Skip to main content
Category

News

OpenChain Newsletter #37

By Monthly Newsletter, News

Newsletter – Issue 37 – May 2020

Latest OpenChain Member


OpenChain @ Webinars #3 & 4:

OpenChain @ Work Groups (Selected Highlight)

OpenChain @ Events (Selected Highlight)

A Brief Introduction to OpenChain – May 2020

More News

Check Out All Our Previous Newsletters

Webinar: Unpacking SPDX 2 2 + SPDX Lite

By Featured, legal, licensing, News, standards, Webinar

In this webinar we unpacked how the newly released SPDX 2.2. SPDX, as a leading industry standard for Software Bill of Materials, plays a pivotal role in the implementation of practical manual and automated compliance programs.

Kate Stewart, Sr. Director of Strategic Programs at the Linux Foundation, explained how SPDX 2.2 works and what it means for the community. Kate has been a key driver of this standard over the last 10 years and can answer all your questions about what the current standard means, what projects support it, and the current state of the tooling landscape.

Yoshiyuki Ito, Principal Expert at RENESAS Electronics, provided an overview of SPDX Lite. This is a “Profile” for the SPDX 2.2 standard that helps companies deploy the Software Bill of Materials to match certain workflows, particularly with respect to suppliers to large companies using existing processes. Ito San and others in the OpenChain Japan Work Group created SDPX Lite to help ensure that the standard could seek adoption in as many production environments as possible with minimal friction.

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #4, released on 2020-05-21.

OpenChain Japan WG「役割ごとの教育資料」SWGのご紹介

By News

 

株式会社日立製作所 岩田吉隆

はじめに

今回は、OpenChain Japan WG「役割ごとの教育資料」SWGについて紹介します。

活動概要

メンバ

ソニー、オリンパス、日立(リーダ)

活動状況

  • F2F会議での検討、作業(現在まで9回開催)
  • Japan WG会議での報告(第7回~第11回)
  • Planning SWG他での共通教育資料案のレビュー
  • GitHubでの検討資料公開
検討資料
資料案

OSSのコンプライアンスにかかる教育の状況

先ず、コンプライアンスにかかる教育の状況について議論しました。

a. OpenChain設立前から、OSSに関する教育を実施している会社もある。
b. これから、教育を実施する会社は、どういう教育内容、対象者からスタートすべきか、検討が必要。
c. 会社毎のビジネス形態により、 OSSに関わる必要なビジネスフローは異なる。
d. OSSに関わる上で、役割ごとに本当に必要最小限な教育観点は異なっている。
e. Curriculum※ を全て教育内容に盛り込むと、分量が多すぎる。
f. Specification※, Curriculumとの整合性も考慮が必要。

(※:SpecificationはOpenChainの一連の要件を定義している仕様書、CurriculumはOpenChainのSpecificationを下支えするトレーニング教材)

進め方の方針

コンプライアンスにかかる教育の状況を踏まえ、進め方の方針について検討しました。

a. 既に各社実施されている教育の体系、対象者、形態(講演会、集合研修、e-learning、資料閲覧、他)、タイミング、英語版有無を、可能な範囲で事例として提示。
b. a.に関して、各教育がビジネスフロー上で、どの対象者をカバーしているかを明示。
c. 各教育の目次、章/節の概要程度まで、可能な範囲で提示。
d. a, b, cの事例を元に、下記を整理する。
  ①最初にsmall startするための必要最小限の項目は?
  ②役割ごとに、教育資料として必要な項目は?共通項目、役割ごとの独自項目は?
  ③ライセンス関連で必要な項目は?
  ④SPDXの活用方法は?
  ⑤役割ごとの共通教育資料の案を作成

4社の事例の分析

先ずステップ1として、4社の事例の分析からスタートしました。

a. 各社のOSSに関する教育の例を収集

No.会社事例数
1製品ベンダー19
2製品ベンダー25
3製品ベンダー31
4製品ベンダー42

b.下記の分析観点について、分析、報告
  i. OSSに関する教育のニーズ
  ii. OpenChainのSpecificationに準拠する。
  iii. Curriculumの過不足を考慮
  iv. 役割ごとの教育の検討 (4社のケーススタディ)
    ⇒ GitHubへアップ

