OSADL is the latest official partner of the OpenChain Project. OpenChain maintains ISO/IEC 5230, the International Standard for open source license compliance.
“The OpenChain Project is delighted to begin our formal relationship with OSADL,” says Shane Coughlan, OpenChain General Manager. “There are thousands of companies operating open source compliance programs across the world, and we are seeing convergence on ISO/IEC 5230 for efficiency, effectiveness and resource optimization. OSADL is well-positioned to help ensure the automation industry will be at the forefront of this development in the coming months and years.”
Carsten Emde, General Manager of OSADL, was delighted when he learned that OSADL was accepted as OpenChain service partner and pointed out: “After having executed a large number of audits and given numerous training courses on open source license compliance, we have learned a fundamental lesson: The most important prerequisite for a company to become license compliant is to establish suitable company processes. OpenChain and OSADL look back on a long shared history of activities to help companies do exactly this. The today’s conclusion of an official partnership between the two organizations is the obvious next step to intensify our cooperation and to improve our services for the good of all.”
About OSADL
The Open Source Automation Development Lab (OSADL) eG is a Germany-based organization intended to promote and coordinate the development of open source software for the machine, machine tool, and automation industry. https://www.osadl.org/
About the OpenChain Project
OpenChain began when a group of open source compliance professionals met in a conference lounge and chatted about how so much duplicative, redundant open source license compliance work was being done inefficiently in the software supply chain simply. They realized that while each company did the same work behind the scenes in a different manner the output for downstream recipients could not realistically be relied on because there was no visibility into the process that generated the output.
The answer the early principles of this discussion arrived at was to standardize open source compliance, make it transparent and build trust across the ecosystem. The project began as outreach to the community with the idea of a new standard for open source license compliance with slides titled, âWhen Conformity is Innovative.â A growing community quickly recognized the value of this approach and contributed to the nascent collaboration soon named The OpenChain Project.
The Linux Foundation, Joint Development Foundation and the OpenChain Project are delighted to announce the publication of ISO/IEC 5230:2020 as an International Standard. Formally known as OpenChain 2.1, ISO/IEC 5230:2020 is a simple, clear and effective process management standard for open source license compliance. It allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program.
Companies around the world can learn more about ISO/IEC 5230:2020, methods of self-certification, independent assessment or third-party certification, as well as access a large library of reference material at: https://www.openchainproject.org
ISO/IEC 5230:2020 is an open standard and all parties are welcome to engage with our community, learn from their peers, share their knowledge, and to contribute to the future of our standard. There is no charge to access and use our reference material, self-certification or to engage with our numerous calls, webinars, mailing lists and meetings.
âISO/IEC 5230:2020 will improve OSS compliance, enhance trust in the supply chain, and reduce friction in transactions. It has been deployed as a de facto standard for four years and fostered exceptional engagement from a diversity of companies across multiple sectors,â says Shane Coughlan, OpenChain General Manager. âOur transition to a formal International Standard as ISO/IEC 5230:2020 marks an important inflection point for OpenChain and open source as a whole. For the first time there is an International Standard that defines open source compliance and process management. We look forward to expanding our community from hundreds to thousands of companies in the coming months, and we look forward to supporting many of these companies access and apply best practice material developed in real world market conditions.”
Toyota is the first company to formally announce conformance to ISO/IEC 5230:2020. Additionally, companies that have an OpenChain 2.0 conformant program will automatically conform with the requirements of ISO/IEC 5230:2020. You can learn more about the Toyota announcement here: https://www.openchainproject.org/featured/2020/12/15/toyota-iso-5230
Arm
âArm joined the OpenChain Project as a founding member because building trust across the supply chain and ensuring IP rights are fully respected has long been one of the highest priorities for Arm,â says Sami Atabani, Director of Third Party IP Licensing at Arm. âEstablishing OpenChain as a formal ISO/IEC International Standard is an important milestone for open source governance as a field, and we look forward to collaborating with our peers and the wider open source community in seeking excellence and efficiency in software delivery.â
BMW CarIT
“At BMW CarIT we continually work on improving the quality of our processes,â says Helio Chissini de Castro, Senior Software Engineer at BMW CarIT. âWe welcome the approval of ISO/IEC 5230:2020 as the right path for the future of software compliance and how companies will perceive it. We are proud to be part of the OpenChain governing board and wider community that make this possible.”
