Skip to main content
All Posts By


OpenChain Advent Calendar Day #7 – Commentary of spec v2.1 vol.1, §3.1.1-3.1.3

By News

This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.

In this Advent Calender, we will use 7 of 25 articles to introduce the OpenChain Spec v2.1 draft rc3, which is equivalent to ISO/IEC PRF 5280, an international standard being developed. This is just an introduction to give you an idea of what OpenChain is all about, so if you want to know more about it, please read the actual standard. If you want to know more about it, please read the actual standard.

1.1 Policy

Chapter 1.1 is about OSS policies. It does not specify what should be included in the OSS policy, which will be covered in the next chapter.

1.2 Competence

Chapter 1.2 is a section on defining roles within the organization. The organization needs to define the roles and responsibilities and suitability of the personnel who will deliver OSS compliance and keep the results of their suitability assessment.

1.3 Awareness.

Chapter 1.3 is the chapter on education. Organizations need to educate staff involved in OSS compliance operations about OSS policies, the purpose and contribution of OSS utilization, and the consequences of non-compliance, and keep evidence of the education results.

Tomorrow, as a topic related to chapter 1.3, Mr. Iwata from Education SG will introduce the activity to share the materials which can be used for internal training among companies.

OpenChain Japan Advent Calendar 2020、本日の記事執筆を担当する山田です。IPTech特許業務法人というIT領域に特化した特許事務所で勤務しています。あと、副業として、テック系のライターもしています


IT領域で仕事をする上でOSSの知識が不可欠だなと思うようになり、2019年夏ころからOpenChainの活動に参加し始めました。現在は、主にPromotion SWG(Sub Working Group)で活動しており、OpenChainやOSSコンプライアンスに関する情報発信や昨日遠藤さんから紹介があったOSSコンプライアンスについての研究活動等の取り組みをしています。

今回のAdvent Calenderでは、全25記事のうち7回を使って、国際標準化が進められている ISO/IEC PRF 5230 に相当する OpenChain Spec v2.1 draft rc3 について紹介していきます。あくまで、OpenChainの内容のイメージをもってもらうための概要の紹介になりますので、より詳しく知りたい場合は、実際の標準を読んでみてください。本日はその第1回として1.1章~1.3章の内容を紹介します。

*Please scroll down for the English version.

1.1 Policy(ポリシー)


OSSポリシーの文書化については、OpenChainの運営母体であるThe Linux Foundationから「企業のためのオープンソース ガイド」が日本語で公開されているので、こちらを参考にしながら作成してみてもいいかと思います。




1.2 Competence(能力)




1.3 Awareness(認識)



明日は1.3章に関わる話題として、Education SGの岩田さんから社内教育に利用できる資料を各社でシェアしていく活動について紹介頂きます。明日以降もぜひOpenChain Japan Advent Calendar 2020をご覧ください!

OpenChain Advent Calendar Day #6 – OSS Compliance Structures in Companies

By News

This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.

1. Introduction

I’m Masato ENDO.

At first, I’d like to introduce myself again,
I’m OpenChain Project Automotive Chair and Japan Work Group Promotion Sub Group Leader.
Recently, I became group manager of business planning and system development in my company.
Now, I’m studying agile development agile development

My hobbies are traveling, watching sports (especially soccer), and gadgets.
I planned to get a PS5 and a Galaxy Note20 Ultra this winter. However, I could not get them.
After all, I bought the iPhone12 pro max because I was attracted to Pacific Blue and camera performance.
Recently, I’m wondering if I should buy ASTRO CITY mini.
If the software for the ST-V board and MODEL2 board was included, I bought it without hesitation.

Today, I would like to share the progress of OSS compliance governance construction of each company.
Last week we gave you an overview of the OpenChain standard.
I think everyone is most concerned about “How far are other companies actually doing?”
Japan WG conducted a survey to answer such questions.
So, I will share the survey outline.

2. Summary of the Survey

As introduced last year at OpenChain Japan WG Promotion SG,
we have been raising awareness of the importance of OSS compliance with various partners such as the companies, government, media, and community.
Meanwhile, in 2020, we launched a research team on OSS compliance in collaboration with the academic community.
First of all, since it is important to grasp the situation, we conducted a questionnaire for domestic and foreign companies.
We received responses from 59 companies. The attributes of the respondents are as follows.
In order to clarify the progress of each company, we have summarized the items related to each item of OpenChain Spec 2.0, which is almost the same as the ISO standard.
The report can be downloaded from GitHub, so this time I will introduce the essence.

