Today Siemens Healthineers announces an OpenChain Conformant compliance program, joining a widening community of organizations from all industrial sectors. Siemens Healthineers is the first company specialized in medical technology to announce conformance.

“We have been collaborating with the team from Siemens Healthineers for a while and found have found their insights and contributions useful to the community as a whole,” says Shane Coughlan, OpenChain General Manager. “The conformance announcement today marks another milestone with the formal expansion of our industry standard into the medical sector. One thing that has become clear in the last two years of standard deployment is that all sectors, and companies of all sizes, face the same fundamental challenges with respect to open source compliance. By working together diligently we have isolated an effective real world solution. I am looking forward to assisting more companies in the health ecosystem with their engagement and adoption of the key requirements of a quality open source compliance program.”

“We find the insights shared across the OpenChain community to be very useful and look forward to continuing our active participation in this project and the associated community,” says Dr. Frances Paulisch, Head of Software Initiative at Siemens Healthineers.

Learn More About Siemens Healthineers

• https://www.siemens-healthineers.com/

The OpenChain Project had an exceptionally busy first half of 2020. From conformance to membership announcements, from reference material releases to taking the final steps in our ISO submission, the project and its community has pushed forward the state of the art in compliance.

You Can Expect Big News in Q3

First, a recap. OpenChain 2.0 is our current industry standard. It was reformatted for ISO submission in Q1 via something called the ISO/IEC JTC1 PAS transposition process. This reformatted but functionally identical document was termed OpenChain 2.1 and constituted our ISO/IEC JTC1 PAS submission in Q2. The goal is simple: our mature de facto industry standard (OpenChain 2.0) is going through a process to become a formal International Standard. There are two positive implications:

1. Everyone conformant with OpenChain 2.0 will also be conformant to the International Standard and;
2. People new to our field can easily engage and adopt our standard.

Our ISO/IEC JTC1 PAS submission (DIS 5230) will complete its voting period on the 22nd of September. Unless there is a request for a further FDIS ballot, our International Standard will be published within six weeks or less. In other words, OpenChain will have completed its transition from de facto industry standard into a formal international standard, expanding our audience of immediate interest from hundreds to thousands of companies. We will be the first formal standard from The Linux Foundation in 14 years (the last was Linux Standard Base / ISO/IEC 23360) and we are the first project to collaborate with Joint Development Foundation on transitioning a de facto standard from our field into an International Standard via the ISO/IEC JTC1 PAS transposition process.

A lot of our time and energy from now until then will be about putting everything in place to welcome new companies and new collaborators to our project. We want to ensure that people from sales, procurement and other areas impacted by the inclusion of ISO standards can quickly get up to speed. Our goal is to facilitate smooth adoption and to ensure everyone gets the benefit of great open source compliance programs.

The Outcome Will Be:

• An International Standard
• Improvements in our current reference material
• New reference material for sales/procurement/etc

Expectation 1

You can expect to always be able to access our International Standard on the OpenChain website. The OpenChain Specification 2.1 that will be hosted on our website will be “technically aligned” with the published ISO standard = they are the same. This is very similar to how the standard for Office Open XML File Formats is addressed with free access via ECMA-376 and formal ISO publication (gated access) via ISO/IEC 29500.https://www.ecma-international.org/publications/standards/Ecma-376.htm

Expectation 2

You can expect to always be able to self-certify to the OpenChain Specification 2.1 on the OpenChain website, along with all previous and future versions of our standard. By the same measure, you can always discover and collaborate with our official partners for legal support, services support and even full third-party certification precisely as before.

Expectation 3

You can expect all future work on the OpenChain ISO standard to remain right here, running under the same processes, our well-established and refined method of ensuring we have a concise, useful and pragmatic solution to the question of open source compliance.

Expectation 4

And you can expect stability. Our forthcoming ISO standard is the end result of years of contributions from hundreds of people. It has seen four iterations after originally going to market in October 2016 (OpenChain 1.0, 1.1, 1.2 and finally 2.0). Each iteration refined our work based on practical feedback from real world deployment. OpenChain 2.0 has been out since April 2019. It is rock solid, it is seeing adoption across every major geography and market. The status of OpenChain 2.0 and the functionally identical ISO formatted OpenChain 2.1 (DIS 5230) is simple: this International Standard, when it completes the ballot process, will be in market for many, many years to come. Adoption of OpenChain 2.0 and our forthcoming ISO standard is the adoption of a consistent standard that can be deployed with confidence in any supply chain.

