The OpenChain Project was introduced by Shane Coughlan, General Manager at the latest NTIA Software Bill of Materials Framing Group meeting. The OpenChain industry standard provides a framework for companies to implement efficient compliance activities, including identification on ingest and export, using manual or automated approaches. Software bill of materials play a large part in optimizing this space, especially in the supply chain.
OpenChain provides introduction slides to help individuals and organizations understand our mission and goal. These slides include speaker notes to help our community present to interested parties. The latest version is now available for viewing, downloading and sharing.
In this webinar Tobie Langel spoke about ‘Open Source Contribution Policies That Don’t Suck.’ Leon Schwartz and Tony Decicco from GTC Law provided an overview of open source-related topics in the context of mergers, acquisitions, financings, investments, IPOs, divestitures, loans, customer license agreements, rep and warranty insurance and other transactions. Andrew Katz presented a due diligence questionnaire and sample warranties based on the the OpenChain specification.
More About This Webinar
Tobie Langel spoke about ‘Open Source Contribution Policies That Don’t Suck.’ In his own words: Open source contribution policies are long, boring, overlooked documents, that generally suck. They’re designed to protect the company at all costs. But in the process, end up hurting engineering productivity, and morale. Sometimes they even unknowingly put corporate IP at risk. But that’s not inevitable. It’s possible to write open source contribution policies that make engineers lives easier, boost morale and productivity, reduce attrition, and attract new talent. And it’s possible to do so while reducing the company’s IP risk, not increasing it.
Leon Schwartz and Tony Decicco from GTC Law provided an overview of open source-related topics in the context of mergers, acquisitions, financings, investments, IPOs, divestitures, loans, customer license agreements, rep and warranty insurance and other transactions. This covered:
Types of open source risk
Open source due diligence as part of transactions
Open source-related terms in agreements
The strategic use of open source in transactions
Andrew Katz presented a due diligence questionnaire and sample warranties based on the the OpenChain specification, and explained how adoption of this framework will drive further adoption of the standard. This builds on the observation that the OpenChain specification provides a great framework for due diligence and share purchase agreement warranties, even where the target is a software company which is not OpenChain compliant.
We have had some great feedback on the procurement document. Before we head into release I want to put out a final call for comments and suggestions. We close this and move towards release May 7th Close of Business Pacific.
(Japan WG Tooling Sub WGという名前は長いので、この記事ではTSWGとします) OpenChain Japan WGでは、さまざまな活動が行われていますが、TSWGの目的は、OSSコンプライアンスのための活用できるツールの情報を「(できるだけ)日本語で紹介」して「ツールを使いたい人のハードルが下がると良いな」という気持ちで活動しているWGです。2019年3月から活動しています。
直近では、12月19日(木)に第6回Tooling SWG F2Fミーティングが開催されます。さらに翌日の12月20日(金)もTSWGとは名付けていませんが、ツールに関するイベントを開催します。両日ともに、FossologyとSW360のメンテナー、Michael C. Jaeger氏を招いて講演いただきます。詳細は、下記の通りです。
SAN FRANCISCO, APRIL 27, 2020 – The OpenChain Project is delighted to announce that Osborne Clarke is our latest partner organization. Osborne Clarke is an international legal practice with offices situated around Europe, Asia and the USA with a strong focus on technology law.
The deep IT sector knowledge of Osborne Clarke comes from acting for an impressive client base comprising the great and the good in global technology, which exposes the firm to fresh ideas and new operating models ahead of the competition. Osborne Clarke has more than ten years of experience in providing comprehensive legal and technical advice on open source software and offers solutions in the area of open source compliance and contributions. Having developed a legal tech solution for evaluating and handling the legal aspects of open source licenses, Osborne Clarke helps companies to comply with legal open source license requirements, from startups to stock exchange-listed groups, as streamlined and efficiently as possible.
The OpenChain standard defines inflection points in business workflows where a compliance process, policy or training should exist to minimize the potential for errors and maximize the efficiency of bringing solutions to market. The companies involved in the OpenChain community number in the hundreds. The OpenChain standard is being prepared for submission to ISO and evolution from de facto into a formal standard this year.
“In the recent past, OpenChain has evolved as a de facto standard in the field of open source license compliance,” says Dr. Hendrik Schöttle, Partner at Osborne Clarke in Germany. “Being involved in open source compliance on a daily basis, joining OpenChain was the logical consequence for Osborne Clarke. We hope to contribute and to push forward the great and valuable efforts of OpenChain for compliance standardization.”
“The OpenChain Project has a strong emphasis on ensuring the support infrastructure for adoption is as comprehensive as possible as we transition from a de facto to formal standard via the ISO process,” says Shane Coughlan, OpenChain General Manager.“ Hendrik Schöttle and the team at Osborne Clarke have exceptional knowledge in this field and provide us with a substantial increase in coverage and knowledge throughout the OpenChain Partner Program.”
About Osborne Clarke
Osborne Clarke is an international legal practice with over 270 Partners and more than 900 talented lawyers in 26 locations. Our sector-based approach enables us to help our clients tackle the issues they are facing today, and prepare for the ones that they will face tomorrow. Advising them both comprehensively and commercially. We love working closely with our clients on new deals, products and solutions which will transform their businesses, markets and even sectors. And our unique approachable culture is not an added extra, it’s fundamental to our success.
The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain. More information can be found at www.openchainproject.org.
About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.
Linux is a registered trademark of Linus Torvalds.