SlideShare a Scribd company logo

The State of Open Source in 2023

Shane Coughlan
Shane Coughlan

This document discusses the increasing complexity of open source software use in corporate environments due to new rules and guidelines around software bills of materials and supply chain security. It notes that while open source is important for businesses, many companies have limited visibility into their software supply chains due to relying on spreadsheets rather than proper processes. Standards like OpenChain and upcoming ISO standards aim to provide best practices for open source license compliance and security assurance. Widespread adoption of these standards could help create a more predictable and secure software supply chain. The document outlines support and resources for organizations looking to implement these standards.

Software
1 of 26
Download to read offline
The State of Open Source Our Field in 2023
This talk focuses on practical corporate use of open source WARNING
Things Are Getting Complex
There Are More Rules And Guidelines ● NTIA Minimum Requirements of Software Bill of Materials (SBOM) ● White House Executive Order – SBOM again ● Cyber Resiliency Act (CRA) in the European Union – Reporting and Compliance Requirements
5.5tn Global Cost of Cyber Crime Source – CRA Explanatory Materials
Open Source Reality – We Need To Do Better ● The inclusion of far more support for SBOMs is inevitable ● This implies better tooling and record keeping in companies and projects ● It also implies more coordination around standards ● Enhanced reporting and other compliance requirements are still TBD
Why
Our Mental Model Of The Supply Chain
The Actual Supply Chain
67.4% of managers monitor their supply chain with Excel spreadsheets https://www.zippia.com/advice/supply-chain-statistics/
94% of companies do not have full visibility of their supply chain https://www.zippia.com/advice/supply-chain-statistics/
https://www.zippia.com/advice/supply-chain-statistics/
Context: This Is Important To Business 13 Open Source License Compliance and Security Assurance is a key part of supply chain management.
https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/
Open Source Reality – We Are Doing Better ● The open source supply chain is still facing many challenges ● The key thing missing for many companies are the appropriate processes to allow implementation of better, more efficient practices ● For example, before you can have an SBOM, you need a policy and you need processes to support implementation Policy, Processes and Training are key
Open Source Process Management ● In Market Q4 2016~ (de facto) Q4 2020 (ISO/IEC) OpenChain ISO/IEC 5230:2020 The International Standard for open source license compliance. ● In Market Q4 2022~ (de facto) Q3 2023 projected (ISO/IEC) ISO/IEC DIS 18974, OpenChain Security Assurance Specification The de facto standard for open source security assurance compliance. 1. High level process standards; 2. Simple, effective and suitable for companies of all sizes in all markets; 3. Openly developed by a vibrant user community and freely available to all. 16
The Standards Work Company By Company Result = A More Predictable Supply Chain
Example Adoption Of OpenChain ISO/IEC 5230:2020 18
20% of German companies with over 2,000 employees already use OpenChain ISO/IEC 5230 https://www.pwc.de/en/digitale-transformation/pwc-bitkom-study-open-source-monitor-2021.pdf
Key Companies Supporting These Standards 20
Broader Community Main Work Groups: ● Specification (Spring 2016~) ● Education (Autumn 2020~) Community Work Groups: ● Tooling (Summer 2019~) ● Export Control (Winter 2022~) ● Public Policy (Winter 2022~) Special Interest Groups: ● Automotive (Summer 2019~) ● Telecom (Spring 2021~) Regional User Groups ● Japan (Dec 2017~) ● Korea (Jan 2019~) ● India (Sept 2019~) ● China (Sept 2019~) ● Taiwan (Sept 2019~) ● Germany (Jan 2020~) ● UK (June 2020~) ● USA (Dec 2020~)
1. Self-Certification 2. Independent Assessment 3. Third-Party Certification Freedom Of Choice In Adoption
Free Self-Certification Material 23
11 Third-Party Certifiers Providing Global Coverage
Free Online Training Courses 25 1. LFC193 - 1209 total enrollments (398 digital badges issued) 4.65 out of 5 rating by users 2. LFC194 - 579 total enrollments (138 digital badges issued) 4.55 out of 5 rating by users
Be Part Of This https://www.openchainproject.org/participate

