications, with expected ISO updates in 2024.
The OpenChain monthly meeting covered the following topics:
1) An anti-trust policy notice was provided to remind attendees about complying with antitrust laws during the meeting.
2) The specification chair rotation was underway, with two new chairs being selected to replace the founding chair. Nominations were being accepted.
3) Editing cycles for updating the OpenChain license compliance specification and security assurance specification began. Issues could be submitted on GitHub for consideration.
4) Various project updates were provided, including on SPDX, OSPO metrics, security tools, and automation capabilities. Work also began on standard materials like the path to conformance and FAQ documents.
This document summarizes the OpenChain Japan Work Group Meeting #27. It welcomed new members and thanked hosts. OpenChain membership represents over $5.9 trillion in market value and its standards help various industries like automotive, banking, and cloud computing. Key updates included progress on ISO/IEC 5230 and DIS 18974 standards, and 98 organizations achieving ISO/IEC 5230 conformance. Work continued on improving OpenChain specifications and activities like webinars. A legal work group was formed to develop model procurement language incorporating OpenChain standards.
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxShane Coughlan
The OpenChain Project started in 2016 to create a standard for open source license compliance that would reduce legal risk for companies. The standard was published in 2016 and became an official International Standard (ISO/IEC 5230) in 2020. In 2021, OpenChain began work on additional standards for using their processes in security and other areas beyond procurement. They quickly developed a new standard, ISO/IEC 18974, for open source security processes that was approved in early 2022. The transformation of OpenChain from a single licensing standard to a broader "family" of standards around open source processes is now complete.
OpenChain is a Linux Foundation project that started in 2016 to promote open source license compliance and has since expanded to also address security compliance. It has a global governing board and working groups that have developed standards like ISO/IEC 5230:2020 for open source compliance and a Security Assurance Specification. OpenChain aims to continue building adoption of these standards, convert more guidance into ISO standards, and support the open source community with reference materials and translations.
The State of Open Source for Software Alliance Germany 2023-04-14Shane Coughlan
This document discusses the increasing complexity of open source software use in corporate environments due to new rules and guidelines around software bills of materials and supply chain security. It notes that while open source is important for businesses, many companies have limited visibility into their software supply chains due to relying on spreadsheets rather than proper processes. Standards like OpenChain and upcoming ISO standards aim to provide best practices for open source license compliance and security assurance. Widespread adoption of these standards could help create a more predictable and secure software supply chain. The document outlines support and resources for organizations looking to implement these standards.
This document contains an agenda for The OpenChain Project Mini-Summit taking place on May 9, 2023 from 14:30-17:00 PDT. The agenda includes introductions on OpenChain license compliance and security assurance standards in 2023, two keynote speeches on SBOMs and open source automation tooling, and three roundtable discussion sessions on process standards, SBOMs, and automation. There will also be two breaks included in the schedule. The summit aims to provide an update on OpenChain initiatives and standards while facilitating discussion on related topics within the open source community.
Free and Open Source Software - Challenges for the Automotive Supply ChainShane Coughlan
The document discusses challenges that the automotive supply chain faces with open source software and how the OpenChain project provides solutions. OpenChain defines requirements for quality open source compliance programs and allows companies to self-certify or obtain third-party certification that they meet the requirements. This helps companies address licensing issues and predictably manage open source code in business-to-business contexts.
OpenChain Automotive Work Group Meeting #2 - LyonShane Coughlan
This document summarizes the 2nd face-to-face meeting of the OpenChain Automotive Working Group held on October 29th, 2019 in Lyon. The meeting agenda included an introduction to the OpenChain project, a proposal to form an OpenChain Automotive Working Group, and presentations from various automotive companies on best practices for open source license compliance. The goal of the working group is to share information, establish best practices as an eventual industry standard, and raise awareness of open source license management in the automotive sector.
OpenChain Japan Work Group Meeting #28 - 2023-07-11Shane Coughlan
The OpenChain Industry Survey 2023 had a low response rate of only 18 companies. This was partly due to political issues in how countries were listed and a short two month timeframe. Insights from the survey found that European and North American companies engaged more, over half of companies have over 5,000 software staff, and most see open source as important to their business. The survey also showed growing adoption of OpenChain standards for compliance and security. Deloitte has now become an official partner to help with future surveys.
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)Shane Coughlan
The document summarizes the agenda and discussions from an OpenChain monthly meeting on February 21, 2023. Key discussion points included:
- Reminders about anti-trust policies for the meeting.
- Updates on adoption of OpenChain specifications, security assurance certification programs, and free online training courses.
- Discussion of definitions in the specifications to harmonize licensing and security definitions.
- Proposed changes to the security assurance specification in response to issues raised on GitHub, including adding definitions for "remediate" and "mitigate", adding requirements under the "Competence" category, and including references to relevant ISO standards.
OpenChain Monthly Meeting North America - Europe - 2023-02-07Shane Coughlan
The OpenChain monthly meeting covered several topics:
1. An anti-trust policy notice reminding attendees to adhere to agendas and not participate in prohibited antitrust activities.
2. Specification news including recent adoption of security assurance specifications, a new third-party certifier, and updates to free online training courses.
