The OpenChain M&A Summit 2022 brings together key law firms and service providers helping clients with M&A. You will come away from this event with a clearer understanding of global trends around open source mergers and acquisitions. Free and open to everyone.
Timing
This event takes places at 14:00 UTC on April 28th and runs for around three hours. That translates to:
- 07:00 PDT
- 12:00 EDT
- 16:00 CEST
- 19:30 IST
- 22:00 CST
- 23:00 KST
- 23:00 JST
Agenda
- An Overview of A Typical M&A With OpenChain
Leon Schwartz, GTC Law - M&A From The Perspective Of Security
Jan Thielscher, EACG - Checking Compliance With FOSSmatrix
Hendrik Schottle, Osborne Clark - Sustainability Of Open Source Licenses
Dr. Andreas Kotulla, Bitsea - Specific M&A Transaction Case Study
Marcel Scholze, PwC - Panel with all presenters
RSVP (Required for Entry)
The OpenChain Project released a Security Assurance Reference Guide in August 2021. Feedback from the community expanded this into its current form: a Security Assurance Reference Specification (Release Candidate 1 2022-03-28). At the end of June 2022 the OpenChain Steering Committee will decide if this Release Candidate:
- Becomes a sister standard to OpenChain ISO/IEC 5230
- Becomes an optional component of OpenChain ISO/IEC 5230
- Remains a reference specification
This is an important moment for the OpenChain Project, explicitly highlighting our work beyond open source license compliance. Your input is most welcome to help inform our steering committee.
Please open Issues on our GitHub here to provide feedback:
Alternatively, or in addition, please join our specification mailing list here:
More Information From The Introduction Of The Reference Specification Document:
The OpenChain Project is working towards a supply chain where open source is delivered with trusted and consistent compliance information. We maintain OpenChain ISO/IEC 5230:2020, the International Standard for open source license compliance. Adjacent to this the project maintains a large international community, extensive reference materials, and working groups addressing various domain issues. We support discussions around security, export control, M&A and other topics.
OpenChain ISO/IEC 5230:2020 is a process management specification that identifies inbound, internal and outbound inflection points where a process, policy or training should exist. The identification and tracking of software used and deployed is an inherent part of getting this right, and this also allows our standard to also be useful for security or export control.
The OpenChain Project community noticed that OpenChain ISO/IEC 5230:2020 was being used quite often in deployment discussions and we wanted to support our broader community around these use-cases. The reference specification you are now reading is focused on the security domain. It is intended to identify and describe the key requirements of a quality Security Assurance Program in the context of using Open Source Software. This early iteration of the document focuses on a narrow subset of primary concern: checking Open Source Software against publicly known security vulnerabilities like CVEs, GitHub/GitLab vulnerability reports, and so on.
This document focused on the “what” and “why” aspects of a quality Security Assurance Program rather than delving into to “how” and “when.” This is a conscious decision to ensure flexibility for companies of any size and in any market to use this reference specification. This approach, along with the types of processes identified, is built on more than half a decade of practical global feedback around the creation and management of such programs. The result is that a company can frame a program that precisely fits their supply chain requirements, scoped to a single product or a complete legal entity, and take this solution to market quickly and effectively.
The scope of this reference specification may expand over time based on community feedback.
This introduction describes the reference specification’s purpose. Section 2 defines key terms used throughout this document. Section 3 defines the requirements that a Program must satisfy to achieve a core level of Security Assurance. Each requirement consists of one or more verification materials (i.e., records) that must be produced to satisfy the requirement. Verification materials are not required to be made public, though an organization may choose to provide them to others, potentially under a Non-Disclosure Agreement (NDA).
This reference specification is licensed under Creative Commons Attribution License 4.0 (CC-BY-4.0). Because it takes the form of a Reference Specification and is therefore intended to fit into the mental model applied to specification creation, it is not designed to be modified outside of the formal editing track. You can take part in editing this document via the OpenChain Project bi-weekly calls. You can learn about joining these calls and our other activities here:
The OpenChain Industry Survey 2022 covers a big topic: the global status of corporate engagement and management of open source. We are considering this from a “strategy” perspective rather than a “development” perspective. Our goal is to help inform project, product and supply chain decisions in the year ahead.
