In our biggest webinar to date, Jari Koivisto talked about Open Source Issues Remediation, Gary O’Neall talked about Community Bridge and SPDX Online Tools and David Wheeler talked about CII Best Practices (the project equivalent of the OpenChain standard). Check out the full recording and the slides below.
This webinar was a live walk-through of the Conformance Questionnaire with example solutions to each question required for OpenChain conformance. It was designed to be immediately useful to any organization considering or undergoing OpenChain conformance.
We took a look at how GitLab addresses compliance for this webinar on the 20th of July. Mo Khan, Senior Backend Engineer, explained the approach offered to users and why it is effective. One of the most interesting things we explored is how it all works with CI/CD, a hot topic in the OpenChain community and beyond.
In this webinar we covered “OpenChain China, Japan, Korea – a discussion on community building” featuring short interviews with Jerry (China), Haksung (Korea) and Fukuchi San (Japan) about local community activity. Our goal was to share knowledge on what has worked, what has not, and how momentum can be kept in these unusual times. We hope these lessons will assist our fellows in Europe and North America while also illustrating some of the key successes in Asia.
This is part of the bi-weekly OpenChain Webinar series. Every two weeks we have international speakers covering a wide range of topics related to practical open source compliance challenges, solutions and considerations.
This time we explored Software Heritage, an initiative whose goal is to collect, preserve, and share software code, and continued our discussion of containers from the perspective of scalable compliance.
Our speakers
Roberto Di Cosmo, Director at Software Heritage, explained why this initiative collects and preserves software in source code form with the understanding that software embodies key technical and scientific knowledge that humanity cannot afford to risk losing. His presentation helped provide insight into how such initiatives can link into activities like compliance automation in open source compliance, an area of immediate interest to the OpenChain community.
Scott Peterson, Senior Commercial Counsel at Red Hat, talked about how we can make compliance scalable in a container world. This talk will build on other recent presentations with a particular focus on efficiency and portability, with a “registry-native” approach to source code availability. Scott explained how this does not require updating container registries to include source code specific features, but instead can exploit features that are already contained in current registries.
In this webinar we unpacked how the newly released SPDX 2.2. SPDX, as a leading industry standard for Software Bill of Materials, plays a pivotal role in the implementation of practical manual and automated compliance programs.
Kate Stewart, Sr. Director of Strategic Programs at the Linux Foundation, explained how SPDX 2.2 works and what it means for the community. Kate has been a key driver of this standard over the last 10 years and can answer all your questions about what the current standard means, what projects support it, and the current state of the tooling landscape.
Yoshiyuki Ito, Principal Expert at RENESAS Electronics, provided an overview of SPDX Lite. This is a “Profile” for the SPDX 2.2 standard that helps companies deploy the Software Bill of Materials to match certain workflows, particularly with respect to suppliers to large companies using existing processes. Ito San and others in the OpenChain Japan Work Group created SDPX Lite to help ensure that the standard could seek adoption in as many production environments as possible with minimal friction.
In this webinar Tobie Langel spoke about ‘Open Source Contribution Policies That Don’t Suck.’ Leon Schwartz and Tony Decicco from GTC Law provided an overview of open source-related topics in the context of mergers, acquisitions, financings, investments, IPOs, divestitures, loans, customer license agreements, rep and warranty insurance and other transactions. Andrew Katz presented a due diligence questionnaire and sample warranties based on the the OpenChain specification.
More About This Webinar
Tobie Langel spoke about ‘Open Source Contribution Policies That Don’t Suck.’ In his own words: Open source contribution policies are long, boring, overlooked documents, that generally suck. They’re designed to protect the company at all costs. But in the process, end up hurting engineering productivity, and morale. Sometimes they even unknowingly put corporate IP at risk. But that’s not inevitable. It’s possible to write open source contribution policies that make engineers lives easier, boost morale and productivity, reduce attrition, and attract new talent. And it’s possible to do so while reducing the company’s IP risk, not increasing it.
Leon Schwartz and Tony Decicco from GTC Law provided an overview of open source-related topics in the context of mergers, acquisitions, financings, investments, IPOs, divestitures, loans, customer license agreements, rep and warranty insurance and other transactions. This covered:
Types of open source risk
Open source due diligence as part of transactions
Open source-related terms in agreements
The strategic use of open source in transactions
Andrew Katz presented a due diligence questionnaire and sample warranties based on the the OpenChain specification, and explained how adoption of this framework will drive further adoption of the standard. This builds on the observation that the OpenChain specification provides a great framework for due diligence and share purchase agreement warranties, even where the target is a software company which is not OpenChain compliant.
This webinar is about the current Chinese market and it also provides an update on what Facebook is doing around open source governance and licensing.
Our Presenters
Maggie Wang spoke about OpenChain in China. Maggie’s background ranges from working as an in-house at Huawei to acting as the China representative for Ladas and Parry. Her unique experience in-house and as outside counsel positions her perfectly to help contextualize where we are with regards compliance, standardization and business reality in one of our most important markets.
Michael Cheng spoke about OpenChain at Facebook, a topic that ranges from adoption activity and broader leadership in the compliance space by the company. His perspective will provide added value given the simultaneous decision by Facebook, Google and Uber to join OpenChain as Platinum Members in late 2018, and plenty of runway for our audience to ask questions about real-life lessons learned.
This webinar covers Supply Chain Governance and Container Compliance.
Our Presenters
Dr. Nikolay Harutyunyan spoke about ‘Corporate Open Source Governance of Software Supply Chains’, a talk based on recently published research constituting material from a literature review of 87 publications, a qualitative survey of 20 primary materials and 21 expert interviews at 15 companies. This bridged into a 2.5-year longitudinal study into a company that was just getting started with open source governance and following their evolution.
Armijn Hemel, MSc spoke about Docker container compliance. He has an extensive background as an internationally recognized expert in the field of GPL license compliance engineering with a particular focus on practical solutions to real-world product and service challenges. While best known for his work in embedded technology, Armijn has been exploring the topic of container compliance in recent years, and has been at the forefront of defining best practices in this space.