Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source.
Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.
We have a terrific amount of activity in the OpenChain Project. A lot happens around our calls, where we often record audio and video, but we occasionally get asked for other formats too. Time and resources prohibit us from transcribing calls but there are some avenues to explore. Our conference provider offers automated transcriptions and today – for the first time – we are exploring how these may be shared with the community.
There are errors in the documents. We are providing a PDF and a Word document, the former for quick review, the latter to contribute fixes. Our goal is to test offering a new way to catch up on what happened. We are particularly interested in seeing if this provides utility to non-native English speakers.
Our test release is a transcript of Russ from GM – First Monday November – talking about how open source works in the US automotive space.
Shouldn’t the project focus on excellence and avoid releasing documents with typographical errors?
We are an open project with a global community. We work hard to make all of our official documentation clear, simple and free of errors. However, we also have a lot of other material, such as these automated transcripts, and we are experimenting with providing access.
Who would find this useful?
Non-native English speakers who may have difficulty understanding spoken English. Written English, even imperfect written English, may be useful.
One exciting outcome of the OpenChain Korea Work Group meeting # 4 was the release of our first Korean case studies. These case studies from SK Telecom and NCSoft cover Open Source Governance Organization approaches inside their respective companies. They are currently only available in Korean.
The fourth OpenChain Korea Work Group meeting took place on the 2nd of December 2019 at KTDS. This event was attended by around 20 people from 8 companies and marked the first release of Korean company case studies. Details below along with links to review our past meetings and to join our Korean mailing list.
The fifth meeting is scheduled for March 2020 at the Kakao offices in Seoul. Watch this space!
我们的议程将集中在现实世界的挑战和解决方案上。 Our agenda will focus on real world challenges and solutions.
简单介绍下:我支持的开源讨论会议,一般都会要求使用 Chatham House Rule。
是为了让大家更充分的交流。
Our meeting will be held under Chatham House Rule to facilitate open discussion.
特别是百度开源律师 张伟玲会带来 开源合规在百度的实践,包括what/why/how,如何联合安全/研发工具/TC等来让合规落地的实践。
Zhang Weiling from Baidu will introduce practical open source compliance and integration with security approaches, development tools etc.
合规,不容易理解,但是如何落地,才是最难的。
Practical deployment is our true challenge and will be addressed.
欢迎大家分享经验。 让我们营造良好的协作氛围。 Everyone is welcome to share their experiences. Let’s build a great atmosphere of collaboration.
你想参加吗? 电子邮件scoughlan@linuxfoundation.org。
Do you want to participate? Email scoughlan@linuxfoundation.org.
At CES 2020 during early January you can meet some of the key people behind the OpenChain Project. Our demo desk at the Automotive Grade Linux stand will show how open source tooling for open source compliance accelerates time to market and the optimal use of open source code. Our focus will be on the automotive sector but of course the same approach can help any company in any sector adopt and apply the key requirements of a quality open source compliance program.
The OpenChain India Work Group had a great inaugural meeting hosted by MCA in Bangalore on the 7th of September. 25 people from 11 companies attended and shared experiences around open source compliance matters. This meeting marked the long-awaited expansion of OpenChain into one of the most significant IT markets in the world.
The second meeting will take place at Lyra Infosystems on the 21st of December 2019. Lyra has been OpenChain conformant for a while and is a pivotal user company supporting the eco-system in India.
Interested in helping shape the future of open source compliance in India? Jump right in!
Mishi Choudhary & Associates partnered with the OpenChain Project in conducting the OpenChain
Project’s first India Work-Group meet-up at Hotel Royal Orchid, Bangalore on 7th September. The
meetup included professionals, open source enthusiasts, tech-companies building or using products
on open source and entities interested in learning more on open source compliance. The meet-up
had presence of four OpenChain Conformant companies namely Infosys, Siemens, Lyra
Infosystems and Cognizant. Besides, various global service providers using Open Source in
different forms were also present.
The meetup was organised to initiate the core India Work-Group of the OpenChain Project which
was rolled out by Linux Foundation to simplify compliance. The OpenChain Project builds trust in
open source and makes compliance easy, predictable and effective. OpenChain Specification and
Conformance form industry standards for open source compliance optimized for internal and
external supply chains of any type.
The meet-up was moderated by Prasanth Sugathan, Legal Director, and Gurbir Singh Sidhu,
Associate Counsel at Mishi Choudhary & Associates. The session also included presentations by
Shuvajit Mitra (Senior Manager – IP Commercialisation, Open Source & Trademarks Practices,
Infosys) and Arun Azhakesan (Lead OSS License Compliance, Seimens Healthineers).
Introductory Remarks:
Shane Coughlan, General Manager, OpenChain Shane joined through video-conference from Japan. He spoke about major achievements for OpenChain Project in community outreach in the current month which include first work-group meet-ups in India, China and continuing activity in Taiwan. Besides, he expected doubling of conformance community this year. Further, he shared OpenChain activities in Japan which contain 68 companies and over 150 people. Besides, OpenChain Project’s Automotive WG in Japan have over 100 people involved. He mentioned deep connections between companies from China with those in India present at the first work-group. To support this, he referred to Xiaomi which recently sold its 100th million smartphone sold in the Indian subcontinent. He envisaged bringing together OpenChain Conformant companies like Infosys and others like WIPRO which are not yet. Also, he discussed plans on OpenChain’s readiness to become an ISO standard and consequent support for the same from user companies and developers.