And Of Course…

This does not mean we will put away our editing gloves. We want to capture experience and feedback from today and into the foreseeable future. As of last month we began bi-weekly calls to provide this forum. Oversimplifying things a little, we want to make sure that every viable idea and suggestion is captured and recorded on our GitHub for the Specification.

Get this guide and many more documents in the OpenChain Reference Library: https://github.com/OpenChain-Project/Reference-Material

This will allow us to draft future generations of the standard at an appropriate pace while also addressing and resolving many items via reference material. As always, the process will be clearly defined and clearly monitored, thanks in no small part to the exceptional work of Mark Gisi as the chair of the OpenChain Specification Work Team. Thanks Mark!

What else in 2H 2020? Conformance announcements. Membership announcements. Partner announcements. The usual. Each reflecting a new milestone in our continued progress. Most importantly our work teams, whether global and addressing spaces like automotive and reference tooling, or local and addressing geographies like China, Japan, Korea, Taiwan, India, Germany and (as of July) the UK, will remain the heart of everything we do. OpenChain is created by and run by user organizations to solve challenges for user organizations. This laser focus is at the heart of our success and it will remain so in the future.

On a final note, the OpenChain Project expects to be operating virtually until 2021. Our individual work groups in various geographies may hold physical meetings based on their discretion, but for the project as a whole our emphasis will be on ensuring our online communication and sharing is effective and consistent. We already put everything in place (bi-weekly webinars, bi-weekly space for spec discussions, our pre-existing mailing lists, free access to Zoom + UberConference), and we will continue to execute against this plan.

Regards

Shane Coughlan
General Manager, OpenChain
e: scoughlan@linuxfoundation.org       
p: +81 (0) 80 4035 8083                
w: www.linuxfoundation.org

Want to Talk More About This? Schedule a 1-2-1 Call

• https://calendly.com/openchainproject

Our wonderful OpenChain Japan Work Group is running a global survey in English covering open source compliance in business environments. Please assist in our ongoing mission to lock down real-world data points to help everyone increase efficiency around compliance activities. Huge thanks to Watanabe San from Hitachi Solutions for the English translation of the material. Amazing work all!

From OpenChain Japan

We would like to investigate and analyze the actual situation of companies’ OSS compliance operations. In order to do so, we decided to conduct a questionnaire survey. We believe the result of this investigation to help improvement the operations of each company. In addition, we will post the analysis of this to the Intellectual Property Association of Japan for development OSS skill standard. We would like to ask you to respond to a wide range of responses for conducting effective survey. I understand you are occupied at the moment, but we appreciate your cooperation. In addition, since the deadline for responses is July 17, 2020, please respond within the deadline.

If you have any questions, please let us know:
OpenChain Project Japan Work Group Promotion Sub Group OSS Skill Standard Development Team

1. The name of this survey
   The Survey of OSS Compliance Operations in Companies
2. The purpose of this survey
   -Research and analyze the actual situation of OSS compliance operations in companies
   -As part of the proposal for the development of the OSS skill standard, we will write a technical paper and contribute the paper to Intellectual Property Association of Japan.
3. The Method of this survey Open Ballot and Anonymous Tabulation
   *For considering duplicate responses from the same organization, please enter your name
   *The data we receive will be collected anonymously and used in a format that does not identify the responding company.
4. The Result of this survey
   -Once the survey results have been compiled, we will share a simple summary to you.
   -Detailed data and analysis results will be published in a paper from next spring.

• https://docs.google.com/forms/d/e/1FAIpQLSf6KuL1na6fgid8a_jXWCvdQ1Z5wDO9XQTRskK7j2ZTAWU3Rg/viewform

GDPR Privacy Policy
The personal data acquired in this survey will be used only for the purposes related to this survey. Personal data will be transferred to Japan and stored on our Google servers. Our team will professionally manage the personal data of respondents. Respondents may ask our team to access their personal data, correct inaccurate personal data, and limit data processing while verifying the accuracy of personal data. The contact information for this survey is oss-skill-standard@googlegroups.com.
If you agree to the above regarding the use and transfer of personal data, please check the box in the survey form. Respondents have the right to withdraw this consent at any time. And withdrawing this consent does not affect the legality of data processing or data transfer prior to withdrawal.