Bosch
âBosch and its affiliates have a firm commitment to quality in all aspects of creating, deploying and supporting solutions and products,â says Hans Malte Kern, Head of the Center of Competence Open Source, Robert Bosch GmbH. âOur engagement with the OpenChain industry standard for open source compliance is part of this larger vision, and we are delighted to see it graduate ISO as a formal International Standard. We now have a global, universal and easily understood mechanism to build increased clarity and trust across the supply chain.â
Cisco
âCisco is honored to partner with an incredible team on the OpenChain project. Earlier this year (June 2020), our conformance with the OpenChainâs latest 2.0 specification for open source compliance has been the needle mover towards streamlining compliance as an indispensable entity across our organization, building Trust and improving overall productivity,â says Prasad Iyer Director, Product Operations at Cisco. âNow with ISO/IEC standardization of this latest OpenChain specification, it really solidifies Ciscoâs commitment to excellence in Open source governance along with OpenChain which is well positioned at the top of the Compliance stack. Weâre sincerely looking forward to our continued collaboration and partnership with all our OpenChain project peers across industry in the successful evolution of more such formal standards in the years ahead.â
Fujitsu
âFujitsu has contributed to the development of OpenChain as an industry standard for several years,â says Yasuko Aoki, Manager of Open Source Software Technology Center, Fujitsu Limited. âOur engagement is part of our broader engagement throughout the supply chain to promote excellence in governance and sustainability in practical deployment. The publication of OpenChain as a formal ISO/IEC International Standard is a significant milestone in the evolution of open source. We are proud of the accomplishment of all the contributors involved, and we look forward to the next steps in ensuring simple, reliable open source license compliance across the world.â
Google
âGoogle has been at the forefront of open source development and the use of open source in business since its inception,â says Max Sills, Lead Open Source Attorney at Google. âOur collaboration with the OpenChain Project has been an important part of supporting greater maturity and predictability in this space. The release of ISO/IEC 5230:2020 provides a clear path to future inter-company collaboration. Defining a standard for quality open source compliance lowers the cost of doing business, and makes it easier for the entire industry to comply with open source obligations.â
Microsoft
âOpenChain has played a leading role in building trust in the open source ecosystem,â said David Rudin, Microsoft Assistant General Counsel. âWhen you receive software that has been produced through an OpenChain conformant program, itâs a great indication that the open source compliance obligations were taken seriously. With Microsoftâs OpenChain conformant program, we are keeping the trust our customers have placed in us to make sure their software is compliant and reducing friction in software transactions. As OpenChain takes the next step of becoming an international standard, weâre looking forward to continuing to advance open source adoption and trust in the community.â
MOXA
âAs the first Taiwanese company working with the OpenChain governing board, our work with the OpenChain Project is part of a larger vision for mature, sustainable open-source governance,â said David Chen, Engineering Director of the Technology & Research Corporate Division at Moxa. âTodayâs announcement is a milestone in building efficiency and trust among companies using open source for innovative products and solutions. We look forward to working with our fellow board members in the deployment of OpenChain as an ISO/IEC International Standard to an audience of thousands of companies in the world.â
OPPO
âAs a member of OpenChain, OPPO is very pleased to see OpenChain being accepted as an ISO/IEC International Standard,â says Andy Wu, Vice President of OPPO and President of Software Engineering. âWe believe this will help to further promote open source compliance. OPPO very much hopes to promote OpenChain with its partners, so that open source compliance becomes more consistent and simple.â
Siemens
âSiemens is a founding member of the OpenChain Project and we have contributed to OpenChain since its beginning. Today we reached an outstanding milestone – the OpenChain specification is now an ISO/IEC International Standard,â says Oliver Fendt, Senior Manager Open Source. âOur engagement with OpenChain is based on a clear understanding that effective governance in open source must be practical, efficient, sustainable and affordable for everyone. With the ISO/IEC Standard we will enter a new stage in the evolution of our collective work, and we look forward to working with our peers in building further trust in the open source supply chain.”
Sony
âSony has been part of the OpenChain industry standard and its related community for a substantial amount of time,â says Hisashi Tamai, SVP, Sony Corporation, representative of the Software Strategy Committee. âWe have had the great pleasure to host the first meeting in Japan and support growth across this nation and abroad in the subsequent years. The publication of OpenChain by ISO as a formal International Standard is an important milestone in our shared mission to ensure excellence in open source. We look forward to working with our fellow board members, our diverse community and our colleagues at ISO in bringing this standard to thousands of new companies across the globe.”
