Shane Coughlan

The OpenChain Korea Work Group held its 3rd meeting at the SK Telecom offices in Seoul. As usual we had a mix of people from consumer electronics, automotive and telecommunication companies present.

Review the Keynote Slides

The OpenChain Project is delighted to announce the launch of a series of interviews about the people behind our work. While open source is mostly about software, and governance is mostly about licenses, it is also the story of thousands of individuals collaborating. We hope these interviews with inform and inspire our readers, and encourage more people to participate in open source and OpenChain.

Kayoko Takanishi from TUV SUD has kindly agreed to be our first featured community figure.

Read Our First Interview Now

• https://www.openchainproject.org/openchain-interview-1

The latest draft of the next version of OpenChain Specification can be found here:

• https://wiki.linuxfoundation.org/_media/openchain/OpenChainSpec-2.1.draft.MarkUp.pdf

Our objective is to make only minor clarification changes over version 2.0  while we wait for ISO adoption (currently in progress). We discussed a half dozen items posted on the specification issue list at the Open Source Summit, North American F2F OpenChain meeting.

Get this guide and many more documents in the OpenChain Reference Library.

After discussing the various open issues we decided to make only one minor change:

Because the terms “Software Staff” and “Program Participants” where used interchangeable in the spec, it was decided to replace each use of “Software Staff” with “Program Participants” which is more consistent with ISO terminology. 

Coming Next

We will continue to accept feedback for ISO version 2.1 up through October 31^st 2019. We will have one more F2F meeting at the Open Source Summit, Europe in October. We will finalize the ISO 2.1 version in November 2019. We will then embark on the next major revision of the specification starting December 1^st 2019.

Your Feedback is Welcome Via

• the Mailing list: Openchain-specification@lists.linuxfoundation.org;
• OpenChain Reference Library: https://github.com/OpenChain-Project/Reference-Material
• attending the bi-monthly OpenChain calls; 
• attending the F2F OpenChain meeting at the Open Source Summit, Europe; or
• replying to Mark Gisi directly if you wish to remain anonymous (mark.gisi@windiver.com)

The OpenChain Project is delighted to announce the immediate availability of our latest case study. This case study explains how third party certification works in the context of the OpenChain Project. This optional process, involving an audit of conformance by a third party, can be used by companies that want to obtain a formal certificate of conformance to our industry standard.

Read the Case Study Online

• https://www.openchainproject.org/resources/case-study-3rd-party-cert

Download the Case Study as a PDF

• https://www.openchainproject.org/wp-content/uploads/sites/15/2019/08/OpenChain_CaseStudy_3rdPartyCertification.pdf

The minutes are below. The slides discussed during the meeting are presented here as well for reference.

Meeting Minutes of Kickoff meeting open source tooling for open source compliance work group
Date / Time 13th of August 0900-10:00 am and 06:00-07:00 pm
Agenda:
1. introduction and expectations                   All
2. Vision                                                        All
3. Introduction of the existing work               Oliver
4. Next steps                                                All
5. Fixed meeting dates/times                        Oliver

2. Expectations regarding the work results (condensed list):
*         Working together in an open, transparent, honest way
*         Friendly collaboration without hidden agenda

Oliver presented his long term vision of an integrated toolchain covering the “supporting processes – like OSS – contribution process, ECC classification, security vulnerability management, OSS-selection process, OSS-compliance process”. He asked about opinions on that view. Participants expressed that the long term vision makes sense.

The big picture of an integrated OSS Compliance toolchain was presented and explained. Based on this  the work areas were named
*            Identify the functional blocks required
*            Identify the workflows
*            Identify the required data and data flows
*            Implement provide the needed APIs (as contributions)
*            Provide the glue Code
*            Provide easy to deploy building blocks
*            Documentation
*            Spread the word

All participants agreed on a regular meeting interval of
Date: 1st and 3rd Wednesday of the month
Time: 0900-10:00 am and 06:00-07:00 pm German time
Oliver will send the invitations

The OpenChain Project is delighted to announce that PwC Germany is the latest OpenChain Partner organization. The OpenChain Project has a diverse, global partner network that is expanding rapidly across multiple continents. This supports our mission to ensure every organization of every size can adopt our industry standard.