3. Summary of the result

First, let’s take a look at the items that are relatively being developed by each company among the items of OpenChain Spec 2.0.

Sec1.1 requires that documented OSS policies be disseminated internally.
We found that 83% of the surveyed subjects had some form of OSS policy.

Next, let’s look at the items that each company is struggling with.

The graph above is for budget items, and the same tendency can be seen for securing personnel.
Analyzing these, we can see that although the importance of OSS compliance has begun to be recognized and rules such as policies are being created, resources are not yet fully allocated.

Finally, let’s take a look at the whole summary slide.

Looking at the whole thing, we can see that in addition to resources, there are also issues related to contributions.
We plan to introduce contributions in detail later this month.
In any case, all items must be satisfied in order to obtain ISO standard certification.
OpenChain will continue to provide information that will support the acquisition of certification by each company.

4.Tomorrow’s theme is …

From tomorrow, we will finally start introducing the contents of the ISO standard.
At first, Mr. Yamada will introduce chapters 1.1 to 1.3.
Looking forward to!

1. はじめに


OpenChainでは、本Advent Calendarを企画しているJapan WG Promotion SGのリーダーや
グローバルではAutomotive Chairを務めさせて頂いています。

今冬は、PS5とGalaxy Note20 Ultraをゲット予定でしたが、
結局パシフィックブルーとカメラ性能に惹かれてiPhone12 Pro Maxを買っちゃいました。

Japan WGでは今年そのような疑問に答える調査を行いましたので、調査概要をシェアさせて頂きます。

2. 調査概要

OpenChain Japan WG Promotion SGでは昨年も紹介したように
ISO標準とほぼ同じものであるOpenChain Spec2.0の各項目に関連する項目をまとめました。


3. 結果のサマリー

まずは、OpenChain Spec2.0の各項目のうち比較的各社での整備が進んでいる項目について見ていきましょう。






4. 明日のテーマは・・・


OpenChain Advent Calendar Day #5 – The Open Compliance Summit

By News

This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.

It’s a little off the topic of ISOization of OpenChain, but this week we had a big event such as Open Compliance Summit on 12/1 and Open Source Summit Japan on 12/2-4. So I will report them here.

What is the Open Compliance Summit?

The Open Compliance Summit is an annual event held in Japan at this time of year. As the name implies, it is a place to discuss OSS compliance. To join this event, you must be a member of the Linux Foundation or invited. Chatham House rules apply, so you can expect a deeper discucssion. This year, due to COVID-19, it was held online.

Content this year

Of course, the biggest event in 2020 related to compliance is ISOization of OpenChain 2.1. It was also introduced that SPDX is also working toward ISOization.
For 2021, it is said that “visualization has became possible, so optimization will be in turn” due to ISOization. Based on that trend, I have the impression that there were many announcements about compliance tools.
The biggest thing for me is that I learned that the famous copyright troll was involved in PostgreSQL last year. So he is mentioned in Acknowledgments for Release 12. Oh, that means my name is written alongside his name…

What is Open Source Summit Japan?

Open Source Summit Japan is an event held in Japan from the end of spring to the beginning of summer every year. This is a place to discuss OSS widely, not limited to compliance. This year was scheduled for a different time than usual because it overlaps with the Olympics, but due to COVID-19, it was held online at this time.

Content this year

1st day

In the keynote speech it was said that OSS was well going in 2020, despite the pandemic and trade conflicts. On the contrary, OSS is also used to combat pandemic. (This is also true of Tokyo’s stopcovid19 site, isn’t it?)
Next, Automotive Grade Linux UCB version 10.0 was introduced. I’m not very familiar with cars, so I can’t write any more, but the next version is nicknamed Kooky Koi. I don’t know what Kooky means, but Koi is a carp in Japanese.
It was also introduced that Linux is used in the supercomputer FUGAKU.

2nd day

LF Energy was mentioned in the keynote speech, and the LF Energy Mini Summit was held after the keynote speech. There was also a session about LF Edge. It seems that neither LF Energy nor LF Edge is one OSS name, so although the name of the conference says “open source”, I feel that the scope of this summit has expanded considerably.

3rd day

RISC-V was mentioned in the keynote speech, and there was also a session dealing with RISC-V. (Although it happened on other days.) RISC-V is open hardware, so it’s already beyond the scope of “open source”.
I was also impressed that the times have changed when a person from Microsoft talked about embedded systems at such Linux-related meetings.

