'The Tools of Governance - Program Offices and Collaboration between Companies' is a talk delivered by Fukuchi San and Kobota San from Sony at the March 22nd Asian Legal Network event in Shenzhen, China. This talks explains how Sony engages with and supports a vibrant collaborative community in Japan through the OpenChain Project.
Introduction of OpenChain Japan Work GroupShane Coughlan
The document discusses the OpenChain Project Japan work group. It provides an introduction from two representatives from Sony and Panasonic. It outlines the goals of the OpenChain project to create trusted software supply chains. It then describes the activities of the Japan work group which has over 160 members from over 60 companies. The work group focuses on collaboration, education, and sharing best practices around open source license compliance. It discusses challenges around scope, structure, and sharing information both locally in Japan and globally.
OSGeo - Spatially Empowered Open Source Software FOSS4G 2009Arnulf Christl
This presentation gives an insight to the Open Source Geospatial Foundation.
The Open Source Geospatial Foundation (OSGeo) is an international non-profit organization dedicated to the advancement of open source geospatial software, community collaboration and spatial data access. OSGeo is a community of communities reaching into all areas of interest to the global spatial infrastructure.
The OSGeo Foundation: Professionally Leveraging Open Source GeospatialArnulf Christl
The OSGeo Foundation is a global non-profit organization that supports open source geospatial software. It provides resources for projects, promotes open data and standards, and organizes conferences like FOSS4G. OSGeo has a board of directors and committees that oversee its growing number of projects. It sees open source as superior to proprietary software and aims to support open source globally.
The document discusses how the Free and Open Source community collaborates and makes suggestions for how ISO could improve its standards development process. Specifically, it recommends that ISO create an open data portal, remove logins to access standards, adopt a more open and distributed model of citizen-led standards making, and use Creative Commons licensing. It also provides suggestions for collaboration tools and questions whether ISO's current systems could operate in a more open, distributed manner.
Zen and the Art of Organizational Open SourceAll Things Open
Presented at Open Source 101 2023 - Charlotte
Presented by Paula Paul NearForm
Title: Zen and the Art of Organizational Open Source
Abstract: Open source software and communities can drive meaningful change in organizations. What lessons can we take from open source to drive change in our own organizations? On the surface, most organizations and stakeholders will embrace open source. However, what does it mean to go deep and embrace the true values and goals of open source, but also drive business value in your organization?
This talk presents a case study of creating a new open source project at a large enterprise and explores the successes, challenges, and downright failures along the way. The talk presents the lessons learned and takeaways that we can all apply in our own organizations.
Enterprises and organizations know that they are powered by open source, but it’s not always easy to live open source. Creating a community to support an open source project can have a huge return on investment. Have you ever tried to convince your employer to make a project open source? Then this talk is for you.
Open source runs the world!
The Internet Society works to promote an open and globally connected Internet through technology development, policy engagement, and operational best practices. It founded the Internet Engineering Task Force (IETF) and runs programs like Deploy360 and Best Current Operational Practices (BCOP) to help operators deploy new technologies and standards. A recent survey found that while many operators are interested in IETF standards work, they face challenges like lack of time and travel budgets in directly engaging with or influencing the IETF process. The Internet Society aims to address these issues and facilitate more communication between operators and the IETF.
Introduction of OpenChain Japan Work GroupShane Coughlan
The document discusses the OpenChain Project Japan work group. It provides an introduction from two representatives from Sony and Panasonic. It outlines the goals of the OpenChain project to create trusted software supply chains. It then describes the activities of the Japan work group which has over 160 members from over 60 companies. The work group focuses on collaboration, education, and sharing best practices around open source license compliance. It discusses challenges around scope, structure, and sharing information both locally in Japan and globally.
OSGeo - Spatially Empowered Open Source Software FOSS4G 2009Arnulf Christl
This presentation gives an insight to the Open Source Geospatial Foundation.
The Open Source Geospatial Foundation (OSGeo) is an international non-profit organization dedicated to the advancement of open source geospatial software, community collaboration and spatial data access. OSGeo is a community of communities reaching into all areas of interest to the global spatial infrastructure.
The OSGeo Foundation: Professionally Leveraging Open Source GeospatialArnulf Christl
The OSGeo Foundation is a global non-profit organization that supports open source geospatial software. It provides resources for projects, promotes open data and standards, and organizes conferences like FOSS4G. OSGeo has a board of directors and committees that oversee its growing number of projects. It sees open source as superior to proprietary software and aims to support open source globally.
The document discusses how the Free and Open Source community collaborates and makes suggestions for how ISO could improve its standards development process. Specifically, it recommends that ISO create an open data portal, remove logins to access standards, adopt a more open and distributed model of citizen-led standards making, and use Creative Commons licensing. It also provides suggestions for collaboration tools and questions whether ISO's current systems could operate in a more open, distributed manner.
Zen and the Art of Organizational Open SourceAll Things Open
Presented at Open Source 101 2023 - Charlotte
Presented by Paula Paul NearForm
Title: Zen and the Art of Organizational Open Source
Abstract: Open source software and communities can drive meaningful change in organizations. What lessons can we take from open source to drive change in our own organizations? On the surface, most organizations and stakeholders will embrace open source. However, what does it mean to go deep and embrace the true values and goals of open source, but also drive business value in your organization?
This talk presents a case study of creating a new open source project at a large enterprise and explores the successes, challenges, and downright failures along the way. The talk presents the lessons learned and takeaways that we can all apply in our own organizations.
Enterprises and organizations know that they are powered by open source, but it’s not always easy to live open source. Creating a community to support an open source project can have a huge return on investment. Have you ever tried to convince your employer to make a project open source? Then this talk is for you.
Open source runs the world!
