This webinar unpacked the complexity and solutions for addressing licensing across a large code-base like the Linux Kernel, and it explained how ISO 5230 has been applied to the security domain by some parties in the supply chain.
This webinar explained how to help with the development of OpenChain ISO/IEC 5230, including contributing new ideas, or potentially expanding aspects of its use. As an open project, ensuring everyone can engage easily is a key part of our culture.
We heard from Michael G. Poe, a newcomer to the world of Open Source Compliance and current Sales Manager with FossID. He shared his thoughts on his surprising journey from consumer products to software, and how the underlying principles of the open source community have enabled him along the way.
Michael also touched on what he believes can be some of the challenges to the frictionless adoption of OpenChain conformance. And lastly, based on his experiences and learning agenda thus far, what are some areas that can be improved when it comes to Open Source, Compliance, and the tech industry in general.
The OpenChain Project hosted a special three hour mini-summit to explain the three options for compliance to the International Standard for open source compliance. Learn about self-certification, independent assessment and third-party certification from the experts in each area.
Part 1 – Self-Certification (1 hour session)
The core of the International Standard for open source license compliance is self-certification. This is a process where a company reviews the requirements of the standard and checks whether their current processes match these requirements. If necessary, a company can make adjustments to processes. Self-certification can be accomplished in several ways. The most common are:
Part 2 – Independent Compliance Assessment (1 hour session)
Companies often want assistance in adopting an International Standard. One common form is Independent Assessment, where a knowledgable service provider reviews a company’s processes and provides objective feedback on where adjustments or improvements may be necessary. The OpenChain International Standard for open source compliance has a process called “Independent Compliance Assessment” that is provided by trusted partners of the project. These partners may be law firms or service vendors. Two of our existing partners, Source Code Control (UK) and AlektoMetis (Germany), hosted a session explaining this approach and their respective service offerings.
Part 3 – Third-Party Certification (1 hour session)
In some markets third-party certification is an important part of inter-company relationships. Examples are automotive, infrastructure and aviation, where strict regulation and regular audits are well-served by formal certification by third-parties. The OpenChain International Standard for open source compliance approaches third-party certification in the same way as other International Standards. Two of our existing partners, PwC (Germany) and Orcro (UK), hosted a session explaining this approach and their respective service offerings.
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
On this episode we had Seth Newberry from Joint Development Foundation join the call and explain how the new Community Specification on GitHub can help projects prepare for building sustainable standards. We also took a moment to go through the ever-increasing OpenChain Reference library. There is a ton of material there that we are currently improving and making easier to discover ahead of our formal ISO publication in a couple of weeks.
In our biggest webinar to date, Jari Koivisto talked about Open Source Issues Remediation, Gary O’Neall talked about Community Bridge and SPDX Online Tools and David Wheeler talked about CII Best Practices (the project equivalent of the OpenChain standard). Check out the full recording and the slides below.
Seth Newberry from the Joint Development Foundation joined us to provide an overview of what they do, how it impacts OpenChain, and what it means for other open source and related projects moving forward. As always we had some great comments and questions, and we look forward to getting more over time via our mailing lists and meetings!
This webinar was a live walk-through of the Conformance Questionnaire with example solutions to each question required for OpenChain conformance. It was designed to be immediately useful to any organization considering or undergoing OpenChain conformance.
In this webinar we covered “OpenChain China, Japan, Korea – a discussion on community building” featuring short interviews with Jerry (China), Haksung (Korea) and Fukuchi San (Japan) about local community activity. Our goal was to share knowledge on what has worked, what has not, and how momentum can be kept in these unusual times. We hope these lessons will assist our fellows in Europe and North America while also illustrating some of the key successes in Asia.
This is part of the bi-weekly OpenChain Webinar series. Every two weeks we have international speakers covering a wide range of topics related to practical open source compliance challenges, solutions and considerations.