FOSSAware is the latest partner of the OpenChain Project. OpenChain maintains ISO/IEC 5230, the International Standard for open source license compliance.
“The OpenChain Project consists of a large, vibrant community of companies that use open source in products and solutions,” says Shane Coughlan, OpenChain General Manager. “There is also a growing partner community that consists of organizations offering legal, consulting and tooling support in the management and automation of open source compliance. We are glad to welcome FOSSAware to this program and look forward to collaborating in Israel and beyond.”
“Encompassing over two-thirds of the average commercial software, open-source has become an essential part of modern software developmen,” says Yaniv Ozerzon, Co-Founder & CEO at FOSSAware. “Undermanaging the consumption and redistribution of Open source is no longer a viable option. Having an effective Open Source compliance program is a key differentiator marking industry-leading enterprise companies such as Google, Microsoft, and others. We are excited and pleased to become an official partner of OpenChain and are set to assist companies in reaching conformant with the OpenChain specification, minimize Open Source associated risks, and reduce remediation costs.”
About FOSSAware
FOSSAware consultancy and services specializes in Free and Open Source software (“FOSS”) compliance. Our mission is to work alongside our clients to minimize the legal, operational and security risks associated with FOSS. We tailor each client a suitable compliance program, render support in the implementation process and services for on-going compliance. https://fossaware.com/
About the OpenChain Project
OpenChain began when a group of open source compliance professionals met in a conference lounge and chatted about how so much duplicative, redundant open source license compliance work was being done inefficiently in the software supply chain simply. They realized that while each company did the same work behind the scenes in a different manner the output for downstream recipients could not realistically be relied on because there was no visibility into the process that generated the output.
The answer the early principles of this discussion arrived at was to standardize open source compliance, make it transparent and build trust across the ecosystem. The project began as outreach to the community with the idea of a new standard for open source license compliance with slides titled, “When Conformity is Innovative.” A growing community quickly recognized the value of this approach and contributed to the nascent collaboration soon named The OpenChain Project.
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
About me
Hello. I am Takashi Ninjouji. I mainly participate in Tooling Sub-Group (Tooling-SG) of OpenChain Japan-WG, and I am this SG leader since April 2020. This article introduces the activities of Tooling-SG.
Tooling-SG
The Tooling-SG group is to use OSS for OSS management operations to achieve the following in Open Source Compliance:
Build workflows according to your organization.
Automation
Quality improvement (on tools, workflows, and compliance)
Most of the participants are engineers. Many of them actually use the tools in their work, are developers of the tools, and even participate in the development community. On the other hand, because toolchain is also a means of handling open source compliance information, there will also be people from the compliance management departments such as legal and intellectual property, which are the relevant departments.
You may also want to read the article “About the activities of OpenChain Japan WG Tooling Sub-WG” by Kobayashi-san, the first leader at the time of its establishment in 2019, which was published in the 2019 Advent Calendar project. That article introduces why we wanted to create a place to exchange opinions about Open Source Compliance toolchain in Japanese and collaborate with global communities such as the OpenChain Reference Tooling Workgroup.
Activities
As in the previous year, the following activities and guiding principles have been established.
Compile/disseminate information about the tool (in collaboration with the global community)
Provide a place to study and discuss while using the tool (e.g., introducing the tool, holding seminars and hands-on sessions)
Information distribution and tool mapping (identify issues and collaborate to improve workflow implementation)
Promotion to expand membership (presentations at non-OpenChain meetings, use GitHub and other media)
We are welcome to feel free to participate and feel free to make a presentation (or talk).
At the meeting on 2020/11/24, we decided that we will have presentations in foreign languages. We would like to have a more active exchange of information.
You may arrange for your interpreter and translation of the materials in advance, or we would be happy to have volunteers to help you. If you are considering presenting in a foreign language, we would be glad to discuss this with you. Also, we may ask you to give your presentation at Tooling-SG.