3. Work on standards and core materials including proposed changes to open source definitions and discussions of issues raised on GitHub regarding adding new definitions, requirements, and references to ISO standards within the Security Assurance Specification.
The document discusses issues with current supply chain management practices and visibility. It notes that most companies still rely on spreadsheets to manage supply chains and have limited visibility. It then introduces some open source standards and specifications like OpenChain, SPDX, and the OpenChain Security Assurance Specification that can help address these issues by providing standardized processes for areas like license compliance, security assurance and software bills of materials. It encourages adopting these standards and participating in related communities and events to help improve supply chain management.
The summary of the OpenChain Monthly Meeting document is:
1. The meeting covered announcements regarding increased support for the OpenChain Security Assurance Specification from certification organizations globally, as well as the first organization achieving conformance with the spec.
2. Updates were provided on SPDX Python tools and an upcoming OSPOlogy event.
3. The OpenChain Automation work group discussed publishing the Capability Map in different formats and a new open source compliance database project.
4. Discussions were held on potential improvements to the License Compliance and Security Assurance specifications.
5. The Education work group outlined priorities like a document on focus areas and continuing work on revamping the website.
Great Open Source Compliance For Everyone - Version 11Shane Coughlan
Great Open Source Compliance For Everyone - Version 11
These are the introduction slides for the OpenChain Project containing extensive speaker notes. They are intended both to provide context for the OpenChain industry standard and to enable anyone to help share the purpose, value and outcomes of the project and community.
The OpenChain Project aims to improve open source license compliance and security assurance through international standards. Over 1,000 companies collaborate through OpenChain to develop standards like ISO/IEC 5230 for license compliance and ISO/IEC 18974 for security assurance. Adoption of the standards is growing, with a 12% decrease in license issues and 31% of large German companies planning to adopt ISO/IEC 5230. OpenChain is working to develop new specifications and its global impact and member organizations are increasing.
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingShane Coughlan
The document summarizes a meeting of the OpenChain AI Study Group that recapped a previous workshop on AI compliance in the supply chain. It discusses identifying commonalities between AI compliance and the ISO 5230 standard on software supply chain security. It provides examples of reviewing and redlining the ISO 5230 standard and a related thinking document. The document also suggests starting a review of the ISO 42001 standard on AI management systems while noting it is not freely available. It asks if there is any other business and concludes by thanking and saying goodbye to attendees.
Great Open Source Compliance For Everyone (Version 3)Shane Coughlan
Great Open Source Compliance For Everyone (Version 3) is a slide deck designed to provide an overview of the OpenChain Project. Our goal is to encourage the adoption of the key requirements for a quality open source compliance program.
'Using OpenChain as a framework for M&A transactions'Shane Coughlan
This document discusses aligning M&A transaction documents with the OpenChain specification to reduce friction during due diligence and acquisition. It outlines how requirements from the OpenChain specification could be mapped to due diligence questionnaires and share/asset purchase agreement warranties. This would help buyers obtain a true picture of open source use and compliance at a target company.
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...Shane Coughlan
This talk explored the process of building and deploying the first Linux Foundation ISO standard in fourteen years, highlighting both what has changed since we deployed Linux Standard Base, and why formal standardization is a topic that will increasingly be on your radar. The discussion will be primarily focused on OpenChain, the industry standard for open source compliance, and how collaboration with the Joint Development Foundation allowed a transformation from de facto into formal standard in a timescale that suits open source development. The lessons learned are applicable to any projects building out specifications or code that seek worldwide, sustainable adoption across multiple industries, and the presentation will include an explanation of how Linux Foundation and Joint Development Foundation are ready to support that process today.
Complex Made Simple @ Bird&Birds OpenChain SeminarShane Coughlan
This document discusses the OpenChain Project which aims to create a simple, effective industry standard for open source license compliance for organizations of all sizes. It establishes trust in multi-entity compliance through shared rules and results. The project defines best practices for compliance processes like policy, training, and tooling. It also outlines the project's status including meetings held in various regions to promote OpenChain and working groups on automotive and reference tooling. The goal is to raise awareness and simplify open source compliance.
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17Shane Coughlan
This document summarizes an overview presentation by Seth Newberry of the Joint Development Foundation (JDF) about submitting open standards specifications to ISO/IEC through JDF. It discusses JDF providing a standardized process for developing open specifications to streamline the process. The presentation notes OpenChain has submitted its specification to ISO, which is currently in review, and SPDX will soon be submitted. JDF aims to help other open projects develop and submit specifications through their standardized process.
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
The document summarizes the agenda for an Education Work Group call on April 10, 2024. It includes notices about antitrust policies for Linux Foundation meetings and a reminder that activities must comply with applicable competition laws. The document also thanks Nathan and contributors for their work, introduces a new boss, and outlines plans for 2024-2025, which involve continuing work on training slides, reviewing an education leaflet, proposing OpenChain UK education videos, releasing an official SBOM quality reference guide from the Telco Work Group, and creating short explainers to introduce OpenChain within organizations.