Qualcomm
“This achievement by OpenChain brings into reality the effort that so many across the software ecosystem has recognized for years â that when you can build trust into the open source compliance ecosystem, you create a path towards consistent, efficient, and reliable license compliance,â says Dave Marr, Vice President, Qualcomm Technologies, Inc. “We applaud the many contributors to OpenChain for achieving this terrific milestone, and for collaboratively building the internationally recognized standard for open source license compliance.”
Uber
âUber has supported the development and deployment of the OpenChain industry standard from its early stages to becoming today’s de facto standard,â says Matthew Kuipers, Senior Counsel, Intellectual Property at Uber Technologies. âTodayâs publication as an ISO International Standard is a key milestone in bringing clear, practical and effective open source license compliance to thousands of companies across the supply chain. We look forward to collaborating with our peers in accomplishing this mission and supporting our growing international community.â
Western Digital
âWestern Digital has been part of the development and deployment of the industry standard for open source compliance since its formative years,â says Alan Tse, Associate General Counsel at Western Digital. âTodayâs announcement marks a significant milestone in the maturity of both this standard and the wider field of open source governance. We look forward to working with our fellow board members and the diverse community of community participants in the growing adoption of a single, simple way to identify quality open source compliance programs.â
Global Community Quotes
âToday is the historic day for the OpenChain project and The Linux Foundation that the open standard has become an ISO/IEC standard,â said Masato Endo, Chair of the OpenChain Automotive Work Group. âOpen Source is becoming more and more important in the automotive industry as well. The automotive industry’s supply chain is large and every company in the supply chain needs to manage OSS properly. I believe the OpenChain Specification will be a strong support for companies to build their OSS governance structure. Iâd like to thank David Rudin and members of the JDF community for their efforts in obtaining ISO/IEC. I want to express my gratitude to Mark Gisi, David Marr and all OpenChain community members for their significant contributions to the project. Finally, I congratulate our leader Shane Coughlan on this great achievement!â
About the OpenChain Project
OpenChain began when a group of open source compliance professionals met in a conference lounge and chatted about how so much duplicative, redundant open source license compliance work was being done inefficiently in the software supply chain simply. They realized that while each company did the same work behind the scenes in a different manner the output for downstream recipients could not realistically be relied on because there was no visibility into the process that generated the output.
The answer the early principles of this discussion arrived at was to standardize open source compliance, make it transparent and build trust across the ecosystem. The project began as outreach to the community with the idea of a new standard for open source license compliance with slides titled, âWhen Conformity is Innovative.â A growing community quickly recognized the value of this approach and contributed to the nascent collaboration soon named The OpenChain Project.
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
Leaflet SubGroupã®æŽ»åçŽ¹ä» / Introduction of Leaflet SubGroup acts.
Today, I would like to tell you about the activities of the leaflet group of the OpenChain Project Japan working group. I’m Norio Kobota who is now participating in the OpenChain Project activities as a member of the open source program office of my company, making use of my experience as an engineer in the network security field.
ãªãŒãã¬ããã£ãŠäœ? / What is the leaflet?
The leaflet is a simple guide book which describes useful information when dealing with open source software, available from Reference Material of OpenChain Project. You can obtain the Japanese version from github here. In the OpenChain Project, the difficulty of OSS license compliance in the software supply chain has been emphasized from the beginning, and the members of the Japan Working Group thought that as a means to solve this problem, a simple guidebook that is easy to understand for people in various positions in the enterprise was necessary. After that, with the cooperation of the group members, we were able to provide the Japanese version 2019/04 and the English version 2019/05. The great thing about this leaflet is that it has become global, and thanks to the cooperation of various subgroups, Chinese(Traditional and Simplified) and Vietnamese versions are now available here.
ãªãŒãã¬ãããµãã°ã«ãŒãã£ãŠäœããŠãã®? / What are the activities of the leaflet subgroups.
