Our friends from OPPO have updated the OpenChain Specification 2.0 in Simplified Chinese.
This is useful if you want to check out the details of our International standard for open source compliance.
Get this translation
Check out all our translations
In this webinar we covered “OpenChain China, Japan, Korea – a discussion on community building” featuring short interviews with Jerry (China), Haksung (Korea) and Fukuchi San (Japan) about local community activity. Our goal was to share knowledge on what has worked, what has not, and how momentum can be kept in these unusual times. We hope these lessons will assist our fellows in Europe and North America while also illustrating some of the key successes in Asia.
This is part of the bi-weekly OpenChain Webinar series. Every two weeks we have international speakers covering a wide range of topics related to practical open source compliance challenges, solutions and considerations.
This is OpenChain Webinar #6, released on 2020-06-22.
A *lot* of people in our community are speaking about OpenChain at meetings, events and through social media. To help with their communication the OpenChain Project publishes a regularly updated slide deck with speaker notes. You can find the latest version here.
This time we explored Software Heritage, an initiative whose goal is to collect, preserve, and share software code, and continued our discussion of containers from the perspective of scalable compliance.
Roberto Di Cosmo, Director at Software Heritage, explained why this initiative collects and preserves software in source code form with the understanding that software embodies key technical and scientific knowledge that humanity cannot afford to risk losing. His presentation helped provide insight into how such initiatives can link into activities like compliance automation in open source compliance, an area of immediate interest to the OpenChain community.
Scott Peterson, Senior Commercial Counsel at Red Hat, talked about how we can make compliance scalable in a container world. This talk will build on other recent presentations with a particular focus on efficiency and portability, with a “registry-native” approach to source code availability. Scott explained how this does not require updating container registries to include source code specific features, but instead can exploit features that are already contained in current registries.
This is OpenChain Webinar #5, released on 2020-06-02.
The OpenChain Project has launched a series of bi-weekly free webinars that provide access to people and knowledge that we would otherwise obtain at events. We hold our fifth meeting on Monday the 1st of June at 9am Pacific with two guest speakers.
This time we are exploring Software Heritage, an initiative whose goal is to collect, preserve, and share software code, and continuing our discussion of containers from the perspective of scalable compliance.
Roberto Di Cosmo, Director at Software Heritage, will explain why this initiative collects and preserves software in source code form with the understanding that software embodies key technical and scientific knowledge that humanity cannot afford to risk losing. This presentation will help provide insight into how such initiatives can link into activities like compliance automation in open source compliance, an area of immediate interest to the OpenChain community.
Scott Peterson, Senior Commercial Counsel at Red Hat, will talk about how we can make compliance scalable in a container world. This talk will build on other recent presentations with a particular focus on efficiency and portability, with a “registry-native” approach to source code availability. Scott will explain how this does not require updating container registries to include source code specific features, but instead can exploit features that are already contained in current registries.
Each talk will run for 10~15 minutes and there will be plenty of time for questions, comments and suggestions. As with all OpenChain Project activities, our goal is to facilitate knowledge-sharing between peers.
Everyone is invited to join this free webinar via zoom. It will also be recorded and made available later on our website.
Join Our Zoom Meeting
Password *
One Tap Telephone (no screensharing)
Find your local number: https://zoom.us/u/abeUqy3kYQ
Not all countries have available numbers.
After dialing the local number enter 9990120120#
Newsletter – Issue 37 – May 2020
Latest OpenChain Member
OpenChain @ Webinars #3 & 4:
OpenChain @ Work Groups (Selected Highlight)
OpenChain @ Events (Selected Highlight)
In this webinar we unpacked how the newly released SPDX 2.2. SPDX, as a leading industry standard for Software Bill of Materials, plays a pivotal role in the implementation of practical manual and automated compliance programs.
Kate Stewart, Sr. Director of Strategic Programs at the Linux Foundation, explained how SPDX 2.2 works and what it means for the community. Kate has been a key driver of this standard over the last 10 years and can answer all your questions about what the current standard means, what projects support it, and the current state of the tooling landscape.
Yoshiyuki Ito, Principal Expert at RENESAS Electronics, provided an overview of SPDX Lite. This is a “Profile” for the SPDX 2.2 standard that helps companies deploy the Software Bill of Materials to match certain workflows, particularly with respect to suppliers to large companies using existing processes. Ito San and others in the OpenChain Japan Work Group created SDPX Lite to help ensure that the standard could seek adoption in as many production environments as possible with minimal friction.
This is OpenChain Webinar #4, released on 2020-05-21.
株式会社日立製作所 岩田吉隆
今回は、OpenChain Japan WG「役割ごとの教育資料」SWGについて紹介します。
ソニー、オリンパス、日立(リーダ)
先ず、コンプライアンスにかかる教育の状況について議論しました。
a. OpenChain設立前から、OSSに関する教育を実施している会社もある。
b. これから、教育を実施する会社は、どういう教育内容、対象者からスタートすべきか、検討が必要。
c. 会社毎のビジネス形態により、 OSSに関わる必要なビジネスフローは異なる。
d. OSSに関わる上で、役割ごとに本当に必要最小限な教育観点は異なっている。
e. Curriculum※ を全て教育内容に盛り込むと、分量が多すぎる。
f. Specification※, Curriculumとの整合性も考慮が必要。
(※:SpecificationはOpenChainの一連の要件を定義している仕様書、CurriculumはOpenChainのSpecificationを下支えするトレーニング教材)
コンプライアンスにかかる教育の状況を踏まえ、進め方の方針について検討しました。
a. 既に各社実施されている教育の体系、対象者、形態(講演会、集合研修、e-learning、資料閲覧、他)、タイミング、英語版有無を、可能な範囲で事例として提示。
b. a.に関して、各教育がビジネスフロー上で、どの対象者をカバーしているかを明示。
c. 各教育の目次、章/節の概要程度まで、可能な範囲で提示。
d. a, b, cの事例を元に、下記を整理する。
①最初にsmall startするための必要最小限の項目は?
