The OpenChain Reference Tooling Work Group held its 15th meeting on the 13th of May. This meeting covered general updates in the tooling space and a deep dive into TERN for container compliance.
Catch up on minutes from all previous meetings
OpenChain Webinar 3 was held on the First Monday of May 2020 and featured talks on contribution policies, M&A and due diligence.
View the Webinar
The speakers have made their slides available to the community. Please find the slides below in the order which they were presented.
Contribution Policies (Tobie @ UnlockOpen)
M&A (Leon and Tony at GTC Law)
Due Diligence (Andrew @ Orcro)
The OpenChain Project was introduced by Shane Coughlan, General Manager at the latest NTIA Software Bill of Materials Framing Group meeting. The OpenChain industry standard provides a framework for companies to implement efficient compliance activities, including identification on ingest and export, using manual or automated approaches. Software bill of materials play a large part in optimizing this space, especially in the supply chain.
Watch the Presentation
Get Involved in the NTIA Discussion
OpenChain provides introduction slides to help individuals and organizations understand our mission and goal. These slides include speaker notes to help our community present to interested parties. The latest version is now available for viewing, downloading and sharing.
In this webinar Tobie Langel spoke about ‘Open Source Contribution Policies That Don’t Suck.’ Leon Schwartz and Tony Decicco from GTC Law provided an overview of open source-related topics in the context of mergers, acquisitions, financings, investments, IPOs, divestitures, loans, customer license agreements, rep and warranty insurance and other transactions. Andrew Katz presented a due diligence questionnaire and sample warranties based on the the OpenChain specification.
More About This Webinar
Tobie Langel spoke about ‘Open Source Contribution Policies That Don’t Suck.’ In his own words: Open source contribution policies are long, boring, overlooked documents, that generally suck. They’re designed to protect the company at all costs. But in the process, end up hurting engineering productivity, and morale. Sometimes they even unknowingly put corporate IP at risk. But that’s not inevitable. It’s possible to write open source contribution policies that make engineers lives easier, boost morale and productivity, reduce attrition, and attract new talent. And it’s possible to do so while reducing the company’s IP risk, not increasing it.
Leon Schwartz and Tony Decicco from GTC Law provided an overview of open source-related topics in the context of mergers, acquisitions, financings, investments, IPOs, divestitures, loans, customer license agreements, rep and warranty insurance and other transactions. This covered:
- Types of open source risk
- Open source due diligence as part of transactions
- Open source-related terms in agreements
- The strategic use of open source in transactions
Andrew Katz presented a due diligence questionnaire and sample warranties based on the the OpenChain specification, and explained how adoption of this framework will drive further adoption of the standard. This builds on the observation that the OpenChain specification provides a great framework for due diligence and share purchase agreement warranties, even where the target is a software company which is not OpenChain compliant.
Check Out The Rest Of Our Webinars
This is OpenChain Webinar #3, released on 2020-05-07.
The full recording of the Virtual All Member Meeting #1 is now available (Japanese language).
Newsletter – Issue 36 – April 2020
OpenChain in Q2 – Continuing Leadership, Continuing Support
The global lockdown due to the spread of COVID-19 is a unique historical moment. We are seeing both great success and great challenges in addressing this disease, and at all times there is an awareness that it can impact our close friends and families. To a large extent the OpenChain community is fortunate. Many of our companies allow us to work from home. Many of us are near excellent health services. We are well-positioned to weather this storm. We will do so with the health of our community and the societies in which we work as our highest priority.
Read more here:
OpenChain @ Webinars:
- Over the last three years the OpenChain Project has held bi-weekly calls on the First Monday (9am Pacific) and Third Monday (5pm Pacific) of each month. These calls have driven forward our standard for open source compliance and a large corpus of supportive reference material. Today we are at an inflection point and we have an opportunity to enhance our service to the global community.With less emphasis right now on editing our standard (the forthcoming ISO version is fully baked) and our reference material largely produced via local work teams, there is an opportunity to launch an on-going series of webinars that provide access to people and knowledge that we would otherwise obtain at events.
We kicked off on Monday the 6th of April at 9am Pacific with speakers covering Supply Chain Governance and Container Compliance.
- https://www.openchainproject.org/news/2020/04/08/openchain-webinar-1-supply-chain-governance-container-compliance-full-recordingWe got some pretty great feedback in a survey:
https://www.openchainproject.org/news/2020/04/17/openchain-webinar-1-survey-results
Our second Webinar was held on the 20th of April and covered compliance in China and OpenChain at Facebook.
We also announced our third Webinar for the 4th of May covering Contribution Policies + OpenChain in M&A. Watch this space for the recording in the next issue.
