The Linux Foundation Projects
Skip to main content
Category

News

OpenChain Welcomes OSADL As An Official Partner

By News

OSADL is the latest official partner of the OpenChain Project. OpenChain maintains ISO/IEC 5230, the International Standard for open source license compliance.

“The OpenChain Project is delighted to begin our formal relationship with OSADL,” says Shane Coughlan, OpenChain General Manager. “There are thousands of companies operating open source compliance programs across the world, and we are seeing convergence on ISO/IEC 5230 for efficiency, effectiveness and resource optimization. OSADL is well-positioned to help ensure the automation industry will be at the forefront of this development in the coming months and years.”

Carsten Emde, General Manager of OSADL, was delighted when he learned that OSADL was accepted as OpenChain service partner and pointed out: “After having executed a large number of audits and given numerous training courses on open source license compliance, we have learned a fundamental lesson: The most important prerequisite for a company to become license compliant is to establish suitable company processes. OpenChain and OSADL look back on a long shared history of activities to help companies do exactly this. The today’s conclusion of an official partnership between the two organizations is the obvious next step to intensify our cooperation and to improve our services for the good of all.”

About OSADL

The Open Source Automation Development Lab (OSADL) eG is a Germany-based organization intended to promote and coordinate the development of open source software for the machine, machine tool, and automation industry. https://www.osadl.org/

About the OpenChain Project

OpenChain began when a group of open source compliance professionals met in a conference lounge and chatted about how so much duplicative, redundant open source license compliance work was being done inefficiently in the software supply chain simply. They realized that while each company did the same work behind the scenes in a different manner the output for downstream recipients could not realistically be relied on because there was no visibility into the process that generated the output.

The answer the early principles of this discussion arrived at was to standardize open source compliance, make it transparent and build trust across the ecosystem. The project began as outreach to the community with the idea of a new standard for open source license compliance with slides titled, “When Conformity is Innovative.” A growing community quickly recognized the value of this approach and contributed to the nascent collaboration soon named The OpenChain Project.

OpenChain 2.1 is ISO/IEC 5230:2020, the International Standard for open source compliance.

By Featured, News

The Linux Foundation, Joint Development Foundation and the OpenChain Project are delighted to announce the publication of ISO/IEC 5230:2020 as an International Standard. Formally known as OpenChain 2.1, ISO/IEC 5230:2020 is a simple, clear and effective process management standard for open source license compliance. It allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program.

Companies around the world can learn more about ISO/IEC 5230:2020, methods of self-certification, independent assessment or third-party certification, as well as access a large library of reference material at: https://www.openchainproject.org

ISO/IEC 5230:2020 is an open standard and all parties are welcome to engage with our community, learn from their peers, share their knowledge, and to contribute to the future of our standard. There is no charge to access and use our reference material, self-certification or to engage with our numerous calls, webinars, mailing lists and meetings.

“ISO/IEC 5230:2020 will improve OSS compliance, enhance trust in the supply chain, and reduce friction in transactions. It has been deployed as a de facto standard for four years and fostered exceptional engagement from a diversity of companies across multiple sectors,” says Shane Coughlan, OpenChain General Manager. “Our transition to a formal International Standard as ISO/IEC 5230:2020 marks an important inflection point for OpenChain and open source as a whole. For the first time there is an International Standard that defines open source compliance and process management. We look forward to expanding our community from hundreds to thousands of companies in the coming months, and we look forward to supporting many of these companies access and apply best practice material developed in real world market conditions.”

Toyota is the first company to formally announce conformance to ISO/IEC 5230:2020. Additionally, companies that have an OpenChain 2.0 conformant program will automatically conform with the requirements of ISO/IEC 5230:2020. You can learn more about the Toyota announcement here:
https://www.openchainproject.org/featured/2020/12/15/toyota-iso-5230

Arm

“Arm joined the OpenChain Project as a founding member because building trust across the supply chain and ensuring IP rights are fully respected has long been one of the highest priorities for Arm,” says Sami Atabani, Director of Third Party IP Licensing at Arm. “Establishing OpenChain as a formal ISO/IEC International Standard is an important milestone for open source governance as a field, and we look forward to collaborating with our peers and the wider open source community in seeking excellence and efficiency in software delivery.”

BMW CarIT

“At BMW CarIT we continually work on improving the quality of our processes,” says Helio Chissini de Castro, Senior Software Engineer at BMW CarIT. “We welcome the approval of ISO/IEC 5230:2020 as the right path for the future of software compliance and how companies will perceive it. We are proud to be part of the OpenChain governing board and wider community that make this possible.”

Bosch

“Bosch and its affiliates have a firm commitment to quality in all aspects of creating, deploying and supporting solutions and products,” says Hans Malte Kern, Head of the Center of Competence Open Source, Robert Bosch GmbH. “Our engagement with the OpenChain industry standard for open source compliance is part of this larger vision, and we are delighted to see it graduate ISO as a formal International Standard. We now have a global, universal and easily understood mechanism to build increased clarity and trust across the supply chain.”

Cisco

“Cisco is honored to partner with an incredible team on the OpenChain project. Earlier this year (June 2020), our conformance with the OpenChain’s latest 2.0 specification for open source compliance has been the needle mover towards streamlining compliance as an indispensable entity across our organization, building Trust and improving overall productivity,” says Prasad Iyer Director, Product Operations at Cisco. “Now with ISO/IEC standardization of this latest OpenChain specification, it really solidifies Cisco’s commitment to excellence in Open source governance along with OpenChain which is well positioned at the top of the Compliance stack. We’re sincerely looking forward to our continued collaboration and partnership with all our OpenChain project peers across industry in the successful evolution of more such formal standards in the years ahead.”

Fujitsu

“Fujitsu has contributed to the development of OpenChain as an industry standard for several years,” says Yasuko Aoki, Manager of Open Source Software Technology Center, Fujitsu Limited. “Our engagement is part of our broader engagement throughout the supply chain to promote excellence in governance and sustainability in practical deployment. The publication of OpenChain as a formal ISO/IEC International Standard is a significant milestone in the evolution of open source. We are proud of the accomplishment of all the contributors involved, and we look forward to the next steps in ensuring simple, reliable open source license compliance across the world.”