Starting in April 2020, we are holding virtual meetings in conjunction with the Japan-WG meetings. Currently, we meet every other week for about an hour, alternating between the following meetings.
We are flexible in practice, so please feel free to join us if you have questions. If you have a topic to present, please contact us via the mailing list or Slack.
As SW360, a component cataloging tool, becomes multilingual and a Japanese kit is provided, it is expected to spread to Japan in the future.
Tooling-SG is planning to hold a hands-on session for SW360 Chores, a version of SW360 available in containers, in early 2021. We discuss the content and timing on the mailing list and Slack, so please join us if you are interested.
What is the next article?
Morishita-san will introduce OSS toolchain for Open Source Compliance. With the OpenChain specification being ISO standard, there has been a lot of discussion about automation of compliance practices in various tool communities. Don’t miss it!
なお、2019年のAdvent Calendar企画にあった、2019年設立時の初代リーダーの小林さんによる活動紹介記事「OpenChain Japan WG Tooling Sub-WGの活動について」もご一読頂けると幸いです。Japan-WGの活動趣旨に沿ってツールについて日本語で気軽に意見交換する場を設けたいとする経緯や、OpenChain Reference Tooling Workgroup などのグローバルコミュニティとの連携などを紹介しています。
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
About me
Hello. I am Takashi Ninjouji. I mainly participate Tooling-SG of OpenChain Japan-WG. This article is part 4 of introducing OpenChain Spec v2.1 (functionally identical to ISO/IEC 5280:2020). (2020.12.14: “Status”is “Under development”, “Life cycle” is “60.00 International Standard under publication” at ISO/IEC) (2020.12.15: “Status”is “Published”, “Life cycle” is “60.60 International Standard under published” at ISO/IEC!)
OpenChain Spec v2.1 §3.3 “Open source content review and approval”
§3.3.1 Bill of Materials
§3.3.1 is about the Bill of Materials (BOM), which is a list of OSS that compose a software package, and an organization needs to have a process in place to create and manage that BOM.
Here is the questionnaire for Self-Certification:
Number
Spec Ref
Question Text
3.a
3.1, 3.1.1
Do you have a documented procedure for identifying, tracking and archiving information about the open source components in a Supplied Software release?
3.b
3.1, 3.1.2
Do you have open source component records for the Supplied Software which demonstrate the documented procedure was properly followed?
§3.3.2 License compliance
§3.3.2 is about use cases. Internal processes need to be in place for each use case, such as distribution in binary form and distribution in source code form. Each organization can define use cases freely. In order to the efficiency of creation of BOMs and of open source license compliance using BOM, compliance tooling are needed and are discussed along with its development and its workflows as well.
Here is the questionnaire for Self-Certification:
Number
Spec Ref
Question Text
3.c
3.2, 3.2.1
Do you have a documented procedure that covers these common open source license use cases for open source components in the Supplied Software?
3.c.i
3.2, 3.2.1
– Distribution in binary form;
3.c.ii
3.2, 3.2.1
– Distribution in source form;
3.c.iii
3.2, 3.2.1
– Integration with other open source that may trigger additional obligations;
3.c.iv
3.2, 3.2.1
– Containing modified open source;
3.c.v
3.2, 3.2.1
– Containing open source or other software under incompatible licenses for interaction with other components in the Supplied Software;
3.c.vi
3.2, 3.2.1
– Containing open source with attribution requirements.
What is the next?
Kobota-san will introduce part 5 on 12/18. Don’t miss it!
In tomorrow’s article (12/16), I will introduce the Tooling SG of Japan-WG. This subgroup aims to share information about the compliance tooling and the know-how to use them.