The Internet Society works to promote an open and globally connected Internet through technology development, policy engagement, and operational best practices. It founded the Internet Engineering Task Force (IETF) and runs programs like Deploy360 and Best Current Operational Practices (BCOP) to help operators deploy new technologies and standards. A recent survey found that while many operators are interested in IETF standards work, they face challenges like lack of time and travel budgets in directly engaging with or influencing the IETF process. The Internet Society aims to address these issues and facilitate more communication between operators and the IETF.
In this episode, we will focus on open sourcing how we run Netflix's open source program. Netflix has been using and contributing to open source for several years. Over the years, Netflix has released over one hundred Netflix Open Source (aka NetflixOSS) libraries, servers, and technologies. Netflix engineers benefit by accepting contributions and gathering feedback with key collaborators around the world. Users of NetflixOSS from many industries benefit from our solutions including Big Data, Build and Delivery Tools, Runtime Services and Libraries, Data Persistence, Insight, Reliability and Performance, Security and User Interface. With such a large and mature open source program, Netflix has worked on approaches and tools that help manage and improve the NetflixOSS source offerings and communities. Netflix has taken a different approach to building support for open source as compared to other Internet scale companies. Come to this session to learn about the unique approaches Netflix has taken to both distribute and automate the responsibilities of building a world-class open source program.
Open source is important to Samsung for three main reasons: (1) it allows shared development and lowers R&D costs, (2) it helps accelerate product development and innovation, and (3) it gives Samsung influence over the technologies used in its products. Samsung's open source group focuses on upstream development, supporting R&D teams, knowledge transfer, and being visible in the community. This involvement has increased Samsung's contributions to projects like the Linux kernel and Wayland. Samsung is also building its open source leadership through programs, mentorship, and involvement in standards organizations to continue benefiting from open source.
ONNX - the emerging standard for interoperable and optimized AI inference and training. A graduated project of the Linux Foundation Artificial Intelligence - best practice open source - true multi-vendor open governance in a foundation.
The OpenChain monthly meeting covered the following topics:
1. An announcement that six organizations are providing support services for adoption of the OpenChain Security Assurance Specification 1.1.
2. Interneuron completed self-certification of conformance with the Security Assurance Specification in collaboration with Source Code Control.
3. The Security Assurance Specification was handed over to the Joint Development Foundation to undergo the ISO PAS Transposition Process with expected graduation in mid-late 2023.
4. Other meeting items included SPDX Python tool updates, upcoming OSPOlogy events, OpenChain automation work, potential specification improvements, and general community updates.
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...Shane Coughlan
This talk explored the process of building and deploying the first Linux Foundation ISO standard in fourteen years, highlighting both what has changed since we deployed Linux Standard Base, and why formal standardization is a topic that will increasingly be on your radar. The discussion will be primarily focused on OpenChain, the industry standard for open source compliance, and how collaboration with the Joint Development Foundation allowed a transformation from de facto into formal standard in a timescale that suits open source development. The lessons learned are applicable to any projects building out specifications or code that seek worldwide, sustainable adoption across multiple industries, and the presentation will include an explanation of how Linux Foundation and Joint Development Foundation are ready to support that process today.
This presentation discusses the Fedora Project and how it helps advance free and open source software. It summarizes that the Fedora Project integrates new free software technologies into its releases on a steady cycle, acting as a platform for innovation. This benefits both developers, who can contribute upstream, and users, who receive new features. The presentation encourages participation in Fedora to help shape future free software and ensure it meets enterprise needs.
This document discusses open source software. It defines open source software as software where the source code is available to the public with a license that allows users to study, change and distribute the software. Open source software originated from the free software movement in 1983 and aims to enhance user freedoms. While common in the early computing era, open source software declined in popularity in the 1970s but has since grown with thousands of projects today. The document discusses how open source software functions by providing access to source code files before compilation. It also outlines some values of open source software like transparency and collaboration. Potential benefits of open source projects include problem solving, signaling quality, and self-production. Challenges include motivation and coordination problems across contributors.
Some personal stories that support the idea that working on Open Source projects help professionals and organizations to shorten the path towards agility at scale.
Gabriele Columbro, the Executive Director of the Symphony Software Foundation, provides an overview of the Foundation's progress and plans. The Foundation has established governance structures like a Board of Directors and Engineering Steering Committee. Several working groups are active with members from multiple organizations. The Foundation's first code contribution from FactSet has been approved, and several other contributions are in process. Looking ahead, the Foundation will focus on completing contributions, improving community infrastructure, and supporting members in open sourcing their work. Columbro encourages organizations to get involved by contributing code, providing feedback, and hosting Foundation events.
This document provides an overview and update on the Symphony Software Foundation. It discusses the Foundation's guiding principles for an open source ecosystem, including openness, developer focus, inclusivity, and transparency. It outlines the roles of the Foundation, Symphony LLC, and community members. It also summarizes progress made, such as the first member meeting and elected member leads. Working groups are discussed as a way to foster adoption and industry convergence. The contribution process and different classes of projects under the Foundation umbrella are also summarized. Finally, initiatives to enable member contributions through a seamless developer experience, open source compliance, meritocratic influence, and awareness/visibility are outlined.
The document discusses the OpenChain Project, which provides standards and resources for open source compliance. It establishes standards for license compliance and security assurance that have been adopted across industries. OpenChain also includes industry-specific groups developing additional standards and specifications. It aims to set shared market approaches and provide reference materials and community support to help organizations implement open source compliance programs.
This document discusses open source software, including its definitions, benefits, and state in Malaysia. Open source software provides freedom to users and prevents vendor lock-in. It benefits developing countries by providing affordable access. However, some fears about open source include lack of accountability, support, and security. In Malaysia, open source is commonly used for servers but less so in corporations, schools, and for development. Moving forward, the document proposes government initiatives like an open source policy and deployment in the public sector to further adoption.