オリンパスの小泉です。弊社と OpenChain との関わりについて書いていきます。 OpenChain Japan Work Group ではライセンス情報（6日参照）、教育（7日参照）、Plannning（9日参照）（、Promotionはメンバー扱いになっている？なってない？）の各サブグループで活動しています。

おことわり
内容は全然技術っぽくありません。が、技術者にとってもOSSライセンスのコンプライアンスは大事だよ、ということで消されないことを祈っています。

会社紹介

皆さんがオリンパスと聞いてまず思い浮かぶものは何でしょう。
カメラでしょうか。確かに弊社のPenを持ち歩いている女性をよく見かけるような気がします。
ICレコーダーでしょうか。よく記者が政治家に一斉に向けていたりするあれです。実は弊社は、このアドベントカレンダーにも書いている（であろう）他社さんを押さえてシェアNo1だったりします。
流石にそういう人はいないと思いますが、「最新科学で名画の秘密に迫る」とかいう場合にも実は弊社の製品が使われていたりします。蛍光X線分析装置ですね。
が、おそらく皆さんが一番目にしているのは、内視鏡（「胃カメラ」と言われることも）でしょう。（胃カメラだから「口にしている」と言うべきでしょうか。でも大腸内視鏡というのもありますよ！）世界シェアの約7割を占めています。
以上のように、一言でくくるのは難しいものを作っている会社です。

第三者認証を取得されている日立製作所さんの直後に書くのは、なんだか少しはずかしいのですが（と思ったら、直前は日立製作所さんではなくなっているようですね。順番の入れ替えがあった模様です。）、オリンパスは OpenChain の認証は（今のところ）まったく取っていません。

自己紹介

オリンパスグループ全体のOSSに関する事項全般を取り扱っています。ベンチャー企業で10年近くフィーチャーフォン向けの組込みソフトウェアの開発に携わった後、2010年12月より（実質的に）現職です。

好きなライセンスはPostgreSQLのライセンスです。なぜなら、日本語参考訳を大きく見直したのが私ですから。

OSSライセンスコンプライアンスの取り組み

10年近く前、オリンパスグループ内でOSSライセンス違反に繋がりかねないヒヤリ・ハットが発生しました。具体的には、ソフトウェアベンダーがオリンパスに納入してきたソフトウェアにOSSが含まれていることに、そのソフトウェアを組み込んだ製品の出荷直前になって気付いた、というものです。それをきっかけに、
– （意図的な）OSS利用時の確実なライセンス対応
– 意図しないOSSの混入防止
をオリンパスグループとして徹底する仕組みを構築することになりました。
会社で仕組みと言えば、以下の3つがいわゆる「3種の神器」ではないかと思います。
– 体制
– プロセス
– ツールや教育
弊社もその例に漏れず、グループ全体に渡る体制、プロセスを構築し、ツールを導入し、教育を実施してきました。それぞれここで詳しく述べられれば良いのですが、図入りの詳細をMarkdownで書くのはちょっと大変なので、申し訳ないですが割愛します。詳しく知りたい方は、例えばOSAKA NDS Embedded Linux Cross Forum #9に添付された資料を見てください。この辺りの話はよくセミナーで話していますので、私から話を直接聞ける機会もあるのではと思います。

OpenChainとの関わり

上記の取り組みは「まずは自分がしっかりやろう」というものです。
でも、オリンパスだけが取り組んでも、この取り組みのきっかけとなった問題に対する解決策としては十分ではありません。オリンパスに対してソフトウェアを納入する側、すなわちサプライチェーンの各社にも対応してもらうことが必要です。

もちろん現段階でも何もやっていないわけではなくて、最低限の手当てとして、「オープンソースソフトウェアの利用の有無の確認書」（他社への質問票）というものを使ってサプライチェーンの各社に対してOSSを使っているか否かの確認を行うようにしています。また、それをプロセスに組み込んでもいます。

