This webinar explained how to help with the development of OpenChain ISO/IEC 5230, including contributing new ideas, or potentially expanding aspects of its use. As an open project, ensuring everyone can engage easily is a key part of our culture.
This is OpenChain Webinar #16, released on 2021-01-20.
We heard from Michael G. Poe, a newcomer to the world of Open Source Compliance and current Sales Manager with FossID. He shared his thoughts on his surprising journey from consumer products to software, and how the underlying principles of the open source community have enabled him along the way.
Michael also touched on what he believes can be some of the challenges to the frictionless adoption of OpenChain conformance. And lastly, based on his experiences and learning agenda thus far, what are some areas that can be improved when it comes to Open Source, Compliance, and the tech industry in general.
This is OpenChain Webinar #15, released on 2020-12-11.
The OpenChain Project hosted a special three hour mini-summit to explain the three options for compliance to the International Standard for open source compliance. Learn about self-certification, independent assessment and third-party certification from the experts in each area.
The core of the International Standard for open source license compliance is self-certification. This is a process where a company reviews the requirements of the standard and checks whether their current processes match these requirements. If necessary, a company can make adjustments to processes. Self-certification can be accomplished in several ways. The most common are:
Companies often want assistance in adopting an International Standard. One common form is Independent Assessment, where a knowledgable service provider reviews a company’s processes and provides objective feedback on where adjustments or improvements may be necessary. The OpenChain International Standard for open source compliance has a process called “Independent Compliance Assessment” that is provided by trusted partners of the project. These partners may be law firms or service vendors. Two of our existing partners, Source Code Control (UK) and AlektoMetis (Germany), hosted a session explaining this approach and their respective service offerings.
In some markets third-party certification is an important part of inter-company relationships. Examples are automotive, infrastructure and aviation, where strict regulation and regular audits are well-served by formal certification by third-parties. The OpenChain International Standard for open source compliance approaches third-party certification in the same way as other International Standards. Two of our existing partners, PwC (Germany) and Orcro (UK), hosted a session explaining this approach and their respective service offerings.
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
This OpenChain Webinar was broadcast on 2020-11-06.
On this episode we had Seth Newberry from Joint Development Foundation join the call and explain how the new Community Specification on GitHub can help projects prepare for building sustainable standards. We also took a moment to go through the ever-increasing OpenChain Reference library. There is a ton of material there that we are currently improving and making easier to discover ahead of our formal ISO publication in a couple of weeks.
This is OpenChain Webinar #12, released on 2020-09-17.
In our biggest webinar to date, Jari Koivisto talked about Open Source Issues Remediation, Gary O’Neall talked about Community Bridge and SPDX Online Tools and David Wheeler talked about CII Best Practices (the project equivalent of the OpenChain standard). Check out the full recording and the slides below.
Check Out All The Slides
This is OpenChain Webinar #11, released on 2020-09-11.
Seth Newberry from the Joint Development Foundation joined us to provide an overview of what they do, how it impacts OpenChain, and what it means for other open source and related projects moving forward. As always we had some great comments and questions, and we look forward to getting more over time via our mailing lists and meetings!
Check Out The Slides
This is OpenChain Webinar #10, released on 2020-08-25.
This webinar was a live walk-through of the Conformance Questionnaire with example solutions to each question required for OpenChain conformance. It was designed to be immediately useful to any organization considering or undergoing OpenChain conformance.
This is OpenChain Webinar #9, released on 2020-08-05.
In this webinar we covered “OpenChain China, Japan, Korea – a discussion on community building” featuring short interviews with Jerry (China), Haksung (Korea) and Fukuchi San (Japan) about local community activity. Our goal was to share knowledge on what has worked, what has not, and how momentum can be kept in these unusual times. We hope these lessons will assist our fellows in Europe and North America while also illustrating some of the key successes in Asia.
This is part of the bi-weekly OpenChain Webinar series. Every two weeks we have international speakers covering a wide range of topics related to practical open source compliance challenges, solutions and considerations.
This is OpenChain Webinar #6, released on 2020-06-22.
In this webinar we unpacked how the newly released SPDX 2.2. SPDX, as a leading industry standard for Software Bill of Materials, plays a pivotal role in the implementation of practical manual and automated compliance programs.
Kate Stewart, Sr. Director of Strategic Programs at the Linux Foundation, explained how SPDX 2.2 works and what it means for the community. Kate has been a key driver of this standard over the last 10 years and can answer all your questions about what the current standard means, what projects support it, and the current state of the tooling landscape.
Yoshiyuki Ito, Principal Expert at RENESAS Electronics, provided an overview of SPDX Lite. This is a “Profile” for the SPDX 2.2 standard that helps companies deploy the Software Bill of Materials to match certain workflows, particularly with respect to suppliers to large companies using existing processes. Ito San and others in the OpenChain Japan Work Group created SDPX Lite to help ensure that the standard could seek adoption in as many production environments as possible with minimal friction.
This is OpenChain Webinar #4, released on 2020-05-21.
In this webinar Tobie Langel spoke about ‘Open Source Contribution Policies That Don’t Suck.’ Leon Schwartz and Tony Decicco from GTC Law provided an overview of open source-related topics in the context of mergers, acquisitions, financings, investments, IPOs, divestitures, loans, customer license agreements, rep and warranty insurance and other transactions. Andrew Katz presented a due diligence questionnaire and sample warranties based on the the OpenChain specification.
Tobie Langel spoke about ‘Open Source Contribution Policies That Don’t Suck.’ In his own words: Open source contribution policies are long, boring, overlooked documents, that generally suck. They’re designed to protect the company at all costs. But in the process, end up hurting engineering productivity, and morale. Sometimes they even unknowingly put corporate IP at risk. But that’s not inevitable. It’s possible to write open source contribution policies that make engineers lives easier, boost morale and productivity, reduce attrition, and attract new talent. And it’s possible to do so while reducing the company’s IP risk, not increasing it.
Leon Schwartz and Tony Decicco from GTC Law provided an overview of open source-related topics in the context of mergers, acquisitions, financings, investments, IPOs, divestitures, loans, customer license agreements, rep and warranty insurance and other transactions. This covered:
Andrew Katz presented a due diligence questionnaire and sample warranties based on the the OpenChain specification, and explained how adoption of this framework will drive further adoption of the standard. This builds on the observation that the OpenChain specification provides a great framework for due diligence and share purchase agreement warranties, even where the target is a software company which is not OpenChain compliant.
This is OpenChain Webinar #3, released on 2020-05-07.
© 2024 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
