Skip to main content
Category

News

Open Source Policy Template 2.0 in Chinese (Traditional) and English

By News

Thanks to the tremendous work of Andrew Katz, his team at Moorcrofts, and the team at Orcro, the OpenChain Project offers an open source policy template to support our industry standard. This is a frequently requested aspect of our reference material and – as with all OpenChain reference material – it is available under CC-0 licensing, effectively public domain.

Get the Template in Traditional Chinese

Get the Template in English

Help Us Translate

You can help support our internationalization efforts via Github. Get these guides and many more documents in the OpenChain Reference Library. You can find out more and discuss this template on our mailing list.

OpenChain Experiment: Automated Talk Transcript – Russ from GM

By News

We have a terrific amount of activity in the OpenChain Project. A lot happens around our calls, where we often record audio and video, but we occasionally get asked for other formats too. Time and resources prohibit us from transcribing calls but there are some avenues to explore. Our conference provider offers automated transcriptions and today – for the first time – we are exploring how these may be shared with the community.

There are errors in the documents. We are providing a PDF and a Word document, the former for quick review, the latter to contribute fixes. Our goal is to test offering a new way to catch up on what happened. We are particularly interested in seeing if this provides utility to non-native English speakers.

Our test release is a transcript of Russ from GM – First Monday November – talking about how open source works in the US automotive space.

Quick Read (PDF)

Edit and Fix (DOCX)

Q&A

What release an imperfect transcript?

Because our community might find it useful.

Shouldn’t the project focus on excellence and avoid releasing documents with typographical errors?

We are an open project with a global community. We work hard to make all of our official documentation clear, simple and free of errors. However, we also have a lot of other material, such as these automated transcripts, and we are experimenting with providing access.

Who would find this useful?

Non-native English speakers who may have difficulty understanding spoken English. Written English, even imperfect written English, may be useful.

Where do I send feedback?

scoughlan@linuxfoundation.org

OpenChain Korea Work Group – The First Case Studies

By News

One exciting outcome of the OpenChain Korea Work Group meeting # 4 was the release of our first Korean case studies. These case studies from SK Telecom and NCSoft cover Open Source Governance Organization approaches inside their respective companies. They are currently only available in Korean.

Check Them Out

OpenChain Korea Work Group Meeting # 4 – Outcomes

By News

The fourth OpenChain Korea Work Group meeting took place on the 2nd of December 2019 at KTDS. This event was attended by around 20 people from 8 companies and marked the first release of Korean company case studies. Details below along with links to review our past meetings and to join our Korean mailing list.

The fifth meeting is scheduled for March 2020 at the Kakao offices in Seoul. Watch this space!

Agenda

No Agenda Speaker Slide 
OpenChain Update Shane Coughlan / Linux Foundation a_brief_introduction_to_openchain.pdf
Open Source Management Portal and Open Source Management Plan Sangmi Kim, Jihyun Lee / Ktds 
How to Install and Use FOSSology Wonjae Park / LG Electronics fossology_introduction_openchain_kwg.pdf
OpenChain KWG Update Haksung Jang / LG Electronics openchain_kwg_update_2019-12-02.pdf
Case Study All 
Free Discussion All 

Case Study : Open Source Governance Organization

Companies Attending

  • Ktds
  • LG Electronics
  • SK Telecom
  • SK holdings
  • NCSOFT
  • Samsung
  • Kakao
  • Hyundai Mobis

Learn More About The Korean Work Group

Join The Korean Work Group Mailing List

OpenChain项目中文工作组会议#2 – 12/12 下午2点到4点

By News

12/12 下午2点到4点, 北京百度大厦 开源合规研讨会

Our event will take place on the 12th of December between 14:00 and 16:00. Our event venue is Beijing Baidu Building Open Source Compliance Seminar @ No.10, Shangdi 10th Street, Haidian, Beijing, China.

我们的议程将集中在现实世界的挑战和解决方案上。
Our agenda will focus on real world challenges and solutions.

简单介绍下:我支持的开源讨论会议,一般都会要求使用 Chatham House Rule。
是为了让大家更充分的交流。
Our meeting will be held under Chatham House Rule to facilitate open discussion.

特别是百度开源律师 张伟玲会带来 开源合规在百度的实践,包括what/why/how,如何联合安全/研发工具/TC等来让合规落地的实践。
Zhang Weiling from Baidu will introduce practical open source compliance and integration with security approaches, development tools etc.

合规,不容易理解,但是如何落地,才是最难的。
Practical deployment is our true challenge and will be addressed.

欢迎大家分享经验。 让我们营造良好的协作氛围。
Everyone is welcome to share their experiences. Let’s build a great atmosphere of collaboration.

你想参加吗? 电子邮件scoughlan@linuxfoundation.org。

Do you want to participate? Email scoughlan@linuxfoundation.org.

OpenChain and AGL Collaborate to Facilitate Open Source Compliance in Automotive Production

By News

At CES 2020 during early January you can meet some of the key people behind the OpenChain Project. Our demo desk at the Automotive Grade Linux stand will show how open source tooling for open source compliance accelerates time to market and the optimal use of open source code. Our focus will be on the automotive sector but of course the same approach can help any company in any sector adopt and apply the key requirements of a quality open source compliance program.