This survey is available in:
简体中文:
https://wj.qq.com/s2/9935077/5841/
繁體中文:
https://forms.gle/VK2unUYAYXEUuKeJ7
Deutsch:
https://forms.gle/j8VTN98TQy7wzPHg6
English:
https://forms.gle/LvU9RFZZRFb85f477
日本:
https://forms.gle/A2qdawgY9h7CWr3q8
Please take a couple of minutes and help us define the market.
This survey is licensed under CC-0 so feel free to take it as the basis for your own surveys in the future.
From SAP:
Join us on April 26th at 3:00 pm CEST/1:00 pm UTC/9:00 am EDT/10:00 pm JST for a webinar with Shane Coughlan, OpenChain General Manager at the Linux Foundation, and Peter Giese, Head of the SAP Open Source Program Office, about key requirements of a quality open source compliance program. With his extensive knowledge of open source governance and process development Shane will explain what is important for a healthy open source environment in organizations, while Peter will talk about SAP’s experience getting ready for the OpenChain certification to help to establish trust and reliability among all the participants in software supply chains at SAP.
Speakers:
Shane Coughlan | OpenChain General Manager at the Linux Foundation
Peter Giese | Head of the SAP Open Source Program Office
Join Us:
Date: Tuesday, April 26th
Time: 3:00 pm CEST/1:00 pm UTC/9:00 am EDT/10:00 pm JST
The OpenChain Japan Work Group will meet on April 20th at 15:00. Full details are below in Japanese. Everyone is welcome to join. You can use this link:
https://socionext.zoom.us/j/99975267803?pwd=ekhxaHA3bVZUSVU5M0dVMkF2Z0pkQT09
次回のOpenChain Japan Workgroup全体会合の開催案内です。
第23回全体会合(第10回オンライン会合)を
2022年4月20日(水)15:00-16:00に開催します。
場所(Venue):Zoom
https://socionext.zoom.us/j/99975267803?pwd=ekhxaHA3bVZUSVU5M0dVMkF2Z0pkQT09
Meeting ID: 99975267803 / パスワード: ]>guXS~6
アジェンダ:
15:00 – 15:02 Opening
15:02 – 15:10 Keynote by Shane Coughlan
15:10 – 15:20 OpenChain Japan WGについて
15:20 – 16:00 OpenChain Industry Survey 2022 (OpenChain業界調査)
集計結果紹介、フリーディスカッション
16:00 Closing
今回は、現在実施しているOpenChain業界調査の結果紹介をします。
ご協力のお願い
会場の皆さんにリアルタイムにアンケートに答えていただき、その結果を見ながら、皆さんと意見交換をさせていただく試みを行います。
「OpenChain Industry Survey 2022 (OpenChain業界調査)」と同じツールを利用します。
明示的に回答いただいた情報のみ収集、利用します。
回答者の情報(メールアドレス等)は収集されません。
疑問、不安に感じられることがあれば、お気軽にお尋ねください。
回答は必須ではありませんが、多くの方にご参加いただきたく思います。
リアルタイムアンケート
https://forms.gle/zg5e6h7bwccQCvvZ8
同じURLをQRコードにしています。スマートフォン等でご回答いただく際にご利用ください。→
結果の利用方法
全体会合の共有画面に結果を表示します。
また、OpenChain JWGのGitHubに公開するとともに、今後のOpenChain活動で利用します。
多くの方々のご参加をお待ちしております。
Toshiba, one of the largest companies in Japan, has announced an OpenChain ISO/IEC 5230 conformant program. Toshiba has been at the forefront of technology since 1939, and is a leader in diverse sectors ranging from social infrastructure to quantum cryptography. The OpenChain Project, which maintains OpenChain ISO/IEC 5230, has collaborated with Toshiba for several years to help improve trust and efficiency in the global supply chain.
“Toshiba is a rare company that has managed to combine scale, innovation and market success for generations,” says Shane Coughlan, OpenChain General Manager. “They have invested heavily into open source with a clear understanding of its strategic, sustainable implications for the market. The adoption of OpenChain ISO/IEC 5230 is one milestone among many in helping to ensure the realization of this vision. It is significant not only for Toshiba, but also for each market segment where they play a pivotal part.”
“The importance of utilizing OSS in mission-critical areas is growing in the infrastructure industry involved in the growth of open source ecosystems,” says Yoshitake Kobayashi, Director of the Corporate Software Engineering and Technology Center of Toshiba Corporation. “We are delighted to take another step forward. Toshiba, a leading company in the infrastructure field, sees and works to deliver new possibilities for the world, society, and life. Our Open Source Program, the key requirement of OpenChain ISO/IEC 5230, exists not only for open source license compliance but also as the basis of broader co-creation and collaboration. Toshiba has been part of the global open source community, including the Linux Foundation, for decades. We will continue to work with the community to contribute to people everywhere and our shared future.”