Google

“Google has been at the forefront of open source development and the use of open source in business since its inception,” says Max Sills, Lead Open Source Attorney at Google. “Our collaboration with the OpenChain Project has been an important part of supporting greater maturity and predictability in this space. The release of ISO/IEC 5230:2020 provides a clear path to future inter-company collaboration. Defining a standard for quality open source compliance lowers the cost of doing business, and makes it easier for the entire industry to comply with open source obligations.”

Microsoft

“OpenChain has played a leading role in building trust in the open source ecosystem,” said David Rudin, Microsoft Assistant General Counsel. “When you receive software that has been produced through an OpenChain conformant program, it’s a great indication that the open source compliance obligations were taken seriously. With Microsoft’s OpenChain conformant program, we are keeping the trust our customers have placed in us to make sure their software is compliant and reducing friction in software transactions. As OpenChain takes the next step of becoming an international standard, we’re looking forward to continuing to advance open source adoption and trust in the community.”

MOXA

“As the first Taiwanese company working with the OpenChain governing board, our work with the OpenChain Project is part of a larger vision for mature, sustainable open-source governance,” said David Chen, Engineering Director of the Technology & Research Corporate Division at Moxa. “Today’s announcement is a milestone in building efficiency and trust among companies using open source for innovative products and solutions. We look forward to working with our fellow board members in the deployment of OpenChain as an ISO/IEC International Standard to an audience of thousands of companies in the world.”

OPPO

“As a member of OpenChain, OPPO is very pleased to see OpenChain being accepted as an ISO/IEC International Standard,” says Andy Wu, Vice President of OPPO and President of Software Engineering. “We believe this will help to further promote open source compliance. OPPO very much hopes to promote OpenChain with its partners, so that open source compliance becomes more consistent and simple.”

Siemens

“Siemens is a founding member of the OpenChain Project and we have contributed to OpenChain since its beginning. Today we reached an outstanding milestone – the OpenChain specification is now an ISO/IEC International Standard,” says Oliver Fendt, Senior Manager Open Source. “Our engagement with OpenChain is based on a clear understanding that effective governance in open source must be practical, efficient, sustainable and affordable for everyone. With the ISO/IEC Standard we will enter a new stage in the evolution of our collective work, and we look forward to working with our peers in building further trust in the open source supply chain.”

Sony

“Sony has been part of the OpenChain industry standard and its related community for a substantial amount of time,” says Hisashi Tamai, SVP, Sony Corporation, representative of the Software Strategy Committee. “We have had the great pleasure to host the first meeting in Japan and support growth across this nation and abroad in the subsequent years. The publication of OpenChain by ISO as a formal International Standard is an important milestone in our shared mission to ensure excellence in open source. We look forward to working with our fellow board members, our diverse community and our colleagues at ISO in bringing this standard to thousands of new companies across the globe.”

Qualcomm

“This achievement by OpenChain brings into reality the effort that so many across the software ecosystem has recognized for years – that when you can build trust into the open source compliance ecosystem, you create a path towards consistent, efficient, and reliable license compliance,” says Dave Marr, Vice President, Qualcomm Technologies, Inc. “We applaud the many contributors to OpenChain for achieving this terrific milestone, and for collaboratively building the internationally recognized standard for open source license compliance.”

Uber

“Uber has supported the development and deployment of the OpenChain industry standard from its early stages to becoming today’s de facto standard,” says Matthew Kuipers, Senior Counsel, Intellectual Property at Uber Technologies. “Today’s publication as an ISO International Standard is a key milestone in bringing clear, practical and effective open source license compliance to thousands of companies across the supply chain. We look forward to collaborating with our peers in accomplishing this mission and supporting our growing international community.”

Western Digital

“Western Digital has been part of the development and deployment of the industry standard for open source compliance since its formative years,” says Alan Tse, Associate General Counsel at Western Digital. “Today’s announcement marks a significant milestone in the maturity of both this standard and the wider field of open source governance. We look forward to working with our fellow board members and the diverse community of community participants in the growing adoption of a single, simple way to identify quality open source compliance programs.”

Global Community Quotes

“Today is the historic day for the OpenChain project and The Linux Foundation that the open standard has become an ISO/IEC standard,” said Masato Endo, Chair of the OpenChain Automotive Work Group. “Open Source is becoming more and more important in the automotive industry as well. The automotive industry’s supply chain is large and every company in the supply chain needs to manage OSS properly. I believe the OpenChain Specification will be a strong support for companies to build their OSS governance structure. I’d like to thank David Rudin and members of the JDF community for their efforts in obtaining ISO/IEC. I want to express my gratitude to Mark Gisi, David Marr and all OpenChain community members for their significant contributions to the project. Finally, I congratulate our leader Shane Coughlan on this great achievement!”

About the OpenChain Project

OpenChain began when a group of open source compliance professionals met in a conference lounge and chatted about how so much duplicative, redundant open source license compliance work was being done inefficiently in the software supply chain simply. They realized that while each company did the same work behind the scenes in a different manner the output for downstream recipients could not realistically be relied on because there was no visibility into the process that generated the output.

The answer the early principles of this discussion arrived at was to standardize open source compliance, make it transparent and build trust across the ecosystem. The project began as outreach to the community with the idea of a new standard for open source license compliance with slides titled, “When Conformity is Innovative.” A growing community quickly recognized the value of this approach and contributed to the nascent collaboration soon named The OpenChain Project.

OpenChain Advent Calendar Day #14 – OpenChain Japan Working – Leaflet SubGroup

By News

This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.

Leaflet SubGroupの掻動玹介 / Introduction of Leaflet SubGroup acts.

今幎も残すずころ埌半月ずなりたした。今日は、ネットワヌク・セキュリティ系の゚ンゞニアの経隓を掻かし、今は自瀟でオヌプン゜ヌスプログラムオフィスの䞀員ずしお、OpenChain Projectの掻動に参加させおいただいおいる小保田が、OpenChain Project 日本グルヌプのleafletグルヌプの掻動に぀いお、少しご玹介させおいただきたす。

Today, I would like to tell you about the activities of the leaflet group of the OpenChain Project Japan working group. I’m Norio Kobota who is now participating in the OpenChain Project activities as a member of the open source program office of my company, making use of my experience as an engineer in the network security field.