Check Out Our Demo Overview

Check Out The Full AGL Schedule

OpenChain in India – Update on Status

By News

The OpenChain India Work Group had a great inaugural meeting hosted by MCA in Bangalore on the 7th of September. 25 people from 11 companies attended and shared experiences around open source compliance matters. This meeting marked the long-awaited expansion of OpenChain into one of the most significant IT markets in the world.

The second meeting will take place at Lyra Infosystems on the 21st of December 2019. Lyra has been OpenChain conformant for a while and is a pivotal user company supporting the eco-system in India.

Interested in helping shape the future of open source compliance in India? Jump right in!

Our dedicated India Work Group Mailing List

Detailed Overview and Minutes

Mishi Choudhary & Associates partnered with the OpenChain Project in conducting the OpenChain Project’s first India Work-Group meet-up at Hotel Royal Orchid, Bangalore on 7th September. The meetup included professionals, open source enthusiasts, tech-companies building or using products on open source and entities interested in learning more on open source compliance. The meet-up had presence of four OpenChain Conformant companies namely Infosys, Siemens, Lyra Infosystems and Cognizant. Besides, various global service providers using Open Source in different forms were also present.

The meetup was organised to initiate the core India Work-Group of the OpenChain Project which was rolled out by Linux Foundation to simplify compliance. The OpenChain Project builds trust in open source and makes compliance easy, predictable and effective. OpenChain Specification and Conformance form industry standards for open source compliance optimized for internal and external supply chains of any type.

The meet-up was moderated by Prasanth Sugathan, Legal Director, and Gurbir Singh Sidhu, Associate Counsel at Mishi Choudhary & Associates. The session also included presentations by Shuvajit Mitra (Senior Manager – IP Commercialisation, Open Source & Trademarks Practices, Infosys) and Arun Azhakesan (Lead OSS License Compliance, Seimens Healthineers).

Introductory Remarks:

Shane Coughlan, General Manager, OpenChain
Shane joined through video-conference from Japan. He spoke about major achievements for OpenChain Project in community outreach in the current month which include first work-group meet-ups in India, China and continuing activity in Taiwan. Besides, he expected doubling of conformance community this year. Further, he shared OpenChain activities in Japan which contain 68 companies and over 150 people. Besides, OpenChain Project’s Automotive WG in Japan have over 100 people involved.
He mentioned deep connections between companies from China with those in India present at the first work-group. To support this, he referred to Xiaomi which recently sold its 100th million smartphone sold in the Indian subcontinent.
He envisaged bringing together OpenChain Conformant companies like Infosys and others like WIPRO which are not yet. Also, he discussed plans on OpenChain’s readiness to become an ISO standard and consequent support for the same from user companies and developers.

Further, he assured support from international OpenChain community to the India WG at every step.

Gurbir Singh Sidhu, Associate, Mishi Choudhary & Associates
To give insights on the anticipated privacy legislation, Gurbir gave a presentation on Draft Personal Data Protection Bill, 2018 for the attendees. He gave a background on emergence of privacy law and policy in India. This included recommendations given by Justice (Retd.) AP Shah Committee on Privacy, 2011; the SC judgment in KS Puttaswamy & Anr v. UOI & Ors (Aug, 2017) which upheld privacy as a fundamental right and finally, the report released by Justice (Retd.) BN Srikrishna Committee on Data Protection Framework, 2017.
Thereafter, the key provisions of the Draft Protection Bill were shared. It included key terminology like Personal Data, Sensitive Personal Data, Data Principal, Data Fiduciary and Data Processor. Then, data protection obligations on data fiduciaries such as purpose limitation, collection limitation, storage limitation, notice and consent requirements; transparency and accountability measures (data audits, impact assessments, appointment of data protection officers) were presented. This was followed by rights of data principals such as rights to confirmation and access; data portability; correction of information and right to be forgotten. Thereupon, provisions on transfer of personal data outside India were discussed. It included data localization, mirror copy requirements; conditions on data transfer like contracts, intra-groups schemes. Finally, provisions relating to exemptions, Data Protection Authority of India, penalties, criminal offences and remedies under the Draft Bill were discussed.

Shuvajit Mitra (Senior Manager – IP Commercialisation, Open Source & Trademarks Practices, Infosys)

Shuvajit started his presentation on how Infosys has adopted usage and deployment of OSS in their solutions; and how it has saved costs, resources while meeting customers’ expectations. Discussing challenges, he mentioned that being a diversified and large organization, there could be misunderstandings on OS usage due to inadequate licensing experience, compliance complications and related risks of IP infringement. Besides, requirement of methodical compliance checks, license validation, establishing roles, accountability in supervisory level were also discussed.

In order to address the challenges, Infosys IP team engaged with OpenChain Project to assess its compliance practices and identify gaps to come in consonance with industry standard practices. For capacity development Infosys organized trainings on OSS licensing, governance models & contribution processes.