そして、 OpenChain へ

ただし、サプライチェーンの皆さんに納得して取り組んでもらわないことには、 サプライチェーンの各社にとっては「オープンソースソフトウェアの利用の有無の確認書」という単に面倒な書類が一枚増えるだけになってしまいます。

まずは「サプライチェーンの皆さんに納得してもらう」ためにどうすれば良いかと考えていた時に、ちょうど OpenChain の方に声をかけてもらいました。それがこのような活動を始めたきっかけです。（ OpenChain のチェーンってサプライチェーンのチェーンですよね、多分。）

実は、、、

ここまで書いておいて何なのですが、上に書いたようにオリンパスは OpenChain の認証は取得していません。それどころか OpenChain のメンバーでもなく、さらに OpenChain の上部団体である Linux Foundation のメンバーですらありません。ですが、 OpenChain Japan Work Group のメンバーとして活動しています。

こんなオリンパスでも迎え入れてくれるほど、OpenChain Japan WG は懐が深いです。ぜひ、みなさんも OpenChain Japan WG に参加しましょう。Linux Foundation や OpenChain は国際的な団体なのでやり取りは主に英語ですが、OpenChain Japan WG なら日本語でやり取りできますよ！

明日は？

明日は富士通の青木さんが富士通社内での取り組みについて書いてくださいます。富士通さんはつい最近OpenChain 2.0の認証を取得しましたので、その辺りのことも詳しく書いてもらえるのではないかと思います。楽しみにしていてください。

This Monday at 9am Pacific (Monday midnight Beijing/Taipei, 1am Seoul/Tokyo) we will hold our seventh webinar. We will cover two strategic topics. VM (Vicky) Brasseur will open with a discussion on Lessons Learned over her wide-ranging career in open source and business. Katy Gibson and Robert Grannells will then discuss how an initiative in the UK is fostering Future Leaders in our field, a timely topic given recent observations by parties like Linus regarding the challenge of finding new blood to take over old projects.

This is part of the bi-weekly OpenChain Webinar series. Every two weeks we have international speakers covering a wide range of topics related to practical open source compliance challenges, solutions and considerations.

You can learn more about this series here: 
https://www.openchainproject.org/webinars-interviews

Learn More About Our Speakers

VM (Vicky) Brasseur corporate strategist, open source & technical leader, author, speaker Resume Book About Publications Presentations

VM (Vicky) Brasseur is an award-winning free/open source advocate and corporate strategist, international keynote speaker, and writer. She’s the author of Forge Your Future with Open Source, the only book detailing how to contribute to free/open source (FOSS) projects. Aside from articles in various publications, she also writes about FOSS, business, and their intersection on her blog.

Katy Gibson – Associate Commercial IP/IT Solicitor – Bristows LLP – Co-chair of the OpenUK Future Leaders Group

Katy is an Associate in the Commercial IP/IT Team at Bristows LLP and advises on a variety of matters involving data protection, IT and intellectual property for clients in a range of industries, including those within the Life Sciences and TMT sectors. She trained at Bristows and qualified in 2018.

Robert Grannells – Associate Technology Solicitor – Fieldfisher LLP – Co-chair of the OpenUK Future Leaders Group

Robert is a technology lawyer experienced in advising a variety of clients of all sectors and sizes, on a variety of issues across software, hardware, infrastructure, networking, open source and web technologies. He has extensive knowledge of the actual technology underpinning what his clients do, want they want to use and how they need it to work to get business done.

Amanda Brock, CEO at OpenUK

Amanda is CEO of the UK body for “open technology being open source software, open hardware and open data”, OpenUK; the Chair of the Open Source and Intellectual Property (IP) Advisory Group of the United Nations Technology Innovation Labs;  European Representative of the world’s biggest defensive patent pool, the Open Invention Network;  OASIS Open Projects’ Advisory Council Member(open source and open standards); Advisory Board Member KDE; Advisory Board Member Beamery and Mentors C Suite individuals. 