Recommended

2023-06-classic
2023-06-classic2023-06-classic
2023-06-classicShane Coughlan
 
2023-06-cute
2023-06-cute2023-06-cute
2023-06-cuteShane Coughlan
 
2023-06-corporate
2023-06-corporate2023-06-corporate
2023-06-corporateShane Coughlan
 
OpenChain @ Bitkom Forum Open Source 2022
OpenChain @ Bitkom Forum Open Source 2022OpenChain @ Bitkom Forum Open Source 2022
OpenChain @ Bitkom Forum Open Source 2022Shane Coughlan
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30Shane Coughlan
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11Shane Coughlan
 
OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27Shane Coughlan
 
Standardizing Open Source Risk - LLW - 2023-04
Standardizing Open Source Risk - LLW - 2023-04Standardizing Open Source Risk - LLW - 2023-04
Standardizing Open Source Risk - LLW - 2023-04Shane Coughlan
 

Recommended

2023-06-classic
2023-06-classic2023-06-classic
2023-06-classicShane Coughlan
 
2023-06-cute
2023-06-cute2023-06-cute
2023-06-cuteShane Coughlan
 
2023-06-corporate
2023-06-corporate2023-06-corporate
2023-06-corporateShane Coughlan
 
OpenChain @ Bitkom Forum Open Source 2022
OpenChain @ Bitkom Forum Open Source 2022OpenChain @ Bitkom Forum Open Source 2022
OpenChain @ Bitkom Forum Open Source 2022Shane Coughlan
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30Shane Coughlan
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11Shane Coughlan
 
OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27Shane Coughlan
 
Standardizing Open Source Risk - LLW - 2023-04
Standardizing Open Source Risk - LLW - 2023-04Standardizing Open Source Risk - LLW - 2023-04
Standardizing Open Source Risk - LLW - 2023-04Shane Coughlan
 
OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023Shane Coughlan
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxShane Coughlan
 
Assocham global conference audit data standards - 28.10.2020
Assocham global conference audit data standards - 28.10.2020Assocham global conference audit data standards - 28.10.2020
Assocham global conference audit data standards - 28.10.2020Vinod Kashyap
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainShane Coughlan
 
SAP Leonardo Blockchain Services and Use-Cases
SAP Leonardo Blockchain Services and Use-CasesSAP Leonardo Blockchain Services and Use-Cases
SAP Leonardo Blockchain Services and Use-CasesNagesh Caparthy
 
Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Shane Coughlan
 
OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15Shane Coughlan
 
Cloud webinar final
Cloud webinar finalCloud webinar final
Cloud webinar finalNess Technologies
 
OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023Shane Coughlan
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...Paris Open Source Summit
 
The Modern Supply Chain: Global Challenges and Best Practices
The Modern Supply Chain: Global Challenges and Best PracticesThe Modern Supply Chain: Global Challenges and Best Practices
The Modern Supply Chain: Global Challenges and Best PracticesAggregage
 
OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01Shane Coughlan
 
Box investor presentation
Box investor presentationBox investor presentation
Box investor presentationbox2016ir
 
Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402
Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402
Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402vrij
 
OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16Shane Coughlan
 
Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Rafael Maranon
 
Rcose challenges and benefits from using software analytics in softeam
Rcose challenges and benefits from using software analytics in softeamRcose challenges and benefits from using software analytics in softeam
Rcose challenges and benefits from using software analytics in softeamAlessandra Bagnato
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyControlCase
 
How to Keep SAP Projects on Schedule with B2B Managed Services
How to Keep SAP Projects on Schedule with B2B Managed Services How to Keep SAP Projects on Schedule with B2B Managed Services
How to Keep SAP Projects on Schedule with B2B Managed Services Mark Morley, MBA
 
Startup InsurTech Award - Procede
Startup InsurTech Award - ProcedeStartup InsurTech Award - Procede
Startup InsurTech Award - ProcedeThe Digital Insurer
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingShane Coughlan
 

More Related Content

Similar to The State of Open Source in 2023

OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023Shane Coughlan
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxShane Coughlan
 
Assocham global conference audit data standards - 28.10.2020
Assocham global conference audit data standards - 28.10.2020Assocham global conference audit data standards - 28.10.2020
Assocham global conference audit data standards - 28.10.2020Vinod Kashyap
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainShane Coughlan
 