リヌフレットっお䜕? / What is the leaflet?

リヌフレットは、OpenChain ProjectのReference Materialから取埗可胜な、オヌプン゜ヌス゜フトりェアを取り扱う際の泚意事項に぀いお蚘述された簡単なガむドブックです。日本語版は、こちらのgithubより取埗できたす。
OpenChain Projectにおいおは圓初より、その゜フトりェアサプラむチェヌンにおけるOSSラむセンスコンプラむアンスの難しさが重芁芖されおおり、それを解決する䞀぀の手段ずしお、䌁業における様々な立堎の方々にずっお、分かり易い簡単なガむドブックが必芁だず、Japan Working Groupのメンバは考えたした。
その埌、グルヌプメンバヌの協力の元、2019/04 日本語版、2019/05 英語版をJapan Working Groupより提䟛するこずが出来たした。たた玠晎らしいこずに、このリヌフレットは䞖界䞭で必芁ずされるこずずなり、各囜のサブグルヌプの協力の元、今では、䞭囜語(繁䜓字、簡䜓字)、ベトナム語ぞの翻蚳も枈んでいたす。

The leaflet is a simple guide book which describes useful information when dealing with open source software, available from Reference Material of OpenChain Project. You can obtain the Japanese version from github here.
In the OpenChain Project, the difficulty of OSS license compliance in the software supply chain has been emphasized from the beginning, and the members of the Japan Working Group thought that as a means to solve this problem, a simple guidebook that is easy to understand for people in various positions in the enterprise was necessary.
After that, with the cooperation of the group members, we were able to provide the Japanese version 2019/04 and the English version 2019/05The great thing about this leaflet is that it has become global, and thanks to the cooperation of various subgroups, Chinese(Traditional and Simplified) and Vietnamese versions are now available here.

リヌフレットサブグルヌプっお䜕しおるの? / What are the activities of the leaflet subgroups.

リヌフレット䜜成が昚幎で䞀通り萜ち着いたこずもあり、䜕かドキュメントを䜜成したりずいった掻動は、最近は殆どありたせん。そのため、昚幎(2019)の掻動を少し、玹介させおいただきたいず思いたす。
分かり易いリヌフレットが䜜成できた、ずいう事実はずおも倧きなものですが、本来、私たちが掚進したいこず、必芁だず考えおいるこずは、その知識を持぀方々を増やすこずであり、倚くの方がガむドブックを必芁ずする時に利甚しおいただくこずです。その為、私たちは様々な講挔䌚などの堎に、リヌフレットを印刷しお持ちこみ、その目的ず必芁性を䌝えおいたす。
䟋えば、Linux Foundationが開催するOpen Source Summit/Embedded Linux Conferenceや、電子機噚の祭兞である、CES、果おは日本のほが裏偎で開催されたDebConf 2019など、それぞれが䞻業務などで参加する様々なむベントにこのリヌフレットを持ち蟌み、玹介するず共にリヌフレットの配垃を行っおいたす。

Because the creation of leaflets was settled last year, there are not many activities such as creating documents rececntly. For this reason, I would like to introduce the activities of (2019) last year.
The fact that we were able to create a leaflet that is easy to understand is a great achievement. However, what we think is really important is to increase the number of people with that knowledge, and to have many people use the guidebook when they need it. For this reason, we print leaflets for various lectures and introduce their purpose and necessity.
For example, the Open Source Summit/Embedded Linux Conference held by the Linux Foundation, CES which is a festival for electronic devices, and DebConf 2019, which was held in almost the other side of Japan, have introduced and distributed leaflets at various events attended by members of the Japan Working Group.

これから / Future

コロナ犍の圱響もあり、今は掻動自䜓は停滞䞭です。しかし、今埌たた執筆掻動や広報掻動を他のサブグルヌプず䞀緒に行っおいくず思いたすので、ご興味のある方は是非、ご参加ください。
明日は、忍頂寺さんによる、OpenChain Spec2.1の内容玹介 第4匟です。お楜しみに!

Due to the effects of the COVID-19, this subgroup activity itself is currently stagnating. However, I would like to invite you to join us. We will do some writing and public relations activities with other subgroups.
Tomorrow is OpenChain Spec2.1, 4th introduction by Ninjoji-san. Look forward to it!

OpenChain Advent Calendar Day #13 – Opensource for ALL

By News

This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.

1. Introduction

Hello. I’m Masato ENDO.
Today, I would like to introduce the topics related to Promotion SG of OpenChain Japan WG.

As you can see in the article on December 6, we found that although awareness of the importance of OSS compliance is gradually increasing, each company is struggling to secure resources.
In order to secure resources, it is essential to promote the understanding of executives.
Therefore, the Japan Patent Office and the Cabinet Office created “Open source for ALL” as a tool to educate management about the importance of OSS itself, and released it in June.
I also participated as a member in the Expert Committee for the preparation of this material.
So, I would like to introduce it.

You can access the materials from the links below.(Sorry, Japanese only)

・ Executive Summary of enlightenment tools (presentation materials)
・ Detailed report

2. Background of realization

The beginning of the story was that in May 2019, I made a presentation at the Intellectual Property Headquarters Verification, Evaluation, and Planning Committee, which is a policy meeting of Japanese government.
At this time, Mr. Nakauchi of the current Imabari City officer, who was at the Intellectual Property Headquarters at that time, was interested in it, and a committee of experts was formed.
Therefore, we decided to create OSS enlightenment materials for managers, and we asked Mr. Shinozaki of PwC, who was selected as the secretariat based on discussions at the committee, to compile the materials.
It is assumed that this material will be used as it is or arranged for use in internal executives and symposiums in which executives participate.
This material is supported not only by Japanese companies but also by foreign companies such as Google, Microsoft, Qualcomm, and Siemens.
I introduced these companies to the Committee through OpenChain connection.