SIM RTP Meeting - So Who's Using Open Source Anyway?Alex Meadows
Open Source has been around for several decades now, but there is still a bit of mystery around what makes open source work and concern about using it in the enterprise. Open Source technologies are being widely used in many industries, including analytics, software development, social media, data center management, and more.
The discussion will be moderated by Julie Batchelor and panelists include:
* Todd Lewis, Open Source evangelist
* Jason Hibbets, Open Source Community Manager
* Jim Salter, Co-Owner and Chief Technology Officer at Openoid, LLC
* Alex Meadows, data scientist
Introduction of OSS In-house Community of SonyShane Coughlan
This document discusses breaking down silos within companies and between companies to promote open source software collaboration. It describes how silos exist within divisions and departments of companies, separating software engineers. It also explains how companies themselves act as silos between one another. The document advocates for industry leaders to break these barriers by fostering open source project communities both within and between companies. It provides examples of the Consumer Electronics Linux Forum and OpenChain project in Japan that aim to break down silos at various levels.
Opening Slides from ION Belfast by Chris Grundemann of the Internet Society. Introduces the Internet Society and the Deploy360 Programme that hosts the ION Conference Series.
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...OW2
The Good Governance Initiative (GGI) proposes a methodological framework to assess open-source awareness, compliance and governance in any kind of organizations, helping them to structure and improve the use of FOSS towards an OSPO. The GGI was initiated by OW2 and is developed by the OSPO Alliance. This presentation will give an overview of the initiative, its organization, roadmap, first achievements and next steps.
In this episode, we will focus on open sourcing how we run Netflix's open source program. Netflix has been using and contributing to open source for several years. Over the years, Netflix has released over one hundred Netflix Open Source (aka NetflixOSS) libraries, servers, and technologies. Netflix engineers benefit by accepting contributions and gathering feedback with key collaborators around the world. Users of NetflixOSS from many industries benefit from our solutions including Big Data, Build and Delivery Tools, Runtime Services and Libraries, Data Persistence, Insight, Reliability and Performance, Security and User Interface. With such a large and mature open source program, Netflix has worked on approaches and tools that help manage and improve the NetflixOSS source offerings and communities. Netflix has taken a different approach to building support for open source as compared to other Internet scale companies. Come to this session to learn about the unique approaches Netflix has taken to both distribute and automate the responsibilities of building a world-class open source program.
Open source is important to Samsung for three main reasons: (1) it allows shared development and lowers R&D costs, (2) it helps accelerate product development and innovation, and (3) it gives Samsung influence over the technologies used in its products. Samsung's open source group focuses on upstream development, supporting R&D teams, knowledge transfer, and being visible in the community. This involvement has increased Samsung's contributions to projects like the Linux kernel and Wayland. Samsung is also building its open source leadership through programs, mentorship, and involvement in standards organizations to continue benefiting from open source.
ONNX - the emerging standard for interoperable and optimized AI inference and training. A graduated project of the Linux Foundation Artificial Intelligence - best practice open source - true multi-vendor open governance in a foundation.
The OpenChain monthly meeting covered the following topics:
1. An announcement that six organizations are providing support services for adoption of the OpenChain Security Assurance Specification 1.1.
2. Interneuron completed self-certification of conformance with the Security Assurance Specification in collaboration with Source Code Control.
3. The Security Assurance Specification was handed over to the Joint Development Foundation to undergo the ISO PAS Transposition Process with expected graduation in mid-late 2023.
4. Other meeting items included SPDX Python tool updates, upcoming OSPOlogy events, OpenChain automation work, potential specification improvements, and general community updates.
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...Shane Coughlan
This talk explored the process of building and deploying the first Linux Foundation ISO standard in fourteen years, highlighting both what has changed since we deployed Linux Standard Base, and why formal standardization is a topic that will increasingly be on your radar. The discussion will be primarily focused on OpenChain, the industry standard for open source compliance, and how collaboration with the Joint Development Foundation allowed a transformation from de facto into formal standard in a timescale that suits open source development. The lessons learned are applicable to any projects building out specifications or code that seek worldwide, sustainable adoption across multiple industries, and the presentation will include an explanation of how Linux Foundation and Joint Development Foundation are ready to support that process today.
This presentation discusses the Fedora Project and how it helps advance free and open source software. It summarizes that the Fedora Project integrates new free software technologies into its releases on a steady cycle, acting as a platform for innovation. This benefits both developers, who can contribute upstream, and users, who receive new features. The presentation encourages participation in Fedora to help shape future free software and ensure it meets enterprise needs.
This document discusses open source software. It defines open source software as software where the source code is available to the public with a license that allows users to study, change and distribute the software. Open source software originated from the free software movement in 1983 and aims to enhance user freedoms. While common in the early computing era, open source software declined in popularity in the 1970s but has since grown with thousands of projects today. The document discusses how open source software functions by providing access to source code files before compilation. It also outlines some values of open source software like transparency and collaboration. Potential benefits of open source projects include problem solving, signaling quality, and self-production. Challenges include motivation and coordination problems across contributors.
Some personal stories that support the idea that working on Open Source projects help professionals and organizations to shorten the path towards agility at scale.
Gabriele Columbro, the Executive Director of the Symphony Software Foundation, provides an overview of the Foundation's progress and plans. The Foundation has established governance structures like a Board of Directors and Engineering Steering Committee. Several working groups are active with members from multiple organizations. The Foundation's first code contribution from FactSet has been approved, and several other contributions are in process. Looking ahead, the Foundation will focus on completing contributions, improving community infrastructure, and supporting members in open sourcing their work. Columbro encourages organizations to get involved by contributing code, providing feedback, and hosting Foundation events.