はじめに
こんにちは、忍頂寺と申します。 OpenChan Japan-WGでは、主にTooling-SGなどに参加しています。 本稿は国際規格 ISO/IEC 5230:2020 に相当する OpenChain Spec v2.1 を紹介するシリーズの第4回となります。 (2020.12.14: ISO/IEC にて、進捗(Status)は “Under development”, “Life cycle” は “60.00 International Standard under publication” です。) (2020.12.15: ISO/IEC にて、進捗(Status)は “Published”, “Life cycle” は “60.60 International Standard published” です! )
OpenChain Spec v2.1 §3.3 “Open source content review and approval”
§3.3.1 Bill of Materials
§3.3.1 は、BOM (Bill of Materials) に関する章です。BOMは各ソフトウエアを構成するOSSのリストを指します。OpenChain適合を果たす組織は、このBOMの作成および管理するためのプロセスを整備する必要があります。
ここでの自己認証のための確認項目は次になります:
Number
Spec Ref
Question Text
3.a
3.1, 3.1.1
Do you have a documented procedure for identifying, tracking and archiving information about the open source components in a Supplied Software release?
OSADL is the latest official partner of the OpenChain Project. OpenChain maintains ISO/IEC 5230, the International Standard for open source license compliance.
“The OpenChain Project is delighted to begin our formal relationship with OSADL,” says Shane Coughlan, OpenChain General Manager. “There are thousands of companies operating open source compliance programs across the world, and we are seeing convergence on ISO/IEC 5230 for efficiency, effectiveness and resource optimization. OSADL is well-positioned to help ensure the automation industry will be at the forefront of this development in the coming months and years.”
Carsten Emde, General Manager of OSADL, was delighted when he learned that OSADL was accepted as OpenChain service partner and pointed out: “After having executed a large number of audits and given numerous training courses on open source license compliance, we have learned a fundamental lesson: The most important prerequisite for a company to become license compliant is to establish suitable company processes. OpenChain and OSADL look back on a long shared history of activities to help companies do exactly this. The today’s conclusion of an official partnership between the two organizations is the obvious next step to intensify our cooperation and to improve our services for the good of all.”
About OSADL
The Open Source Automation Development Lab (OSADL) eG is a Germany-based organization intended to promote and coordinate the development of open source software for the machine, machine tool, and automation industry. https://www.osadl.org/
About the OpenChain Project
OpenChain began when a group of open source compliance professionals met in a conference lounge and chatted about how so much duplicative, redundant open source license compliance work was being done inefficiently in the software supply chain simply. They realized that while each company did the same work behind the scenes in a different manner the output for downstream recipients could not realistically be relied on because there was no visibility into the process that generated the output.
The answer the early principles of this discussion arrived at was to standardize open source compliance, make it transparent and build trust across the ecosystem. The project began as outreach to the community with the idea of a new standard for open source license compliance with slides titled, “When Conformity is Innovative.” A growing community quickly recognized the value of this approach and contributed to the nascent collaboration soon named The OpenChain Project.
The Linux Foundation, Joint Development Foundation and the OpenChain Project are delighted to announce the publication of ISO/IEC 5230:2020 as an International Standard. Formally known as OpenChain 2.1, ISO/IEC 5230:2020 is a simple, clear and effective process management standard for open source license compliance. It allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program.
Companies around the world can learn more about ISO/IEC 5230:2020, methods of self-certification, independent assessment or third-party certification, as well as access a large library of reference material at: https://www.openchainproject.org
ISO/IEC 5230:2020 is an open standard and all parties are welcome to engage with our community, learn from their peers, share their knowledge, and to contribute to the future of our standard. There is no charge to access and use our reference material, self-certification or to engage with our numerous calls, webinars, mailing lists and meetings.
“ISO/IEC 5230:2020 will improve OSS compliance, enhance trust in the supply chain, and reduce friction in transactions. It has been deployed as a de facto standard for four years and fostered exceptional engagement from a diversity of companies across multiple sectors,” says Shane Coughlan, OpenChain General Manager. “Our transition to a formal International Standard as ISO/IEC 5230:2020 marks an important inflection point for OpenChain and open source as a whole. For the first time there is an International Standard that defines open source compliance and process management. We look forward to expanding our community from hundreds to thousands of companies in the coming months, and we look forward to supporting many of these companies access and apply best practice material developed in real world market conditions.”