3. Interesting information

Here, I will pick up and introduce the topics that I found interesting from the report.
In this survey, we conducted a questionnaire to the executives of the system development and software development departments of large companies, mainly non-IT companies, and added analysis from various angles.
Among them, what I am paying attention to is the figure below that summarizes the answers to the question “Will the expansion of OSS utilization expand in the future?”
As the result, we can confirm that executives in almost all industries responded that they would “expand in the future.”
On the other hand, in this report “It became clear that the approach to OSS was individual-dependent and that activity was sluggish overall.”
From the perspective of promoting DX, it is thought that the issue for Japanese companies will be how to systematically handle OSS in the future.
Overseas, it is becoming a trend to establish OSPO (Open Source Compliance Office), which is a specialized organization that formulates OSS utilization strategies and rules regardless of the type of industry.
At OpenChain, we have accumulated the know-how of leading companies overseas and in Japan, so if you have a need to deepen understanding within the company, please let us know! The project will support you free of charge.
(I also explained the importance of OSS community activities to the CTO of a IT company in such a context.)

4. Tomorrow’s theme is …

Tomorrow, Kobota-san will introduce the activities of Leaflet SG, which is creating an enlightenment leaflet for OSS compliance.
This leaflet has been distributed free of charge at events around the world such as CES2020 and has been very well received.
Stay tuned!

1. はじめに

こんにちは。
䞉床登堎の遠藀です。
本日はOpenChain Japan WGのPromotion SG関連のトピックを玹介したす。

12/6の蚘事にもありたすように、OSSコンプラむアンスの重芁性ぞの認識は少しづ぀高たっおいるものの、
各瀟がリ゜ヌセスの確保に苊劎しおいるこずがわかりたした。
リ゜ヌセスを確保するためには、経営局の理解の促進が必須であるず蚀えたす。
そこで、経営局にOSSそのものの重芁性も含めた啓発を行うためのツヌルずしお「Opensource for ALL」を特蚱庁・内閣府が䜜成し、6月にリリヌスされたした。
私も委員ずしお本資料䜜成のための有識者委員䌚に参加したしたので、実珟の経緯も含め玹介させお頂きたす。

資料ぞは以䞋のリンクからアクセスできたす。

・啓発ツヌルプレれン資料のExective Summary
・詳现レポヌト

2. 実珟の経緯

話の発端は、2019幎の5月に私が政策䌚議である知的財産本郚怜蚌・評䟡・䌁画委員䌚でプレれンさせお頂いたこずです。この際、圓時知的財産本郚にいらっしゃった珟今治垂の䞭内さんに関心を持っお頂き、有識者委員䌚が結成されたした。
そこで経営者向けのOSS啓発資料を䜜ろうずいうこずになり、委員䌚での議論を基に、
事務局に遞出されたPwCの篠厎さん䞭心に資料をたずめお頂きたした。
この資料をそのたた、若しくはアレンゞしお瀟内の経営局や、経営局が参加するシンポゞりム等で利甚するこずを想定しおいたす。
本資料には日本䌁業だけでなく、GoogleやMicrosoft、Qualcomm、シヌメンスなどの倖囜䌁業にも協力頂いおたすが、
これらの䌁業はOpenChain぀ながりで私から事務局に玹介させお頂きたした。


出兞https://www.jpo.go.jp/resources/report/takoku/document/zaisanken_kouhyou/2019_06_2.pdf

3. 興味深い情報

基本的には䞊蚘リンクからレポヌトをご参照頂きたいず思いたすが、
ここではその䞭から私が興味深いず思ったペヌゞをピックアップしお玹介したす。
本調査では非IT䌁業を䞻ずする倧䌁業のシステム開発・゜フトり゚ア開発郚門の幹郚局ぞのアンケヌトを実斜し、
様々な角床から分析を加えおいたす。
その䞭で私が泚目しおいるのは、「OSSの利掻甚の拡倧が今床拡倧するか」ずいう質問に察する回答をたずめた䞋蚘の図です。

ex02.gif

出兞https://www.jpo.go.jp/resources/report/takoku/document/zaisanken_kouhyou/2019_06_1.pdf

これを芋るず、ほがすべおの業皮の幹郚が「今埌拡倧する」ずいう旚の回答を行っおいるこずがわかりたす。
その䞀方、本レポヌトでは
「OSSに察する取組が個人に䟝存し、か぀、党䜓ずしお掻動が䜎調であるこずが明らかずなった。」
ずいう蚘茉があり、DX掚進の芳点からも今埌いかにしお組織的にOSSに取り組んでいくのかが、日本䌁業の課題になっおいくず考えられたす。
海倖では業皮問わずOSSの利掻甚戊略策定やルヌル䜜りを行う専門組織であるOSPO(Open Source Compliance Office)を蚭眮するこずがトレンドになっおきおたす。
OpenChainでは、海倖や囜内の先進䌁業のノりハりを蓄積しおいたすので、瀟内の理解を深めたいずいうニヌズをお持ちの方は是非お声がけくださいプロゞェクトが無償で支揎いたしたす。
私も、そのような文脈で某IT䌁業のCTOにOSSコミュニティ掻動の重芁性をご説明させお頂いたこずもありたす。

4. 明日のテヌマは・・・

明日は、OSSコンプラの啓発リヌフレットを䜜成しおいるリヌフレットSGの掻動に぀いお小保田さんから玹介頂きたす。
このリヌフレットはCESなど䞖界䞭のむベントで無償配垃され、倧奜評頂いおいるものです。
乞うご期埅

OpenChain Advent Calendar Day #12 – Commentary of spec v2.1 vol.3, §3.2

By News

This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.

OpenChain Specification v2.1, Clause 2.

Today I am writing about the third part of the OpenChain Specification v2.1 Chap 3.2 (that is under the ISO/IEC pending). If you want to know the OpenChain Spec
correctly, please read the original documents from the linke at the end of this page.

Chapter 3.2.1 is about dealing with external inquiries, and requires that a third party has a reasonable path to contact the organization for OSS license compliance, and that the organization is prepared to respond to such inquiries.

Chapter 3.2.2 is about resources. Adequate staffing and resources should be allocated to compliance program-related roles, legal experts should be assigned, and a process for resolving concerns should be maintained.

OSS license compliance will continue to become more important, but it is necessary to make executives aware of its importance in order to ensure resources are available.

Tomorrow, Mr. Endo of Promotion SG will share with us some examples of such educational activities conducted for the public and private entities.

