Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.
The OpenChain Reference Training Slides for OpenChain 2.0 are now available in Traditional Chinese.
Big thanks are due to Andrew Katz and his teams at Moorcrofts and Orcro for preparing this material. As with all OpenChain reference material these slides are available under CC-O licensing, effectively public domain.
Get the Slides
Contribute via Github
The second meeting of the OpenChain China Work Group is underway right now at the Baidu offices in Beijing. This event, kindly hosted and supported by our friends from companies like Baidu, Huawei and JD.com, provides a great opportunity to share notes and make plans ahead of 2020!
As you can see there are plenty of smiles alongside more serious discussions. It is also worth noting the gender balance in the room. Thank you China WG for leading the way!
Thanks to the tremendous work of Andrew Katz, his team at Moorcrofts, and the team at Orcro, the OpenChain Project offers an open source policy template to support our industry standard. This is a frequently requested aspect of our reference material and – as with all OpenChain reference material – it is available under CC-0 licensing, effectively public domain.
Get the Template in Traditional Chinese
Get the Template in English
Help Us Translate
You can help support our internationalization efforts via Github. Get these guides and many more documents in the OpenChain Reference Library. You can find out more and discuss this template on our mailing list.
We are delighted to announce the release of the fourth OpenChain community interview. This time we had a chance to sit down with Maggie from Ladas and Perry, an active contributor to the OpenChain China Work Group, and a key figure in the broader Chinese open source technology community.
Read the Interview
We have a terrific amount of activity in the OpenChain Project. A lot happens around our calls, where we often record audio and video, but we occasionally get asked for other formats too. Time and resources prohibit us from transcribing calls but there are some avenues to explore. Our conference provider offers automated transcriptions and today – for the first time – we are exploring how these may be shared with the community.
There are errors in the documents. We are providing a PDF and a Word document, the former for quick review, the latter to contribute fixes. Our goal is to test offering a new way to catch up on what happened. We are particularly interested in seeing if this provides utility to non-native English speakers.
Our test release is a transcript of Russ from GM – First Monday November – talking about how open source works in the US automotive space.
Quick Read (PDF)
Edit and Fix (DOCX)
Q&A
What release an imperfect transcript?
Because our community might find it useful.
Shouldn’t the project focus on excellence and avoid releasing documents with typographical errors?
We are an open project with a global community. We work hard to make all of our official documentation clear, simple and free of errors. However, we also have a lot of other material, such as these automated transcripts, and we are experimenting with providing access.
Who would find this useful?
Non-native English speakers who may have difficulty understanding spoken English. Written English, even imperfect written English, may be useful.
Where do I send feedback?
scoughlan@linuxfoundation.org
One exciting outcome of the OpenChain Korea Work Group meeting # 4 was the release of our first Korean case studies. These case studies from SK Telecom and NCSoft cover Open Source Governance Organization approaches inside their respective companies. They are currently only available in Korean.
Check Them Out
The fourth OpenChain Korea Work Group meeting took place on the 2nd of December 2019 at KTDS. This event was attended by around 20 people from 8 companies and marked the first release of Korean company case studies. Details below along with links to review our past meetings and to join our Korean mailing list.
The fifth meeting is scheduled for March 2020 at the Kakao offices in Seoul. Watch this space!
Agenda
| No | Agenda | Speaker | Slide |
|---|---|---|---|
| 1 | OpenChain Update | Shane Coughlan / Linux Foundation | a_brief_introduction_to_openchain.pdf |
| 2 | Open Source Management Portal and Open Source Management Plan | Sangmi Kim, Jihyun Lee / Ktds | |
| 3 | How to Install and Use FOSSology | Wonjae Park / LG Electronics | fossology_introduction_openchain_kwg.pdf |
| 4 | OpenChain KWG Update | Haksung Jang / LG Electronics | openchain_kwg_update_2019-12-02.pdf |
| 5 | Case Study | All | |
| 6 | Free Discussion | All |
Case Study : Open Source Governance Organization
Companies Attending
Learn More About The Korean Work Group
Join The Korean Work Group Mailing List
12/12 下午2点到4点, 北京百度大厦 开源合规研讨会。
Our event will take place on the 12th of December between 14:00 and 16:00. Our event venue is Beijing Baidu Building Open Source Compliance Seminar @ No.10, Shangdi 10th Street, Haidian, Beijing, China.
我们的议程将集中在现实世界的挑战和解决方案上。
Our agenda will focus on real world challenges and solutions.
简单介绍下:我支持的开源讨论会议,一般都会要求使用 Chatham House Rule。
是为了让大家更充分的交流。
Our meeting will be held under Chatham House Rule to facilitate open discussion.