This document provides an overview and update on the Symphony Software Foundation. It discusses the Foundation's guiding principles for an open source ecosystem, including openness, developer focus, inclusivity, and transparency. It outlines the roles of the Foundation, Symphony LLC, and community members. It also summarizes progress made, such as the first member meeting and elected member leads. Working groups are discussed as a way to foster adoption and industry convergence. The contribution process and different classes of projects under the Foundation umbrella are also summarized. Finally, initiatives to enable member contributions through a seamless developer experience, open source compliance, meritocratic influence, and awareness/visibility are outlined.
The document discusses the OpenChain Project, which provides standards and resources for open source compliance. It establishes standards for license compliance and security assurance that have been adopted across industries. OpenChain also includes industry-specific groups developing additional standards and specifications. It aims to set shared market approaches and provide reference materials and community support to help organizations implement open source compliance programs.
This document discusses open source software, including its definitions, benefits, and state in Malaysia. Open source software provides freedom to users and prevents vendor lock-in. It benefits developing countries by providing affordable access. However, some fears about open source include lack of accountability, support, and security. In Malaysia, open source is commonly used for servers but less so in corporations, schools, and for development. Moving forward, the document proposes government initiatives like an open source policy and deployment in the public sector to further adoption.
SIM RTP Meeting - So Who's Using Open Source Anyway?Alex Meadows
Open Source has been around for several decades now, but there is still a bit of mystery around what makes open source work and concern about using it in the enterprise. Open Source technologies are being widely used in many industries, including analytics, software development, social media, data center management, and more.
The discussion will be moderated by Julie Batchelor and panelists include:
* Todd Lewis, Open Source evangelist
* Jason Hibbets, Open Source Community Manager
* Jim Salter, Co-Owner and Chief Technology Officer at Openoid, LLC
* Alex Meadows, data scientist
Introduction of OSS In-house Community of SonyShane Coughlan
This document discusses breaking down silos within companies and between companies to promote open source software collaboration. It describes how silos exist within divisions and departments of companies, separating software engineers. It also explains how companies themselves act as silos between one another. The document advocates for industry leaders to break these barriers by fostering open source project communities both within and between companies. It provides examples of the Consumer Electronics Linux Forum and OpenChain project in Japan that aim to break down silos at various levels.
Opening Slides from ION Belfast by Chris Grundemann of the Internet Society. Introduces the Internet Society and the Deploy360 Programme that hosts the ION Conference Series.
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...OW2
The Good Governance Initiative (GGI) proposes a methodological framework to assess open-source awareness, compliance and governance in any kind of organizations, helping them to structure and improve the use of FOSS towards an OSPO. The GGI was initiated by OW2 and is developed by the OSPO Alliance. This presentation will give an overview of the initiative, its organization, roadmap, first achievements and next steps.
Similar to The Tools of Governance - Program Offices and Collaboration between Companies (20)
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
The document summarizes the agenda for an Education Work Group call on April 10, 2024. It includes notices about antitrust policies for Linux Foundation meetings and a reminder that activities must comply with applicable competition laws. The document also thanks Nathan and contributors for their work, introduces a new boss, and outlines plans for 2024-2025, which involve continuing work on training slides, reviewing an education leaflet, proposing OpenChain UK education videos, releasing an official SBOM quality reference guide from the Telco Work Group, and creating short explainers to introduce OpenChain within organizations.
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingShane Coughlan
The document summarizes a meeting of the OpenChain AI Study Group that recapped a previous workshop on AI compliance in the supply chain. It discusses identifying commonalities between AI compliance and the ISO 5230 standard on software supply chain security. It provides examples of reviewing and redlining the ISO 5230 standard and a related thinking document. The document also suggests starting a review of the ISO 42001 standard on AI management systems while noting it is not freely available. It asks if there is any other business and concludes by thanking and saying goodbye to attendees.
OpenChain Monthly Meeting North America and Asia - 2024-03-19Shane Coughlan
The document summarizes the agenda for an OpenChain Monthly North America / Europe Meeting on 2024-03-19. It includes:
1) A notice about complying with antitrust laws and avoiding prohibited discussions.
2) The regular agenda covers sharing news, working on standards and core materials, reference materials, and other business.
3) News items include webinars on GitHub Copilot and export controls, and an OpenChain AI study group call.
4) Work includes discussing issues on the license compliance specification and a security assurance specification on GitHub.
5) Reference and support work involves the OpenChain education study group and supplier education leaflet.
The document discusses antitrust policies for Linux Foundation meetings. It states that Linux Foundation meetings involve competitors and all activities must be in accordance with antitrust laws. Attendees should adhere to meeting agendas and not participate in prohibited activities under antitrust laws. Examples of prohibited actions are described in the Linux Foundation Antitrust Policy available online. Attendees with questions should contact their legal counsel or the Linux Foundation's legal counsel.
openEuler Community Overview - a presentation showing the current scaleShane Coughlan
OpenEuler is an open source operating system that has seen exponential growth, with over 1.3 million global downloads, 900+ enterprise members, and 14,000+ contributors. It aims to be the number 1 server OS by 2023, with 50%+ estimated market share, by providing a versatile and intelligent OS for all scenarios from server to cloud to edge to embedded devices. OpenEuler also has a thriving ecosystem of over 400 innovation projects and many enterprise and community distributions to satisfy diverse industry requirements.
OpenChain AI Study Group - North America and Europe - 2024-02-20Shane Coughlan
The document summarizes the agenda and discussion from an OpenChain AI study group meeting on building trust in the open source AI supply chain. The group discussed defining compliance artifacts and how they can be trusted throughout the supply chain. They also considered what constitutes a high-risk artifact and whether compliance should be based on risk type. Additionally, the group discussed achieving transparency in AI systems as models move towards more closed structures, and how to meet the study group's goals of establishing industry agreements on AI management principles.