Resources (Links) / 関連リンク

OpenChain Specification v2.1 の玹介 §3.2

本日は、ISO/IECに申請䞭のOpenChain Specification v2.1の䞭身の玹介第3匟2章です。著者の適圓な和蚳ですので、本栌的にOpenChain Specを知りたい方は巻末のリンクより原文をお読みください。

たた、このペヌゞから芋た方は OpenChain Japan Advent Calendar 2020 ã‚ˆã‚Šä»–の蚘事もご芧ください。他の章や関連する情報が曞かれおいたす。

§3.2 Relevant Tasks Defined and Supported

2章では、OSS に関連する業務の定矩ずそれを実行するための支揎に関する内容が曞かれおいたす。倧きくは2぀です。

§3.2.1 Access

2.1章は、”Access”ずいう章題で、倖郚からの問い合わせ察応に関する章です。

  1. 倖郚からOSSに関する問合せるための方法たずえば専甚のメヌルアドレスずかが公開されおいる。
  2. 問い合わせがあったずきにどう回答するかの手続きを芏定した文章が組織内郚にある。

ずいったこずが芏定されおいたす。぀たり、OSSラむセンスコンプラむアンスに関しお第䞉者がその組織にコンタクトできる合理的な手段があり、たたその組織が圓該問合せに察しおきちんず察応するように準備がされおいる必芁がありたす。

§3.2.1 Effectively resourced

2.2章は、”Effectively resourced”ずいう章題で、リ゜ヌスに関する章です。

コンプラむアンスプログラム関連圹割ぞの適切な人員・十分な掻動資源の割り圓お、法埋専門家のアサむン、懞案事項解決プロセスの敎備を行うこずが必芁です。
OSSラむセンスコンプラむアンスは今埌もより重芁になっおくるものであるず考えられたすが、リ゜ヌスを確保するためには、経営局にその重芁性を認識しお頂く必芁がありたす。぀たり、

  1. コンプラむアンスプログラムの業務が明確で確実に実行するために圹割担圓組織が決たっおいる
  2. 業務を実行する時間ず十分な予算が配分されおいる
  3. ポリシヌず支揎業務に関しお、レビュヌしお曎新するプロセスがある
  4. 必芁なずきにオヌプン゜ヌスのコンプラむアンスに぀いお法的な内容を話し合える専門家がいるすぐ話せる盞手がいる
  5. オヌプン゜ヌスのコンプラむアンス問題が発生した際に、それを解決するためのプロセスが芏定されおいる

ずいったこずを満たす必芁がありたす。

぀づく

明日は、そのような啓発掻動を官民で行った䟋に぀いお、Promotion SGの遠藀さんから玹介いただきたす。

OpenChain Advent Calendar Day #11 – OpenChain Japan WG – FAQサブグルヌプの玹介

By News

This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.

Introduction of FAQ subgroup

Today, I would like to introduce the FAQ subgroup of the OpenChain Japan WG.

FAQ Subgroup Activities

The FAQ subgroup creates and publishes “common misunderstanding FAQs related to OSS licenses“, which is mainly targeted at beginners of OSS licenses.

The members of the FAQ subgroup are consist of those who are in charge of OSS license consultation and license compliance support at each company / organization, those who are not in charge but are volunteer-based, and those who are about to start studying OSS licenses or those who are just starting (<-this is important).

There are various QA candidates, such as those that the members actually consulted, those that the members wondered, and those that are generally misunderstood.

How to make QA

To create a QA, first create a base for Questions and Answers using Slack and give your opinion. After that, the QA will be finalized by making corrections at a meeting (which used to be actually gathered, but recently it is online in view of recent circumstances). (<- This is actually the most fun because we have a lot of opinions and discussions.) Then, after confirming with the attorney attorney, we will publish it.

In this way, each QA is verified and nurtured from the perspectives of various companies, organizations, and roles, so I think that the QA collection is relatively homogeneous and has few mistakes.

It’s been about 10 years since I was involved in OSS licensing, but I’m still studying through this FAQ subgroup every time. In particular, I often get noticed from the perspectives and opinions of companies whose business types are different from those of my company.
People who participated for the purpose of studying also commented, “I am studying because I am trying to convey it in an easy-to-understand manner.” and “I will be able to understand by listening to the discussion.” and so on.

Conclusion

It’s been about 10 years since I was engaged in OSS license compliance, but I still study through this FAQ subgroup every time. In particular, I often get noticed from the perspectives and opinions of companies whose business types are different from those of my company.
People who participated for the purpose of studying also commented, “I am studying because I am trying to convey it in an easy-to-understand manner.” and “I will be able to understand by listening to the discussion.” and so on.

If you are interested in the activities of the FAQ subgroup, please join us at any time. Those who want to participate by trial rather than immediately, and those who can not contribute much to the creation of FAQ but want to participate for study purposes are also welcome.
For details, please contact japan-sg-faq@lists.openchainproject.org.

FAQサブグルヌプの玹介

本日は、OpenChain Japan WGのFAQサブグルヌプに぀いおご玹介したす。

FAQサブグルヌプの掻動

FAQサブグルヌプはOSSのラむセンスの初心者を䞻なタヌゲットずした、「OSSラむセンス関連でよくある誀解FAQ」ずいうものを䜜成・公開しおいたす。

FAQサブグルヌプのメンバヌは、各所属䌁業・団䜓で日頃からOSSラむセンスに関する盞談察応やラむセンス遵守支揎を担圓業務ずしお行なっおいる方、本来の担圓業務ではないがボランティアベヌスで盞談察応されおいる方、そしお、これからOSSラむセンスを勉匷を始めようずしおいる方、たたは、始めたばかりずいう方←ここ重芁などで構成されおいたす。

むンプットずなるQAの候補も、メンバヌの方が実際に盞談を受けたもの、メンバヌの方が疑問に思ったもの、䞀般的に誀解されがちなものなどさたざたです。

QAの䜜りかた

QAの䜜り方は、たずSlack䞊でQuestionずAnswerのたたき台を䜜成、意芋出しをしたす。その埌、䌚合以前は実際に集たっおいたしたが 最近は昚今の事情を鑑みオンラむンですで再床揉みなおしおFIXしたす。←喧々諀々議論をかわすので実はここが䞀番楜しいそしお仕䞊げに匁護士の先生にご確認いただいたものを公開するずいう流れで行っおいたす。

