A Brief Introduction to OpenChain - February 2020
Download as PPTX, PDF0 likes117 views
The document discusses how the OpenChain Project defines the key requirements for a quality open source compliance program. It establishes standards and processes around bill of materials, tooling, training, policy, and processes. The OpenChain Project works with various organizations and regions to promote adoption and provides resources like self-certification questionnaires, reference materials, and workshops to help companies implement open source compliance programs.
A Brief Introduction to OpenChain - February 2020
- 1. How do I trust my open source supply chain?
- 2. Context 2 1400+ Members From 41 Countries 80% of Fortune 100 Tech & Telecom 35,000+ Developers Contributing Code 170+ Open Source Projects $16B Shared Value This is the Linux Foundation
- 3. Open Compliance Program Solutions Processes Bill of Materials Tooling https://compliance.linuxfoundation.org/
- 4. 4
- 5. The OpenChain Project defines the key requirements of a quality open source compliance program.
- 6. outbound upstream downstream inbound Training Policy Process OpenChain Defines Inflection Points
- 7. Result: Predictable B2B Compliance Activity
- 8. Our Online Self-Certification Questionnaire
- 10. 10
- 11. Big cheer for Inno3 in France! Latest Conformant Organization
- 13. 13
- 14. 14
- 15. • This work group has membership from most major automotive companies, Tier 1 suppliers, and a substantial number of Tier 2 and 3 companies. • It held a face-to-face meeting beside CES in Las Vegas during January. This meeting naturally included an excellent opportunity to build out increased mindshare with US automotive companies. Automotive Work Group (7月2019~) https://groups.io/g/openchain-automotive-work-group/topics
- 16. • This work group has membership from many large companies that use open source tooling for open source complaince in production, such as Siemens, Bosch, Toshiba, Hitachi and Fujitsu. • It held a face-to-face meeting beside FOSDEM in Brussels during January. Oliver Fendt from Siemens has the details. Reference Tooling Work Group (7月2019~) https://groups.io/g/openchain-automotive-work-group/topics
- 17. OpenChain China – Quarterly Meetings
- 18. OpenChain Japan – Bi-Monthly Meetings
- 19. OpenChain in Korea – Quarterly Meetings
- 20. OpenChain in India – Quarterly Meetings
- 21. OpenChain Taiwan – Quarterly Meetings
- 22. OpenChain Germany – First Meeting 2月6 Siemens Nuremburg 38 People 29 Companies
- 23. Michael from Facebook has kindly offered us space at their offices in Palo Alto for the first USA Work Group meeting. We will be promoting the meeting this week and expect a kick-off session with 10~20 people from various Silicon Valley companies. OpenChain USA – First Meeting 3月13
- 24. Andrew from Moorcrofts is going to be the primary host of the first OpenChain UK Work Group meeting. More details as the date and venue is locked down. OpenChain UK – First Meeting 4~5月
- 25. • Global Education Work Group A work group focused on ensuring the OpenChain education material is up-to-date and available across multiple languages. This is a similar role to our original curriculum work team but more focused on a specific work outcome. • Global Telecommunications Work Group A work group focused on how telecommmunication companies can build on their leadership position to ensure smooth industry adoption in a manner similar to the automotive work group. New Work Groups (2月2020~)
- 26. OpenChain had its “general consumer” debut at CES via collaboration with the AGL Project. This saw OpenChain volunteers manning a booth for three days and sharing information with 100s of people. Shane Coughlan, OpenChain General Advisor, has been named as an advisory to the open source activities of the United Nations Technology Innovation Labs. Some Cool Stuff: CES + United Nations
- 27. OpenChain in ISO (6月2019~) The OpenChain Project is submitting our specification to ISO via Publicly Available Specification (PAS) in Joint Technical Committee 1 (JTC-1). Working in partnership with in partnership with Joint Development Foundation we expect to become a formal standard in the 1st half of 2020. We are referring to the ISO formatted version as OpenChain 2.1. However, it is functionally identical to OpenChain 2.0 and all OpenChain 2.0 companies will also be ISO conformant.
- 28. OpenChain in ISO (6月2019~) The ISO submission version is available at: https://wiki.linuxfoundation.org/_media/openchain/openchainspec- 2.1.draft.pdf Past readers of the spec might find the marked up version useful: https://wiki.linuxfoundation.org/_media/openchain/OpenChainSpec- 2.1.draft.MarkUp.pdf We are not seeking edits but we do advise everyone to review.
- 29. Partner Program (2x in 2019) 29
- 30. 30 Partner Program – Newest Participant
- 31. Third Party Certification in Japan (Nov 2018~)
- 32. Global Third-Party Certification (Mar 2019~)
- 33. OpenChain Case Studies – One Example
- 34. OpenChain Services – One Example
- 35. The OpenChain standard can be met by: Self-Certification Independent Compliance Assessment Third Party Certification Freedom of Choice for Customers and Suppliers
- 36. Self-Certification is at the heart of the OpenChain industry standard. Companies can access a series of yes/no questions to determine if they have implemented the key requirements of a quality open source compliance program. These questions can be found here: https://certification.openchainproject.org Self-Certification
- 37. Independent Compliance Assessment works in the same was as the Independent Security Assessment in ISO26262. An independent party such as a law firm, consultancy or accounting firm reviews the product of an OpenChain Self-Assessment and offers guidance on whether they perceive it as complete. Independent Compliance Assessment
- 38. Third-Party Certification is a process whereby a certification authority guides a company through an OpenChain Conformance Process. The certification authority then issues a formal certification document. This activity maps precisely to the forms of third-party certification observed around automotive, infrastructure and similar fields. Third-Party Certification
- 39. The OpenChain industry standard has been carefully designed by user companies to identify the inflection points where a process, policy or training should be implemented in an open source compliance program. Our experience shows that self-certification is an effective method of reducing risk and increasing efficiency. That said, the choice of self-certification, independent compliance assessment or third-party certification depends on each business sector and customer base. We seek to provide freedom of choice.
- 40. OpenChain is run by user companies for user companies.
- 41. Be Part of This Join the community: https://www.openchainproject.org/community Self-Certify or Health Check an organization: https://certification.openchainproject.org