SAP Leonardo Blockchain Services and Use-Cases
SAP Leonardo Blockchain Services and Use-CasesSAP Leonardo Blockchain Services and Use-Cases
SAP Leonardo Blockchain Services and Use-CasesNagesh Caparthy
 
Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Shane Coughlan
 
OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15Shane Coughlan
 
OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023Shane Coughlan
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...Paris Open Source Summit
 
The Modern Supply Chain: Global Challenges and Best Practices
The Modern Supply Chain: Global Challenges and Best PracticesThe Modern Supply Chain: Global Challenges and Best Practices
The Modern Supply Chain: Global Challenges and Best PracticesAggregage
 
OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01Shane Coughlan
 
Box investor presentation
Box investor presentationBox investor presentation
Box investor presentationbox2016ir
 
Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402
Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402
Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402vrij
 
OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16Shane Coughlan
 
Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Rafael Maranon
 
Rcose challenges and benefits from using software analytics in softeam
Rcose challenges and benefits from using software analytics in softeamRcose challenges and benefits from using software analytics in softeam
Rcose challenges and benefits from using software analytics in softeamAlessandra Bagnato
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyControlCase
 
How to Keep SAP Projects on Schedule with B2B Managed Services
How to Keep SAP Projects on Schedule with B2B Managed Services How to Keep SAP Projects on Schedule with B2B Managed Services
How to Keep SAP Projects on Schedule with B2B Managed Services Mark Morley, MBA
 
Startup InsurTech Award - Procede
Startup InsurTech Award - ProcedeStartup InsurTech Award - Procede
Startup InsurTech Award - ProcedeThe Digital Insurer
 

Similar to The State of Open Source in 2023 (20)

OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
 
Assocham global conference audit data standards - 28.10.2020
Assocham global conference audit data standards - 28.10.2020Assocham global conference audit data standards - 28.10.2020
Assocham global conference audit data standards - 28.10.2020
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply Chain
 
SAP Leonardo Blockchain Services and Use-Cases
SAP Leonardo Blockchain Services and Use-CasesSAP Leonardo Blockchain Services and Use-Cases
SAP Leonardo Blockchain Services and Use-Cases
 
Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11
 
OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15
 
Cloud webinar final
Cloud webinar finalCloud webinar final
Cloud webinar final
 
OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
 
The Modern Supply Chain: Global Challenges and Best Practices
The Modern Supply Chain: Global Challenges and Best PracticesThe Modern Supply Chain: Global Challenges and Best Practices
The Modern Supply Chain: Global Challenges and Best Practices
 
OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01
 
Box investor presentation
Box investor presentationBox investor presentation
Box investor presentation
 
Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402
Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402
Gridforum Pierre Guisset Damien Hubaux B Ein Grid 20080402
 
OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16
 
Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)
 
Rcose challenges and benefits from using software analytics in softeam
Rcose challenges and benefits from using software analytics in softeamRcose challenges and benefits from using software analytics in softeam
Rcose challenges and benefits from using software analytics in softeam
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
 
How to Keep SAP Projects on Schedule with B2B Managed Services
How to Keep SAP Projects on Schedule with B2B Managed Services How to Keep SAP Projects on Schedule with B2B Managed Services
How to Keep SAP Projects on Schedule with B2B Managed Services
 
Startup InsurTech Award - Procede
Startup InsurTech Award - ProcedeStartup InsurTech Award - Procede
Startup InsurTech Award - Procede
 

More from Shane Coughlan

OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingShane Coughlan
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19Shane Coughlan
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorShane Coughlan
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleShane Coughlan
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20Shane Coughlan
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06Shane Coughlan
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06Shane Coughlan
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09Shane Coughlan
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17Shane Coughlan
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxShane Coughlan
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...Shane Coughlan
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Shane Coughlan
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesShane Coughlan
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27Shane Coughlan
 
OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeShane Coughlan
 
OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29Shane Coughlan
 
OpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCAOpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCAShane Coughlan
 
OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18Shane Coughlan
 
TODO_Japan_Meetup_#7_en
TODO_Japan_Meetup_#7_enTODO_Japan_Meetup_#7_en
TODO_Japan_Meetup_#7_enShane Coughlan
 