While many companies want to use our free reference material and self-certification service, other companies want to collaborate with law firms, consultancies and certification authorities. We are fortunate to work with some of the very best.

How It Works

OpenChain Partners are law firms, consultancies and certification authorities with experience in open source and engagement with the OpenChain Project community.

Users can approach any of the partners listed on our website with an expectation of excellent service provision. We seek partners with a focus on excellence and a positive, thoughtful approach focused on building long-term relationships.

Learn More

You can learn more by contacting Shane Coughlan, OpenChain General Manager, at coughlan@linux.com.

Mishi Choudhary & Associates, the India law firm partner of OpenChain Project, is hosting the first OpenChain India Working Group Meet-Up in Bengaluru on September 7, 2019. Tech-companies building or using products on open source and entities interested in learning more about open source compliance are expected to participate in the meeting. The event will also include a session on data protection and India’s anticipated data protection legislation.

“The OpenChain Project builds trust in open source by making compliance simpler and more consistent. This working group meet will provide a powerful platform for learning and exchange of ideas on open source compliance to India’s vibrant open source community and participants of software supply chain,” said Mishi Choudhary, Managing Partner, Mishi Choudhary & Associates.

Date

• 7th September, 2019 (Saturday)

Venue:

• Pool Side Lounge, Hotel Royal Orchid,
• 01 Golf Avenue, Adjoining KGA Golf course, HAL Airport Road, Kodihalli, Begaluru.
• Tel : +91 80 4178 3000

Time

• 10:00 am to 12:30 pm

Learn More

• https://opensourceforu.com/2019/08/bengaluru-to-host-first-openchain-india-working-group-meet-up-on-sept-7/

On Friday the 27th of September the OpenChain Project, Open Culture Foundation and OSLN.tw will host an open source compliance workshop in the heart of Taipei. This event will focus on practical business solutions to open source compliance management. All parties are welcome to attend.

Location地點

• 屋脊 Wooji Event Space / 台北市松山區敦化北路145巷12號2樓
• Wooji Event Space, 2F., No.12, Ln. 145, Dunhua N. Rd., Songshan Dist., Taipei City

Language 語言

This workshop will be held mainly in English.
這次的工作坊將以英文為主要語言來進行。

Agenda 議程

09:30-10:00 |     Check-In

10:00-10:30 |     御貓之術-開源管理的痛腳之處 / Herding Cats - Manage the FOSS on Licenses as Business Intelligence (Mandarin)
Lucien C.H. Lin (林誠夏)

10:30-11:00 |     Open Source Compliance State of the Union (English) 
Shane Coughlan

11:00-11:20 |     Break

11:20-11:50 |     Introduction of OpenChain Japan workgroup – an inter-organizational collaboration (English) 
Hiroyuki Fukuchi, Shinsuke Kato

11:50-12:20 |     3000多個成員加入支持OIN，搞什麼！！ (Mandarin)
Kevin Huang (黃鴻文)

12:20-14:00 |     Lunch Break

14:00-14:30 |     History and Look back of OSS Compliance in Panasonic (English)
Shinsuke Kato

14:30-15:00 |     Introduction of OSS In-house Community of Sony (English)
Satoru Ueda

15:00-15:20 |     Break

15:20-15:50 |     Open Source Journey in Moxa - Build up Open Source Office in Hardware Manufacture Company (Mandarin)
SZ Lin (林上智)

15:50-16:50 |     Panel Discussion: Open Source Compliance in practice (English)
Shane Coughan (Host), Satoru Ueda, Shinsuke Kato, SZ Lin (林上智)

Learn More

• https://dmfli.kktix.cc/events/openchain4

SAN FRANCISCO, Aug. 15, 2019 – Arm and Western Digital Corporation, Platinum Members of the OpenChain Project and key participants in the global supply chain, today announce conformance with the OpenChain Specification. Qualcomm Technologies, Inc., Platinum Member and founding contributor of the OpenChain Project, today announces expanded conformance to the latest version of the OpenChain Specification.