AI Study Group North America - Europe 2024-02-06Shane Coughlan
The document summarizes discussions from an OpenChain AI Study Group meeting on anti-trust policy and building trust in the open source AI supply chain. It recaps previous discussions, defines the scope as establishing how to ensure "compliance artifacts" like data cards and model cards can be trusted throughout the supply chain. It also lists AI regulatory frameworks and discusses using cases like delivering pre-trained models or datasets. The appendix section asks for any other business and recaps goals of establishing industry agreements on AI management and developing principles for transparency and bias.
OpenChain Monthly North America / Europe Call - 2024-02-06Shane Coughlan
The OpenChain monthly meeting covered the following topics:
1) An announcement about upcoming OpenChain elections for working group chair positions and the process for nominations and voting.
2) An update on recent and upcoming calls for the AI Study Group exploring how to build trust in the open source AI supply chain.
3) A discussion of open issues for the ISO security and licensing standards being developed by OpenChain.
4) An early proposal to develop an OpenChain contribution process specification and a link to the draft document and issues.
5) An update that the OpenChain reference training slides are being finalized this week.
6) A summary of a recent Legal Work Group meeting on maturity models
OpenChain Export Control Work Group 2024-01-09Shane Coughlan
This document summarizes an OpenChain Export Control meeting that will take place on January 9, 2023. It includes an anti-trust policy notice reminding participants that Linux Foundation meetings must comply with antitrust laws. The agenda has two items: discussing how the SPDX project's proposed operations profile and export control schema can help with export control work, and reviewing the status of a stalled crypto law survey book to decide how to move it forward.
The document summarizes a meeting of the OpenChain Legal Work Group that discussed maturity models for assessing competence in open source management. It includes:
- An overview of the meeting agenda which focused on a presentation by Andrew Katz of Orcro about their open source maturity model based on ISO/IEC 5230:2020.
- A high-level explanation of capability maturity models and OpenChain's potential as a framework for defining requirements and mapping them to maturity levels for different business functions.
- An example assessment of the maturity of an organization's people, processes, information, and systems for generating software bill of materials, mapping it to relevant ISO requirements.
The document summarizes an agenda for an OpenChain AI Study Group meeting. It begins with a notice about complying with antitrust laws during Linux Foundation meetings. The agenda then lists the meeting setup and format as the first item, followed by a discussion of goals for the study group around establishing industry agreements on AI management, developing AI principles for supply chain trust, and discussing AI ethics. It poses achieving the goals through weekly meetings and commitment to progress. It concludes by opening the floor for any other business.
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...Shane Coughlan
The document summarizes Aliens4friends, an Eclipse project that provides tooling for open source license compliance in the Oniro operating system. It discusses key principles of automating compliance work while enabling sustainable human review through reuse. The toolchain gets original source code from the build system, matches components to Debian's reviews, monitors the audit process, and provides a dashboard for visualization. The goal is to implement continuous compliance as a core part of the development workflow.
Maturity Models - Open Compliance Summit 2023Shane Coughlan
The document discusses a capability maturity model (CMM) for assessing the maturity of an organization's open source software development practices. It presents a five-level maturity framework from initial to optimizing and maps out how capabilities could be assessed across four categories: people and organization, processes, information, and systems. The CMM is aligned with requirements in the OpenChain specification and ISO 5230 standard to provide a potential framework for determining an organization's open source compliance maturity.
The key strategic goals of the governing board were met over the past year. Several metrics related to standards adoption and conformant programs increased substantially, such as a 22% rise in ISO/IEC 5230 conformant programs and a 500% increase in ISO/IEC 18974 conformant programs. The partner program also expanded in various categories. Future standards developments are being discussed, including proposed updates to the existing standards and new specifications related to contributions and SBOM quality.
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27Shane Coughlan
The document discusses defining open source artificial intelligence (AI). It outlines the Open Source Initiative's (OSI) mission to educate about and advocate for open source software. The OSI is working to define open source AI to clarify expectations and match them with policy goals of transparency, trustworthiness, etc. A proposed definition grants users four freedoms: to study and inspect AI systems, use them without permission, modify them, and share modified versions. The OSI will hold an in-person meeting in early 2024 to further develop an open source AI definition.
The OpenChain Project aims to improve open source license compliance and security assurance through international standards. Over 1,000 companies collaborate through OpenChain to develop standards like ISO/IEC 5230 for license compliance and ISO/IEC 18974 for security assurance. Adoption of the standards is growing, with a 12% decrease in license issues and 31% of large German companies planning to adopt ISO/IEC 5230. OpenChain is working to develop new specifications and its global impact and member organizations are increasing.
Using Query Store in Azure PostgreSQL to Understand Query PerformanceGrant Fritchey
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
SMS API Integration in Saudi Arabia| Best SMS API ServiceYara Milbes
Discover the benefits and implementation of SMS API integration in the UAE and Middle East. This comprehensive guide covers the importance of SMS messaging APIs, the advantages of bulk SMS APIs, and real-world case studies. Learn how CEQUENS, a leader in communication solutions, can help your business enhance customer engagement and streamline operations with innovative CPaaS, reliable SMS APIs, and omnichannel solutions, including WhatsApp Business. Perfect for businesses seeking to optimize their communication strategies in the digital age.
WWDC 2024 Keynote Review: For CocoaCoders AustinPatrick Weigel
Overview of WWDC 2024 Keynote Address.
Covers: Apple Intelligence, iOS18, macOS Sequoia, iPadOS, watchOS, visionOS, and Apple TV+.
Understandable dialogue on Apple TV+
On-device app controlling AI.
Access to ChatGPT with a guest appearance by Chief Data Thief Sam Altman!