特别是百度开源律师 张伟玲会带来 开源合规在百度的实践,包括what/why/how,如何联合安全/研发工具/TC等来让合规落地的实践。
Zhang Weiling from Baidu will introduce practical open source compliance and integration with security approaches, development tools etc.
合规,不容易理解,但是如何落地,才是最难的。
Practical deployment is our true challenge and will be addressed.
欢迎大家分享经验。 让我们营造良好的协作氛围。
Everyone is welcome to share their experiences. Let’s build a great atmosphere of collaboration.
你想参加吗? 电子邮件scoughlan@linuxfoundation.org。
Do you want to participate? Email scoughlan@linuxfoundation.org.
At CES 2020 during early January you can meet some of the key people behind the OpenChain Project. Our demo desk at the Automotive Grade Linux stand will show how open source tooling for open source compliance accelerates time to market and the optimal use of open source code. Our focus will be on the automotive sector but of course the same approach can help any company in any sector adopt and apply the key requirements of a quality open source compliance program.
Check Out Our Demo Overview
Check Out The Full AGL Schedule
The OpenChain India Work Group had a great inaugural meeting hosted by MCA in Bangalore on the 7th of September. 25 people from 11 companies attended and shared experiences around open source compliance matters. This meeting marked the long-awaited expansion of OpenChain into one of the most significant IT markets in the world.
The second meeting will take place at Lyra Infosystems on the 21st of December 2019. Lyra has been OpenChain conformant for a while and is a pivotal user company supporting the eco-system in India.
Interested in helping shape the future of open source compliance in India? Jump right in!
Our dedicated India Work Group Mailing List
Detailed Overview and Minutes
Mishi Choudhary & Associates partnered with the OpenChain Project in conducting the OpenChain Project’s first India Work-Group meet-up at Hotel Royal Orchid, Bangalore on 7th September. The meetup included professionals, open source enthusiasts, tech-companies building or using products on open source and entities interested in learning more on open source compliance. The meet-up had presence of four OpenChain Conformant companies namely Infosys, Siemens, Lyra Infosystems and Cognizant. Besides, various global service providers using Open Source in different forms were also present.
The meetup was organised to initiate the core India Work-Group of the OpenChain Project which was rolled out by Linux Foundation to simplify compliance. The OpenChain Project builds trust in open source and makes compliance easy, predictable and effective. OpenChain Specification and Conformance form industry standards for open source compliance optimized for internal and external supply chains of any type.
The meet-up was moderated by Prasanth Sugathan, Legal Director, and Gurbir Singh Sidhu, Associate Counsel at Mishi Choudhary & Associates. The session also included presentations by Shuvajit Mitra (Senior Manager – IP Commercialisation, Open Source & Trademarks Practices, Infosys) and Arun Azhakesan (Lead OSS License Compliance, Seimens Healthineers).
Introductory Remarks:
Shane Coughlan, General Manager, OpenChain
Shane joined through video-conference from Japan. He spoke about major achievements for OpenChain Project in community outreach in the current month which include first work-group meet-ups in India, China and continuing activity in Taiwan. Besides, he expected doubling of conformance community this year. Further, he shared OpenChain activities in Japan which contain 68 companies and over 150 people. Besides, OpenChain Project’s Automotive WG in Japan have over 100 people involved.
He mentioned deep connections between companies from China with those in India present at the first work-group. To support this, he referred to Xiaomi which recently sold its 100th million smartphone sold in the Indian subcontinent.
He envisaged bringing together OpenChain Conformant companies like Infosys and others like WIPRO which are not yet. Also, he discussed plans on OpenChain’s readiness to become an ISO standard and consequent support for the same from user companies and developers.
Further, he assured support from international OpenChain community to the India WG at every step.
Gurbir Singh Sidhu, Associate, Mishi Choudhary & Associates
To give insights on the anticipated privacy legislation, Gurbir gave a presentation on Draft Personal
Data Protection Bill, 2018 for the attendees. He gave a background on emergence of privacy law
and policy in India. This included recommendations given by Justice (Retd.) AP Shah Committee
on Privacy, 2011; the SC judgment in KS Puttaswamy & Anr v. UOI & Ors (Aug, 2017) which
upheld privacy as a fundamental right and finally, the report released by Justice (Retd.) BN
Srikrishna Committee on Data Protection Framework, 2017.
Thereafter, the key provisions of the Draft Protection Bill were shared. It included key terminology
like Personal Data, Sensitive Personal Data, Data Principal, Data Fiduciary and Data Processor.