The OpenChain Project establishes trust in the open source from which software solutions are built. It accomplishes this by making open source license compliance simpler and more consistent. The OpenChain Specification defines inflection points in business workflows where a compliance process, policy or training should exist to minimize the potential for errors and maximize the efficiency of bringing solutions to market. The companies involved in the OpenChain community number in the hundreds. The OpenChain Specification is being prepared for submission to ISO and evolution from a growing de facto standard into a formal standard.

“At its core, Arm is an intellectual property company and our business is built on respecting IP rights,” says Carolyn Herzog, executive vice president and general counsel at Arm.  “Open source license compliance is a key component of that effort, and Arm’s conformance with the OpenChain Specification demonstrates its commitment to be a leader in this area.  Through that leadership, we hope to encourage others to explore this path as a mechanism for license compliance.”

“Qualcomm Technologies has been engaged with the OpenChain Project since its inception,” says Dave Marr, Chair of the OpenChain Governing Board and Vice President and Legal Counsel, Qualcomm Technologies, Inc. “Our goal has always been to ensure open source compliance is accessible to all sizes of organizations and to support an efficient, transparent supply chain. By becoming OpenChain Specification 2.0 Conformant, we are underlining our commitment to continual improvement as a company and our broader support of great open source compliance processes across the industry.” 

“We are excited at the evolution of the OpenChain Project over the last two years and particularly at its growing acceptance in the industry,” says Alan Tse, Associate General Counsel at Western Digital. “Working with other industry leaders to develop OpenChain has been an important initiative for Western Digital. It will be a key resource for compliance that also furthers the open source spirit of joint sharing and learning.  By conforming to the OpenChain Specification, we hope to lead by example, build momentum throughout our supply chain, and show our commitment to open source as a community and ecosystem.”

“Arm, Qualcomm and Western Digital have been pivotal in bringing the OpenChain Project to maturity,” says Shane Coughlan, OpenChain General Manager. “Our announcement today underlines both their continued commitment to our industry standard and a further illustration of its suitability for companies of different sizes in different markets. This is also excellently illustrated by the pioneering activity of Qualcomm in pursuing conformance with the latest version of the OpenChain Specification. We look forward to our next steps, including the evolution of our de facto standard into a formal ISO standard, and the continued growth of the OpenChain community of conformance.”

About Arm 

Arm technology is at the heart of a computing and connectivity revolution that is transforming the way people live and businesses operate. Our advanced, energy-efficient processor designs have enabled intelligent computing in more than 150 billion chips and our technologies now securely power products from the sensor to the smartphone and the supercomputer. In combination with our IoT device, connectivity and data management platform, we are also enabling customers with powerful and actionable business insights that are generating new value from their connected devices and data. Together with 1,000+ technology partners we are at the forefront of designing, securing and managing all areas of compute from the chip to the cloud.

About Qualcomm  

Qualcomm invents breakthrough technologies that transform how the world computes, connects and communicates. When we connected the phone to the Internet, the mobile revolution was born. Today, our inventions are the foundation for life-changing products, experiences, and industries. As we lead the world to 5G, we envision this next big change in cellular technology spurring a new era of intelligent, connected devices and enabling new opportunities in connected cars, remote delivery of health care services, and the IoT — including smart cities, smart homes, and wearables. Qualcomm Incorporated includes our licensing business, QTL, and the vast majority of our patent portfolio. Qualcomm Technologies, Inc., a wholly-owned subsidiary of Qualcomm Incorporated, operates, along with its subsidiaries, substantially all of our engineering, research and development functions, and substantially all of our products and services businesses, including the QCT semiconductor business. For more information, visit Qualcomm’s website, OnQ blog, Twitter and Facebook pages.

About Western Digital 

Western Digital^® creates environments for data to thrive. As a leader in data infrastructure, the company is driving the innovation needed to help customers capture, preserve, access and transform an ever-increasing diversity of data. Everywhere data lives, from advanced data centers to mobile sensors to personal devices, our industry-leading solutions deliver the possibilities of data. Western Digital^® data-centric solutions are comprised of the Western Digital, G-Technology™, SanDisk^®, and WD^® brands.

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. 

Linux is a registered trademark of Linus Torvalds.

Media Contact
Shane Coughlan
+818040358083
coughlan@linux.com