App Locking! iPhone Mirroring! And a Calculator!!
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfVALiNTRY360
Salesforce Healthcare CRM, implemented by VALiNTRY360, revolutionizes patient management by enhancing patient engagement, streamlining administrative processes, and improving care coordination. Its advanced analytics, robust security, and seamless integration with telehealth services ensure that healthcare providers can deliver personalized, efficient, and secure patient care. By automating routine tasks and providing actionable insights, Salesforce Healthcare CRM enables healthcare providers to focus on delivering high-quality care, leading to better patient outcomes and higher satisfaction. VALiNTRY360's expertise ensures a tailored solution that meets the unique needs of any healthcare practice, from small clinics to large hospital systems.
For more info visit us https://valintry360.com/solutions/health-life-sciences
Measures in SQL (SIGMOD 2024, Santiago, Chile)Julian Hyde
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...XfilesPro
Wondering how X-Sign gained popularity in a quick time span? This eSign functionality of XfilesPro DocuPrime has many advancements to offer for Salesforce users. Explore them now!
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
SOCRadar's Aviation Industry Q1 Incident Report is out now!
The aviation industry has always been a prime target for cybercriminals due to its critical infrastructure and high stakes. In the first quarter of 2024, the sector faced an alarming surge in cybersecurity threats, revealing its vulnerabilities and the relentless sophistication of cyber attackers.
SOCRadar’s Aviation Industry, Quarterly Incident Report, provides an in-depth analysis of these threats, detected and examined through our extensive monitoring of hacker forums, Telegram channels, and dark web platforms.
Mobile app Development Services | Drona InfotechDrona Infotech
Drona Infotech is one of the Best Mobile App Development Company In Noida Maintenance and ongoing support. mobile app development Services can help you maintain and support your app after it has been launched. This includes fixing bugs, adding new features, and keeping your app up-to-date with the latest
Visit Us For :
Most important New features of Oracle 23c for DBAs and Developers. You can get more idea from my youtube channel video from https://youtu.be/XvL5WtaC20A
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
The Tools of Governance - Program Offices and Collaboration between Companies
1. CONFIDENTIAL1 ▇▇▇ The OpenChain project Japan work group / CC0-1.0
The tools of governance
- Program Office and
Collaboration between companies
Hiroyuki Fukuchi
Norio Kobota
Open Source Promotion sec.
Technology Alliance dept.
Corporate Technology Strategy div.
Sony Corporation
2. CONFIDENTIAL2 ▇▇▇ The OpenChain project Japan work group / CC0-1.0
Part I
Program Office in Sony
3. About me
•Network / Security Software Engineer
• WebSocket, HTTP/2, SIP(Session Initiation Protocol), etc.
• contributed to NodeJS(libuv), lighttpd(webserver), msgpack
• You can find me at
https://github.com/lighttpd/lighttpd1.4/blob/master/src/mod_wst
unnel.c etc.
•Within Sony
• OpenSourcing RPC framework(https://github.com/linear-rpc)
• Fostering NMOS (https://github.com/sony/nmos-cpp etc.)
used by Sony IP Live Production System etc.
https://pro.sony/en_LU/technology/ip-live
Norio.Kobota@sony.com
4. 4 ▇▇▇ Copyright 2018 Sony Corporation
The Cathedral and Bazaar ?
By whom are you supported your use of OSS in your company?
6. 6 ▇▇▇ Copyright 2018 Sony Corporation
Bazaar
In-house Open Source Software Community
7. 7 ▇▇▇ Copyright 2018 Sony Corporation
In-house Bazaar
Loose guidelines
Mutual help of the bazaar
participants
Each Business Units to take
the all responsibilities to
use OSS
Coordinator
of
the Bazar
Professional Advisory
(Legal/IPD/PR/QCD)
External
OSS Community
Divisional Leader
Divisional Leader
Divisional Leader
External
OSS Community
Business Unit
Business UnitBusiness Unit
Business Unit
8. OSS Compliance –-Organization-- 8
Company Sony
Presenter Satoru Ueda Date April 17th, 2018
Organization Dedicated organization / Virtual or community type / by each employee / Alone
(comment:
Number of person in
charge
Over 100 / 99-21 / 10-20 / few / one / zero
(comment:
Points of activities Internal community for OSS license.
Legal, IP department, Public Relation and QA are involved in the activity. Almost all business units participate in
community. Abroad development sites are covered by community.
Some business units have sub-community inside their units.
Issues Skill up of each member: Analogy of medical care model(skillful home doctors and university hospital)
Supply chain issues.
Free writing Please refer to the next page
Translated by Fukuchi@Sony
9. 9 ▇▇▇ Copyright 2018 Sony Corporation
Divisional
OSS
committee
OSS License
committee
Sony’s OSS organization
• About 100 members of
OSS License Committee
• OSS strategy board as
the community leader
(with a few experts)
• Tim Bird, Frank Rowand and
few members (about 10)
• No dedicated
organization for OSS
Coordinator
(OSS Strategy Board)
External OSS
Community
Divisional Leader
Divisional Leader
External OSS
Community
Business Unit
Business UnitBusiness Unit
Business Unit
Professional
Advisory
(Legal/IPD/PR/QCD)
Sony original
External OSS
Community
Support from
corporate software
strategy committee
Divisional
OSS committee
Divisional Leader
Divisional Leader
Business Unit
Internal OSS Bazaar
As of April 2018
Translated by Fukuchi@Sony
10. OSS Compliance - Education / Awareness 10
Company Sony Wiki OK / NG
Presenter Hiroyuki Fukuchi Date 2018/6/5
Item • OSS training (9hours, 4times/year)
+ customized course for each development site(Worldwide) About 700 people
• OSS community training (Studying OSS community, OSS contribution HowTo)
• Freshman training
• E-learning (including non-engineer) About 2,000 people
Issue • Fostering next-gen. leaders
• Education to non-engineers, suppliers, subcontracting companies
• Open sourcing
Sample • Trainer lectures on OSS with belief and enthusiasm
• “Our company encourages employees to use OSS actively”
• “Many engineers want to build a good world through developing OSS”
• It is important to understand the background of each OSS license, and intention of developers
• It is important to understand the time of distributing OSS
• There are quizzes of use cases where non engineers are involved in OSS distribution. These quizzes make non
engineers aware of their responsibility
• Episodes related with a community experienced by the trainer give good impression to trainees
• By categorizing with few patterns, Sony’s examples of Open Sourcing are explained.
