News

LYON, October 29, 2019 – Today Sony Semiconductor Solutions Corporation announces conformance with the OpenChain standard for open source compliance in the supply chain. This step builds on two years of deep collaboration between Sony group companies and the OpenChain Project in Japan, Taiwan and globally. It marks another milestone in the adoption of OpenChain across multiple industries and supports increased efficiency for managing open source licenses inside and between companies. 

“As a global leader of imaging & sensing technology, Sony Semiconductor Solutions Corporation has built a quality management system including OSS license compliance so that our customers can use our products and services with confidence,” says Dai Sugimoto, Quality Officer of Sony Semiconductor Solutions Corporation. “The Quality Assurance Department manages OSS compliance, traceability, and vulnerabilities in all products and services, independent of product development teams. Also all software staff has been trained to understand OSS license compliance issues and to comply with the resulting obligations. We support the OpenChain project because our activities are in alignment with the project. Sony Corporation has been involved with the OpenChain project since 2017 as a Platinum member. We express our commitment to support a highly transparent supply chain for customers’ OSS compliance through our own OpenChain conformance.”

“Sony is a key member of the OpenChain Governing Board and the broader global OpenChain community,” says Shane Coughlan, OpenChain General Manager. “Their work in building engagement from existing and new stakeholders has been remarkable. Today they are taking a leadership position once more, with Sony Semiconductor Solutions Corporation announcing OpenChain Conformance, a step that further illustrates the practical, real-world applicability of our international standard for open source compliance.”

About Sony Semiconductor Solutions Corporation

Sony Semiconductor Solutions Corporation is the global leader in image sensors. Our semiconductor business also includes a variety of other parts including microdisplays, LSIs, and laser diodes. We strive to provide advanced imaging technologies that bring greater convenience and fun to people’s lives. In addition, we also work to develop and bring to market new kinds of sensing technologies with the aim of offering various solutions that will take the visual and recognition capabilities of both human and machines to greater heights. For more information, please visit: https://www.sony-semicon.co.jp/e/

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. 

Linux is a registered trademark of Linus Torvalds.

Media Contacts

Shane Coughlan
+818040358083
coughlan@linux.com

LYON, October 29, 2019 – Liferay, a company that provides digital solutions for businesses, has announced OpenChain Conformance. They join a growing community of companies publicly announcing their adoption of the industry standard outlining the key requirements of a quality open source compliance program.

“Liferay has always been an open source company with an enterprise focus,” says Matija Šuklje, Licensing Counsel at Liferay Inc. “Codifying our commitment is a big part of that. By certifying as OpenChain Specification 2.0 compliant, we are formalizing our open source compliance and ensuring that customers and partners have a clear understanding of our commitments. With this announcement, we hope to encourage others to work together to create an efficient software supply chain.”

“Liferay has been part of the OpenChain eco-system for a considerable period,” says Shane Coughlan, OpenChain General Manager. “it has been a pleasure to work with Matija in discussing and refining OpenChain reference material. Today marks another milestone in our relationship with Liferay announcing OpenChain Conformance. This step illustrates not only their commitment to excellence in open source but also serves as an inspiration for other companies of similar sizes and in similar market sectors.”

About Liferay

Liferay makes software that helps companies create digital experiences on web, mobile and connected devices. Our platform is open source, which makes it more reliable, innovative and secure. We try to leave a positive mark on the world through business and technology. Hundreds of organizations in financial services, healthcare, government, insurance, retail, manufacturing and multiple other industries use Liferay. Visit us at www.liferay.com. 

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. 

Linux is a registered trademark of Linus Torvalds.

Media Contacts

Shane Coughlan
+818040358083
coughlan@linux.com

Get The Agenda

https://wiki.linuxfoundation.org/_media/openchain/openchain_agenda_09-23-2019.pdf

Get the Guest Speaker Slides

• Guest Speaker: Jeff Luszcz on Open Source Compliance (Slideshare)

Review all OpenChain Work Team Calls

• https://wiki.linuxfoundation.org/openchain/minutes

Today PwC Germany (https://www.pwc.de/opensource) announces support for OpenChain Conformance activities in companies across all sectors.

The OpenChain Project provides robust Self-Certification to showcase compliance with OpenChain Specification, the industry standard for open source compliance. However, Self-Certification may not always be optimal for organizations with limited experience in open source or those needing to minimize the potential for conflicts of interest via reports from an independent external auditor.
PwC and other auditing organizations are working to acknowledge these market requirements and to build further trust in OpenChain Conformance through two approaches:

• PwC supports organizations, providing operational excellence, guidance and reviews setting up required processes, guidelines and policies for an OpenChain Conformance program. 

• PwC audits organizations’ OpenChain Conformance program as an external independent auditor and reports against the OpenChain Specification in a formal international reporting format and attestation. This provides trust in OSS management especially in the supply chain. 

Through integration of third-party assessors and advisory firms in the OpenChain community, a platform is created to further enable the industry-wide acceptance of the OpenChain standard which is very valuable especially for supply chains.

OpenChains Shane Coughlan will present a keynote at the LF Energy Global Summit in Paris “Next – Complex made simple”

You can check out the schedule here:

https://events19.linuxfoundation.org/events/lfenergysummit2019/program/

SAN FRANCISCO, October 10, 2019 – HH Partners, a law firm based in Finland, today announces participation in the OpenChain Project. HH Partners intends to support adoption of the OpenChain industry standard for open source compliance both inside Finland and across the broader global market. HH Partners will be contributing to the OpenChain project both via its open technology practice and via its own open source compliance research project, Double Open.