4社の事例からの提案と検討

次にステップ2として、4社の事例の分析結果を基に、共通教育資料の案の作成を行っています。
a. 4社の事例の分析結果を元に、共通教育資料の検討を実施
  i. Specificationを満たすためにコンプライアンスプログラムの記載は必須
  ii. Curriculumの過不足を配慮
  iii. リーフレットで使用されている語彙、表現を考慮
  iv. 各社の一般向け基礎教育の共通内容を考慮

b. 製品ベンダーのソフトウェア開発者向け共通教育資料のコンプライアンスプログラム・バージョンの案の提案を行う。a.のi.~ⅲ.は必須項目とし、ⅳ.の共通内容を重点的に、ⅳ.の一部内容は概略的に、説明する方向で詳細化を図る。OSSを使用して製品を開発するために、製品ベンダーのソフトウェア開発者向けというターゲットを設定した。

c. 役割ごとの分担と責任の明確化の例示
  Specification上での役割の必須要件の例示を行う。

d. 案作成の検討を通して、下記章立てにて作成中

  • OSS概説
  • 知的財産権
  • OSSライセンス
  • OSSコンプライアンスプログラム
  • OSS導入時の検討
  • OSSレビュー
  • OSS配布
  • まとめ
  • 問い合わせ先
  • 参考文献・団体

e. d.の各章毎に、GitHub上でJapan WG内のレビューを行う。

おわりに

以上、OpenChain Japan WG「役割ごとの教育資料」SWGについて簡単に紹介しました。更に、教育資料の事例の拡充や、共通教育資料案の紹介とレビューを行う予定です。皆様の参加をお待ちしています。

Webinar: Contribution Policies + Open Source in M&A

By community, Featured, legal, licensing, News, standards, Webinar

In this webinar Tobie Langel spoke about ‘Open Source Contribution Policies That Don’t Suck.’ Leon Schwartz and Tony Decicco from GTC Law provided an overview of open source-related topics in the context of mergers, acquisitions, financings, investments, IPOs, divestitures, loans, customer license agreements, rep and warranty insurance and other transactions. Andrew Katz presented a due diligence questionnaire and sample warranties based on the the OpenChain specification.

More About This Webinar

Tobie Langel spoke about ‘Open Source Contribution Policies That Don’t Suck.’ In his own words: Open source contribution policies are long, boring, overlooked documents, that generally suck. They’re designed to protect the company at all costs. But in the process, end up hurting engineering productivity, and morale. Sometimes they even unknowingly put corporate IP at risk. But that’s not inevitable. It’s possible to write open source contribution policies that make engineers lives easier, boost morale and productivity, reduce attrition, and attract new talent. And it’s possible to do so while reducing the company’s IP risk, not increasing it.

Leon Schwartz and Tony Decicco from GTC Law provided an overview of open source-related topics in the context of mergers, acquisitions, financings, investments, IPOs, divestitures, loans, customer license agreements, rep and warranty insurance and other transactions. This covered:

  • Types of open source risk
  • Open source due diligence as part of transactions
  • Open source-related terms in agreements
  • The strategic use of open source in transactions

Andrew Katz presented a due diligence questionnaire and sample warranties based on the the OpenChain specification, and explained how adoption of this framework will drive further adoption of the standard. This builds on the observation that the OpenChain specification provides a great framework for due diligence and share purchase agreement warranties, even where the target is a software company which is not OpenChain compliant.

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #3, released on 2020-05-07.

OpenChain Newsletter #36

By Monthly Newsletter, News

Newsletter – Issue 36 – April 2020

OpenChain in Q2 – Continuing Leadership, Continuing Support

The global lockdown due to the spread of COVID-19 is a unique historical moment. We are seeing both great success and great challenges in addressing this disease, and at all times there is an awareness that it can impact our close friends and families. To a large extent the OpenChain community is fortunate. Many of our companies allow us to work from home. Many of us are near excellent health services. We are well-positioned to weather this storm. We will do so with the health of our community and the societies in which we work as our highest priority.

Read more here:


OpenChain @ Webinars:

  • Over the last three years the OpenChain Project has held bi-weekly calls on the First Monday (9am Pacific) and Third Monday (5pm Pacific) of each month. These calls have driven forward our standard for open source compliance and a large corpus of supportive reference material. Today we are at an inflection point and we have an opportunity to enhance our service to the global community.With less emphasis right now on editing our standard (the forthcoming ISO version is fully baked) and our reference material largely produced via local work teams, there is an opportunity to launch an on-going series of webinars that provide access to people and knowledge that we would otherwise obtain at events.

We kicked off on Monday the 6th of April at 9am Pacific with speakers covering Supply Chain Governance and Container Compliance.

Our second Webinar was held on the 20th of April and covered compliance in China and OpenChain at Facebook.