Because the creation of leaflets was settled last year, there are not many activities such as creating documents rececntly. For this reason, I would like to introduce the activities of (2019) last year. The fact that we were able to create a leaflet that is easy to understand is a great achievement. However, what we think is really important is to increase the number of people with that knowledge, and to have many people use the guidebook when they need it. For this reason, we print leaflets for various lectures and introduce their purpose and necessity. For example, the Open Source Summit/Embedded Linux Conference held by the Linux Foundation, CES which is a festival for electronic devices, and DebConf 2019, which was held in almost the other side of Japan, have introduced and distributed leaflets at various events attended by members of the Japan Working Group.
Due to the effects of the COVID-19, this subgroup activity itself is currently stagnating. However, I would like to invite you to join us. We will do some writing and public relations activities with other subgroups. Tomorrow is OpenChain Spec2.1, 4th introduction by Ninjoji-san. Look forward to it!
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
1. Introduction
Hello. Iâm Masato ENDO. Today, I would like to introduce the topics related to Promotion SG of OpenChain Japan WG.
As you can see in the article on December 6, we found that although awareness of the importance of OSS compliance is gradually increasing, each company is struggling to secure resources. In order to secure resources, it is essential to promote the understanding of executives. Therefore, the Japan Patent Office and the Cabinet Office created “Open source for ALL” as a tool to educate management about the importance of OSS itself, and released it in June. I also participated as a member in the Expert Committee for the preparation of this material. So, I would like to introduce it.
You can access the materials from the links below.(Sorry, Japanese only)
The beginning of the story was that in May 2019, I made a presentation at the Intellectual Property Headquarters Verification, Evaluation, and Planning Committee, which is a policy meeting of Japanese government. At this time, Mr. Nakauchi of the current Imabari City officer, who was at the Intellectual Property Headquarters at that time, was interested in it, and a committee of experts was formed. Therefore, we decided to create OSS enlightenment materials for managers, and we asked Mr. Shinozaki of PwC, who was selected as the secretariat based on discussions at the committee, to compile the materials. It is assumed that this material will be used as it is or arranged for use in internal executives and symposiums in which executives participate. This material is supported not only by Japanese companies but also by foreign companies such as Google, Microsoft, Qualcomm, and Siemens. I introduced these companies to the Committee through OpenChain connection.
3. Interesting information
Here, I will pick up and introduce the topics that I found interesting from the report. In this survey, we conducted a questionnaire to the executives of the system development and software development departments of large companies, mainly non-IT companies, and added analysis from various angles. Among them, what I am paying attention to is the figure below that summarizes the answers to the question “Will the expansion of OSS utilization expand in the future?” As the result, we can confirm that executives in almost all industries responded that they would “expand in the future.” On the other hand, in this report “It became clear that the approach to OSS was individual-dependent and that activity was sluggish overall.” From the perspective of promoting DX, it is thought that the issue for Japanese companies will be how to systematically handle OSS in the future. Overseas, it is becoming a trend to establish OSPO (Open Source Compliance Office), which is a specialized organization that formulates OSS utilization strategies and rules regardless of the type of industry. At OpenChain, we have accumulated the know-how of leading companies overseas and in Japan, so if you have a need to deepen understanding within the company, please let us know! The project will support you free of charge. (I also explained the importance of OSS community activities to the CTO of a IT company in such a context.)
4. Tomorrow’s theme is …
Tomorrow, Kobota-san will introduce the activities of Leaflet SG, which is creating an enlightenment leaflet for OSS compliance. This leaflet has been distributed free of charge at events around the world such as CES2020 and has been very well received. Stay tuned!
1. ã¯ããã«
ããã«ã¡ã¯ã äžåºŠç»å Žã®é è€ã§ãã æ¬æ¥ã¯OpenChain Japan WGã®Promotion SGé¢é£ã®ãããã¯ã玹ä»ããŸãã
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
OpenChain Specification v2.1, Clause 2.
Today I am writing about the third part of the OpenChain Specification v2.1 Chap 3.2 (that is under the ISO/IEC pending). If you want to know the OpenChain Spec correctly, please read the original documents from the linke at the end of this page.
Chapter 3.2.1 is about dealing with external inquiries, and requires that a third party has a reasonable path to contact the organization for OSS license compliance, and that the organization is prepared to respond to such inquiries.
Chapter 3.2.2 is about resources. Adequate staffing and resources should be allocated to compliance program-related roles, legal experts should be assigned, and a process for resolving concerns should be maintained.
OSS license compliance will continue to become more important, but it is necessary to make executives aware of its importance in order to ensure resources are available.