このように䞀぀䞀぀のQAをさたざたな䌁業・団䜓・圹割の方の目線から怜蚌しお育おおいたすので、比范的均質で、たた間違いも少ないQA集にできおいるず思いたす。

おわりに

私自身、OSSラむセンスに関わるようになっお10幎ほど経ちたすが未だにこのFAQサブグルヌプを通じお毎回勉匷させおいただいおたす。特に自分の所属䌁業ず業皮業態が違う䌁業さんからの目線やご意芋から気づきをいただくこずが倚いです。
勉匷目的で参加いただいおいる方からも、「わかりやすく䌝える努力をしおいるので誀解が解けおいくような感じがしお勉匷になる。」、「聞いおなるほどず思う。」などのご感想をいただいおいたす。

FAQサブグルヌプの掻動に興味がある方はい぀でもご参加ください。どっぷり参加ではなくたずは様子芋したいずいう方や、FAQの䜜成にはあたり貢献できそうにないけど勉匷目的で参加したいずいう方も倧歓迎です。
詳しくは japan-sg-faq@lists.openchainproject.org ãŸã§ã€‚

Webinar: Michael Poe on His Journey to Open Source

By community, Featured, licensing, News, standards, Webinar

We heard from Michael G. Poe, a newcomer to the world of Open Source Compliance and current Sales Manager with FossID.  He shared his thoughts on his surprising journey from consumer products to software, and how the underlying principles of the open source community have enabled him along the way.  

Michael also touched on what he believes can be some of the challenges to the frictionless adoption of OpenChain conformance. And lastly, based on his experiences and learning agenda thus far, what are some areas that can be improved when it comes to Open Source, Compliance, and the tech industry in general.

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #15, released on 2020-12-11.

OpenChain Advent Calendar Day #10 – Commentary of spec v2.1 vol.2, §3.1.4-3.1.5

By News

This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.

Today, we will introduce the contents of the OpenChain spec v2.1 (Chapter 1.4-1.5).

Chapter 1.4 is about the scope of the OSS Compliance Program. Th e OSS compliance program gives you the freedom to choose whether it covers your entire organization or just some product lines.

Chapter 1.5 is a chapter on reviewing each OSS license within your organization. Organizations should establish a process for reviewing and documenting OSS license obligations, restrictions, and rights for each use case.
Reviewing OSS licenses in Chapter 1.5 is a very important task for an organization, but a difficult task for an unfamiliar organization.
Therefore, the FAQ subgroup of the Japan WG is working to publish “common misunderstanding FAQs related to OSS licenses” together.

Tomorrow we will introduce the activities of this FAQ subgroup.

本日は、OpenChain spec v2.1 の䞭身の玹介第2匟1.41.5章です。

1.4章は、OSSコンプラむアンスプログラムの察象範囲に関する章です。OSSコンプラむアンスプログラムは、組織党䜓を察象にしたり、䞀郚のプロダクトラむンのみを察象したりず、自由に察象範囲を遞択するこずができたす。

1.5章は、各OSSラむセンスの組織内でのレビュヌに関する章です。組織はナヌスケヌスに応じおOSSラむセンスの矩務、制玄、および暩利に぀いおレビュヌし、文曞ずしお蚘録するプロセスを定める必芁がありたす。
1.5章のOSSラむセンスのレビュヌは、組織にずっお非垞に重芁な業務ですが、慣れおいない組織にずっおは難易床が高い業務です。
そこで、Japan WGのFAQサブグルヌプでは「OSSラむセンス関連でよくある誀解FAQ」を纏めお公開する掻動を行っおいたす。

明日はこのFAQ SGの掻動を玹介したす。

OpenChain Advent Calendar Day #9 – The Need for Skills Standards on OSS Compliance

By News

This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.

The research team in OpenChain Japan WG about OSS compliance made academic presentations at two conferences, “Intellectual Property Association of Japan” and “Japan Society for Research Policy and Innovation Management” in 2020.

Today, I would like to introduce the “Framework for Skill Standards on OSS Compliance” presented at “Intellectual Property Association of Japan”.

Necessity of skill standards for OSS compliance

Work related to OSS compliance is complex and needs to be carried out in cooperation with various departments in the company, such as development and intellectual property departments.

On the other hand, OSS-related tasks are often relatively new to the people in each department, and therefore, in order to promote human resource development, we have developed a systematic index to clarify and systematize the skills required to perform these tasks. In other words, we thought a “skill standard” was necessary.

The skill standard framework for OSS compliance

The table below shows the framework of skill standards about OSS compliance. On the left side, tasks related to OSS compliance are extracted for each of planning, development, and maintenance (operation) of the system, and on the right side, tasks to be handled by each department are organized.

In this presentation, we have only presented the overall picture above. In the future, we will further subdivide each task, and organize the skills required to perform each task and the evaluation method.

Finally

The OpenChain Specification 2.0, which was adopted by the ISO, also defines the roles, responsibilities, and suitability of personnel to achieve OSS compliance in Chapter 1.2, and specifies that the results of the suitability assessment must be retained. (Article link.)

However, OpenChain does not mention the specific items and indices of what roles each department should play and how to evaluate each person in charge, and it is left to each company to decide. We hope to create a tool that can be used to facilitate compliance work.

Tomorrow, Mr. Shima of FAQ SG will introduce the contents of chapter 1.4 to 1.5 in OpenChain.

Advent Calendar、2回目の登堎ずなる山田です。今回は、先日玹介した12/6に遠藀さんが投皿したOSSコンプラむアンスの調査に関連する話題を投皿したす。

OpenChain Japan WG Promotion SGの有志メンバヌを䞭心に立ち䞊げたOSSコンプラむアンスに぀いおの研究チヌムでは、2020幎に「日本知財孊䌚」ず「研究・むノベヌション孊䌚」の2぀の孊䌚で孊術発衚を行いたした。今日は、その䞭から日本知財孊䌚で発衚した「OSSコンプラむアンスに関するスキル暙準のフレヌムワヌク(党䜓マップ)」に぀いお玹介しようず思いたす。研究・むノベヌション孊䌚で行った発衚に関しおは、12/21の蚘事で土手さんから玹介いただく予定です

*Please scroll down for the English version.