More Related Content
Similar to OpenChain @ LF Japan Executive Briefing - May 2024
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxShane Coughlan
The OpenChain Project started in 2016 to create a standard for open source license compliance that would reduce legal risk for companies. The standard was published in 2016 and became an official International Standard (ISO/IEC 5230) in 2020. In 2021, OpenChain began work on additional standards for using their processes in security and other areas beyond procurement. They quickly developed a new standard, ISO/IEC 18974, for open source security processes that was approved in early 2022. The transformation of OpenChain from a single licensing standard to a broader "family" of standards around open source processes is now complete.
OpenChain is a Linux Foundation project that started in 2016 to promote open source license compliance and has since expanded to also address security compliance. It has a global governing board and working groups that have developed standards like ISO/IEC 5230:2020 for open source compliance and a Security Assurance Specification. OpenChain aims to continue building adoption of these standards, convert more guidance into ISO standards, and support the open source community with reference materials and translations.
The State of Open Source for Software Alliance Germany 2023-04-14Shane Coughlan
This document discusses the increasing complexity of open source software use in corporate environments due to new rules and guidelines around software bills of materials and supply chain security. It notes that while open source is important for businesses, many companies have limited visibility into their software supply chains due to relying on spreadsheets rather than proper processes. Standards like OpenChain and upcoming ISO standards aim to provide best practices for open source license compliance and security assurance. Widespread adoption of these standards could help create a more predictable and secure software supply chain. The document outlines support and resources for organizations looking to implement these standards.
This document contains an agenda for The OpenChain Project Mini-Summit taking place on May 9, 2023 from 14:30-17:00 PDT. The agenda includes introductions on OpenChain license compliance and security assurance standards in 2023, two keynote speeches on SBOMs and open source automation tooling, and three roundtable discussion sessions on process standards, SBOMs, and automation. There will also be two breaks included in the schedule. The summit aims to provide an update on OpenChain initiatives and standards while facilitating discussion on related topics within the open source community.
Free and Open Source Software - Challenges for the Automotive Supply ChainShane Coughlan
The document discusses challenges that the automotive supply chain faces with open source software and how the OpenChain project provides solutions. OpenChain defines requirements for quality open source compliance programs and allows companies to self-certify or obtain third-party certification that they meet the requirements. This helps companies address licensing issues and predictably manage open source code in business-to-business contexts.
OpenChain Automotive Work Group Meeting #2 - LyonShane Coughlan
This document summarizes the 2nd face-to-face meeting of the OpenChain Automotive Working Group held on October 29th, 2019 in Lyon. The meeting agenda included an introduction to the OpenChain project, a proposal to form an OpenChain Automotive Working Group, and presentations from various automotive companies on best practices for open source license compliance. The goal of the working group is to share information, establish best practices as an eventual industry standard, and raise awareness of open source license management in the automotive sector.
OpenChain Japan Work Group Meeting #28 - 2023-07-11Shane Coughlan
The OpenChain Industry Survey 2023 had a low response rate of only 18 companies. This was partly due to political issues in how countries were listed and a short two month timeframe. Insights from the survey found that European and North American companies engaged more, over half of companies have over 5,000 software staff, and most see open source as important to their business. The survey also showed growing adoption of OpenChain standards for compliance and security. Deloitte has now become an official partner to help with future surveys.
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)Shane Coughlan
The document summarizes the agenda and discussions from an OpenChain monthly meeting on February 21, 2023. Key discussion points included:
- Reminders about anti-trust policies for the meeting.
- Updates on adoption of OpenChain specifications, security assurance certification programs, and free online training courses.
- Discussion of definitions in the specifications to harmonize licensing and security definitions.
- Proposed changes to the security assurance specification in response to issues raised on GitHub, including adding definitions for "remediate" and "mitigate", adding requirements under the "Competence" category, and including references to relevant ISO standards.
OpenChain Monthly Meeting North America - Europe - 2023-02-07Shane Coughlan
The OpenChain monthly meeting covered several topics:
1. An anti-trust policy notice reminding attendees to adhere to agendas and not participate in prohibited antitrust activities.
2. Specification news including recent adoption of security assurance specifications, a new third-party certifier, and updates to free online training courses.
3. Work on standards and core materials including proposed changes to open source definitions and discussions of issues raised on GitHub regarding adding new definitions, requirements, and references to ISO standards within the Security Assurance Specification.
The document discusses issues with current supply chain management practices and visibility. It notes that most companies still rely on spreadsheets to manage supply chains and have limited visibility. It then introduces some open source standards and specifications like OpenChain, SPDX, and the OpenChain Security Assurance Specification that can help address these issues by providing standardized processes for areas like license compliance, security assurance and software bills of materials. It encourages adopting these standards and participating in related communities and events to help improve supply chain management.
The summary of the OpenChain Monthly Meeting document is:
1. The meeting covered announcements regarding increased support for the OpenChain Security Assurance Specification from certification organizations globally, as well as the first organization achieving conformance with the spec.
2. Updates were provided on SPDX Python tools and an upcoming OSPOlogy event.
3. The OpenChain Automation work group discussed publishing the Capability Map in different formats and a new open source compliance database project.
4. Discussions were held on potential improvements to the License Compliance and Security Assurance specifications.
5. The Education work group outlined priorities like a document on focus areas and continuing work on revamping the website.
