O slideshow foi denunciado.
Seu SlideShare está sendo baixado. ×

OpenChain @ OSPOlogy.live Sweden 2022


Confira estes a seguir

1 de 44 Anúncio

Mais Conteúdo rRelacionado

Semelhante a OpenChain @ OSPOlogy.live Sweden 2022 (20)

Mais de Shane Coughlan (20)


Mais recentes (20)

OpenChain @ OSPOlogy.live Sweden 2022

  1. 1. OpenChain Building Practical Trust in the Supply Chain
  2. 2. We set the tone for how the supply chain works
  3. 3. Standards and Supporting Material Standards set the shared market approach (OpenChain is here) Strategy sets the organization’s approach (we provide reference material and community) Process, Method Tools set the organization's tactical choices (we provide reference material and community) Implementation sets the reality of deployment (we provide reference material and community)
  4. 4. $5.5+ Trillion Market value of OpenChain Platinum Members
  5. 5. This is the small part
  6. 6. 1,000+ Companies in the active OpenChain Community
  7. 7. https://www.openchainproject.org/interviews
  8. 8. https://www.openchainproject.org/get-started/participate
  9. 9. Commercial Support? Yes, of course
  10. 10. License Compliance Specification
  11. 11. License Compliance Specification ● OpenChain ISO/IEC 5230:2020 is the International Standard for open source license compliance ● It provides a process framework to establish and run a quality open source license compliance program ● It has been adopted across virtually every market sector
  12. 12. Simple, Seven Pages Of Process Inflection Points
  13. 13. Self-Certification Freely Available
  14. 14. 20% Adoption as per PwC / Bitkom survey 2021 in German companies with 2,000 or more employees
  15. 15. https://www.openchainproject.org/
  16. 16. Security Assurance Specification
  17. 17. Security Assurance Specification ● OpenChain Security Assurance Specification 1.1 available today as a de facto industry standard ● Submission to ISO/IEC in October 2022 via JTC-1 Publicly Available Specification (PAS) Transposition Process ● Translation: ISO/IEC Standard for open source security circa mid-2023 ● Adoption already support via self-certification
  18. 18. Simple, Seven Pages Of Process Inflection Points
  19. 19. Self-Certification Freely Available
  20. 20. 自助认证,等同效力,毋需费用
  21. 21. https://www.openchainproject.org/
  22. 22. OpenChain Telecommunications Group SBOM Specification [Draft v 1.0]
  23. 23. Our Telco Work Group Is Drafting Stuff ● Jimmy wrote a sentence that manages to say “SBOM” three times: ○ This document aims to outline certain requirements related to how an entity creates, delivers, and consumes Software Bill of Materials (SBOM), so that entities that produces and/or consumes SBOMs that conform to this specification can ensure repeatability and streamlining of tools and processes for generating and consuming SBOMs. tl;dr: The Telco people are creating a specification for how Telco companies can adopt Software Bill of Materials This is useful for guiding people to specific choices
  24. 24. https://bit.ly/3s91WtI
  25. 25. Why Should You Care? ● Industry-specific discussions tease out details ● These details tend to cross industries or inspire other discussions ● And everyone is welcome to observe or participate
  26. 26. Dear God… This Sounds Abstract
  27. 27. https://github.com/OpenChain-Project/Reference-Material
  28. 28. https://www.openchainproject.org/webinars
  29. 29. https://www.openchainproject.org/automation-webinars
  30. 30. In Other Words…
  31. 31. Today The OpenChain Project Provides… ● Open Source License Compliance Standard (ISO/IEC 5230) ● Open Source Security Assurance Standard (ISO/IEC mid-2023) ● Industry coverage for policy, export control, SBOM + more ● Training, education, case studies ● Place to meet your peers
  32. 32. The Fundamental Building Blocks For Strategy
  33. 33. www.openchainproject.org
  34. 34. Contact Me scoughlan@linuxfoundation.org