OSSコンプラむアンスに関するスキル暙準の必芁性

OSSコンプラむアンスに関連する業務は耇雑か぀、開発郚門や知的財産郚門など瀟内の様々な郚眲が連携しお実斜する必芁があるため、各郚眲に属する担圓者が担うべき業務を適切に認識する必芁がありたす。

䞀方で、OSSに関する業務は各郚眲の担圓者にずっお比范的新しい業務であるこずが倚く、人材育成を掚進する䞊で、圓業務遂行に必芁ずされる胜力を明確化・䜓系化した指暙、即ち「スキル暙準」が必芁であるのではないかず考えたした。

既存のスキル暙準ずしおは、ITスキル暙準 、知財人材スキル暙準、暙準化人材スキル暙準などがありたすが、OSSコンプラむアンス業務のスキル暙準を策定するに圓たり、瀟内の関係者が郚眲の枠を超え連携し、さらに他瀟や業界団䜓等ず共に実斜するずいう共通点を持぀「暙準化人材スキル暙準」を参考に、OSSコンプラむアンス業務に関するスキル暙準策定の第䞀歩ずしお、業務遂行に必芁ずなる现分化された業務フェヌズを明確化し、スキル暙準フレヌムワヌクを䜜成し、その内容を発衚したした。

OSSコンプラむアンスに関するスキル暙準のフレヌムワヌク

䞋の衚が知財孊䌚で発衚したスキル暙準のフレヌムワヌクです。巊偎でシステムの䌁画開発保守運甚ごずにOSSコンプラむアンスに関連する業務を抜出し、右偎に各郚門ごずに担圓する業務を敎理した圢になりたす。

SharedScreenshot.jpg

今回の発衚では䞊蚘の党䜓像を提瀺するずころたでずなっおおり、今埌は各業務をさらに现分化し぀぀、各業務を実行するのに必芁な胜力やその評䟡方法などを敎理しおいくこずになりたす。

最埌に

今回ISOに採択された「OpenChain Specification 2.0」においおも、1.2章でOSSコンプラむアンスを実珟する人員の圹割ず責任および適性を定矩し、その適性評䟡の結果を保管する必芁があるず芏定しおいたす。蚘事リンクを貌る

ただし、各郚眲がどのような圹割を果たすべきか、各担圓者をどのように評䟡すべきかの具䜓的な項目や指暙に぀いおはOpenChainでは蚀及されおおらず、各瀟に委ねられおいる圢ずなりたす。OSSの利掻甚が䌁業の競争戊略に重芁ずなっおいる䞭、各瀟のOSSコンプラむアンス業務を円滑に進めるために利甚できるツヌルずしお掻甚しおもらえるものを䜜れればず思っおいたす。

明日はOpenChainの䞭身Specification玹介第2匟ずしお、FAQ SGの島さんから1.41.5章の内容に぀いお玹介いただきたす。明日以降もぜひOpenChain Japan Advent Calendar 2020をご芧ください

OpenChain Advent Calendar Day #8 – SWG掻動玹介(Education)

By News

This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.

Yoshitaka Iwata of Hitachi, Ltd. will be on duty for the Advent calendar on December 8th. I am the leader of the “Educational Materials for Role” SWG of the Open Chain Japan WG. Thank you in advance.
By the way, what are you careful about when using OSS? Also, what kind of structure and content will you use when conducting education for using OSS within the company or team? What should software developers know to use OSS need? In order to answer these questions, I decided to think about what kind of educational materials would be good for each role related to OSS. The following content is, of course, based on the Open Chain specifications and curriculum.

  1. Collection and analysis of education cases
    It seems that some companies have been educating on OSS even before the establishment of Open Chain. Therefore, we investigated the system, target member, form (lectures, group training, e-learning, material browsing, etc.), timing, and the existence of the English version of four companies. We analyzed the table of contents of each education and the outline of chapters / sections, and summarized the structure for software developers. The structure example is as follows.
    (1) What is OSS?
    (2) Intellectual property rights
    (3) OSS license
    (4) OSS compliance program
    (5) Examination when introducing OSS
    (6) OSS review
    (7) OSS distribution
    (8) Summary
    (9) Contact information
    (10) References / organizations
    First of all, we targeted software developers because we thought that software developers would be the first to use OSS internally or within a team.
  2. Development of examples of specific educational materials
    Actually specific examples of educational materials for software developers were examined by the “Educational materials for Role” SWG.
    (1) What is OSS?
    Considering software developers who have never used OSS, how about telling them about general OSS definitions, usage examples of OSS in the target business (different for each business targeted by the company or team), the advantages and disadvantages of using OSS, and others?
    (2) Intellectual property rights
    In particular, intellectual property rights related to OSS include copyrights and patent rights. Since OSS is software, each OSS is copyrighted. Copyright means the right to modify, distribute, and copy. I hope you can explain these things in an easy-to-understand manner.
    (3) OSS license
    Why don’t you explain copyright rights obtained by the OSS license compliance(in other words, it is necessary to protect the OSS license in order to modify, distribute), examples of OSS licenses, permissive OSS licenses, copyleft and reciprocal OSS licenses, etc?
    (4) OSS compliance program
    The Open Chain specification recommends creating an OSS compliance program consisting of policies, processes, training, tools, etc. First, let’s share the policy for using OSS within the company and within the team. (The policy may differ depending on the use cases of target businesses.) Next, let’s show the organization related to OSS and the role of each member related to OSS. Then explain how OSS-related processes (OSS listing, OSS review, OSS distribution review) are incorporated into our software development process.
    (5) Examination at the time of introduction
    Let’s explain the points to be noted in the characteristics of the license and the points to be noted regarding intellectual property rights (patent rights, etc.).
    (6) OSS review
    Let’s explain the information collected in the OSS review, the content of the review, the available tools, and others.
    (7) OSS distribution
    Let’s explain what precess will be applied to distribute OSS in the target business form, including examples. Also, explain the implications of improper use of OSS and lack of license information in the software supply chain.
    (8) Summary
    (9) Contact information
    (10) References / organizations
    I think that (9) to (10) are effective for deepening the understanding of OSS within the company and the team.

Then, especially if (2) and (3) are explained to software by using analogy to legal terms that are common within the company and within the team, software developers will understand more easily. Also, in (4) to (7), if you explain by applying it to the system within the company or team and the software development process actually used, I think that you can deepen the understanding of software developers. Please devise.

