Our newsletter contains some of the highlights from the last month of activity in the project. Plenty more happened. Check out the full stream here: https://www.openchainproject.org/news
This webinar explained how to help with the development of OpenChain ISO/IEC 5230, including contributing new ideas, or potentially expanding aspects of its use. As an open project, ensuring everyone can engage easily is a key part of our culture.
There will be a free webinar hosted by Synopsys on the 21st of January covering ISO/IEC 5230 (OpenChain) as part of the schedule, and which will provide a CLE credit for US attorneys in several locations.
The content will be provided by two of the leading open source legal experts, Mark Radcliffe, partner at DLA Piper and general counsel for the Open Source Initiative, and Tony Decicco, shareholder at GTC Law Group & Affiliates.
GTC Law and Synopsys are official OpenChain partner organizations.
Our newsletter contains some of the highlights from the last month of activity in the project. Plenty more happened. Check out the full stream here: https://www.openchainproject.org/news
As part of our continued commitment to internationalization, we are delighted to announce that the full OpenChain 2.1 (ISO/IEC 5230) specification is now available in:
Chinese Simplified
Chinese Traditional
French
German
Italian
Japanese
Korean
Spanish
These are reference translations provided to help organizations on their path to conformance. These organizations can also self-certify to the standard in:
Chinese Simplified
Chinese Traditional
English
French
German
Hebrew
Hindi
Italian
Japanese
Korean
Russian
Spanish
You can get these translations from our GitHub repository
FOSSAware is the latest partner of the OpenChain Project. OpenChain maintains ISO/IEC 5230, the International Standard for open source license compliance.
“The OpenChain Project consists of a large, vibrant community of companies that use open source in products and solutions,” says Shane Coughlan, OpenChain General Manager. “There is also a growing partner community that consists of organizations offering legal, consulting and tooling support in the management and automation of open source compliance. We are glad to welcome FOSSAware to this program and look forward to collaborating in Israel and beyond.”
“Encompassing over two-thirds of the average commercial software, open-source has become an essential part of modern software developmen,” says Yaniv Ozerzon, Co-Founder & CEO at FOSSAware. “Undermanaging the consumption and redistribution of Open source is no longer a viable option. Having an effective Open Source compliance program is a key differentiator marking industry-leading enterprise companies such as Google, Microsoft, and others. We are excited and pleased to become an official partner of OpenChain and are set to assist companies in reaching conformant with the OpenChain specification, minimize Open Source associated risks, and reduce remediation costs.”
About FOSSAware
FOSSAware consultancy and services specializes in Free and Open Source software (“FOSS”) compliance. Our mission is to work alongside our clients to minimize the legal, operational and security risks associated with FOSS. We tailor each client a suitable compliance program, render support in the implementation process and services for on-going compliance. https://fossaware.com/
About the OpenChain Project
OpenChain began when a group of open source compliance professionals met in a conference lounge and chatted about how so much duplicative, redundant open source license compliance work was being done inefficiently in the software supply chain simply. They realized that while each company did the same work behind the scenes in a different manner the output for downstream recipients could not realistically be relied on because there was no visibility into the process that generated the output.
The answer the early principles of this discussion arrived at was to standardize open source compliance, make it transparent and build trust across the ecosystem. The project began as outreach to the community with the idea of a new standard for open source license compliance with slides titled, “When Conformity is Innovative.” A growing community quickly recognized the value of this approach and contributed to the nascent collaboration soon named The OpenChain Project.
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
About me
Hello. I am Takashi Ninjouji. I mainly participate in Tooling Sub-Group (Tooling-SG) of OpenChain Japan-WG, and I am this SG leader since April 2020. This article introduces the activities of Tooling-SG.
Tooling-SG
The Tooling-SG group is to use OSS for OSS management operations to achieve the following in Open Source Compliance:
Build workflows according to your organization.
Automation
Quality improvement (on tools, workflows, and compliance)
Most of the participants are engineers. Many of them actually use the tools in their work, are developers of the tools, and even participate in the development community. On the other hand, because toolchain is also a means of handling open source compliance information, there will also be people from the compliance management departments such as legal and intellectual property, which are the relevant departments.
You may also want to read the article “About the activities of OpenChain Japan WG Tooling Sub-WG” by Kobayashi-san, the first leader at the time of its establishment in 2019, which was published in the 2019 Advent Calendar project. That article introduces why we wanted to create a place to exchange opinions about Open Source Compliance toolchain in Japanese and collaborate with global communities such as the OpenChain Reference Tooling Workgroup.
Activities
As in the previous year, the following activities and guiding principles have been established.
Compile/disseminate information about the tool (in collaboration with the global community)
Provide a place to study and discuss while using the tool (e.g., introducing the tool, holding seminars and hands-on sessions)
Information distribution and tool mapping (identify issues and collaborate to improve workflow implementation)
Promotion to expand membership (presentations at non-OpenChain meetings, use GitHub and other media)
We are welcome to feel free to participate and feel free to make a presentation (or talk).
At the meeting on 2020/11/24, we decided that we will have presentations in foreign languages. We would like to have a more active exchange of information.
You may arrange for your interpreter and translation of the materials in advance, or we would be happy to have volunteers to help you. If you are considering presenting in a foreign language, we would be glad to discuss this with you. Also, we may ask you to give your presentation at Tooling-SG.
Starting in April 2020, we are holding virtual meetings in conjunction with the Japan-WG meetings. Currently, we meet every other week for about an hour, alternating between the following meetings.
We are flexible in practice, so please feel free to join us if you have questions. If you have a topic to present, please contact us via the mailing list or Slack.
As SW360, a component cataloging tool, becomes multilingual and a Japanese kit is provided, it is expected to spread to Japan in the future.
Tooling-SG is planning to hold a hands-on session for SW360 Chores, a version of SW360 available in containers, in early 2021. We discuss the content and timing on the mailing list and Slack, so please join us if you are interested.
What is the next article?
Morishita-san will introduce OSS toolchain for Open Source Compliance. With the OpenChain specification being ISO standard, there has been a lot of discussion about automation of compliance practices in various tool communities. Don’t miss it!
なお、2019年のAdvent Calendar企画にあった、2019年設立時の初代リーダーの小林さんによる活動紹介記事「OpenChain Japan WG Tooling Sub-WGの活動について」もご一読頂けると幸いです。Japan-WGの活動趣旨に沿ってツールについて日本語で気軽に意見交換する場を設けたいとする経緯や、OpenChain Reference Tooling Workgroup などのグローバルコミュニティとの連携などを紹介しています。