Sami Atabani, one of the founders of the OpenChain Project and our board member from Arm, will provide a webinar to the OpenUK Future Leaders’ Training series on OpenChain compliance. Catch him at 12pm UK Time (GMT+1) on May 22nd.
Learn More and Sign Up
In the last few days Linux Foundation has publicly announced Joint Development Foundation (JDF) as an ISO/IEC JTC 1 PAS submitter and provided more information on how JDF will support OpenChain and other specifications to become ISO standards moving forward. This is an extremely important media inflection point for our community and for the broader global collaborations creating effective, adopted and mature de facto standards.
While the basic news is not new to the OpenChain community (you know we are using JDF to submit a ISO standard and you know that OpenChain is the first standard going this route), blog posts by The Linux Foundation and the media coverage is very useful for helping to explain our work to others. Some key excerpts below.
“This week, we are proud to announce that the Joint Development Foundation (JDF), which became part of the Linux Foundation family in 2019, has been accepted as an ISO/IEC JTC 1 PAS (“Publicly Available Specification”) Submitter. The OpenChain Specification is the first specification submitted for JTC 1 review and recognition as an international standard. The JDF was formed to simplify the process of creating new technical specification collaboration efforts. Standards and specifications are vitally important for the creation or advancement of new technologies, ensuring that the resulting products are well defined, provide predictable performance and that different implementations can interoperate with one another.”
Read More
Read More in Japanese
We have seen some great media coverage. One of the best articles can be found in Linux Insider. A key quotation below:
“JDF projects now have a clear path from open source project or specification to an internationally recognized standard. The OpenChain specification is JDF’s first standard to be submitted. The OpenChain standard is a specification that identifies the key requirements of an open source compliance program. It is designed to build trust between companies in the supply chain while reducing internal resource costs. The outcome is increased trust and consistency in open source software across the supply chain. International standardization will help to guide the evolution of the OpenChain Specification from de facto to de jure standard, a process that will assist procurement, sales and other departments to engage with OpenChain-related activities, according to [Seth Newberry, executive director of the JDF].”
Read the Full Article
Finally, if you are wondering why OpenChain is talking about this PR now, about seven days from release, the answer is pretty simple. I (Shane Coughlan, General Manager) wanted to check out the media coverage and select the most concise, clearly messaged article to share. I believe this blog post and mailing list post, and the links it references, provide an excellent on-boarding point for a wider audience. People in procurement. People in sales. People in marketing. Please do share this message.
I am happy to take questions at any time at scoughlan@linuxfoundation.org or via a scheduled call using the link below.
English translation throughout by Fukuchi San. Thank you Fukuchi San!
本日はOpenChain Japan Workgroupで開催している全体会合について紹介します。私は、Planning subgroupのリーダーを担当している福地と申します。Planning subgroupは毎回全体会合を企画しています。
My name is Hiro Fukuchi, I am the leader of the planning subgroup. This article introduces the all member meeting held by the OpenChain Japan workgroup. The planning subgroup plans the meeting every time.
OpenChain Japan workgroupでは、2、3か月に1回の割合で全体会合を開催し続けています。誰でも参加できるオープンな会合です。workgroupに参加されている企業が自発的にホストを申し出て下さり、2017年12月のworkgroup開始時から2019年9月までに11回の会合を開催することができました。この間には、小規模のAd Hoc会合も3回開催しています。
The OpenChain Japan workgroup have been continuing to hold an all member meeting every two to three months since its beginning. Everyone can join the meeting. Member companies of the Japan workgroup hosted the meetings. From December 2017 to December 2019, we had 12 meetings and 3 ad hoc meetings.
全体会合では、OpenChainプロジェクトおよびJapan workgroupの紹介、サブグループ活動の紹介、ゲストスピーカーによる講演、ライトニングトークを中心にした全員参加の議論などを行なっています。各回およそ50~60名の方が参加され、フレンドリーな雰囲気の中で熱のこもった議論が行われています。
At the all member meetings, there are sessions such as, introduction to the OpenChain project, the Japan workgroup and the subgroup activities, a keynote speech by a guest speaker, lightning talk. Every time, we received 50 to 60 attendees. We have successfully made the meetings friendly and inclusive.
各参加企業がオフィスを会場として提供して下さり、開催場所は品川、新宿、蒲田、八王子、川崎、大阪、名古屋、神戸と全国に広がっています。
The venues of the meeting are spread over Japan, such as Tokyo (Shinagawa, Shinjuku, Kamata, Hachioji), Kawasaki, Osaka, Nagoya, Kobe.