Great Open Source Compliance For Everyone - Version 11Shane Coughlan
Great Open Source Compliance For Everyone - Version 11
These are the introduction slides for the OpenChain Project containing extensive speaker notes. They are intended both to provide context for the OpenChain industry standard and to enable anyone to help share the purpose, value and outcomes of the project and community.
The OpenChain Project aims to improve open source license compliance and security assurance through international standards. Over 1,000 companies collaborate through OpenChain to develop standards like ISO/IEC 5230 for license compliance and ISO/IEC 18974 for security assurance. Adoption of the standards is growing, with a 12% decrease in license issues and 31% of large German companies planning to adopt ISO/IEC 5230. OpenChain is working to develop new specifications and its global impact and member organizations are increasing.
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingShane Coughlan
The document summarizes a meeting of the OpenChain AI Study Group that recapped a previous workshop on AI compliance in the supply chain. It discusses identifying commonalities between AI compliance and the ISO 5230 standard on software supply chain security. It provides examples of reviewing and redlining the ISO 5230 standard and a related thinking document. The document also suggests starting a review of the ISO 42001 standard on AI management systems while noting it is not freely available. It asks if there is any other business and concludes by thanking and saying goodbye to attendees.
Great Open Source Compliance For Everyone (Version 3)Shane Coughlan
Great Open Source Compliance For Everyone (Version 3) is a slide deck designed to provide an overview of the OpenChain Project. Our goal is to encourage the adoption of the key requirements for a quality open source compliance program.
'Using OpenChain as a framework for M&A transactions'Shane Coughlan
This document discusses aligning M&A transaction documents with the OpenChain specification to reduce friction during due diligence and acquisition. It outlines how requirements from the OpenChain specification could be mapped to due diligence questionnaires and share/asset purchase agreement warranties. This would help buyers obtain a true picture of open source use and compliance at a target company.
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...Shane Coughlan
This talk explored the process of building and deploying the first Linux Foundation ISO standard in fourteen years, highlighting both what has changed since we deployed Linux Standard Base, and why formal standardization is a topic that will increasingly be on your radar. The discussion will be primarily focused on OpenChain, the industry standard for open source compliance, and how collaboration with the Joint Development Foundation allowed a transformation from de facto into formal standard in a timescale that suits open source development. The lessons learned are applicable to any projects building out specifications or code that seek worldwide, sustainable adoption across multiple industries, and the presentation will include an explanation of how Linux Foundation and Joint Development Foundation are ready to support that process today.
Complex Made Simple @ Bird&Birds OpenChain SeminarShane Coughlan
This document discusses the OpenChain Project which aims to create a simple, effective industry standard for open source license compliance for organizations of all sizes. It establishes trust in multi-entity compliance through shared rules and results. The project defines best practices for compliance processes like policy, training, and tooling. It also outlines the project's status including meetings held in various regions to promote OpenChain and working groups on automotive and reference tooling. The goal is to raise awareness and simplify open source compliance.
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17Shane Coughlan
This document summarizes an overview presentation by Seth Newberry of the Joint Development Foundation (JDF) about submitting open standards specifications to ISO/IEC through JDF. It discusses JDF providing a standardized process for developing open specifications to streamline the process. The presentation notes OpenChain has submitted its specification to ISO, which is currently in review, and SPDX will soon be submitted. JDF aims to help other open projects develop and submit specifications through their standardized process.
Similar to OpenChain @ LF Japan Executive Briefing - May 2024 (20)
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
The document summarizes the agenda for an Education Work Group call on April 10, 2024. It includes notices about antitrust policies for Linux Foundation meetings and a reminder that activities must comply with applicable competition laws. The document also thanks Nathan and contributors for their work, introduces a new boss, and outlines plans for 2024-2025, which involve continuing work on training slides, reviewing an education leaflet, proposing OpenChain UK education videos, releasing an official SBOM quality reference guide from the Telco Work Group, and creating short explainers to introduce OpenChain within organizations.
OpenChain Monthly Meeting North America and Asia - 2024-03-19Shane Coughlan
The document summarizes the agenda for an OpenChain Monthly North America / Europe Meeting on 2024-03-19. It includes:
1) A notice about complying with antitrust laws and avoiding prohibited discussions.
2) The regular agenda covers sharing news, working on standards and core materials, reference materials, and other business.
3) News items include webinars on GitHub Copilot and export controls, and an OpenChain AI study group call.
4) Work includes discussing issues on the license compliance specification and a security assurance specification on GitHub.
5) Reference and support work involves the OpenChain education study group and supplier education leaflet.
The document discusses antitrust policies for Linux Foundation meetings. It states that Linux Foundation meetings involve competitors and all activities must be in accordance with antitrust laws. Attendees should adhere to meeting agendas and not participate in prohibited activities under antitrust laws. Examples of prohibited actions are described in the Linux Foundation Antitrust Policy available online. Attendees with questions should contact their legal counsel or the Linux Foundation's legal counsel.
openEuler Community Overview - a presentation showing the current scaleShane Coughlan
OpenEuler is an open source operating system that has seen exponential growth, with over 1.3 million global downloads, 900+ enterprise members, and 14,000+ contributors. It aims to be the number 1 server OS by 2023, with 50%+ estimated market share, by providing a versatile and intelligent OS for all scenarios from server to cloud to edge to embedded devices. OpenEuler also has a thriving ecosystem of over 400 innovation projects and many enterprise and community distributions to satisfy diverse industry requirements.