Tomorrow’s theme is …

Everyone might be wondering, “How are other companies working on OSS license compliance activities?” The OpenChain Japan WG conducted a survey to answer such questions and compiled it as a treatise. Tomorrow, one of the authors of the treatise, Endo-san, will talk about the survey results. I hope you all will enjoy it.

OpenChainのISO化の話からは少し外れますが、今週は12/1にOpen Compliance Summit、12/2-4にOpen Source Summit Japanと大きなイベントが続きましたので、その報告です。

Open Compliance Summitとは?

Open Compliance Summitは、毎年この時期に日本で開催されているイベントです。名前の通りOSSのコンプライアンスについて議論する場です。Linux Foundationのメンバーだったり招待してもらったりしないと参加できません。チャタムハウスルールが適用されますし、その分濃密な話を期待して良いです。今年は新型コロナの影響でオンラインでの開催になりました。


コンプライアンス関連で2020年の一番大きな出来事としては、もちろんOpenChain 2.1のISO化ですね。SPDXもISO化に向けて活動していることも紹介されていました。

Open Source Summit Japanとは?

Open Source Summit Japanとは毎年春の終わりから夏の初め辺りに日本で開催されているイベントです。こちらはコンプライアンスに限定せずOSSについて広く議論する場です。今年はオリンピックと重なるのでそもそもいつもと違う時期に予定されていましたが、新型コロナの影響でこの時期にオンラインでの開催になりました。



次にAutomotive Grade Linux UCB バージョン10.0の紹介がありました。自動車にはあまり詳しくないので、これ以上は書けませんが、次のバージョンの愛称がKooky Koiだそうです。Kookyの意味は分かりませんが、Koiは鯉のことです。


LF Energyについて基調講演の中でも触れられましたし、基調講演の後LF Energyミニサミットが開催されました。また、LF Edgeに関するセッションもありました。LF EnergyもLF Edgeも単純にその名前のOSSと対応する団体というわけではなく抽象的なもののようですので、会議の名前には「オープンソース」とありますが対象がかなり広がっているのを感じます。




「他の会社ではOSSライセンスのコンプライアンス活動にどう取り組んでいるのだろう」というのは皆さんもとても気になることではないでしょうか。OpenChain Japan WGではそのような疑問に答える調査を行ない、論文としてまとめました。明日はその論文の著者の一人である遠藤さんが調査結果について書きます。楽しみにしていてください。

OpenChain Advent Calendar Day #4 – A Message from the General Manager

By News

This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.


Hello, this is Endo who is Promotion SG leader and Automotive Chair of OpenChain.
Shane is the main of the article, so I will introduce myself on another occasion.

This year’s Advent Calendar theme is OpenChain Spec ISO.
So, today, I received a message in Q & A format from Shane, who is a General manager of OpenChain,
Please enjoy it.

2.Message from Shane


Q: Congratulations on ISO conversion of OpenChain Spec!!
Please tell us your frank impressions.

A:Open source compliance has existed as long as open source. 
However, until OpenChain there was no single, objective standard for high quality compliance.
People and companies did their best and often did a good job, but they were working in isolation.
The global supply chain is interconnected and companies depend on each other.
It was necessary to create one clear way to do compliance properly. 
OpenChain proved this could be done with a short and easy to understand specification.

Now, after almost five years in the market, OpenChain has changed from a widely-used industry standard into a formal ISO International Standard. 
This means that it is much easier to include in sales and procurement discussions, especially in industries that are not familiar with open source or in managing open source licenses.
I believe that OpenChain as an ISO standard has permanently changed corporate use of open source.
Over time every company using open source to make products and solutions will be using our ISO standard.
I expect it to become as common as ISO 9001 or 14001.

My frank impression is that this ISO standard will allow open source to become a comfortable, trusted choice for any product or solution containing software.
It will help make the supply chain more efficient.
It will save many millions of dollars in resource management and issue resolution.
The impact will be huge.

Q: Please tell us how the community decided to create Spec.

A: In 2015 it was clear that open source was very successful.
It had existed in the market for about two decades, but especially in the time period between 2005 and 2015 it became ubiquitous.
Open source was in everything from our data centers to our mobile phones to our air conditioners.

The impact of the technology was amazing.
However, there was one area which remained a significant challenge.
In complex supply chains it was quite difficult to pass open source between companies and to consistently, reliably meet the requirements of open source licenses.
This was not due to any ill-intent, but because each company was solving open source compliance in their own way, and a supply chain with 20 or 30 companies meant a lot of variables and differences in license management.
Errors would often occur.