多くの企業にホストしていただくのは重要なことだと私は考えています。企業としてホストすることで、担当者個人の活動から企業の活動に相変化が起きることが多くあります。実際に準備作業に参加したり、他企業の活動や担当者の熱心さを自分自身で感じることで、改めて自分たちの活動を振り返る良い機会になります。これを起点として組織の活動を再検討されるようです。更に、オープンソースに対する企業の姿勢を社内外へ発信する良い機会でもあります。
Hosting a meeting by a member company is very important for Japan workgroup to promote our activity in Japan. Hosting a meeting needs an organizational support from a company. In many cases, throughout the preparation of a meeting or watching other companies’ activities, the company had a significant recognition of the importance of our activity. Sometimes, we saw a personal activity changed to an organizational activity. Hosting a meeting is a good opportunity to show a company’s attitude toward open source.
Japan workgroupはオープンソースの活動ですから、日本に閉じて孤立したものにならないように、英語でグローバルに情報発信することを心がけています。全体会合は日本語で行われますが、使われた資料は英語に翻訳してwikiやGitHubに掲載されます。
Japan workgroup is regional and global activity. We discuss in Japanese language, but we are publishing our outcomes in Japanese and English language via the website and the GitHub site.
全体会合は、活力あるコミュニティを形成し維持していくために非常に重要な活動です。特にメンバー間の信頼関係を作るのに重要です。というのも、信頼関係は、オープンソースと言えども、直接会うことで構築されていくと考えているからです。自分の考えをお互いに共有し合い、議論をし、新しいアイディアを生み出していくことができます。この過程を通して相手への信頼が生まれます。
The all member meeting is of critical importance for the Japan workgroup to foster an active and inclusive community, because meeting in person builds trust between members in an open source community. A physical meeting gives an opportunity to share thoughts and feelings, discuss honestly and create a new idea. This process builds trust each other.
サプライチェーンは信頼関係の上にこそ成り立つ仕組みです。信頼できるサプライチェーンの実現を目指すOpenChainプロジェクトにとって、信頼関係を作る仕組みは根幹であると思います。同じ考えを持つ他社の方々と語り合うのは楽しく有意義な時間です。この時間を共有することで信頼関係は深められていくと思います。割と短い間隔で全体会合を開催しているのも、強い信頼関係を維持するのに必要だと考えているからです。
The OpenChain Project aims to build the trusted supply chain. The supply chain requires trusted relationship between suppliers and recipients. For the OpenChain Project, building trust is of critical importance.
サプライチェーンは海外にも広がっているのですから、信頼関係の構築は国内だけに限りません。私たちは、海外のゲストを全体会合に招待して講演してもらいますし、Japan workgroupのメンバーが中国、台湾で開催されるWorkshopに参加して自分たちの経験を発表することもあります。こうして、海外とも相互の関係が深まっています。
The supply chain extends globally, so that we need to build trust with the global community. The Japan workgroup invited guest speakers from Europe, Korea and Taiwan to our all member meetings. The Japan workgroup members visited workshops held in China and Taiwan to share our experiences.
継続することで、活動に活力と慣性が生まれます。活力と慣性が、活動を広げるエネルギーとなり、新しい人を呼び込み、更に新しい交流が生まれていくと私は考えています。
Continuing meetings gives power and momentum to the activity. Power and momentum give energy to our activity, and to invite new people. Meeting with new people begins a new relationship, so that our activity will be able to continue to expand.
全体会合に参加してJapan workgroup活動の雰囲気を自分自身で体験し、活動の輪に加わって頂ければ幸いです。新しく参加された方が会合での発言をきっかけに活動に深く関わられることも多いです。OpenChain Japan workgroupの活動を通じて、信頼できるサプライチェーンが実現されていくことを願っています。
It is our pleasure if we can provide an opportunity for newcomers to join our all member meeting and experience the active and inclusive atmosphere by themselves.
ご興味のある方はこちらから是非ご参加ください:
OpenChain Japan WG wiki
OpenChain Japan WG ML
OpenChain Japan WG slack
Please visit our resources:
OpenChain Japan WG wiki
OpenChain Japan WG ML
OpenChain Japan WG slack
明日は富士通コンピュータテクノロジーズの芦塚さんから、Yocto環境にmeta-spdxscannerを適用しSPDX出力環境を構築する手順を紹介してもらいます。
Ashizuka-san from Fujitsu Computer Technologies explains the meta-spdxscanner, that is a tool to output SPDX files in a Yocto environment.