Toyota is the first company to formally announce conformance to ISO/IEC 5230:2020. Additionally, companies that have an OpenChain 2.0 conformant program will automatically conform with the requirements of ISO/IEC 5230:2020. You can learn more about the Toyota announcement here: https://www.openchainproject.org/featured/2020/12/15/toyota-iso-5230
Arm
“Arm joined the OpenChain Project as a founding member because building trust across the supply chain and ensuring IP rights are fully respected has long been one of the highest priorities for Arm,” says Sami Atabani, Director of Third Party IP Licensing at Arm. “Establishing OpenChain as a formal ISO/IEC International Standard is an important milestone for open source governance as a field, and we look forward to collaborating with our peers and the wider open source community in seeking excellence and efficiency in software delivery.”
BMW CarIT
“At BMW CarIT we continually work on improving the quality of our processes,” says Helio Chissini de Castro, Senior Software Engineer at BMW CarIT. “We welcome the approval of ISO/IEC 5230:2020 as the right path for the future of software compliance and how companies will perceive it. We are proud to be part of the OpenChain governing board and wider community that make this possible.”
Bosch
“Bosch and its affiliates have a firm commitment to quality in all aspects of creating, deploying and supporting solutions and products,” says Hans Malte Kern, Head of the Center of Competence Open Source, Robert Bosch GmbH. “Our engagement with the OpenChain industry standard for open source compliance is part of this larger vision, and we are delighted to see it graduate ISO as a formal International Standard. We now have a global, universal and easily understood mechanism to build increased clarity and trust across the supply chain.”
Cisco
“Cisco is honored to partner with an incredible team on the OpenChain project. Earlier this year (June 2020), our conformance with the OpenChain’s latest 2.0 specification for open source compliance has been the needle mover towards streamlining compliance as an indispensable entity across our organization, building Trust and improving overall productivity,” says Prasad Iyer Director, Product Operations at Cisco. “Now with ISO/IEC standardization of this latest OpenChain specification, it really solidifies Cisco’s commitment to excellence in Open source governance along with OpenChain which is well positioned at the top of the Compliance stack. We’re sincerely looking forward to our continued collaboration and partnership with all our OpenChain project peers across industry in the successful evolution of more such formal standards in the years ahead.”
Fujitsu
“Fujitsu has contributed to the development of OpenChain as an industry standard for several years,” says Yasuko Aoki, Manager of Open Source Software Technology Center, Fujitsu Limited. “Our engagement is part of our broader engagement throughout the supply chain to promote excellence in governance and sustainability in practical deployment. The publication of OpenChain as a formal ISO/IEC International Standard is a significant milestone in the evolution of open source. We are proud of the accomplishment of all the contributors involved, and we look forward to the next steps in ensuring simple, reliable open source license compliance across the world.”
Google
“Google has been at the forefront of open source development and the use of open source in business since its inception,” says Max Sills, Lead Open Source Attorney at Google. “Our collaboration with the OpenChain Project has been an important part of supporting greater maturity and predictability in this space. The release of ISO/IEC 5230:2020 provides a clear path to future inter-company collaboration. Defining a standard for quality open source compliance lowers the cost of doing business, and makes it easier for the entire industry to comply with open source obligations.”
Microsoft
“OpenChain has played a leading role in building trust in the open source ecosystem,” said David Rudin, Microsoft Assistant General Counsel. “When you receive software that has been produced through an OpenChain conformant program, it’s a great indication that the open source compliance obligations were taken seriously. With Microsoft’s OpenChain conformant program, we are keeping the trust our customers have placed in us to make sure their software is compliant and reducing friction in software transactions. As OpenChain takes the next step of becoming an international standard, we’re looking forward to continuing to advance open source adoption and trust in the community.”