OpenChain AI Study Group - North America and Europe - 2024-02-20Shane Coughlan
The document summarizes the agenda and discussion from an OpenChain AI study group meeting on building trust in the open source AI supply chain. The group discussed defining compliance artifacts and how they can be trusted throughout the supply chain. They also considered what constitutes a high-risk artifact and whether compliance should be based on risk type. Additionally, the group discussed achieving transparency in AI systems as models move towards more closed structures, and how to meet the study group's goals of establishing industry agreements on AI management principles.
AI Study Group North America - Europe 2024-02-06Shane Coughlan
The document summarizes discussions from an OpenChain AI Study Group meeting on anti-trust policy and building trust in the open source AI supply chain. It recaps previous discussions, defines the scope as establishing how to ensure "compliance artifacts" like data cards and model cards can be trusted throughout the supply chain. It also lists AI regulatory frameworks and discusses using cases like delivering pre-trained models or datasets. The appendix section asks for any other business and recaps goals of establishing industry agreements on AI management and developing principles for transparency and bias.
OpenChain Monthly North America / Europe Call - 2024-02-06Shane Coughlan
The OpenChain monthly meeting covered the following topics:
1) An announcement about upcoming OpenChain elections for working group chair positions and the process for nominations and voting.
2) An update on recent and upcoming calls for the AI Study Group exploring how to build trust in the open source AI supply chain.
3) A discussion of open issues for the ISO security and licensing standards being developed by OpenChain.
4) An early proposal to develop an OpenChain contribution process specification and a link to the draft document and issues.
5) An update that the OpenChain reference training slides are being finalized this week.
6) A summary of a recent Legal Work Group meeting on maturity models
OpenChain Export Control Work Group 2024-01-09Shane Coughlan
This document summarizes an OpenChain Export Control meeting that will take place on January 9, 2023. It includes an anti-trust policy notice reminding participants that Linux Foundation meetings must comply with antitrust laws. The agenda has two items: discussing how the SPDX project's proposed operations profile and export control schema can help with export control work, and reviewing the status of a stalled crypto law survey book to decide how to move it forward.
The document summarizes a meeting of the OpenChain Legal Work Group that discussed maturity models for assessing competence in open source management. It includes:
- An overview of the meeting agenda which focused on a presentation by Andrew Katz of Orcro about their open source maturity model based on ISO/IEC 5230:2020.
- A high-level explanation of capability maturity models and OpenChain's potential as a framework for defining requirements and mapping them to maturity levels for different business functions.
- An example assessment of the maturity of an organization's people, processes, information, and systems for generating software bill of materials, mapping it to relevant ISO requirements.
The document summarizes an agenda for an OpenChain AI Study Group meeting. It begins with a notice about complying with antitrust laws during Linux Foundation meetings. The agenda then lists the meeting setup and format as the first item, followed by a discussion of goals for the study group around establishing industry agreements on AI management, developing AI principles for supply chain trust, and discussing AI ethics. It poses achieving the goals through weekly meetings and commitment to progress. It concludes by opening the floor for any other business.
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...Shane Coughlan
The document summarizes Aliens4friends, an Eclipse project that provides tooling for open source license compliance in the Oniro operating system. It discusses key principles of automating compliance work while enabling sustainable human review through reuse. The toolchain gets original source code from the build system, matches components to Debian's reviews, monitors the audit process, and provides a dashboard for visualization. The goal is to implement continuous compliance as a core part of the development workflow.
Maturity Models - Open Compliance Summit 2023Shane Coughlan
The document discusses a capability maturity model (CMM) for assessing the maturity of an organization's open source software development practices. It presents a five-level maturity framework from initial to optimizing and maps out how capabilities could be assessed across four categories: people and organization, processes, information, and systems. The CMM is aligned with requirements in the OpenChain specification and ISO 5230 standard to provide a potential framework for determining an organization's open source compliance maturity.
The key strategic goals of the governing board were met over the past year. Several metrics related to standards adoption and conformant programs increased substantially, such as a 22% rise in ISO/IEC 5230 conformant programs and a 500% increase in ISO/IEC 18974 conformant programs. The partner program also expanded in various categories. Future standards developments are being discussed, including proposed updates to the existing standards and new specifications related to contributions and SBOM quality.
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27Shane Coughlan
The document discusses defining open source artificial intelligence (AI). It outlines the Open Source Initiative's (OSI) mission to educate about and advocate for open source software. The OSI is working to define open source AI to clarify expectations and match them with policy goals of transparency, trustworthiness, etc. A proposed definition grants users four freedoms: to study and inspect AI systems, use them without permission, modify them, and share modified versions. The OSI will hold an in-person meeting in early 2024 to further develop an open source AI definition.