②役割ごとに、教育資料として必要な項目は?共通項目、役割ごとの独自項目は?
③ライセンス関連で必要な項目は?
④SPDXの活用方法は?
⑤役割ごとの共通教育資料の案を作成
先ずステップ1として、4社の事例の分析からスタートしました。
a. 各社のOSSに関する教育の例を収集
| No. | 会社 | 事例数 |
|---|---|---|
| 1 | 製品ベンダー1 | 9 |
| 2 | 製品ベンダー2 | 5 |
| 3 | 製品ベンダー3 | 1 |
| 4 | 製品ベンダー4 | 2 |
b.下記の分析観点について、分析、報告
i. OSSに関する教育のニーズ
ii. OpenChainのSpecificationに準拠する。
iii. Curriculumの過不足を考慮
iv. 役割ごとの教育の検討 (4社のケーススタディ)
⇒ GitHubへアップ
次にステップ2として、4社の事例の分析結果を基に、共通教育資料の案の作成を行っています。
a. 4社の事例の分析結果を元に、共通教育資料の検討を実施
i. Specificationを満たすためにコンプライアンスプログラムの記載は必須
ii. Curriculumの過不足を配慮
iii. リーフレットで使用されている語彙、表現を考慮
iv. 各社の一般向け基礎教育の共通内容を考慮
b. 製品ベンダーのソフトウェア開発者向け共通教育資料のコンプライアンスプログラム・バージョンの案の提案を行う。a.のi.~ⅲ.は必須項目とし、ⅳ.の共通内容を重点的に、ⅳ.の一部内容は概略的に、説明する方向で詳細化を図る。OSSを使用して製品を開発するために、製品ベンダーのソフトウェア開発者向けというターゲットを設定した。
c. 役割ごとの分担と責任の明確化の例示
Specification上での役割の必須要件の例示を行う。
d. 案作成の検討を通して、下記章立てにて作成中
e. d.の各章毎に、GitHub上でJapan WG内のレビューを行う。
以上、OpenChain Japan WG「役割ごとの教育資料」SWGについて簡単に紹介しました。更に、教育資料の事例の拡充や、共通教育資料案の紹介とレビューを行う予定です。皆様の参加をお待ちしています。
In this webinar Tobie Langel spoke about ‘Open Source Contribution Policies That Don’t Suck.’ Leon Schwartz and Tony Decicco from GTC Law provided an overview of open source-related topics in the context of mergers, acquisitions, financings, investments, IPOs, divestitures, loans, customer license agreements, rep and warranty insurance and other transactions. Andrew Katz presented a due diligence questionnaire and sample warranties based on the the OpenChain specification.
Tobie Langel spoke about ‘Open Source Contribution Policies That Don’t Suck.’ In his own words: Open source contribution policies are long, boring, overlooked documents, that generally suck. They’re designed to protect the company at all costs. But in the process, end up hurting engineering productivity, and morale. Sometimes they even unknowingly put corporate IP at risk. But that’s not inevitable. It’s possible to write open source contribution policies that make engineers lives easier, boost morale and productivity, reduce attrition, and attract new talent. And it’s possible to do so while reducing the company’s IP risk, not increasing it.
Leon Schwartz and Tony Decicco from GTC Law provided an overview of open source-related topics in the context of mergers, acquisitions, financings, investments, IPOs, divestitures, loans, customer license agreements, rep and warranty insurance and other transactions. This covered:
Andrew Katz presented a due diligence questionnaire and sample warranties based on the the OpenChain specification, and explained how adoption of this framework will drive further adoption of the standard. This builds on the observation that the OpenChain specification provides a great framework for due diligence and share purchase agreement warranties, even where the target is a software company which is not OpenChain compliant.
This is OpenChain Webinar #3, released on 2020-05-07.
Newsletter – Issue 36 – April 2020
OpenChain in Q2 – Continuing Leadership, Continuing Support
The global lockdown due to the spread of COVID-19 is a unique historical moment. We are seeing both great success and great challenges in addressing this disease, and at all times there is an awareness that it can impact our close friends and families. To a large extent the OpenChain community is fortunate. Many of our companies allow us to work from home. Many of us are near excellent health services. We are well-positioned to weather this storm. We will do so with the health of our community and the societies in which we work as our highest priority.
Read more here:
OpenChain @ Webinars:
We kicked off on Monday the 6th of April at 9am Pacific with speakers covering Supply Chain Governance and Container Compliance.
Our second Webinar was held on the 20th of April and covered compliance in China and OpenChain at Facebook.
We also announced our third Webinar for the 4th of May covering Contribution Policies + OpenChain in M&A. Watch this space for the recording in the next issue.
OpenChain @ Translations
OpenChain Specification 2.0 Available In Russian
OpenChain @ Conformance
Siemens Announces OpenChain 2.0 Conformance
OpenChain @ Partners
OSS Engineering Consultants is an OpenChain Partner
Osborne Clarke is an OpenChain Partner
OpenChain @ Work Groups
OpenChain @ Events
Coming Next
© 2025 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
