3. Standards and Supporting Material
Standards set the shared market approach
(OpenChain is here)
Strategy sets the organization’s approach
(we provide reference material and community)
Process, Method Tools set the organization's tactical choices
(we provide reference material and community)
Implementation sets the reality of deployment
(we provide reference material and community)
18. License Compliance Specification
● OpenChain ISO/IEC 5230:2020 is the International Standard for open
source license compliance
● It provides a process framework to establish and run a quality open
source license compliance program
● It has been adopted across virtually every market sector
24. Security Assurance Specification
● OpenChain Security Assurance Specification 1.1 available today as a de
facto industry standard
● Submission to ISO/IEC in October 2022 via JTC-1 Publicly Available
Specification (PAS) Transposition Process
● Translation: ISO/IEC Standard for open source security circa mid-2023
● Adoption already support via self-certification
30. Our Telco Work Group Is Drafting Stuff
● Jimmy wrote a sentence that manages to say “SBOM” three times:
○ This document aims to outline certain requirements related to how an entity creates,
delivers, and consumes Software Bill of Materials (SBOM), so that entities that produces
and/or consumes SBOMs that conform to this specification can ensure repeatability and
streamlining of tools and processes for generating and consuming SBOMs.
tl;dr:
The Telco people are creating a specification for how
Telco companies can adopt Software Bill of Materials
This is useful for guiding people to specific choices
32. Why Should You Care?
● Industry-specific discussions tease out details
● These details tend to cross industries or inspire other discussions
● And everyone is welcome to observe or participate
41. Today The OpenChain Project Provides…
● Open Source License Compliance Standard (ISO/IEC 5230)
● Open Source Security Assurance Standard (ISO/IEC mid-2023)
● Industry coverage for policy, export control, SBOM + more
● Training, education, case studies
● Place to meet your peers