OpenChain @ OSPOlogy.live Sweden 2022

1. OpenChain
Building Practical Trust in the Supply Chain

2. We set the tone for how the supply chain works

3. Standards and Supporting Material
Standards set the shared market approach
(OpenChain is here)
Strategy sets the organization’s approach
(we provide reference material and community)
Process, Method Tools set the organization's tactical choices
(we provide reference material and community)
Implementation sets the reality of deployment
(we provide reference material and community)

5. $5.5+ Trillion
Market value of OpenChain Platinum Members

6. This is the small part

8. 1,000+
Companies in the active OpenChain Community

10. https://www.openchainproject.org/interviews

11. https://www.openchainproject.org/get-started/participate

12. Commercial Support?
Yes, of course

17. License Compliance Specification

18. License Compliance Specification
● OpenChain ISO/IEC 5230:2020 is the International Standard for open
source license compliance
● It provides a process framework to establish and run a quality open
source license compliance program
● It has been adopted across virtually every market sector

19. Simple, Seven Pages Of Process Inflection Points

20. Self-Certification Freely Available

21. 20%
Adoption as per PwC / Bitkom survey 2021 in
German companies with 2,000 or more employees

22. https://www.openchainproject.org/

23. Security Assurance Specification

24. Security Assurance Specification
● OpenChain Security Assurance Specification 1.1 available today as a de
facto industry standard
● Submission to ISO/IEC in October 2022 via JTC-1 Publicly Available
Specification (PAS) Transposition Process
● Translation: ISO/IEC Standard for open source security circa mid-2023
● Adoption already support via self-certification

25. Simple, Seven Pages Of Process Inflection Points

26. Self-Certification Freely Available

27. 自助认证，等同效力，毋需费用

28. https://www.openchainproject.org/

29. OpenChain Telecommunications
Group SBOM Specification
[Draft v 1.0]

30. Our Telco Work Group Is Drafting Stuff
● Jimmy wrote a sentence that manages to say “SBOM” three times:
○ This document aims to outline certain requirements related to how an entity creates,
delivers, and consumes Software Bill of Materials (SBOM), so that entities that produces
and/or consumes SBOMs that conform to this specification can ensure repeatability and
streamlining of tools and processes for generating and consuming SBOMs.
tl;dr:
The Telco people are creating a specification for how
Telco companies can adopt Software Bill of Materials
This is useful for guiding people to specific choices

31. https://bit.ly/3s91WtI

32. Why Should You Care?
● Industry-specific discussions tease out details
● These details tend to cross industries or inspire other discussions
● And everyone is welcome to observe or participate

33. Dear God… This Sounds Abstract

37. https://github.com/OpenChain-Project/Reference-Material

38. https://www.openchainproject.org/webinars

39. https://www.openchainproject.org/automation-webinars

40. In Other Words…

41. Today The OpenChain Project Provides…
● Open Source License Compliance Standard (ISO/IEC 5230)
● Open Source Security Assurance Standard (ISO/IEC mid-2023)
● Industry coverage for policy, export control, SBOM + more
● Training, education, case studies
● Place to meet your peers

42. The Fundamental Building Blocks For Strategy

43. www.openchainproject.org

44. Contact Me
scoughlan@linuxfoundation.org