MOXA
“As the first Taiwanese company working with the OpenChain governing board, our work with the OpenChain Project is part of a larger vision for mature, sustainable open-source governance,” said David Chen, Engineering Director of the Technology & Research Corporate Division at Moxa. “Today’s announcement is a milestone in building efficiency and trust among companies using open source for innovative products and solutions. We look forward to working with our fellow board members in the deployment of OpenChain as an ISO/IEC International Standard to an audience of thousands of companies in the world.”
OPPO
“As a member of OpenChain, OPPO is very pleased to see OpenChain being accepted as an ISO/IEC International Standard,” says Andy Wu, Vice President of OPPO and President of Software Engineering. “We believe this will help to further promote open source compliance. OPPO very much hopes to promote OpenChain with its partners, so that open source compliance becomes more consistent and simple.”
Siemens
“Siemens is a founding member of the OpenChain Project and we have contributed to OpenChain since its beginning. Today we reached an outstanding milestone – the OpenChain specification is now an ISO/IEC International Standard,” says Oliver Fendt, Senior Manager Open Source. “Our engagement with OpenChain is based on a clear understanding that effective governance in open source must be practical, efficient, sustainable and affordable for everyone. With the ISO/IEC Standard we will enter a new stage in the evolution of our collective work, and we look forward to working with our peers in building further trust in the open source supply chain.”
Sony
“Sony has been part of the OpenChain industry standard and its related community for a substantial amount of time,” says Hisashi Tamai, SVP, Sony Corporation, representative of the Software Strategy Committee. “We have had the great pleasure to host the first meeting in Japan and support growth across this nation and abroad in the subsequent years. The publication of OpenChain by ISO as a formal International Standard is an important milestone in our shared mission to ensure excellence in open source. We look forward to working with our fellow board members, our diverse community and our colleagues at ISO in bringing this standard to thousands of new companies across the globe.”
Qualcomm
“This achievement by OpenChain brings into reality the effort that so many across the software ecosystem has recognized for years – that when you can build trust into the open source compliance ecosystem, you create a path towards consistent, efficient, and reliable license compliance,” says Dave Marr, Vice President, Qualcomm Technologies, Inc. “We applaud the many contributors to OpenChain for achieving this terrific milestone, and for collaboratively building the internationally recognized standard for open source license compliance.”
Uber
“Uber has supported the development and deployment of the OpenChain industry standard from its early stages to becoming today’s de facto standard,” says Matthew Kuipers, Senior Counsel, Intellectual Property at Uber Technologies. “Today’s publication as an ISO International Standard is a key milestone in bringing clear, practical and effective open source license compliance to thousands of companies across the supply chain. We look forward to collaborating with our peers in accomplishing this mission and supporting our growing international community.”
Western Digital
“Western Digital has been part of the development and deployment of the industry standard for open source compliance since its formative years,” says Alan Tse, Associate General Counsel at Western Digital. “Today’s announcement marks a significant milestone in the maturity of both this standard and the wider field of open source governance. We look forward to working with our fellow board members and the diverse community of community participants in the growing adoption of a single, simple way to identify quality open source compliance programs.”
Global Community Quotes
“Today is the historic day for the OpenChain project and The Linux Foundation that the open standard has become an ISO/IEC standard,” said Masato Endo, Chair of the OpenChain Automotive Work Group. “Open Source is becoming more and more important in the automotive industry as well. The automotive industry’s supply chain is large and every company in the supply chain needs to manage OSS properly. I believe the OpenChain Specification will be a strong support for companies to build their OSS governance structure. I’d like to thank David Rudin and members of the JDF community for their efforts in obtaining ISO/IEC. I want to express my gratitude to Mark Gisi, David Marr and all OpenChain community members for their significant contributions to the project. Finally, I congratulate our leader Shane Coughlan on this great achievement!”
