Featured

This case study unpacks how the open source team at Arm used the OpenChain industry standard to simplify and speed their compliance process.

It includes detailed information on the approach selected, the timescales used, and the outcomes reached. It will be useful for any company currently considering or undergoing OpenChain self-certification, compliance assessment or third-party certification.

Review the Case Study

OpenChain Conformance: Arm Case Study from Shane Coughlan

Download the Case Study

• https://github.com/OpenChain-Project/Reference-Material/blob/master/Case-Studies/Community/Arm-OpenChain-Conformance.pdf

Thanks to the hard work of Denis Dorotenko at Yandex (https://dorotenko.pro/english/) the OpenChain Specification 2.0 has a draft translation in Russian. This will be converted to an official translation once it completes peer review.

Get the Draft OpenChain Specification 2.0 in Russian

• https://github.com/OpenChain-Project/Specification-Translations/raw/master/ru/2.0/OpenChainSpec-2.0.TranslationTemplate(ru)%20edited%202020-02-11%20clean.docx

Contribute to New Versions

• Via the main project mailing list:
  main@lists.openchainproject.org
• Via Github:
  https://github.com/OpenChain-Project/Specification-Translations/tree/master/ru

Get these guides and many more documents in the OpenChain Reference Library.

1. News
Oliver gave an overview about “what happened since last meeting”:
On 6th of Feb there was the kick off meeting of the OpenChain German Work Group. More than 35 persons attended the meeting. Main results were:
             1. the work group agreed on working on a guideline and layout of an OSS disclosure document
             2. the work group will work on translations of the existing material, there is already work in progress. Please see https://github.com/OCSpecGermanTranslation/OpenChain-SuppierLeaflet-GermanTranslation/tree/master/supplier-leaflet/de
             3. the work group has a “rolling chair” model – i.e. the host of the particular meeting is automatically the chair of the work group

Oliver started working on a charter, contribution guideline, code of conduct and updated the README of our project. The current state of work can be analyzed, improved, commented etc. in the branch https://github.com/Open-Source-Compliance/Sharing-creates-value/tree/onboarding-new-persons

Please follow the link, read the documents and please provide comments and improvements. The branch is called onboarding-new-persons

Sami suggested to add a “code example” what we expect in the context of reuse conformant contributions. Further he suggested to add a phrase like “other licenses of already existing code.
Sami volunteered to let our logo to be checked whether our logo is fine from a trademark point of view

2. Summary of the Unconference about OSS tooling in Brussels
Michael gave an overview about the unconference on OSS compliance tooling which took place on 31st of January in Brussels. Material and photos are available in our repo, please check https://github.com/Open-Source-Compliance/Sharing-creates-value/tree/master/Tooling-Landscape/Meeting-Material/Meeting-20200131

2.1. Code matching
One result of the code matching session was that there need to be a definition what is exactly to be understood by code matching. Some see code matching as the task “I have a binary package and need to find the corresponding source”. Others see it “I want to check source code whether it contains source code originating for 3rd parties.

2.2. sw360
This session centered around using and installing sw360.

2.3. Container Scanning
All attendees agreed that license compliance is a problem. The attendees agreed to start working on guidelines and best practices for container handling and container license compliance.

2.4. Big Picture
Please have a look at the slides.

2.5. Glue Code
Please have a look at the slides.

2.6. Requirements
Please have a look at the slides.

3. What approaches are existing for license compliant containers
We were not able to discuss the topic “3. What approaches are existing for license compliant containers” and decided to dedicate the next meeting entirely to container compliance

4. Next Meeting
26th of Feb 2020
Agenda: What approaches are existing for license compliant containers

Keep Up-To-Date and Participate

• https://groups.io/g/oss-based-compliance-tooling

The 5th meeting of the OpenChain Korean Work Group will be hosted by Kakao in Seoul. A big thank you to Violet from Kakao and all our work group members.

1. Organizer : Kakao (Contact : Violet – violet.blue@kakaocorp.com )
2. Venue: Kakao Pangyo Office (7F, N-dong, 235 Pangyo Station-ro, Bundang-gu, Seongnam-si, Gyeonggi-do)
3. Date: March 19, 2020

Agenda

No	Agenda	Speaker	Slide
1	OpenChain Update	Shane Coughlan, Linux Foundation
2	카카오 오픈소스 검증 시스템 Olive 소개	카카오 황은경
3	오픈소스 기여자 만들기, 참 쉽죠?	라인 이서연	https://www.soscon.net/content/data/session/Day%201_1630_1.pdf
4	업데이트 중

More Information on the Korea Mailing List

• https://lists.openchainproject.org/g/korea-wg

The 13th meeting of the OpenChain Japan Work Group was scheduled to be held at DeNA in Shibuya on the 18th of February. However, due to the deteriorating situation in Japan with the COVID-19 virus we have taken the decision to cancel this event.