• Maintainers undertake trainers, who explain real activities in a community
11. CONFIDENTIAL11 ▇▇▇ Copyright 2017, 2018 Sony Corporation
Final product vendor
Inappropriate use of OSS
OSS Supply Chain Issue
Software
Supplier
Software
Supplier
Software
Supplier
Software
Supplier
Software
Supplier
Software
Supplier
Software
Supplier
Software
Supplier
Software
Supplier
Software
Supplier
Software
Supplier
Software
Supplier Software
Supplier
Can not comply OSS license requirement as the distributor of OSS
OSS Information
OSS Information
OSS Information
OSS Information
OSS Information
OSS (not using)
Information
OSS Information
OSS Information
OSS Information
12. CONFIDENTIAL12 ▇▇▇ The OpenChain project Japan work group / CC0-1.0
Part II
Collaboration between companies
Japan work group
13. 13 ▇▇▇ The OpenChain project Japan work group / CC0-1.0
About me
Hiroyuki Fukuchi
Open Source Promotion Sec.
Technology Alliance Dept.
Corporate Technology Strategy Div.
In charge of OSS compliance in Sony
A Member of OpenChain and Japan WG
Japanese translation volunteer
Works of Japanese Translation:
OpenChain Specification/Curriculum
SPDX specification 2.1
Handbook of Open Source Compliance
Blog written by Greg Kroah-Hartman
14. CONFIDENTIAL14 ▇▇▇ The OpenChain project Japan work group / CC0-1.0
Japan work group
・Meeting info.
・Sub group activity
・Case studies
・Japanese translation
Specification/Curriculum/onboarding
All member meeting
Wiki https://wiki.linuxfoundation.org/openchain/openchain-japanese-working-group
ML openchain-japan-wg@lists.linuxfoundation.org
Sub Group activity
・Education
・Making FAQ
・Leaflet to upper stream suppliers
・License info. exchange
・Tooling
GitHub https://github.com/OpenChain-Project/Onboarding-JWG
https://github.com/OpenChain-Project/Japan-WG-General
Slack openchain-japanwg.slack.com
15. CONFIDENTIAL15 ▇▇▇ The OpenChain project Japan work group / CC0-1.0
All member meeting of Japan WG
Venue: Tokyo
2017/Dec: Sony
Venue: Nagoya
2018/Jun: Toyota
Venue: Tokyo
2018/Feb: Hitachi
Venue: Tokyo
2018/Dec: Tuv Sud Japan
Venue: Osaka
2018/Nov: Panasonic
Venue: Kawasaki
2018/Aug: Fujitsu
Venue: Kawasaki
2018/Oct: Toshiba
Venue: Kobe
2018/Nov: DensoTen
Venue: Tokyo
2019/Feb: Mitsubishi Electric
Venue: Kobe
2019/Apr: DensoTen
Venue: Tokyo
2018/Jun: Sony
17. CONFIDENTIAL17 ▇▇▇ The OpenChain project Japan work group / CC0-1.0
14
22
34
75
90
97
108
8
13
18
37
40
42
48
0
20
40
60
80
100
120
2/6/2018 3/6/2018 4/6/2018 5/6/2018 6/6/2018 7/6/2018 8/6/2018 9/6/2018 10/6/2018 11/6/2018 12/6/2018 1/6/2019 2/6/2019
Japan WG ML registration
Person Entity
ML Subscribers
Person
Entity
18. CONFIDENTIAL18 ▇▇▇ The OpenChain project Japan work group / CC0-1.0
0
10
20
30
40
50
60
70
2017/Dec/27 2018/Feb/22 2018/Apr/19 2018/Jun/13 2018/Aug/31 2018/Oct/31 2018/Nov/20 2018/Dec/5 2019/Feb/28 2019/Apr/xx
Num. of attendees Num. of entities
Meeting Attendees
Ad hoc
第1回 第2回
第3回
第4回
第5回
第6回
第7回
第8回
19. CONFIDENTIAL19 ▇▇▇ The OpenChain project Japan work group / CC0-1.0
Lightning talk (sharing case study)
Short presentation (3 minutes within 1 page) by
attendees
“No document, only oral presentation” is acceptable
Condition of anonymity is acceptable
Wiki https://wiki.linuxfoundation.org/openchain/openchain-japanese-working-group
Documents are disclosed in Wiki
20. CONFIDENTIAL20 ▇▇▇ The OpenChain project Japan work group / CC0-1.0
Review
Report
Overview of OpenChain Specification
FOSS Policy
Review
Process
FOSS
Responsibility
FOSS
Liaison
Education
Development
Release
Process
Contribution
Policy
BoM
Process
1.1
1.
2
1.3
2.12.2
3.1
Management
Program
3.2
4.
1
5.1
Contribution
Process
5.2
Conformance
6.1, 6.2
Software ReleaseBoM
FOSS FOSS version
License
Report Package
Copyright
Obligation
Specification =
Policy, Organization and
Process
Customers receives
software and
license meta information
disclosur
e
Source code disclosure,
if needed
Why do we need
policy and process?