OpenChain Webinar #56: Generative AI and Your CodeShane Coughlan
OpenChain Webinar #56: Generative AI and Your Code
Maximizing the Opportunity While Managing the Risks
This webinar had a poll about areas of interest around AI and law. Click here to access it:
https://forms.office.com/r/MaZFgHuH6v
About This Webinar
Generative AI (GAI) provides powerful opportunities for innovation and productivity across all organizational functions – from composing emails and crafting press releases to retouching and refining images and video, all this in seconds. GAI tools can even be used to write, test and improve computer code! This comes with risks that need to be managed within your organization, in order to realize the competitive advantage these GAI tools can provide.
In this webinar, Anthony Decicco and Wael Nackasha, attorneys at GTC Law Group:
- Provide an introduction to GAI and its use to generate software code, text, and images
- Explain how machines learn, including training data and the resulting models
- Cover how developers are using GAI tools (such as GitHub Copilot and ChatGPT) to write and augment source code, with a focus on:
-- A ‘demo’ of how the tools work
-- The community reactions and recent litigation
-- The benefits and risks of the tools
-- Ways to mitigate the risks
-- Best practices for policies and procedures
This document provides notices about anti-trust policies for Linux Foundation meetings. It states that meetings involve industry competitors, so activities must adhere to anti-trust laws. Examples of prohibited actions are described in the Foundation's anti-trust policy and questions can be directed to legal counsel. Previous Legal Work Group calls discussed model contract provisions for OpenChain standards adoption. The current call will involve live editing the newest draft of these model provisions.
This document introduces OpenSCA, an open source solution for managing open source risks. It discusses the need for such a solution and advantages over traditional commercial solutions. OpenSCA allows flexible and low-cost scanning of software to generate software bills of materials and identify vulnerabilities. It provides results in standard formats and intelligence to subscribers. The community has implemented OpenSCA in DevOps workflows for an internet company to integrate security and identify open source risks introduced in code. The document encourages joining the community to build solutions for more scenarios.
The OpenChain Korea Work Group Meeting #18 discussed the upcoming conversion of the OpenChain standard to an ISO standard in July. They discussed expanding conformance to the OpenChain standard in China and Europe with new announcements coming. The meeting provided updates on improved online checklists for conformance reporting and specifications beyond OpenChain. It also announced an upcoming webinar on Chinese open source security and their first major OpenChain conference in China. Contact details were provided for Shane Coughlan to discuss further.
The document summarizes discussions from a meeting about open source software (OSS) and business engagement. Two case studies were presented: 1) A company that sells OSS products and hardware components expected to run Linux. 2) Challenges of contributing to OSS communities given business priorities like warranties and updates. Participants agreed to list major issues for OSS strategy and hosting businesses and discuss solutions at the next meeting. The goal is to better connect companies' OSS activities to business benefits.
What is Augmented Reality Image Trackingpavan998932
Augmented Reality (AR) Image Tracking is a technology that enables AR applications to recognize and track images in the real world, overlaying digital content onto them. This enhances the user's interaction with their environment by providing additional information and interactive elements directly tied to physical images.
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
Most important New features of Oracle 23c for DBAs and Developers. You can get more idea from my youtube channel video from https://youtu.be/XvL5WtaC20A
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppGoogle
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-fusion-buddy-review
AI Fusion Buddy Review: Key Features
✅Create Stunning AI App Suite Fully Powered By Google's Latest AI technology, Gemini
✅Use Gemini to Build high-converting Converting Sales Video Scripts, ad copies, Trending Articles, blogs, etc.100% unique!
✅Create Ultra-HD graphics with a single keyword or phrase that commands 10x eyeballs!
✅Fully automated AI articles bulk generation!
✅Auto-post or schedule stunning AI content across all your accounts at once—WordPress, Facebook, LinkedIn, Blogger, and more.
✅With one keyword or URL, generate complete websites, landing pages, and more…
✅Automatically create & sell AI content, graphics, websites, landing pages, & all that gets you paid non-stop 24*7.
✅Pre-built High-Converting 100+ website Templates and 2000+ graphic templates logos, banners, and thumbnail images in Trending Niches.
✅Say goodbye to wasting time logging into multiple Chat GPT & AI Apps once & for all!
✅Save over $5000 per year and kick out dependency on third parties completely!
✅Brand New App: Not available anywhere else!
✅ Beginner-friendly!
✅ZERO upfront cost or any extra expenses
✅Risk-Free: 30-Day Money-Back Guarantee!
✅Commercial License included!
See My Other Reviews Article:
(1) AI Genie Review: https://sumonreview.com/ai-genie-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIFusionBuddyReview,
#AIFusionBuddyFeatures,
#AIFusionBuddyPricing,
#AIFusionBuddyProsandCons,
#AIFusionBuddyTutorial,
#AIFusionBuddyUserExperience
#AIFusionBuddyforBeginners,
#AIFusionBuddyBenefits,
#AIFusionBuddyComparison,
#AIFusionBuddyInstallation,
#AIFusionBuddyRefundPolicy,
#AIFusionBuddyDemo,
#AIFusionBuddyMaintenanceFees,
#AIFusionBuddyNewbieFriendly,
#WhatIsAIFusionBuddy?,
#HowDoesAIFusionBuddyWorks
Do you want Software for your Business? Visit Deuglo
Deuglo has top Software Developers in India. They are experts in software development and help design and create custom Software solutions.