Further, he assured support from international OpenChain community to the India WG at every
step.
Gurbir Singh Sidhu, Associate, Mishi Choudhary & Associates
To give insights on the anticipated privacy legislation, Gurbir gave a presentation on Draft Personal
Data Protection Bill, 2018 for the attendees. He gave a background on emergence of privacy law
and policy in India. This included recommendations given by Justice (Retd.) AP Shah Committee
on Privacy, 2011; the SC judgment in KS Puttaswamy & Anr v. UOI & Ors (Aug, 2017) which
upheld privacy as a fundamental right and finally, the report released by Justice (Retd.) BN
Srikrishna Committee on Data Protection Framework, 2017.
Thereafter, the key provisions of the Draft Protection Bill were shared. It included key terminology
like Personal Data, Sensitive Personal Data, Data Principal, Data Fiduciary and Data Processor.
Then, data protection obligations on data fiduciaries such as purpose limitation, collection
limitation, storage limitation, notice and consent requirements; transparency and accountability
measures (data audits, impact assessments, appointment of data protection officers) were presented.
This was followed by rights of data principals such as rights to confirmation and access; data
portability; correction of information and right to be forgotten. Thereupon, provisions on transfer of
personal data outside India were discussed. It included data localization, mirror copy requirements;
conditions on data transfer like contracts, intra-groups schemes. Finally, provisions relating to
exemptions, Data Protection Authority of India, penalties, criminal offences and remedies under the
Draft Bill were discussed.
Shuvajit Mitra (Senior Manager – IP Commercialisation, Open Source & Trademarks Practices,
Infosys)
Shuvajit started his presentation on how Infosys has adopted usage and deployment of OSS in their
solutions; and how it has saved costs, resources while meeting customers’ expectations. Discussing
challenges, he mentioned that being a diversified and large organization, there could be
misunderstandings on OS usage due to inadequate licensing experience, compliance complications
and related risks of IP infringement. Besides, requirement of methodical compliance checks, license
validation, establishing roles, accountability in supervisory level were also discussed.
In order to address the challenges, Infosys IP team engaged with OpenChain Project to assess its
compliance practices and identify gaps to come in consonance with industry standard practices. For
capacity development Infosys organized trainings on OSS licensing, governance models &
contribution processes.
Infosys did a Conformance Analysis which included assessment of its Open Source Policy, IP check
& certification process, establishing an accountability system and attaining key requirements of
OpenChain Specification to make its compliance program predictable, understandable and efficient.
While discussing benefits, he mentioned that by being an OpenChain Conformant company, Infosys
was able to demonstrate a transparent OSS compliance process in development and procurement.
Being OpenChain Conformant would help Infosys in building trust among its customers and
stakeholders while showcasing its global standards.
Arun represented the formal tooling work group of OpenChain and explained how some of these
tools were adopted later by Linux. The idea behind tooling group is reducing the resource cost and
enhancing output. Also, OpenChain bringing Conformance for the entire supply chain necessitated
that these tools be streamlined.
He started his presentation discussing efforts led by OpenChain in developing tools to assist OS compliance and making it more predictable. Arun shared the entire Integrated Compliance Toolchain Instance with specific compliance tools for each layer. Thereafter, he covered specific
tools useful for the entire compliance chain.
First being Fossology which allows license, copyright and export control scans from the command
line. It can generate an SPDX file, or a ReadMe with the copyrights notices from the software.
Scanners include Monk, Nomos and Ninka. Next tool, Eclipse SW360 is an OSS project which
allows cataloguing of software components, assessing security vulnerabilities, maintaining license
obligations among others. It is licensed under EPL- 2.0. Besides, Eclipse SW360 Antenna is again
an OSS tool which automates open source license compliance process. It collects compliance
related data, processes it and warns in case of compliance related issues. Other tools suggested by
Arun for the entire software supply chain included:
OSS Review Toolkit: To download and scan the source code of the dependencies for license
information and summarize the results.
Software Heritage: To collect, preserve and share all software that is publicly available in
source code form.
BANG – Binary Analysis- NG: To find out the provenance of the unpacked files and
classify/label files, making them available for further analysis.
SPDX: For communicating the components, licenses and copyrights associated with a
software package.
Open Source Automation Development Lab (OSADL): To promote and coordinate the
development of open source software for the machine, machine tool, and automation
industry.
Informal Discussions
Attendees discussed that lately, more companies are developing projects on open source including Google, FB, LinkedIn and Microsoft. Also, there are instances over past decade, where companies using open-source made downstream improvements to convert products into proprietary. This led to changes in license regime namely MongoDB and few others. Further, global movement towards streamlining compliance activities, led by Linux Foundation were discussed; OpenChain Project being one of the products. High profile patent litigations were also mentioned including Apple-Qualcomm, Apple-Samsung. Open Innovation Network’s work in resolving such disputes and patent non-aggression particularly for Linux based products was referred.