Tomorrow, Mr. Endo of Promotion SG will share with us some examples of such educational activities conducted for the public and private entities.
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
Introduction of FAQ subgroup
Today, I would like to introduce the FAQ subgroup of the OpenChain Japan WG.
The members of the FAQ subgroup are consist of those who are in charge of OSS license consultation and license compliance support at each company / organization, those who are not in charge but are volunteer-based, and those who are about to start studying OSS licenses or those who are just starting (<-this is important).
There are various QA candidates, such as those that the members actually consulted, those that the members wondered, and those that are generally misunderstood.
How to make QA
To create a QA, first create a base for Questions and Answers using Slack and give your opinion. After that, the QA will be finalized by making corrections at a meeting (which used to be actually gathered, but recently it is online in view of recent circumstances). (<- This is actually the most fun because we have a lot of opinions and discussions.) Then, after confirming with the attorney attorney, we will publish it.
In this way, each QA is verified and nurtured from the perspectives of various companies, organizations, and roles, so I think that the QA collection is relatively homogeneous and has few mistakes.
It’s been about 10 years since I was involved in OSS licensing, but I’m still studying through this FAQ subgroup every time. In particular, I often get noticed from the perspectives and opinions of companies whose business types are different from those of my company. People who participated for the purpose of studying also commented, “I am studying because I am trying to convey it in an easy-to-understand manner.” and “I will be able to understand by listening to the discussion.” and so on.
Conclusion
It’s been about 10 years since I was engaged in OSS license compliance, but I still study through this FAQ subgroup every time. In particular, I often get noticed from the perspectives and opinions of companies whose business types are different from those of my company. People who participated for the purpose of studying also commented, “I am studying because I am trying to convey it in an easy-to-understand manner.” and “I will be able to understand by listening to the discussion.” and so on.
If you are interested in the activities of the FAQ subgroup, please join us at any time. Those who want to participate by trial rather than immediately, and those who can not contribute much to the creation of FAQ but want to participate for study purposes are also welcome. For details, please contact japan-sg-faq@lists.openchainproject.org.
FAQãµãã°ã«ãŒãã®çŽ¹ä»
æ¬æ¥ã¯ãOpenChain Japan WGã®FAQãµãã°ã«ãŒãã«ã€ããŠã玹ä»ããŸãã
We heard from Michael G. Poe, a newcomer to the world of Open Source Compliance and current Sales Manager with FossID. He shared his thoughts on his surprising journey from consumer products to software, and how the underlying principles of the open source community have enabled him along the way.
Michael also touched on what he believes can be some of the challenges to the frictionless adoption of OpenChain conformance. And lastly, based on his experiences and learning agenda thus far, what are some areas that can be improved when it comes to Open Source, Compliance, and the tech industry in general.
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
Today, we will introduce the contents of the OpenChain spec v2.1 (Chapter 1.4-1.5).
Chapter 1.4 is about the scope of the OSS Compliance Program. Th e OSS compliance program gives you the freedom to choose whether it covers your entire organization or just some product lines.
Chapter 1.5 is a chapter on reviewing each OSS license within your organization. Organizations should establish a process for reviewing and documenting OSS license obligations, restrictions, and rights for each use case. Reviewing OSS licenses in Chapter 1.5 is a very important task for an organization, but a difficult task for an unfamiliar organization. Therefore, the FAQ subgroup of the Japan WG is working to publish “common misunderstanding FAQs related to OSS licenses” together.
Tomorrow we will introduce the activities of this FAQ subgroup.
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
The research team in OpenChain Japan WG about OSS compliance made academic presentations at two conferences, âIntellectual Property Association of Japanâ and âJapan Society for Research Policy and Innovation Managementâ in 2020.
Today, I would like to introduce the “Framework for Skill Standards on OSS Compliance” presented at âIntellectual Property Association of Japanâ.
Necessity of skill standards for OSS compliance
Work related to OSS compliance is complex and needs to be carried out in cooperation with various departments in the company, such as development and intellectual property departments.
On the other hand, OSS-related tasks are often relatively new to the people in each department, and therefore, in order to promote human resource development, we have developed a systematic index to clarify and systematize the skills required to perform these tasks. In other words, we thought a “skill standard” was necessary.