About the OpenChain Project
The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.
About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.
Linux is a registered trademark of Linus Torvalds.
This webinar covers FOSSLight, a new open source project for open source license compliance from the Korean community. This is a quiet landmark for the OpenChain Project: our first non-English global webinar is presented in Korean with Simplified Chinese and Japanese subtitles.
There is one request that comes with this webinar: if you are interested in FOSSlight please considering helping to translate it into more languages.
Learn more on GitHub
Check Out The Rest Of Our Webinars
This is OpenChain Webinar #40, released on 2022-04-06.
SAP (NYSE:SAP), the market leader in enterprise application software, announces the adoption of OpenChain ISO/IEC 5230 – the International Standard for open source license compliance – throughout its organization. This milestone marks the first time an enterprise application software company has undergone whole entity conformance, and it has significant implications for the overall maturity and effectiveness in this market space.
“Since open source is increasingly used by more and more industries, the OpenChain standard is an important part of SAP’s management of license compliance along the software supply chain,” said Peter Giese, Director of SAP Open Source Program Office. “OpenChain provides a common standard based on industry best-practices and thereby helps to establish trust and reliability among all the participants in software supply chains.”
“SAP has an astonishing reach in the global supply chain, with its customers involved in almost 90% of trade around the world,” says Shane Coughlan, OpenChain General Manager. “Their decision to not only adopt but to apply OpenChain ISO/IEC 5230 throughout their organization is a key inflection point for the global supply chain. We are intertwined in our use of open source for shared infrastructure and platforms, and the more effective we become in its management, the more effective our overall supply chain will be. We are delighted to welcome SAP alongside entities such as Arm, Bosch and BlackBerry who have elected to undergo whole entity conformance, and alongside the hundreds of other entities applying OpenChain in narrower program scopes.”
About SAP
SAP’s strategy is to help every business run as an intelligent, sustainable enterprise. As a market leader in enterprise application software, we help companies of all sizes and in all industries run at their best: SAP customers generate 87% of total global commerce. Our machine learning, Internet of Things (IoT), and advanced analytics technologies help turn customers’ businesses into intelligent enterprises. SAP helps give people and organizations deep business insight and fosters collaboration that helps them stay ahead of their competition. We simplify technology for companies so they can consume our software the way they want – without disruption. Our end-to-end suite of applications and services enables business and public customers across 25 industries globally to operate profitably, adapt continuously, and make a difference. With a global network of customers, partners, employees, and thought leaders, SAP helps the world run better and improve people’s lives. For more information, visit www.sap.com.
About the OpenChain Project
The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.
About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.
Linux is a registered trademark of Linus Torvalds.
Revenera, a company with more than three decades of history in software licensing and compliance, has adopted OpenChain ISO/IEC 5230 for managing open source license compliance. OpenChain ISO/IEC 5230 is the International Standard for open source license compliance, and is supported by a global community spanning multiple continents.
“The OpenChain Project has established a set of requirements for a comprehensive open source management program. By applying OpenChain standards, Revenera is able to demonstrate our shared commitment to increasing trust and transparency in open source software usage,” said Alex Rybak, Director of Product Management at Revenera. “As a provider of solutions that help organizations manage their software supply chain, Revenera is honored to lead by example by being OpenChain Conformant.”
“The pervasive nature of open source means that many companies specializing in the use of open source are users themselves,” says Shane Coughlan, OpenChain General Manager. “Revenera is an example of a company both experienced in the management of open source and simultaneously being a consumer of this type of technology. Their adoption of OpenChain ISO/IEC 5230 is a simple, clear statement of their commitment to supporting the key requirements of quality open source compliance programs.”
About Revenera
Revenera helps product executives build better products, accelerate time to value and monetize what matters. Revenera’s leading solutions help software and technology companies drive top line revenue with modern software monetization, understand usage and compliance with software usage analytics, empower the use of open source with software composition analysis and deliver an excellent user experience—for embedded, on-premises, cloud and SaaS products. To learn more, visit www.revenera.com.
About the OpenChain Project
The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.
About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.
Linux is a registered trademark of Linus Torvalds.