We also announced our third Webinar for the 4th of May covering Contribution Policies + OpenChain in M&A. Watch this space for the recording in the next issue.

OpenChain @ Translations

OpenChain Specification 2.0 Available In Russian

OpenChain @ Conformance

Siemens Announces OpenChain 2.0 Conformance

OpenChain @ Partners

OSS Engineering Consultants is an OpenChain Partner

Osborne Clarke is an OpenChain Partner

OpenChain @ Work Groups

OpenChain @ Events

Coming Next

  • This newsletter marks 36 months since we started a major outward push for awareness and adoption in the OpenChain Project. During this time we have seen our industry standard enter a multitude of new markets. You can expect this continue and you can expect initiatives like our webinars to grow over time. Our next newsletter will both provide a new look and a great way for people to get started with our activities. Watch this space.

Webinar: China Update + Facebook Case Study

By community, Featured, legal, licensing, News, Webinar

This webinar is about the current Chinese market and it also provides an update on what Facebook is doing around open source governance and licensing.

Our Presenters

Maggie Wang spoke about OpenChain in China. Maggie’s background ranges from working as an in-house at Huawei to acting as the China representative for Ladas and Parry. Her unique experience in-house and as outside counsel positions her perfectly to help contextualize where we are with regards compliance, standardization and business reality in one of our most important markets.

Michael Cheng spoke about OpenChain at Facebook, a topic that ranges from adoption activity and broader leadership in the compliance space by the company. His perspective will provide added value given the simultaneous decision by Facebook, Google and Uber to join OpenChain as Platinum Members in late 2018, and plenty of runway for our audience to ask questions about real-life lessons learned.

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #2, released on 2020-04-22.

OpenChain Webinar # 1 – Survey Results

By News

The first OpenChain Webinar took place on the First Monday of April with talks on Supply Chain Governance and Container Compliance. You can learn more about the specifics of the event here.

OpenChain will continue to hold webinars on a bi-weekly schedule throughout the next months. You can find out more about our second webinar on the 20th of April, featuring OpenChain in China + OpenChain @ Facebook, right here. Our goal is to provide our community with access to the knowledge and the people they would normally discover at events.

To ensure we do the best job possible we will run surveys alongside some of the webinars and here are the results from the very first one. We had 11 respondents from an audience of 55 live and 50 for the recording. A small sample but useful for our forward planning.

All in all, a pretty good start. It was interesting that we had one respondent note that Nick’s research on supply chain governance was not relevant (and all others mark it as very relevant). A follow-up question would be why this is so? We will give people more space in future surveys to provide such feedback.

A big thank you to everyone who took the time to respond. You are helping to make things better.

OpenChain Japan WG 第12回会合 のご案内

By News

はじめに

12/2の今田さんの投稿でもご説明いただいていましたが、OpenChain Japan WGでは2〜3ヶ月ごとに全体会合を開催しています。
次回会合は 今月12/19(木)13:30〜18:00 東京のNEC本社ビル(JR田町駅 or 都営三田駅) で開催する予定です。
Advent Calendar 3日目は、その全体会合のご案内をさせていただきます。

自己紹介

12/3を担当させていただく島直道です。
もともとは組み込みの開発者だったんですが、2010年頃からオープンソースのライセンスやコンプライアンスに関する仕事に携わり、現在は領域を広げてOSSの管理(プロセス・ライセンス遵守/教育・脆弱性対策等)や、OSSの開発関連ツールの普及・展開、OSS活用支援などを担当しています。Japan WG には第3回会合から参加させていただいており、個人的にはつぎでちょうど10回目の参加ということになります。
趣味は釣りと料理とクラフトビアと温泉と旅行と野球と鉄道とカメラってとこですね。
あとRaspberry Pi Audioも。

OpenChain Japan WG 第12回会合について

第12回会合は内容盛りだくさんで、いつもの会合よりちょっと長めです。
ご参加いただく皆さんにとって非常に有用な情報収集・交換の場になることを確信しています。
また、Japan WGの発足が2017年の12月なので、ちょうど2周年という記念すべき会合になります。

なお今回の会合は、12/17〜18に品川で開催されるThe Linux Foundation主催のOpen Compliance Summit 2019の翌日ということもあり、ゲストとして海外からもOSSのコンプライアンスに関わっている方にお越しいただき、さらに、一部の方にはご講演いただくことも予定しています。
しかもなんと!英語セッションにはJapan WGメンバーの方のご協力による逐次通訳付きです!感謝!!