The OpenChain Project establishes trust in the open source from which software solutions are built. It accomplishes this by making open source license compliance simpler and more consistent. The OpenChain Specification defines inflection points in business workflows where a compliance process, policy or training should exist to minimize the potential for errors and maximize the efficiency of bringing solutions to market. The companies involved in the OpenChain community number in the hundreds. The OpenChain Specification is being prepared for submission to ISO and evolution from a growing de facto standard into a formal standard.

“Open source compliance in the supply chain is a challenge to all companies. The OpenChain Project has already achieved and demonstrated a simpler way for organizations to learn and progress in open source compliance. Standardization is a way of unifying expectations, and therefore it simplifies processes. We are excited to leverage our network in Finland to further our joint goals with OpenChain and help organizations achieve better open source compliance” says Martin von Willebrand, Partner and Head of Open Technology at HH Partners, Attorneys-at-law Ltd.

“The key to a successful community is to build great relationships,” says Shane Coughlan, OpenChain General Manager. “Establishing a formal relationship with HH Partners underlines our pre-existing and fruitful collaboration over many years. Martin and his team have long been a lynchpin of open source legal knowledge in North Europe, and their engagement today is a reflection of how the project and its associated industry standard is gaining momentum.”

About HH Partners

HH Partners, Attorneys-at-law, Ltd, is a Helsinki, Finland based law firm focusing on Technology, Intellectual Property Rights and Transactions. Its Open Technology practice is likely the largest law firm practice on open technologies in Finland.

The link for HH Partners’ English website can be found here:

• https://www.hhpartners.fi/en/

Learn more about the Double Open Project

Double Open is research project of HH Partners, as a part of 4API project in collaboration with the University of Helsinki and several other companies. Double Open aims to enable open open source compliance automation, leveraging existing open tools and open data. The project is partially funded by Business Finland.

• https://www.doubleopen.org/

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. 

Linux is a registered trademark of Linus Torvalds.

Media Contacts

Shane Coughlan
+818040358083
coughlan@linux.com

Martin von Willebrand
+3589177613
martin.vonwillebrand@hhpartners.fi

Members of Japan Working Group will introduce activities from our local chapter and sub-groups at OSS/ELC EU Technical Showcase on the 29th of October. Please drop by and say hello!

Dr. Peter Ellsiepen at the European Space Agency (ESA) is kindly hosting a Tooling Work Group meeting at the European Space Operations Centre (ESOC). This event marks one of the early opportunities for parties interested in tooling and automation to get together and discuss which open source solutions they are applying to open source compliance.

The Tooling Work Group is chaired by Oliver Fendt from Siemens and has a diverse range of contributors from German, Japanese and international companies.

Learn More About the Tooling Work Group

• https://github.com/Open-Source-Compliance/Sharing-creates-value

Join the Mailing List

https://groups.io/g/oss-based-compliance-tooling

The minutes are below. The slides discussed during the meeting are also below for reference.

1. News

Oliver gave an overview about “what happened since last meeting”
Two new user stories are available in the Github repo:
             Initial user story – Software-Developer-Epic.md https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/master/User-Stories/Software-Developer-User-Stories/Software-Developer-Epic.md
             Initial user story – Compliance-Assistant-Epic.md https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/master/User-Stories/Compliance-Assistant-User-Stories/Compliance-Assistant-Epic.md

A new version of the one pager slide was circulated on the mailing list. The objective is to have the first release next week.

Upcoming Events:
             Oliver presented an overview of the interesting session from an OSS compliance perspective at Eclipsecon.
             Alexios asked about an overview of the interesting sessions at OSS Summit Europe. Michael J. sent an email with interesting talks at the OSS Summit Europe to the mailing list.

2. Sw360antenna
Lars gave an overview about their work concerning automation and integration of the OSS compliance tools in the CI/CD workflow. He introduced two use cases (please see attached slides):
1. Automatic management of 3rd party dependencies
             This use case applies to “normal” software development, where the OSS component approval is triggered by the integration of the component.
2. Upfront dependency approval
             This use case applies to software development in regulated environments like safety critical systems, where the OSS components which will be integrated must be known upfront. If an unknown component is detected this will cause a policy violation.
             Aaron added that this use case is also common in the financial sector.

Lars mentioned that for having an overview about the licensing situation scancode is used and for the curation, approval and release FOSSology is used.
He gave a nice live demo showing the working implementation of use case 1. Oliver mentioned that this demo covers the following functional blocks of the big picture:
             Dependency resolver
             Source package downloader
             License & Copyright Scanner
             Policy Checker
             Component & application inventory
             FOSS Compliance Bundle generator

The documentation of use case 1 is available on https://eclipse.github.io/antenna/1.0.0-SNAPSHOT

3. Next Steps
             User stories:
                            Kate mentioned that there is no user story covering the recipients of the compliance artifacts – the persons/organizations receiving the results of the process and results produced by the toolchain. Oliver said that such a user story will be added.

             Next meeting:
                            The next regular Wednesday meeting will be on 6th of Nov. On 10th of Oct there is the face to face meeting in Darmstadt