About the OpenChain Project
OpenChain began when a group of open source compliance professionals met in a conference lounge and chatted about how so much duplicative, redundant open source license compliance work was being done inefficiently in the software supply chain simply. They realized that while each company did the same work behind the scenes in a different manner the output for downstream recipients could not realistically be relied on because there was no visibility into the process that generated the output.
The answer the early principles of this discussion arrived at was to standardize open source compliance, make it transparent and build trust across the ecosystem. The project began as outreach to the community with the idea of a new standard for open source license compliance with slides titled, “When Conformity is Innovative.” A growing community quickly recognized the value of this approach and contributed to the nascent collaboration soon named The OpenChain Project.
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
Leaflet SubGroupの活動紹介 / Introduction of Leaflet SubGroup acts.
Today, I would like to tell you about the activities of the leaflet group of the OpenChain Project Japan working group. I’m Norio Kobota who is now participating in the OpenChain Project activities as a member of the open source program office of my company, making use of my experience as an engineer in the network security field.
リーフレットって何? / What is the leaflet?
リーフレットは、OpenChain ProjectのReference Materialから取得可能な、オープンソースソフトウェアを取り扱う際の注意事項について記述された簡単なガイドブックです。日本語版は、こちらのgithubより取得できます。 OpenChain Projectにおいては当初より、そのソフトウェアサプライチェーンにおけるOSSライセンスコンプライアンスの難しさが重要視されており、それを解決する一つの手段として、企業における様々な立場の方々にとって、分かり易い簡単なガイドブックが必要だと、Japan Working Groupのメンバは考えました。 その後、グループメンバーの協力の元、2019/04 日本語版、2019/05 英語版をJapan Working Groupより提供することが出来ました。また素晴らしいことに、このリーフレットは世界中で必要とされることとなり、各国のサブグループの協力の元、今では、中国語(繁体字、簡体字)、ベトナム語への翻訳も済んでいます。
The leaflet is a simple guide book which describes useful information when dealing with open source software, available from Reference Material of OpenChain Project. You can obtain the Japanese version from github here. In the OpenChain Project, the difficulty of OSS license compliance in the software supply chain has been emphasized from the beginning, and the members of the Japan Working Group thought that as a means to solve this problem, a simple guidebook that is easy to understand for people in various positions in the enterprise was necessary. After that, with the cooperation of the group members, we were able to provide the Japanese version 2019/04 and the English version 2019/05. The great thing about this leaflet is that it has become global, and thanks to the cooperation of various subgroups, Chinese(Traditional and Simplified) and Vietnamese versions are now available here.
リーフレットサブグループって何してるの? / What are the activities of the leaflet subgroups.
リーフレット作成が昨年で一通り落ち着いたこともあり、何かドキュメントを作成したりといった活動は、最近は殆どありません。そのため、昨年(2019)の活動を少し、紹介させていただきたいと思います。 分かり易いリーフレットが作成できた、という事実はとても大きなものですが、本来、私たちが推進したいこと、必要だと考えていることは、その知識を持つ方々を増やすことであり、多くの方がガイドブックを必要とする時に利用していただくことです。その為、私たちは様々な講演会などの場に、リーフレットを印刷して持ちこみ、その目的と必要性を伝えています。 例えば、Linux Foundationが開催するOpen Source Summit/Embedded Linux Conferenceや、電子機器の祭典である、CES、果ては日本のほぼ裏側で開催されたDebConf 2019など、それぞれが主業務などで参加する様々なイベントにこのリーフレットを持ち込み、紹介すると共にリーフレットの配布を行っています。
Because the creation of leaflets was settled last year, there are not many activities such as creating documents rececntly. For this reason, I would like to introduce the activities of (2019) last year. The fact that we were able to create a leaflet that is easy to understand is a great achievement. However, what we think is really important is to increase the number of people with that knowledge, and to have many people use the guidebook when they need it. For this reason, we print leaflets for various lectures and introduce their purpose and necessity. For example, the Open Source Summit/Embedded Linux Conference held by the Linux Foundation, CES which is a festival for electronic devices, and DebConf 2019, which was held in almost the other side of Japan, have introduced and distributed leaflets at various events attended by members of the Japan Working Group.