OpenChain @ Translations
OpenChain Specification 2.0 Available In Russian
- The official reference translation of the OpenChain Specification 2.0 is now available in Russian thanks to Denis Dorotenko (Yandex) and Pavel Lugovoy (independent counsel). This marks another important milestone for our project, providing greatly increased geographic coverage for our work, and helping to support engagement in a country with a long history of technology leadership.
https://www.openchainproject.org/featured/2020/04/03/openchain-specification-2-0-available-in-russian
OpenChain @ Conformance
Siemens Announces OpenChain 2.0 Conformance
- Siemens, an OpenChain Platinum Member and pioneer of adoption around our standard, has announced OpenChain 2.0 conformance. This builds on their previous public work in describing their journey and announcing 1.1 conformance in April 2017.
https://www.openchainproject.org/featured/2020/04/09/siemens-announces-openchain-2-0-conformance
OpenChain @ Partners
OSS Engineering Consultants is an OpenChain Partner
- On the 20th of April we announced OSS Engineering Consultants (OSSEC) as a partner organization. This is a consulting firm based in North America, providing solutions for managing OSS use for organizations with complex software supply chains.
https://www.openchainproject.org/featured/2020/04/20/oss-engineering-consultants-is-the-latest-openchain-partner
Osborne Clarke is an OpenChain Partner
- On the 27th of April we announced that Osborne Clarke as a partner organization. This is an international legal practice with offices situated around Europe, Asia and the USA with a strong focus on technology law.
https://www.openchainproject.org/featured/2020/04/27/osborne-clarke-is-the-latest-openchain-partner
OpenChain @ Work Groups
- The OpenChain Taiwan Work Group launched a local website:
https://www.openchainproject.org/featured/2020/04/01/openchain-taiwan-work-group-launches-new-website - OpenChain Japan Work Group held a special webinar to discuss the outcomes of six sub-groups:
https://www.openchainproject.org/news/2020/04/29/openchain-japan-virtual-all-member-meeting-1-reports-from-six-sub-groups-april-23rd-2020
OpenChain @ Events
- Shane Coughlan, OpenChain General Manager, delivered a webinar covering the OpenChain Reference Training slides as part of his contribution to the open source advisory council of UNTIL:
https://www.openchainproject.org/news/2020/04/09/openchain-reference-training-united-nations-technology-innovation-labs - Shane Coughlan also co-hosted a webinar with the team from FOSSID on OpenChain, standardization and the path to real world utilization:
https://www.openchainproject.org/featured/2020/04/15/fossid-webinar-openchain-standardization-and-real-world-deployment-april-29th-2pm-pacific
Coming Next
- This newsletter marks 36 months since we started a major outward push for awareness and adoption in the OpenChain Project. During this time we have seen our industry standard enter a multitude of new markets. You can expect this continue and you can expect initiatives like our webinars to grow over time. Our next newsletter will both provide a new look and a great way for people to get started with our activities. Watch this space.
SAN FRANCISCO, APRIL 27, 2020 – The OpenChain Project is delighted to announce that Osborne Clarke is our latest partner organization. Osborne Clarke is an international legal practice with offices situated around Europe, Asia and the USA with a strong focus on technology law.
The deep IT sector knowledge of Osborne Clarke comes from acting for an impressive client base comprising the great and the good in global technology, which exposes the firm to fresh ideas and new operating models ahead of the competition. Osborne Clarke has more than ten years of experience in providing comprehensive legal and technical advice on open source software and offers solutions in the area of open source compliance and contributions. Having developed a legal tech solution for evaluating and handling the legal aspects of open source licenses, Osborne Clarke helps companies to comply with legal open source license requirements, from startups to stock exchange-listed groups, as streamlined and efficiently as possible.
The OpenChain standard defines inflection points in business workflows where a compliance process, policy or training should exist to minimize the potential for errors and maximize the efficiency of bringing solutions to market. The companies involved in the OpenChain community number in the hundreds. The OpenChain standard is being prepared for submission to ISO and evolution from de facto into a formal standard this year.
“In the recent past, OpenChain has evolved as a de facto standard in the field of open source license compliance,” says Dr. Hendrik Schöttle, Partner at Osborne Clarke in Germany. “Being involved in open source compliance on a daily basis, joining OpenChain was the logical consequence for Osborne Clarke. We hope to contribute and to push forward the great and valuable efforts of OpenChain for compliance standardization.”
“The OpenChain Project has a strong emphasis on ensuring the support infrastructure for adoption is as comprehensive as possible as we transition from a de facto to formal standard via the ISO process,” says Shane Coughlan, OpenChain General Manager.“ Hendrik Schöttle and the team at Osborne Clarke have exceptional knowledge in this field and provide us with a substantial increase in coverage and knowledge throughout the OpenChain Partner Program.”
About Osborne Clarke
Osborne Clarke is an international legal practice with over 270 Partners and more than 900 talented lawyers in 26 locations. Our sector-based approach enables us to help our clients tackle the issues they are facing today, and prepare for the ones that they will face tomorrow. Advising them both comprehensively and commercially. We love working closely with our clients on new deals, products and solutions which will transform their businesses, markets and even sectors. And our unique approachable culture is not an added extra, it’s fundamental to our success.
Learn more about OC’s open source work at http://www.osborneclarke.com/oss
About the OpenChain Project
The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain. More information can be found at www.openchainproject.org.
About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.
Linux is a registered trademark of Linus Torvalds.
Media Contact:
Shane Coughlan
+818040358083
coughlan@linux.com