OpenChain was born out of the idea of making a single, clear and resource effective way to manage open source in organizations and in a repeatable manner across the supply chain.
It was built to provide consistency and to increase trust in supply chains, one company at a time.
In other words, it was designed to specifically solve real world problems using the best real world solutions.

Q: What is the OpenChain Spec concept, philosophy?

A: OpenChain defines the key requirements of a quality open source compliance program.
Every company using OpenChain can therefore be trusted more than companies using bespoke solutions. OpenChain is carefully designed to be as simple as possible and as agnostic as possible so that companies of all sizes and in all markets can use it.
OpenChain distills thousands of human-hours of experience from across hundreds of companies into a seven page standard. 
It is designed to be the simplest, most elegant solution possible.

Q: I think that many people will meet OpenChain Spec as a result of becoming ISO.
If you have a message for such people,

A:Open source provides access to billions of dollars of third-party code. There are some clear, reasonable conditions described in open source licenses. Just like any intellectual property, we need to follow the licenses. However, in the past identifying the best processes to do this was challenging. There were few lawyers, project leaders and engineers who had detailed knowledge about open source licenses. Sometimes information in the public domain, such as on websites, suggested different terms or intentions. The missing part was a clear, simple, reliable and efficient process approach for doing open source compliance. OpenChain changes this. You can adopt the ISO standard or OpenChain 2.1 and know that you have a quality open source compliance program.
Today any company in the world can go to and find the International Standard for open source compliance, supporting reference material, free self-certification support, and – if they need it – third-party service providers. No matter who you are, you can build out the same process approach as Microsoft or Qualcomm or Hitachi or Toyota in a way that suits your available resources. This is a remarkable change in the market. If you are a supplier, this is a way to show that you have quality intellectual property management in this space. If you are a customer, this is a way to ensure your procurement includes quality open source compliance.
Join us in helping thousands of companies do even better with open source.

3.Tomorrow’s theme is …

Many events related to OpenChain were held at the Linux Foundation Summits this week.
Tomorrow, Koizumi-san will introduce these events’ summary .
Looking forward to!


こんにちは、OpenChainのAutomotive Chairや
このアドベントカレンダーを企画しているPromotion SGリーダーを務めさせて頂いている遠藤です。

今年のAdvent CalenderのテーマはOpenChain SpecのISO化ですので、
General ManagerのShaneさんにQ&A形式でメッセージを頂きましたので、お楽しみください。



Q: OpenChain SpecのISO化おめでとうございます!率直なご感想をお聞かせください。

A: オープンソースコンプライアンスは、オープンソースである限り存在するものです。


OpenChain Specの最初のバージョンがリリースされて5年が経過しましたが、



Q: ShaneさんはOpenChainの設立から関わっていると思いますが、Specを作ることになった経緯を教えてください。

A: 2015年の時点で、オープンソースが非常に成功したことは明らかでした。



Q: OpenChain Specのコンセプト、フィロソフィーとはどういうものなのでしょうか?

A: OpenChainは、高品質のオープンソースコンプライアンスプログラムの主要な要件を定義します。

Q: ISO化を契機により多くの人々がOpenChain Specに触れることになると思います。



OpenChainはこれを変更します。 ISO標準またはOpenChain2.1を採用して、



今週行われたLinux Foundation関係のイベントではOpenChainに関するイベントが多く開催されました。

OpenChain Webinar #15: Michael Poe on His Journey to Open Source @ December 7th at 9am Pacific / 5pm UK / 6pm CET

By Featured

Our regular bi-weekly webinar will cover an exciting topic at 9am Pacific / 5pm UK / 6pm CET on Monday the 7th of December.

We will be hearing from Michael G. Poe, a newcomer to the world of Open Source Compliance and current Sales Manager with FossID.  Michael will share his thoughts on his surprising journey from consumer products to software, and how the underlying principles of the open source community have enabled him along the way.  

Michael will also touch on what he believes can be some of the challenges to the frictionless adoption of Open Chain conformance. And lastly, based on his experiences and learning agenda thus far, what are some areas that can be improved when it comes to Open Source, Compliance, and the tech industry in general.

This is the final episode of the bi-weekly OpenChain Webinar series for 2020. We have featured international speakers on a wide range of topics related to open source compliance challenges and solutions. Learn more here:

We will be back in early 2021 with more speakers, discussions and insights.