Deuglo follows seven steps methods for delivering their services to their customers. They called it the Software development life cycle process (SDLC).
Requirement — Collecting the Requirements is the first Phase in the SSLC process.
Feasibility Study — after completing the requirement process they move to the design phase.
Design — in this phase, they start designing the software.
Coding — when designing is completed, the developers start coding for the software.
Testing — in this phase when the coding of the software is done the testing team will start testing.
Installation — after completion of testing, the application opens to the live server and launches!
Maintenance — after completing the software development, customers start using the software.
SMS API Integration in Saudi Arabia| Best SMS API ServiceYara Milbes
Discover the benefits and implementation of SMS API integration in the UAE and Middle East. This comprehensive guide covers the importance of SMS messaging APIs, the advantages of bulk SMS APIs, and real-world case studies. Learn how CEQUENS, a leader in communication solutions, can help your business enhance customer engagement and streamline operations with innovative CPaaS, reliable SMS APIs, and omnichannel solutions, including WhatsApp Business. Perfect for businesses seeking to optimize their communication strategies in the digital age.
Revolutionizing Visual Effects Mastering AI Face Swaps.pdfUndress Baby
The quest for the best AI face swap solution is marked by an amalgamation of technological prowess and artistic finesse, where cutting-edge algorithms seamlessly replace faces in images or videos with striking realism. Leveraging advanced deep learning techniques, the best AI face swap tools meticulously analyze facial features, lighting conditions, and expressions to execute flawless transformations, ensuring natural-looking results that blur the line between reality and illusion, captivating users with their ingenuity and sophistication.
Web:- https://undressbaby.com/
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
SOCRadar's Aviation Industry Q1 Incident Report is out now!
The aviation industry has always been a prime target for cybercriminals due to its critical infrastructure and high stakes. In the first quarter of 2024, the sector faced an alarming surge in cybersecurity threats, revealing its vulnerabilities and the relentless sophistication of cyber attackers.
SOCRadar’s Aviation Industry, Quarterly Incident Report, provides an in-depth analysis of these threats, detected and examined through our extensive monitoring of hacker forums, Telegram channels, and dark web platforms.
What is Master Data Management by PiLog Groupaymanquadri279
PiLog Group's Master Data Record Manager (MDRM) is a sophisticated enterprise solution designed to ensure data accuracy, consistency, and governance across various business functions. MDRM integrates advanced data management technologies to cleanse, classify, and standardize master data, thereby enhancing data quality and operational efficiency.
Zoom is a comprehensive platform designed to connect individuals and teams efficiently. With its user-friendly interface and powerful features, Zoom has become a go-to solution for virtual communication and collaboration. It offers a range of tools, including virtual meetings, team chat, VoIP phone systems, online whiteboards, and AI companions, to streamline workflows and enhance productivity.
Measures in SQL (SIGMOD 2024, Santiago, Chile)Julian Hyde
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
6. Sister Standards - Processes for Programs
ISO/IEC 5230 (License Compliance)
● Scopable program size
● Addresses inbound processes
● Addresses internal policy, training, process
● Addresses outbound processes
● Focus on process point
● Avoids prescriptive process content
ISO/IEC 18974 (Security Assurance)
● Scopable program size
● Addresses inbound processes
● Addresses internal policy, training, process
● Addresses outbound processes
● Focus on process point
● Avoids prescriptive process content
7. One utility of ISO standards is that they act as reputable shorthand in discussions, negotiations
and contracts, allowing everything from “document format” to “quality program” to be
communicated easily.
The OpenChain standards are an international baseline for quality in open source license
open source license compliance or security assurance programs.
8. A Continual Heartbeat Of Adoption
A Strong History Of Crossing Markets
● BlackRock, Circle and KakaoBank are
three examples of crossing into finance.
● A Fellow from Lockheed Martin chairs
our Specification Work Group.
● From SoC to embedded to enterprise to
automotive to aviation, OpenChain
standards are built, used and supported.
9. 31%
of large German companies already use or plan to adopt OpenChain ISO/IEC 5230
Source PwC: https://tinyurl.com/openchain-germany-31
Data Point
10. A Continual Heartbeat Of Use
Companies announcing re-certification helps to boost perception of continued
industry value.
● BlackBerry - public announcement in April
● SocioNext - public announcement in May (today)
● Nanjing Fujitsu Nanda Software Technology Co., Ltd informed us of their re-certification in
February.
● Reminder: ISO standards can be adopted and used by any party, so we only get informed and
do PR on a discretionary basis.
12. Procurement Negotiations
ISO/IEC 5230 and ISO/IEC 18974 provide a simple “ask” in procurement
negotiations across all industry verticals.
In the 2024/2025 period we expect:
● Increased use of industry standards instead of bespoke approaches for open
source procurement
● More extensive use of OpenChain standards in procurement
13. Mergers and Acquisitions
ISO/IEC 5230 and ISO/IEC 18974 provide a “floor” for understanding the
governance approach of an M&A target with regards to open source.