開催概要

  • 日時: 2019/12/19(木) 13:30〜18:00
  • 場所: NEC本社ビル 地下1F 多目的ホール1

タイムテーブル

時間タイトル
13:30-13:45 (15)1. NECのOSSコンプライアンスの取り組み紹介(NEC OSS推進センター 菅沼)
13:45-14:00 (15)2. OpenChain Update(Shane Coughlan, The Linux Foundation
14:00-14:20 (20)3. OpenChain Japan WG 紹介(富士通コンピュータテクノロジーズ 浅羽さん)
 各サブWG Update(各サブWGリーダー)
14:20-14:40 (20)4. 『OSSライセンスと著作権法』講義・コンサル内容の基本
 (NEC OSS推進センター 姉崎)
14:40-14:50 (10) 休憩(10分)
14:50-16:20 (30*3)
 (講演20分+通訳10分)
5. 海外ゲスト講演(日本語 または 逐次通訳付き)
 ・ProtexからFossologyへ(Han JiHo, NCSoft
 ・Open Source Compliance?
  Achieve all Together by Sharing and Collaborating
 (Haksung Jang, LG Electronics
 ・OSS Review Toolkit + OpenChain – the why, what and how in 10 minutes
 (Thomas Steenbergen, HERE Technologies
16:20-16:30 (10) 休憩(10分)
16:30-16:50 (10*2)6. Open Compliance Summit 講演の振り返り
 ・Open Source Compliance in Supply Chains(トヨタ自動車 遠藤さん)
 ・Exploiting OpenChain Self-Certification for Moving Company Internally
 (富士通 大崎さん)
16:50-17:50 (60)7. LT大会(MC: パナソニック 加藤さん)
 テーマ:各社のOSS活用事例共有、ステップアップのきっかけ
17:50-18:008. 総括(NEC OSS推進センター 山本)
懇親会(NEC芝倶楽部)へ移動

参加申込方法

2019/12/15 まで に、
Google Forms または 下記のフォーマットでメールをお送りください。

本会合は終了しました。当日の様子は奥さんレポートを御覧ください。

■参加者情報
名前(ふりがな) *
会社名 *
部署名

■懇親会 *
参加する
参加しない

■OpenChain Japan Working Group会合の参加回数は?
初参加
2~3回
4回以上

■ご担当されている職種は?
ソフトウェア開発者
ソフトウェア研究開発
OSS推進
法務・知財
品質保証・品質管理
技術企画・技術管理・技術戦略
その他:( 差し支えなければご記入ください )

明日のテーマは

私も参加させて頂いている FAQサブWG についてOSSのライセンスや著作権法にとーってもお詳しい大内さんにご紹介いただきます。
OSSのライセンスとか著作権法とか難しくって調べても全然わかんないんだけど…って方、必見 です。

OpenChain Reference Training @ United Nations Technology Innovation Labs – April 9th

By News

Shane Coughlan, OpenChain General Manager, will deliver a webinar covering the OpenChain Reference Training slides as part of his contribution to the open source advisory council of UNTIL.

This training session is entitled ‘An Introduction to Open Source Governance and Licensing’ and is mandatory for all UNTIL staff. The OpenChain reference material, built on contributions from Qualcomm, Arm, Samsung, Philips and many more companies, is the perfect foundation to fill out the session.

You can get the training material with speaker notes from the OpenChain GitHub pages. These slides are under CC-0 licensing so you can use, share and improve them without any restrictions.

Get this guide and many more documents in the OpenChain Reference Library: https://github.com/OpenChain-Project/Reference-Material

Webinar: Supply Chain Governance + Container Compliance – Full Recording

By community, Featured, legal, licensing, News, Webinar

This webinar covers Supply Chain Governance and Container Compliance.

Our Presenters

Dr. Nikolay Harutyunyan spoke about ‘Corporate Open Source Governance of Software Supply Chains’, a talk based on recently published research constituting material from a literature review of 87 publications, a qualitative survey of 20 primary materials and 21 expert interviews at 15 companies. This bridged into a 2.5-year longitudinal study into a company that was just getting started with open source governance and following their evolution.

Armijn Hemel, MSc spoke about Docker container compliance. He has an extensive background as an internationally recognized expert in the field of GPL license compliance engineering with a particular focus on practical solutions to real-world product and service challenges. While best known for his work in embedded technology, Armijn has been exploring the topic of container compliance in recent years, and has been at the forefront of defining best practices in this space.

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #1, released on 2020-04-08.