Infosys did a Conformance Analysis which included assessment of its Open Source Policy, IP check & certification process, establishing an accountability system and attaining key requirements of OpenChain Specification to make its compliance program predictable, understandable and efficient. While discussing benefits, he mentioned that by being an OpenChain Conformant company, Infosys was able to demonstrate a transparent OSS compliance process in development and procurement. Being OpenChain Conformant would help Infosys in building trust among its customers and stakeholders while showcasing its global standards.

Arun Azhakesan (Lead OSS License Compliance, Seimens Healthineers

Arun represented the formal tooling work group of OpenChain and explained how some of these tools were adopted later by Linux. The idea behind tooling group is reducing the resource cost and enhancing output. Also, OpenChain bringing Conformance for the entire supply chain necessitated that these tools be streamlined.

He started his presentation discussing efforts led by OpenChain in developing tools to assist OS compliance and making it more predictable. Arun shared the entire Integrated Compliance Toolchain Instance with specific compliance tools for each layer. Thereafter, he covered specific tools useful for the entire compliance chain.
First being Fossology which allows license, copyright and export control scans from the command line. It can generate an SPDX file, or a ReadMe with the copyrights notices from the software. Scanners include Monk, Nomos and Ninka. Next tool, Eclipse SW360 is an OSS project which allows cataloguing of software components, assessing security vulnerabilities, maintaining license obligations among others. It is licensed under EPL- 2.0. Besides, Eclipse SW360 Antenna is again an OSS tool which automates open source license compliance process. It collects compliance related data, processes it and warns in case of compliance related issues. Other tools suggested by Arun for the entire software supply chain included:

  1. OSS Review Toolkit: To download and scan the source code of the dependencies for license information and summarize the results.
  2. Software Heritage: To collect, preserve and share all software that is publicly available in source code form.
  3. BANG – Binary Analysis- NG: To find out the provenance of the unpacked files and classify/label files, making them available for further analysis.
  4. SPDX: For communicating the components, licenses and copyrights associated with a software package.
  5. Open Source Automation Development Lab (OSADL): To promote and coordinate the development of open source software for the machine, machine tool, and automation industry.

Informal Discussions

Attendees discussed that lately, more companies are developing projects on open source including Google, FB, LinkedIn and Microsoft. Also, there are instances over past decade, where companies using open-source made downstream improvements to convert products into proprietary. This led to changes in license regime namely MongoDB and few others. Further, global movement towards streamlining compliance activities, led by Linux Foundation were discussed; OpenChain Project being one of the products.
High profile patent litigations were also mentioned including Apple-Qualcomm, Apple-Samsung. Open Innovation Network’s work in resolving such disputes and patent non-aggression particularly for Linux based products was referred.

Attendee companies discussed challenges they face while contributing in open source pool specifically in degree to which it can allow their developers to contribute and parts to retain after due diligence checks (against 3rd party patent infringements).

Also, there were suggestions on focusing on smaller companies and start-ups in their transition towards open source. Secondly, awareness being a major part of OpenChain Project should also be leveraged.

Mr. Sugathan encouraged sharing tools and compliance practices between WG members, as most companies use the same components but in different domains. He expressed utility of developing knowledge transfer between companies.

There were queries which ranged from basic questions like overview of OpenChain, the expectations from Indian companies and implementations required. Core requirements of OpenChain specifications were shown which included standards required to be met in terms of documentation, processes and accountability. OpenChain gives self-certification flexibility to the organization; but being Conformant would require due diligence checks from third parties. Further, benefits of OpenChain in keeping the software supply chain predictable and consistent were shared. This also helps companies to identify gaps in their compliance process and correcting them.

It was reiterated that these meet-ups would allow companies to share their best experiences, especially addressing challenges they faced in their compliance programs.

OpenChain in Japan – The Statistics

By News

The OpenChain Japan Work Group will hold its last meeting of the year on the 19th of December. It seems like a good time to reflect on growth and next steps. You can see how our mailing list has expanded over time and the audience trend of the physical meetings.

One interesting data-point is that we have reached a stage of maturity in the number of companies participating. We have a lot of the principles (largest companies in Japan) and a representative collection of their suppliers. The next phase is increased OpenChain adoption, something we are seeing with things like the Fujitsu conformance announcement last week.

Our physical meetings have also followed an interesting trend. The “dips” in the chart show ad-hoc meetings, usually a planning session for a larger meeting ahead, or addressing a matter related to one of our seven Japan Sub-Groups that work on FAQs, supplier education, tooling and so on. We are still waiting for the final numbers from our December meeting but the trend is expected to continue.

The most interesting development was probably the evolution of activities around August 2019. At this meeting the OpenChain Japan Sub-Work Groups began their work, with seven teams holding their own meetings throughout the remainder of 2018 and into 2019.

Our July 2019 meeting was a major intersection of sub-group outcomes and the wider audience. The next such event is actually the Open Compliance Summit on the 17th and 18th December, and the final OpenChain Japan meeting on the 19th, an opportunity to provide the international audience with a strong overview of developments.

We are looking forward to a productive 2020 and increased collaboration between China, Japan, Korea, India and forthcoming European and American Work Groups. As OpenChain becomes an ISO standard we will seek to make sure all the best knowledge, everywhere, is easy to access.