Attendee companies discussed challenges they face while contributing in open source pool specifically in degree to which it can allow their developers to contribute and parts to retain after due diligence checks (against 3rd party patent infringements).
Also, there were suggestions on focusing on smaller companies and start-ups in their transition towards open source. Secondly, awareness being a major part of OpenChain Project should also be leveraged.
Mr. Sugathan encouraged sharing tools and compliance practices between WG members, as most companies use the same components but in different domains. He expressed utility of developing knowledge transfer between companies.
There were queries which ranged from basic questions like overview of OpenChain, the expectations from Indian companies and implementations required. Core requirements of OpenChain specifications were shown which included standards required to be met in terms of documentation, processes and accountability. OpenChain gives self-certification flexibility to the organization; but being Conformant would require due diligence checks from third parties. Further, benefits of OpenChain in keeping the software supply chain predictable and consistent were shared. This also helps companies to identify gaps in their compliance process and correcting them.
It was reiterated that these meet-ups would allow companies to share their best experiences, especially addressing challenges they faced in their compliance programs.
The OpenChain Japan Work Group will hold its last meeting of the year on the 19th of December. It seems like a good time to reflect on growth and next steps. You can see how our mailing list has expanded over time and the audience trend of the physical meetings.
One interesting data-point is that we have reached a stage of maturity in the number of companies participating. We have a lot of the principles (largest companies in Japan) and a representative collection of their suppliers. The next phase is increased OpenChain adoption, something we are seeing with things like the Fujitsu conformance announcement last week.
Our physical meetings have also followed an interesting trend. The “dips” in the chart show ad-hoc meetings, usually a planning session for a larger meeting ahead, or addressing a matter related to one of our seven Japan Sub-Groups that work on FAQs, supplier education, tooling and so on. We are still waiting for the final numbers from our December meeting but the trend is expected to continue.
The most interesting development was probably the evolution of activities around August 2019. At this meeting the OpenChain Japan Sub-Work Groups began their work, with seven teams holding their own meetings throughout the remainder of 2018 and into 2019.
Our July 2019 meeting was a major intersection of sub-group outcomes and the wider audience. The next such event is actually the Open Compliance Summit on the 17th and 18th December, and the final OpenChain Japan meeting on the 19th, an opportunity to provide the international audience with a strong overview of developments.
We are looking forward to a productive 2020 and increased collaboration between China, Japan, Korea, India and forthcoming European and American Work Groups. As OpenChain becomes an ISO standard we will seek to make sure all the best knowledge, everywhere, is easy to access.
The OpenChain Japan Work Group and its seven sub-groups are some of the most active parts of the OpenChain Project. Starting this month we are sharing their event schedule in English. We hope to show our local structure and encourage others to replicate it when appropriate around the world.
Check Out What Is Happening With OpenChain In Japan
SAN FRANCISCO, NOVEMBER 29 – The OpenChain Project is delighted to announce that Fujitsu, a Platinum Member of the OpenChain Project, is the latest OpenChain 2.0 Conformant company. This activity is a continuation of Fujitsu’s long-standing commitment to excellent in open source governance and represents one of the larger OpenChain conformant programs. Fujitsu is the first company in Japan and the eighth globally to achieve OpenChain 2.0 conformance.
The OpenChain Project establishes trust in the open source from which software solutions are built. It accomplishes this by making open source license compliance simpler and more consistent. The OpenChain Specification defines inflection points in business workflows where a compliance process, policy or training should exist to minimize the potential for errors and maximize the efficiency of bringing solutions to market. The companies involved in the OpenChain community number in the hundreds. The OpenChain Specification is being prepared for submission to ISO and evolution from a growing de facto standard into a formal standard.
“Fujitsu has been a long supporter of open source communities and valued open source compliance. OpenChain Conformance demonstrates our commitment to open source compliance”, says Fujiwara Takashi, SVP, Head of Software Business Unit, Fujitsu Limited. “We have worked for the conformance for part of the Software Business Unit together with developers in Software Business Unit, which has more than 1,000 developers, licensing compliance specialists in intellectual property department, and open source specialists in OSS technology department. We will extend OpenChain Conformance throughout the company and strengthen Fujitsu’s open source governance. Now we are transforming our business into a technology consulting and service implementing company with open source technologies. We will keep contributing open source communities”
“Fujitsu has been a pivotal member of the OpenChain Project as we head into formal standardization via the ISO PAS process,” says Shane Coughlan, OpenChain General Manager. “Our collaboration has ranged from editorial work on the specification itself through to community building via the OpenChain Japan Work Group. I am delighted to take this next step in our relationship and to mark a milestone in the global roll-out of the OpenChain industry standard.”
About the OpenChain Project
The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.
About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.
Linux is a registered trademark of Linus Torvalds.