Please keep up-to-date with the latest developments regarding alternative video conferences and other meetings via our OpenChain Japan mailing list.

• https://lists.openchainproject.org/g/japan-wg

The Linux Foundation is continuously monitoring the Novel Coronavirus situation to ensure the safety of our event participants and staff. We will be following all recommended guidelines from the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO) as the situation progresses.

Despite the cancellation of MWC Barcelona, many other significant conferences are still occurring and we have no plans to cancel events in general. Note that the WHO is currently advising against the application of any restrictions on international traffic. Based on the information currently available on the outbreak, the CDC is recommending standard safety practices that should be instituted during any flu season, and there are no US Dept of State Travel Advisories for countries other than China with relation to Novel Coronavirus.

For the safety of our event participants, we will institute numerous safety measures and guidelines to ensure everyone’s health and wellbeing including:

• Keep up-to-date information on our event websites pertaining to the status of the event, and precautions for attendees onsite
• Send email communications to registered event participants with any pertinent updates leading up to the event
• Provide plentiful sanitation stations onsite at the event with alcohol-based hand sanitizer and wipes, tissue and facemasks
• Provide signage onsite encouraging attendees to practice Respiratory Hygiene, ie to cover your mouth and nose with a flexed elbow or tissue (not your hands) when you cough or sneeze; avoid touching your hands, nose, and mouth to avoid transferring germs from surfaces; discard a used tissue immediately into a closed trash can, and wash your hands with an alcohol-based sanitizer and/or soap and water right away.
• Provide signage to encourage attendees to maintain Social Distancing, ie to adopt a no-handshake policy at the event and stand a minimum of 3 feet (1 meter) from other people, especially those that may be sneezing, coughing and/or exhibiting cold/flu symptoms.
• We will regularly sanitize all surfaces through the event space and communicate with the venues to do the same
• We will be sanitizing speaker microphones between each speaker’s use
• Request that anyone sick or experiencing any cold/flu-like symptoms stay home for their own safety and the safety of others, and consider substituting a co-worker to attend in their place.
• We ask that any attendees onsite who might begin experience cold or flu-like symptoms (fever, cough, trouble breathing), to please seek medical care right away. We will have local medical care contact information available for all attendees and can assist any attendee with transportation to a local clinic.

We also ask all registered attendees to self-certify that if they have traveled to China in the last month, they ensure that at least 14 days have passed from the time they arrived from China to the event and that they have shown no flu-like symptoms in that time. If they have, we ask that for their own safety and the safety of other attendees, they substitute another attendee in their place and refrain from attending the event.

We will continue to regularly check the latest official information leading up to the event and encourage our event participants to do the same. We understand that there is a lot of fear and uncertainty right now as we are in the early stages of the outbreak and a lot is still unknown, however, we want to ensure we’re making decisions based on factual recommendations rather than rumor or fear. 

Recommended Resources:

World Health Organization (WHO) Novel Coronavirus Daily Situation Reports:
https://www.who.int/emergencies/diseases/novel-coronavirus-2019/situation-reports

Centers for Disease Control and Prevention (CDC) Situation Summary:
https://www.cdc.gov/coronavirus/2019-ncov/index.html

Real-Time Data Dashboard from Johns Hopkins University: https://gisanddata.maps.arcgis.com/apps/opsdashboard/index.html#/bda7594740fd40299423467b48e9ecf6

US Dept of State Travel Advisories:
https://travel.state.gov/content/travel/en/traveladvisories/traveladvisories.html/

The OpenChain Interviews continue with our first male interviewee, Leon from the law firm GTC. They are an official partner of the OpenChain Project and have wide engagement with user companies across the technology and service industries.

Read the Interview

• https://www.openchainproject.org/openchain-interview-11

Catch Up on All the OpenChain Interviews

• https://www.openchainproject.org/about/leaders

The OpenChain Project will have a substantial presence at the forthcoming Linux Foundation Member Summit held during the 10th to 12th March 2020 in Lake Tahoe.