The skill standard framework for OSS compliance
The table below shows the framework of skill standards about OSS compliance. On the left side, tasks related to OSS compliance are extracted for each of planning, development, and maintenance (operation) of the system, and on the right side, tasks to be handled by each department are organized.
In this presentation, we have only presented the overall picture above. In the future, we will further subdivide each task, and organize the skills required to perform each task and the evaluation method.
Finally
The OpenChain Specification 2.0, which was adopted by the ISO, also defines the roles, responsibilities, and suitability of personnel to achieve OSS compliance in Chapter 1.2, and specifies that the results of the suitability assessment must be retained. (Article link.)
However, OpenChain does not mention the specific items and indices of what roles each department should play and how to evaluate each person in charge, and it is left to each company to decide. We hope to create a tool that can be used to facilitate compliance work.
Tomorrow, Mr. Shima of FAQ SG will introduce the contents of chapter 1.4 to 1.5 in OpenChain.
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
Yoshitaka Iwata of Hitachi, Ltd. will be on duty for the Advent calendar on December 8th. I am the leader of the “Educational Materials for Role” SWG of the Open Chain Japan WG. Thank you in advance. By the way, what are you careful about when using OSS? Also, what kind of structure and content will you use when conducting education for using OSS within the company or team? What should software developers know to use OSS need? In order to answer these questions, I decided to think about what kind of educational materials would be good for each role related to OSS. The following content is, of course, based on the Open Chain specifications and curriculum.
Collection and analysis of education cases It seems that some companies have been educating on OSS even before the establishment of Open Chain. Therefore, we investigated the system, target member, form (lectures, group training, e-learning, material browsing, etc.), timing, and the existence of the English version of four companies. We analyzed the table of contents of each education and the outline of chapters / sections, and summarized the structure for software developers. The structure example is as follows. (1) What is OSS? (2) Intellectual property rights (3) OSS license (4) OSS compliance program (5) Examination when introducing OSS (6) OSS review (7) OSS distribution (8) Summary (9) Contact information (10) References / organizations First of all, we targeted software developers because we thought that software developers would be the first to use OSS internally or within a team.
Development of examples of specific educational materials Actually specific examples of educational materials for software developers were examined by the “Educational materials for Role” SWG. (1) What is OSS? Considering software developers who have never used OSS, how about telling them about general OSS definitions, usage examples of OSS in the target business (different for each business targeted by the company or team), the advantages and disadvantages of using OSS, and others? (2) Intellectual property rights In particular, intellectual property rights related to OSS include copyrights and patent rights. Since OSS is software, each OSS is copyrighted. Copyright means the right to modify, distribute, and copy. I hope you can explain these things in an easy-to-understand manner. (3) OSS license Why don’t you explain copyright rights obtained by the OSS license compliance(in other words, it is necessary to protect the OSS license in order to modify, distribute), examples of OSS licenses, permissive OSS licenses, copyleft and reciprocal OSS licenses, etc? (4) OSS compliance program The Open Chain specification recommends creating an OSS compliance program consisting of policies, processes, training, tools, etc. First, let’s share the policy for using OSS within the company and within the team. (The policy may differ depending on the use cases of target businesses.) Next, let’s show the organization related to OSS and the role of each member related to OSS. Then explain how OSS-related processes (OSS listing, OSS review, OSS distribution review) are incorporated into our software development process. (5) Examination at the time of introduction Let’s explain the points to be noted in the characteristics of the license and the points to be noted regarding intellectual property rights (patent rights, etc.). (6) OSS review Let’s explain the information collected in the OSS review, the content of the review, the available tools, and others. (7) OSS distribution Let’s explain what precess will be applied to distribute OSS in the target business form, including examples. Also, explain the implications of improper use of OSS and lack of license information in the software supply chain. (8) Summary (9) Contact information (10) References / organizations I think that (9) to (10) are effective for deepening the understanding of OSS within the company and the team.
Then, especially if (2) and (3) are explained to software by using analogy to legal terms that are common within the company and within the team, software developers will understand more easily. Also, in (4) to (7), if you explain by applying it to the system within the company or team and the software development process actually used, I think that you can deepen the understanding of software developers. Please devise.
Tomorrow, tech_nomad_ will talk by the title “Framework for Skill Standards on OSS Compliance”. Among the roles related to the use of OSS, what kind of skills each person in each role should have is a difficult theme, isn’t it? I am also very interested in this theme and am looking forward to it.