Take Part in the Webinar

Join Our Zoom Meeting

* https://zoom.us/j/9990120120

Password

* 123456

One Tap Telephone (no screensharing)

* +358 9 4245 1488,,9990120120# Finland
* +33 7 5678 4048,,9990120120# France
* +49 69 7104 9922,,9990120120# Germany
* +852 5808 6088,,9990120120# Hong Kong
* +39 069 480 6488,,9990120120# Italy
* +353 6 163 9031,,9990120120# Ireland
* +81 524 564 439,,9990120120# Japan
* +82 2 6105 4111,,9990120120# Korea
* +34 917 873 431,,9990120120# Spain
* +46 850 539 728,,9990120120# Sweden
* +41 43 210 71 08,,9990120120# Switzerland
* +44 330 088 5830,,9990120120# UK
* +16699006833,,9990120120# US (San Jose)
* +12532158782,,9990120120# US

Find your local number: https://zoom.us/u/abeUqy3kYQ
Not all countries have available numbers.

After dialing the local number enter 9990120120#

credativ, a leading open source support and services provider, announces OpenChain 2.0 conformance. credativ was an early adopter of the industry standard for open source compliance, and the adoption of 2.0 further demonstrates their commitment to continual improvement across all aspects of their business.

“Nowadays most businesses benefit from open source software or even employ it in their business critical infrastructures,” says Dr. Michael Meskes, CEO of credativ. “In order to do that, businesses need to trust the software. Here is where the OpenChain project’s easily adoptable guidelines come in. Fostering trust and expanding on the positive impact of open source in business, we hope that many more companies will be able to shift to a progressive infrastructure and a more wide spread adoption of open source.”

“credativ has a long pedigree in the open source world both as an innovator and as a community builder,” says Shane Coughlan, OpenChain General Manager. “Their early adoption of the OpenChain industry standard for compliance underlined this, and their announcement today of conformance with the latest version of our standard – functionally identical to our forthcoming ISO standard – solidifies their position of excellence in open source governance. I am looking forward to continued collaboration in the months and years ahead.”

About credativ

The credativ Group is an independent consulting and services company with primary locations in Germany, the United States, and India.
Since 1999, credativ has focused entirely on the planning and implementation of professional business solutions using Open Source software. Since May 2006, credativ operates the Open Source Support Center (OSSC), offering professional 24×7 enterprise support for numerous Open Source projects. For more information, visit http://www.credativ.com

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. 

Linux is a registered trademark of Linus Torvalds.

Media Contacts

Shane Coughlan
+818040358083
scoughlan@linuxfoundation.org

The OpenChain Project held a mini-summit adjacent to Open Source Summit North America. Here is the recording of our event and a copy of the main slides presented.

The Recording

The Slides

OpenChain @ OSS North America Virtual Event – OpenChain Mini-Summit from Shane Coughlan

On the 1st of July at 4:05pm Central Time Shane Coughlan, OpenChain General Manager will deliver a talk entitled ‘Open Source in ISO: Building the First LF Standard in Fourteen Years and What It Means for You.’

Open Source in ISO Building the First LF Standard in Fourteen Years and What It Means for You from Shane Coughlan

This talk will explore the process of building and deploying the first Linux Foundation ISO standard in fourteen years, highlighting both what has changed since we deployed Linux Standard Base, and why formal standardization is a topic that will increasingly be on your radar. The discussion will be primarily focused on OpenChain, the industry standard for open source compliance, and how collaboration with the Joint Development Foundation allowed a transformation from de facto into formal standard in a timescale that suits open source development. The lessons learned are applicable to any projects building out specifications or code that seek worldwide, sustainable adoption across multiple industries, and the presentation will include an explanation of how Linux Foundation and Joint Development Foundation are ready to support that process today.

Learn More

• https://sched.co/c3Y1

Tan Zhongyi (Jerry Tan) delivered a talk entitled ‘Building a Secure, Efficient, Compliance OSS Supplychain at Scale,’ covering how to address issues like supporting 10,000+ engineers to fix issues across 100,000 repos. It explored how the OpenChain Project provides a great framework for addressing this challenge head-on and how precisely it has informed OSPO work in Baidu.

• https://ossna2020.sched.com/event/c3U3/building-a-secure-efficient-compliance-oss-supplychain-at-scale-tan-zhongyi-jerry-tan-baidu