Then, data protection obligations on data fiduciaries such as purpose limitation, collection
limitation, storage limitation, notice and consent requirements; transparency and accountability
measures (data audits, impact assessments, appointment of data protection officers) were presented.
This was followed by rights of data principals such as rights to confirmation and access; data
portability; correction of information and right to be forgotten. Thereupon, provisions on transfer of
personal data outside India were discussed. It included data localization, mirror copy requirements;
conditions on data transfer like contracts, intra-groups schemes. Finally, provisions relating to
exemptions, Data Protection Authority of India, penalties, criminal offences and remedies under the
Draft Bill were discussed.
Shuvajit Mitra (Senior Manager – IP Commercialisation, Open Source & Trademarks Practices, Infosys)
Shuvajit started his presentation on how Infosys has adopted usage and deployment of OSS in their solutions; and how it has saved costs, resources while meeting customers’ expectations. Discussing challenges, he mentioned that being a diversified and large organization, there could be misunderstandings on OS usage due to inadequate licensing experience, compliance complications and related risks of IP infringement. Besides, requirement of methodical compliance checks, license validation, establishing roles, accountability in supervisory level were also discussed.
In order to address the challenges, Infosys IP team engaged with OpenChain Project to assess its compliance practices and identify gaps to come in consonance with industry standard practices. For capacity development Infosys organized trainings on OSS licensing, governance models & contribution processes.
Infosys did a Conformance Analysis which included assessment of its Open Source Policy, IP check & certification process, establishing an accountability system and attaining key requirements of OpenChain Specification to make its compliance program predictable, understandable and efficient. While discussing benefits, he mentioned that by being an OpenChain Conformant company, Infosys was able to demonstrate a transparent OSS compliance process in development and procurement. Being OpenChain Conformant would help Infosys in building trust among its customers and stakeholders while showcasing its global standards.
Arun Azhakesan (Lead OSS License Compliance, Seimens Healthineers
Arun represented the formal tooling work group of OpenChain and explained how some of these tools were adopted later by Linux. The idea behind tooling group is reducing the resource cost and enhancing output. Also, OpenChain bringing Conformance for the entire supply chain necessitated that these tools be streamlined.
He started his presentation discussing efforts led by OpenChain in developing tools to assist OS compliance and making it more predictable. Arun shared the entire Integrated Compliance Toolchain Instance with specific compliance tools for each layer. Thereafter, he covered specific
tools useful for the entire compliance chain.
First being Fossology which allows license, copyright and export control scans from the command
line. It can generate an SPDX file, or a ReadMe with the copyrights notices from the software.
Scanners include Monk, Nomos and Ninka. Next tool, Eclipse SW360 is an OSS project which
allows cataloguing of software components, assessing security vulnerabilities, maintaining license
obligations among others. It is licensed under EPL- 2.0. Besides, Eclipse SW360 Antenna is again
an OSS tool which automates open source license compliance process. It collects compliance
related data, processes it and warns in case of compliance related issues. Other tools suggested by
Arun for the entire software supply chain included:
Informal Discussions
Attendees discussed that lately, more companies are developing projects on open source including Google, FB, LinkedIn and Microsoft. Also, there are instances over past decade, where companies using open-source made downstream improvements to convert products into proprietary. This led to changes in license regime namely MongoDB and few others. Further, global movement towards streamlining compliance activities, led by Linux Foundation were discussed; OpenChain Project being one of the products.
High profile patent litigations were also mentioned including Apple-Qualcomm, Apple-Samsung. Open Innovation Network’s work in resolving such disputes and patent non-aggression particularly for Linux based products was referred.
Attendee companies discussed challenges they face while contributing in open source pool specifically in degree to which it can allow their developers to contribute and parts to retain after due diligence checks (against 3rd party patent infringements).
Also, there were suggestions on focusing on smaller companies and start-ups in their transition towards open source. Secondly, awareness being a major part of OpenChain Project should also be leveraged.
Mr. Sugathan encouraged sharing tools and compliance practices between WG members, as most companies use the same components but in different domains. He expressed utility of developing knowledge transfer between companies.
There were queries which ranged from basic questions like overview of OpenChain, the expectations from Indian companies and implementations required. Core requirements of OpenChain specifications were shown which included standards required to be met in terms of documentation, processes and accountability. OpenChain gives self-certification flexibility to the organization; but being Conformant would require due diligence checks from third parties. Further, benefits of OpenChain in keeping the software supply chain predictable and consistent were shared. This also helps companies to identify gaps in their compliance process and correcting them.
It was reiterated that these meet-ups would allow companies to share their best experiences, especially addressing challenges they faced in their compliance programs.
© 2024 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