Due to the effects of the COVID-19, this subgroup activity itself is currently stagnating. However, I would like to invite you to join us. We will do some writing and public relations activities with other subgroups. Tomorrow is OpenChain Spec2.1, 4th introduction by Ninjoji-san. Look forward to it!
This advent calendar has been created by our Japanese Work Group as part of their community outreach. We hope you enjoy their recap of compliance topics to end the year.
1. Introduction
Hello. I’m Masato ENDO. Today, I would like to introduce the topics related to Promotion SG of OpenChain Japan WG.
As you can see in the article on December 6, we found that although awareness of the importance of OSS compliance is gradually increasing, each company is struggling to secure resources. In order to secure resources, it is essential to promote the understanding of executives. Therefore, the Japan Patent Office and the Cabinet Office created “Open source for ALL” as a tool to educate management about the importance of OSS itself, and released it in June. I also participated as a member in the Expert Committee for the preparation of this material. So, I would like to introduce it.
You can access the materials from the links below.(Sorry, Japanese only)
The beginning of the story was that in May 2019, I made a presentation at the Intellectual Property Headquarters Verification, Evaluation, and Planning Committee, which is a policy meeting of Japanese government. At this time, Mr. Nakauchi of the current Imabari City officer, who was at the Intellectual Property Headquarters at that time, was interested in it, and a committee of experts was formed. Therefore, we decided to create OSS enlightenment materials for managers, and we asked Mr. Shinozaki of PwC, who was selected as the secretariat based on discussions at the committee, to compile the materials. It is assumed that this material will be used as it is or arranged for use in internal executives and symposiums in which executives participate. This material is supported not only by Japanese companies but also by foreign companies such as Google, Microsoft, Qualcomm, and Siemens. I introduced these companies to the Committee through OpenChain connection.
3. Interesting information
Here, I will pick up and introduce the topics that I found interesting from the report. In this survey, we conducted a questionnaire to the executives of the system development and software development departments of large companies, mainly non-IT companies, and added analysis from various angles. Among them, what I am paying attention to is the figure below that summarizes the answers to the question “Will the expansion of OSS utilization expand in the future?” As the result, we can confirm that executives in almost all industries responded that they would “expand in the future.” On the other hand, in this report “It became clear that the approach to OSS was individual-dependent and that activity was sluggish overall.” From the perspective of promoting DX, it is thought that the issue for Japanese companies will be how to systematically handle OSS in the future. Overseas, it is becoming a trend to establish OSPO (Open Source Compliance Office), which is a specialized organization that formulates OSS utilization strategies and rules regardless of the type of industry. At OpenChain, we have accumulated the know-how of leading companies overseas and in Japan, so if you have a need to deepen understanding within the company, please let us know! The project will support you free of charge. (I also explained the importance of OSS community activities to the CTO of a IT company in such a context.)
4. Tomorrow’s theme is …
Tomorrow, Kobota-san will introduce the activities of Leaflet SG, which is creating an enlightenment leaflet for OSS compliance. This leaflet has been distributed free of charge at events around the world such as CES2020 and has been very well received. Stay tuned!
1. はじめに
こんにちは。 三度登場の遠藤です。 本日はOpenChain Japan WGのPromotion SG関連のトピックを紹介します。
12/6の記事にもありますように、OSSコンプライアンスの重要性への認識は少しづつ高まっているものの、 各社がリソーセスの確保に苦労していることがわかりました。 リソーセスを確保するためには、経営層の理解の促進が必須であると言えます。 そこで、経営層にOSSそのものの重要性も含めた啓発を行うためのツールとして「Opensource for ALL」を特許庁・内閣府が作成し、6月にリリースされました。 私も委員として本資料作成のための有識者委員会に参加しましたので、実現の経緯も含め紹介させて頂きます。