In the 2024/2025 period we expect:
● More legal professionals using OpenChain standards for M&A
● More documentation or case studies around the use of OpenChain standards in
this area
14. Supply Chain Management
ISO/IEC 5230 and ISO/IEC 18974 make it easy for customer companies to
describe open source license compliance and security assurance.
In the 2024/2025 period we expect:
● Increased supply chain requests for OpenChain conformant programs
● Emergance of open source maturity models favoring OpenChain standards
● More government policies referencing OpenChain standards
16. Addressing NIST / CISA / Executive Order
● OpenChain has always been prepared for the use of SBOMs as a market
requirement.
● OpenChain ISO/IEC 5230 and ISO/IEC 18974 ask companies to have SBOMs
related to open source license compliance and security assurance.
17. Addressing the CRA
● OpenChain has always been prepared for the type of record-keeping that
Cyber Resiliency Act (CRA) raises as a market requirement.
● OpenChain ISO/IEC 5230 and ISO/IEC 18974 ask companies to create and
archive verification materials related to open source license compliance and
security assurance.
19. Working With SPDX ISO/IEC 5962 + Future SPDX
ISO/IEC 5230 and ISO/IEC 18974 have always required that organizations have a
bill of materials for open source software passing through conformant programs.
They inherently align with SPDX ISO/IEC 5962.
In the 2024/2025 period we expect:
● The release of SPDX 3.0 to provide the foundation for an updated version of
SPDX ISO/IEC 5962:2021.
● The SPDX 3.0 profile approach to enhance integration with ISO/IEC 5230 and
ISO/IEC 18974 for interested parties.
20. SPDX ISO/IEC 5962:2021
● Able to represent SBOMs from binary images
and track back to the source files and
snippets.
● Specification is freely available from ISO site.
● Future updates live tracked at:
https://spdx.github.io/spdx-spec More
information at https://spdx.dev
21. SPDX 3.0 Introduces Profiles – Launched April 2024
Security information - vulnerability details related to software
Build related information - provenance and reproducible builds
Information about AI models - ethical, security, and model data
Information about datasets - AI and other data use cases
Minimal subset to support industry supply chain workflows
Information about copyrights and licenses - supports compliance
Information specific to software
Information used across all profiles
22. In the Automotive Industry, License Compliance verification can accomplished using SPDX Lite in
spreadsheets. This can help support:
● Small software developers
● Legal teams
● Editors of manuals
SPDX Lite helps to exchange SBOMs between
full SBOM formats and the spreadsheet-centric
License management world.
SPDX Lite Created By OpenChain Japan Work Group
23. Broad Compatibility
● OpenChain standards are compatible with all other SBOM formats
● In general, OpenChain standards are designed to work with all other
standards related to open source process management or solution
implementation
● The goal is to be practical and useful for companies of all sizes and in all
markets
25. Existing Reference Material
The OpenChain Project has extensive reference material on GitHub:
● Reference open source training slides
● Policy template material
● Supplier education material
● Self-certification checklists and questionnaires
● + many, many more documents
28. 80+
Webinars covering all aspects of open source management and governance
https://openchainproject.org/webinars
Data Point
29. Forthcoming Reference Material
The OpenChain Project is developing new reference material for 2024:
● Updated training slides
● Updated supplier education materials
● SBOM quality guide
● “Explainers” for different business roles
● Maturity models
31. Community Support
Industry-Specific Work Groups
● Automotive (Summer
● Telecom (Spring 2021~)
Regional User Groups
● Japan (Dec 2017~)
● Korea (Jan 2019~)
● India (Sept 2019~)
● China (Sept 2019~)
● Taiwan (Sept 2019~)
● Germany (Jan 2020~)
● UK (June 2020~)
Main Work Groups
● Specification (Spring 2016~)
● Education (Autumn 2020~)
Community Work Groups
● Tooling (Summer 2019~)
● Export Control (Winter 2022~)
● Public Policy (Winter 2022~)
Community Study Groups
● AI (January 2024~)
35. Track This: Our Monthly Calls
Our current Specification Work Group Chair is Chris Wood, Fellow at Lockheed
Martin.
The Specification Work Group has:
● One call for North America / Europe per month
● One call for North America / Asia per month
Everyone is welcome to join, learn and contribute
36. OpenChain will also support
conversations around new areas of
open collaboration and governance
37. Introducing Our AI Compliance Study Group
Since January 2024 the OpenChain Project has facilitated an AI Compliance
Study Group.
They are focused on:
● Determining commonalities in AI Compliance in
the Supply Chain
● Assessing whether these commonalities are suitable
for development into reference material
● And ensuring all voices are heard
39. What Is Coming Next For The Market?
There has been a steady, inevitable trend for open source in the business domain:
● Open source is becoming more professional
● Open source is becoming more accountable
● Open source is becoming more sustainable
In 2024/2025 the OpenChain Project expects this trend to bring open source
closer to traditional Software Asset Management (SAM).
40. In the 2024/2025 Period
1. ISO/IEC 5230 and ISO/IEC 18974 will continue to assist in the
professionalization of the supply chain, with specific impact in procurement,
M&A and supply chain management
2. We will continue to grow our reference library of material to assist companies
adopting and using our standards.
3. We will also support process management discussions in new domains like AI
Compliance