An example of actual educational materials is shown in the markdown format at the following URL. Please refer to.
Https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Education_Material/Training/chapters

Tomorrow, tech_nomad_ will talk by the title “Framework for Skill Standards on OSS Compliance”. Among the roles related to the use of OSS, what kind of skills each person in each role should have is a difficult theme, isn’t it? I am also very interested in this theme and am looking forward to it.

月日のアドベントカレンダを担圓するのは、株匏䌚瀟 日立補䜜所の岩田です。Open Chain Japan WGの「圹割ごずの教育資料」SWGのリヌダを担圓しおいたす。宜しくお願いしたす。
 さお、皆さんはOSSを利甚する䞊で、䞀䜓䜕に気を付けおいたすか。又、瀟内やチヌム内でOSSを利甚するための教育を行う堎合、どんな構成、内容にするでしょう。OSSを利甚する゜フトりェア開発者は、どんな事を知っおおけば良いのでしょう。こんな疑問に答えるために、OSSに関係する圹割ごずにどんな教育資料が良いかを、考えおみる事にしたした。䞋蚘内容は、もちろんOpen Chainの仕様やカリキュラムを参考にしおいたす。

教育事䟋の収集ず分析
 Open Chainの蚭立前から、OSSに関する教育を実斜しおいる䌚瀟もある様です。そこで瀟から、教育の䜓系、察象者、圢態(講挔䌚集合研修e-learning資料閲芧他)タむミング、英語版有無、等を調べたした。各教育の目次、章/節の抂芁を分析し、゜フトりェア開発者向けの構成を纏めたした。その構成䟋は䞋蚘の通りです。
 (1)OSSずは
 (2)知的財産暩
 (3)OSSラむセンス
 (4)OSSコンプラむアンスプログラム
 (5)OSS導入時の怜蚎
 (6)OSSレビュヌ
 (7)OSS配垃
 (8)たずめ
 (9)問い合わせ先
 (10)参考文献団䜓
 先ずは、゜フトりェア開発者向けをタヌゲットにしたのは、OSSを瀟内やチヌム内で䞀番最初に利甚するのは゜フトりェア開発者であるず考えたからです。

具䜓的な教育資料の䟋の䜜成
 実際に具䜓的な、゜フトりェア開発者向けの教育資料の䟋を、「圹割ごずの教育資料」SWGで怜蚎しおみたした。
 (1)OSSずは
  OSSを䞀床も利甚した事が無い゜フトりェア開発者を意識しお、䞀般的なOSSの定矩や、察象ずしおいるビゞネス䞊でのOSSの利甚事䟋䌚瀟やチヌムが察象ずしおいるビゞネス毎に盞違、OSSを利甚するメリットやデメリット、他に぀いお教えおあげおはいかがでしょう。
 (2)知的財産暩
  特にOSSに関係する知的財産暩は、著䜜暩、特蚱暩がありたす。OSSは゜フトりェアなので、それぞれのOSSは著䜜暩で保護されおいおいたす。著䜜暩には、改倉、配垃(頒垃)、耇補する暩利がありたす。これらの事が、わかり易く説明出来るず良いですね。
 (3)OSSラむセンス
  OSSラむセンスを守る事で著䜜暩䞊で埗られる暩利蚀い換えれば、改倉、配垃(頒垃)するためにはOSSラむセンスを守る必芁があるずいう事、OSSラむセンスの䟋や、パヌミッシブなOSSラむセンス、コピヌレフト・互恵的なOSSラむセンスの特城、等を説明しおはどうでしょう。
 (4)OSSコンプラむアンスプログラム
  Open Chainの仕様では、ポリシヌ、プロセス、トレヌニングやツヌル等から成るOSSコンプラむアンスプログラムを䜜る事を掚奚しおいたす。先ずは、瀟内やチヌム内でOSSを利甚する䞊でのポリシヌを共有したしょう。ポリシヌは、察象ずするビゞネスのナヌスケヌス毎に異なるかもしれたせん。次に、OSSに関係する䜓制、それぞれのメンバヌがOSSに関係する圹割を瀺しおあげたしょう。それから、自分たちの゜フトりェア開発プロセスの䞭で、OSSに関係するプロセスOSSリスト䜜成、OSSレビュヌ、OSS配垃物確認がどの様に組み蟌たれおいるかを説明したしょう。
 (5)導入時の怜蚎
  ラむセンスの特城で泚意すべき点、知的財産暩特蚱暩他に関しお泚意すべき点、を説明したしょう。
 (6)OSSレビュヌ
  OSSレビュヌでの収集する情報ずレビュヌ内容、利甚可胜なツヌル、他に぀いお説明したしょう。
 (7)OSS配垃
  察象ずするビゞネス圢態の䞭で、その様にOSSが配垃されるかを、事䟋も含めお説明したしょう。又、゜フトりェアサプラむチェヌンの䞭で、OSSの䞍適切な利甚やラむセンス情報の䞍足がもたらす圱響に぀いお、説明しおおきたしょう。
 (8)たずめ
 (9)問い合わせ先
 (10)参考文献団䜓
  (9)(10)は、曎に瀟内やチヌム内でOSSに関する理解を深めるために有効だず考えおいたす。

 それから、特に(2)、(3)は、瀟内やチヌム内で共通しおいる法埋甚語の解釈を䜿うず、よりわかり易く゜フトりェア開発者に説明出来るかもしれたせん。又、(4)(7)では、瀟内やチヌム内の䜓制や、実際に䜿甚しおいる゜フトりェア開発工皋に圓おはめお説明するず、より゜フトりェア開発者の理解を深める事が出来るず思いたす。工倫しお䞋さい。
 
 実際の教育資料の䟋を、マヌクダりン圢匏で䞋蚘URLに瀺しおいたす。参考にしお䞋さい。
 https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Education_Material/Training/chapters
 
 明日は、tech_nomad_さんが、『論文チヌム(スキル暙準)』ずいうタむトルで語っおくれたす。OSSの利甚に関係する圹割の䞭で、それぞれの圹割の人がどういうスキルを持っおいた方が良いか、っおなかなか難しいテヌマですよね。私も倧倉興味あるテヌマで、楜しみにしおいたす。