More from Shane Coughlan (20)

OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptx
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics Slides
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
 
OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your Code
 
OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29
 
OpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCAOpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCA
 
OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18
 
TODO_Japan_Meetup_#7_en
TODO_Japan_Meetup_#7_enTODO_Japan_Meetup_#7_en
TODO_Japan_Meetup_#7_en
 

Recently uploaded

Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Intelisync
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 

Recently uploaded (20)

Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 

The State of Open Source in 2023

  • 1. The State of Open Source Our Field in 2023
  • 2. This talk focuses on practical corporate use of open source WARNING
  • 4. There Are More Rules And Guidelines ● NTIA Minimum Requirements of Software Bill of Materials (SBOM) ● White House Executive Order – SBOM again ● Cyber Resiliency Act (CRA) in the European Union – Reporting and Compliance Requirements
  • 5. 5.5tn Global Cost of Cyber Crime Source – CRA Explanatory Materials
  • 6. Open Source Reality – We Need To Do Better ● The inclusion of far more support for SBOMs is inevitable ● This implies better tooling and record keeping in companies and projects ● It also implies more coordination around standards ● Enhanced reporting and other compliance requirements are still TBD
  • 7. Why
  • 8. Our Mental Model Of The Supply Chain
  • 10. 67.4% of managers monitor their supply chain with Excel spreadsheets https://www.zippia.com/advice/supply-chain-statistics/
  • 11. 94% of companies do not have full visibility of their supply chain https://www.zippia.com/advice/supply-chain-statistics/
  • 13. Context: This Is Important To Business 13 Open Source License Compliance and Security Assurance is a key part of supply chain management.
  • 15. Open Source Reality – We Are Doing Better ● The open source supply chain is still facing many challenges ● The key thing missing for many companies are the appropriate processes to allow implementation of better, more efficient practices ● For example, before you can have an SBOM, you need a policy and you need processes to support implementation Policy, Processes and Training are key
  • 16. Open Source Process Management ● In Market Q4 2016~ (de facto) Q4 2020 (ISO/IEC) OpenChain ISO/IEC 5230:2020 The International Standard for open source license compliance. ● In Market Q4 2022~ (de facto) Q3 2023 projected (ISO/IEC) ISO/IEC DIS 18974, OpenChain Security Assurance Specification The de facto standard for open source security assurance compliance. 1. High level process standards; 2. Simple, effective and suitable for companies of all sizes in all markets; 3. Openly developed by a vibrant user community and freely available to all. 16
  • 17. The Standards Work Company By Company Result = A More Predictable Supply Chain
  • 18. Example Adoption Of OpenChain ISO/IEC 5230:2020 18
  • 19. 20% of German companies with over 2,000 employees already use OpenChain ISO/IEC 5230 https://www.pwc.de/en/digitale-transformation/pwc-bitkom-study-open-source-monitor-2021.pdf
  • 20. Key Companies Supporting These Standards 20
  • 21. Broader Community Main Work Groups: ● Specification (Spring 2016~) ● Education (Autumn 2020~) Community Work Groups: ● Tooling (Summer 2019~) ● Export Control (Winter 2022~) ● Public Policy (Winter 2022~) Special Interest Groups: ● Automotive (Summer 2019~) ● Telecom (Spring 2021~) Regional User Groups ● Japan (Dec 2017~) ● Korea (Jan 2019~) ● India (Sept 2019~) ● China (Sept 2019~) ● Taiwan (Sept 2019~) ● Germany (Jan 2020~) ● UK (June 2020~) ● USA (Dec 2020~)
  • 22. 1. Self-Certification 2. Independent Assessment 3. Third-Party Certification Freedom Of Choice In Adoption
  • 24. 11 Third-Party Certifiers Providing Global Coverage
  • 25. Free Online Training Courses 25 1. LFC193 - 1209 total enrollments (398 digital badges issued) 4.65 out of 5 rating by users 2. LFC194 - 579 total enrollments (138 digital badges issued) 4.55 out of 5 rating by users
  • 26. Be Part Of This https://www.openchainproject.org/participate