The OpenChain Project has launched a series of bi-weekly free webinars that provide access to people and knowledge that we would otherwise obtain at events. We hold our fourth meeting on Monday the 18h of May at 5pm Pacific with two guest speakers.
This time we are unpacking the newly released SPDX 2.2. SPDX, as a leading industry standard for Software Bill of Materials, plays a pivotal role in the implementation of practical manual and automated compliance programs.
Kate Stewart, Sr. Director of Strategic Programs at the Linux Foundation, will explain how SPDX 2.2 works and what it means for the community. Kate has been a key driver of this standard over the last 10 years and can answer all your questions about what the current standard means, what projects support it, and the current state of the tooling landscape.
Yoshiyuki Ito, Principal Expert at RENESAS Electronics, will provide an overview of SPDX Lite. This is a “Profile” for the SPDX 2.2 standard that helps companies deploy the Software Bill of Materials to match certain workflows, particularly with respect to suppliers to large companies using existing processes. Ito San and others in the OpenChain Japan Work Group created SDPX Lite to help ensure that the standard could seek adoption in as many production environments as possible with minimal friction.
Each talk will run for 10~15 minutes and there will be plenty of time for questions, comments and suggestions. As with all OpenChain Project activities, our goal is to facilitate knowledge-sharing between peers.
Everyone is invited to join this free webinar via zoom. It will also be recorded and made available later on our website.
Join Our Zoom Meeting
Password *
One Tap Telephone (no screensharing)
Find your local number: https://zoom.us/u/abeUqy3kYQ
Not all countries have available numbers.
After dialing the local number enter 9990120120#
The OpenChain Reference Tooling Work Group held its 15th meeting on the 13th of May. This meeting covered general updates in the tooling space and a deep dive into TERN for container compliance.
Catch up on minutes from all previous meetings
OpenChain Webinar 3 was held on the First Monday of May 2020 and featured talks on contribution policies, M&A and due diligence.
View the Webinar
The speakers have made their slides available to the community. Please find the slides below in the order which they were presented.
Contribution Policies (Tobie @ UnlockOpen)
M&A (Leon and Tony at GTC Law)
Due Diligence (Andrew @ Orcro)
The OpenChain Project was introduced by Shane Coughlan, General Manager at the latest NTIA Software Bill of Materials Framing Group meeting. The OpenChain industry standard provides a framework for companies to implement efficient compliance activities, including identification on ingest and export, using manual or automated approaches. Software bill of materials play a large part in optimizing this space, especially in the supply chain.
Watch the Presentation
Get Involved in the NTIA Discussion
OpenChain provides introduction slides to help individuals and organizations understand our mission and goal. These slides include speaker notes to help our community present to interested parties. The latest version is now available for viewing, downloading and sharing.
In this webinar Tobie Langel spoke about ‘Open Source Contribution Policies That Don’t Suck.’ Leon Schwartz and Tony Decicco from GTC Law provided an overview of open source-related topics in the context of mergers, acquisitions, financings, investments, IPOs, divestitures, loans, customer license agreements, rep and warranty insurance and other transactions. Andrew Katz presented a due diligence questionnaire and sample warranties based on the the OpenChain specification.
Tobie Langel spoke about ‘Open Source Contribution Policies That Don’t Suck.’ In his own words: Open source contribution policies are long, boring, overlooked documents, that generally suck. They’re designed to protect the company at all costs. But in the process, end up hurting engineering productivity, and morale. Sometimes they even unknowingly put corporate IP at risk. But that’s not inevitable. It’s possible to write open source contribution policies that make engineers lives easier, boost morale and productivity, reduce attrition, and attract new talent. And it’s possible to do so while reducing the company’s IP risk, not increasing it.
Leon Schwartz and Tony Decicco from GTC Law provided an overview of open source-related topics in the context of mergers, acquisitions, financings, investments, IPOs, divestitures, loans, customer license agreements, rep and warranty insurance and other transactions. This covered:
Andrew Katz presented a due diligence questionnaire and sample warranties based on the the OpenChain specification, and explained how adoption of this framework will drive further adoption of the standard. This builds on the observation that the OpenChain specification provides a great framework for due diligence and share purchase agreement warranties, even where the target is a software company which is not OpenChain compliant.
This is OpenChain Webinar #3, released on 2020-05-07.
© 2024 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