Join Our Webinar


  • 123456

One Tap Telephone (no screensharing)

* +358 9 4245 1488,,9990120120# Finland
* +33 7 5678 4048,,9990120120# France
* +49 69 7104 9922,,9990120120# Germany
* +852 5808 6088,,9990120120# Hong Kong
* +39 069 480 6488,,9990120120# Italy
* +353 6 163 9031,,9990120120# Ireland
* +81 524 564 439,,9990120120# Japan
* +82 2 6105 4111,,9990120120# Korea
* +34 917 873 431,,9990120120# Spain
* +46 850 539 728,,9990120120# Sweden
* +41 43 210 71 08,,9990120120# Switzerland
* +44 330 088 5830,,9990120120# UK
* +16699006833,,9990120120# US (San Jose)
* +12532158782,,9990120120# US

Find your local number: ( )
Not all countries have available numbers.

After dialing the local number enter 9990120120#

Check Out All Our Other Webinars

OpenChain UK Work Group December Meeting #3 – December 2020

By Featured

Moorcrofts LLP and its sister compliance company Orcro Limited, as OpenChain partners, invite you to join us at the next OpenChain UK Work Group meeting, taking place virtually via Zoom on Thursday 3 December from 14:00 – 16:00 GMT.

Book Now

To reserve your free place on the virtual meeting, on 3 December from 14:00 – 16:00, please complete the online booking form.

Join the OpenChain UK Work Group 

OpenChain Japan Planning Sub-Work Group Meeting, December 16th @ 2pm JST

By Featured

The Japan Planning Sub-Work Group will host a virtual meeting on the 16th of December. The topic of the next meeting is ‘OSS training for software engineers based on the OpenChain specification.’ Our presenter is Iwata San from Hitachi.

Join Us On Zoom

Check Out the Historical Information on this Topic

Learn More About This Sub-Group

And in Japanese!

Planning SGでは、Japan WG次回オンライン全体会合を
2020年12月16日(水) 14:00-15:30






OpenChain Korea Meeting #8 – 2nd of December @ 2pm local time

By Featured

The OpenChain Korea Work Group will hold its 8th meeting on December 2nd. The event will run from 14:00 to 16:00 Korea time. Everybody is welcome to join. Dial in details below.


1OpenChain UpdateShane Coughlan, Linux Foundation
2현대자동차 오픈소스 거버넌스 체계 구축현대자동차 백송하
3SCA(Software Composition Analysis) Market 동향카카오 황민호(Robin)
4Olive 전격 공개카카오 황민호(Robin)
5Case StudyAll
5OpenChain KWG UpdateSK텔레콤 장학성
6Free DiscussionAll

Case Study

  • 주제 : 오픈소스 컴플라이언스 / 보안취약점 점검 대상 분류
    • 폰트에 대해서도 오픈소스 컴플라이언스 활동을 수행하는지? (예: Open Font)
    • 회사가 사내 직원용 모바일 앱(안드로이드, iOS)을 배포하는지? 그렇다면 이에 대해서도 오픈소스 컴플라이언스 활동을 수행하는지?
    • 오픈소스 보안취약점 점검 대상은 어떻게 분류하는지? 배포하는 소프트웨어 뿐만 아니라, 인프라 용, 서버 용으로 사용 중인 소프트웨어에 대해서도 점검 대상으로 포함시키는지?

Join Zoom Meeting

The Korea Mailing List (in Korean) is here

OpenChain Webinar – Open Source Software – a modern world opportunity and risk – 12th November – 3PM CET

By Featured

ITAM Channel, part of the ITAMOrg international membership organization for ITAM Professionals, is hosting a webinar covering OpenChain on the 12th of November.

In this webinar you will hear about how open source is used in the supply chain, the risks associated with open source and strategies to manage this. We will also discuss the latest standards such as the new ISO standard being published from the OpenChain Project with support from many of the larger vendors incl. Arm, Microsoft, Google and Qualcomm.

Event speakers are Martin Callinan of Source Code Control and Shane Coughlan, General Manager at OpenChain

Learn more here:

Register here:

OpenChain @ DLA Piper’s Open Source In-House Counsel Discussion on November 11th

By Featured

DLA Piper will be holding their next OSS In-house Counsel Discussion from 5 pm to 6:30 pm PST on November 11, 2020. 

The legal issues in open source software are becoming more complex, with new considerations arising rapidly. This event will provide a venue managed by and for in-house counsel where they can discuss open source legal issues under the Chatham House Rule.

It will host the following discussions 

1.      Open Source Software Compliance in Containers by Scott Peterson of Redhat, Inc.

 2.      OpenChain as an ISO Standard by Shane Coughlan of the Linux Foundation 

There will also be the usual summary of selected recent issues by Mark Radcliffe and Chris Stevenson of DLA Piper. 

Learn More About The Event