Framing OpenChain as an ISO standard

• https://lfms2020.sched.com/event/a8cN/openchain-as-an-iso-standard-codifying-compliance-globally-shane-coughlan-linux-foundation

The Road to Conformance: Panel with Arm, Comcast, Google and Uber

• https://lfms2020.sched.com/event/a8cc/panel-discussion-the-journey-to-openchain-conformance-sami-atabani-arm-limited-nithya-ruff-comcast-max-sills-google-matt-kuipers-uber

Some Cool Talks by Community and Friends

• Leveraging Standards in Open Source Software Projects
• SPDX and Software Bill of Materials: Past, Present, and Future
• Building a Secure, Efficient Open Source Compliance Supply Chain at Scale
• More than Just Licenses: Compliance and Conformance for Linux Foundation Projects
• 10 Million Packages Later: Open Source Licensing Clarity Solved at Scal
• Panel Discussion: A Day in the Life of an OSPO
• Panel Discussion: Scaling Your OSPO
• And many many more…

See The Full Schedule

• https://lfms2020.sched.com/

In Other News

The OpenChain Project will host a board meeting on the 9th of March, the day immediately before the Linux Foundation Member Summit. Adjacent to this we may hold a Steering Committee meeting. We have no voting item at this time but it could provide a space for a walk-through of the forthcoming ISO standard. If you have an interest in this being scheduled for 3pm on the 9th please let me know.

The OpenChain Germany Work Group Meeting # 1 has full video minutes here:

There are three key outcomes

(1) We will work on a reporting format for open source disclosure documentation.

(2) We will work on business process material for corporate contribution methods.

(3) We will take ownership of the German translations for OpenChain. This includes the Specification.

It should also be noted

(a) Meetings will be held on a bi-monthly schedule.

(b) The next meeting will probably be in Stuttgart.
(i) Daimler+Bosch have offered to host in Stuttgart.
(ii) HERE has offered to host in Berlin. (*)
(iii) PwC has offered to host in Frankfurt.

(c) The Germany Work Group will be chaired by the host of each meeting.

Thank you to everyone for making this happen. On behalf of OpenChain Project as a whole, we are looking forward to next steps!
— Shane Coughlan, OpenChain General Manager.

(*) The meeting at HERE will probably be held adjacent to a TODO Group Europe meeting.

SAN FRANCISCO, 5^th February 2020 – Today, the OpenChain Project welcomes NTT DATA Italy as our latest official partner. From its integral role in building Japan’s financial systems to helping to advance safety in air transportation, NTT DATA has been a pioneer of social change for more than five decades. The Italian subsidiary of NTT DATA offers a wide range of services related to the effective, efficient use of open source technology.

The OpenChain standard defines inflection points in business workflows where a compliance process, policy or training should exist to minimize the potential for errors and maximize the efficiency of bringing solutions to market. The companies involved in the OpenChain community number in the hundreds. The OpenChain standard is being prepared for submission to ISO and evolution from de facto into a formal standard in 2020.

“We are excited to announce our participation in the OpenChain community in order to offer our clients high quality and trusted open source solutions. With our contribution, we hope to increase the spread, growth, sustainability, and compliance in the use of Open Source technologies. ” says Stefano Veltri, Head of Open Source NTT DATA Italy.

“We are delighted to formally announce deeper collaboration with NTT DATA in Italy,” says Shane Coughlan, OpenChain General Manager. “In 2020 we expect to greatly expand the community and the vendor support available to companies across the European area. Our relationship with NTT DATA Italy is an integral component in our mission to offer a wide range of services adjacent to our industry standard for open source compliance.”

About NTT DATA

NTT DATA is a trusted global innovator headquartered in Tokyo, with 118,000+ professionals in more than 50 countries. We deal with innovation, design, technology, cybersecurity and AI, delivering tangible business results by combining deep industry expertise. NTT DATA is part of NTT Group, a partner to 88 percent of the Fortune Global 100.
www.nttdata.com/it

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.

About the Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. 

Linux is a registered trademark of Linus Torvalds.

Media Contacts

Shane Coughlan
+818040358083
coughlan@linux.com

Sara Bianchi
NTT DATA Media relation manager
sara.bianchi@nttdata.com 
T +39 02 8312 5842 

Giorgia Bazurli
Comin & Partners
giorgia.bazurli@cominandpartners.com
T +39 3492840676