How can we implement
policy and process?
21. OSS Compliance –-Organization-- 21
Company Panasonic
Presente
r
Shinsuke Kato Date April 17th, 2018
Organization Dedicated organization / Virtual or community type / by each employee / Alone
(comment: No dedicated organization. Cross-function virtual group handles OSS license. Member
is formally assigned by Business Unit.
Number of
person in
charge
Over 100 / 99-21 / 10-20 / few / one / zero
(comment: Now the group concentrates on OSS license, and is starting to handle the technological
aspect of OSS.
Points of
activities
Legal and IP department are involved in the activity. Not only OSS but also software are treated.
The group gives advices and final decision is made by Business Unit. The group collects best
practices inside Panasonic and share them.
Issues How to involve abroad subsidiary companies. Organizational changes give impacts on OSS activity,
it may cause difficulty to maintain activity if a key person cannot continue to participate.
Budget.
Free
writing
Panasonic
Company A
・ Engineer (AAA)
・ Legal (BBB)
・ IP (CCC)
Company B
・ Engineer (DDD)
・ Legal (EEE)
・ IP (FFF)
HQ(office)
・ Engineer (XXX)
・ Legal (YYY)
・ IP (ZZZ)
Company C
・ Engineer(OOO)
・ Legal (PPP)
・ IP (QQQ)
・・・・・
Translated by Fukuchi@SonyCC-BY-ND-4.0
22. OSS Compliance –-Organization-- 22
Company Hitachi
Presente
r
Yuji Nomura Date April 18th, 2018
Organization Dedicated organization / Virtual or community type / by each employee / Alone
(comment: OSS solution center promotes OSS appropriate usage inside Hitachi group and
receives internal inquiries.
Number of
person in
charge
Over 100 / 99-21 / 10-20 / few / one / zero
(comment: OSS compliance team belongs to OSS solution center.
Points of
activities
OSS compliance team makes internal interpretation of OSS license with legal department.
Interpretation gives easy explanation(Usage, Obligation, Restriction) to engineers.
Issues Increase of OSS usage exceeds over internal interpretation.
Interpretation requires personal skills, so that it is difficult to increase OSS compliance team.
Free
writing
Activity of interpretation began in 2013.
Each business unit individually made its rules, process and infrastructure for OSS
OSS solution center was established in 2015.
The core member of OSS compliance moved from advanced unit.
OSS solution center is sharing the advanced activity(best practices) inside Hitachi group.
Hitachi would like to contribute its OSS process and best practices to OpenChain.
Translated by Fukuchi@SonyCC-BY-ND-4.0
23. OSS Compliance –-Organization-- 23
Company Fujitsu group
Presente
r
Yuki Machida Date April 18th, 2018
Organization Dedicated organization / Virtual or community type / by each employee / Alone
(comment:
Number of
person in
charge
Over 100 / 99-21 / 10-20 / few / one / zero
(comment:
activities Now we are trying registration of huge number of FOSS internal distribution(700 packages x 10
generations), so that automation of registration is needed.
Fujitsu group changed OSS license tool from Blackduck “Code Center” to FlexNet “Code Insight” in
April 2018.
We are trying some methods using SPDX, rpm, source code analysis tool etc., but it does now
work well to take matching between input and “Code Insight” database.
The method using SPDX is the most working, but even many packages cannot be registered.
e2fsprogs is registered as “Ext2 Filesystems Utilities”
lack of FOSS data base information
lack of web page information in SPDX
version information is not clearly written
We contributed patches to modify the web page URL in SPDX to Yocto project.
Translated by Fukuchi@SonyCC-BY-ND-4.0
24. OSS Compliance –-Organization-- 24
Company Toyota
Presente
r
Hiroki Takemi Date April 17th, 2018
Organization Dedicated organization / Virtual or community type / by each employee / Alone
(comment:
Number of
person in
charge
Over 100 / 99-21 / 10-20 / few / one / zero
(comment: as a member who works for OSS compliance in IP division)
Points of
activities
IP department leads activity. The committee for OSS was established.
Usage of OSS is increasing, so that we are promoting “OSS literacy” in Toyota.
Issues Activity and committee is voluntary.
We are trying to establish internal OSS organization over company.
Supply Chain.
Free
writing
Translated by Fukuchi@SonyCC-BY-ND-4.0
25. OSS Compliance –-Organization-- 25
Company Anonymous
Presente
r
Anonymous Date 2018/04/18
Organization Dedicated organization / Virtual or community type / by each employee / Alone
(reference:
Number of
person in
charge
Over 100 / 99-21 / 10-20 / few / one / zero
(reference:
Points of
activities
• Make the definition of the [management of the OSS use] on the Quality Management System.
By using the definition of the OSS management and compliance, we make a governance.
• For the software of our company, to use Protex and to report the concreate correspondence
should be. The dedicated organization maintains the all cases.
• All employee (except a clerk) should take a web-test about the OSS compliance and in-house
rules once a year. (The rate is 95%)
Issues • We don’t make a system like as an Open Source Program Office which includes the IP, Legal,
Corporate Planning members. The organization is very local. (Each Business Division can
decide to use OSS or not.)
Free
writing
* We would like to make the Open Source Program Office. But, we are not promoting the
establishment. it’s difficult. (what is the first activity, who is the first target to join, and so on.)
Translated by Kato@PanasonicCC0-1.0
26. CONFIDENTIAL26 ▇▇▇ The OpenChain project Japan work group / CC0-1.0
Why is Japan WG so active?
People who understand both OSS and real problems
Place where OpenChain provides Neutrality and Confidence
Leadership gathers people
Japan WG is driven in a community way.
30. CONFIDENTIAL30 ▇▇▇ The OpenChain project Japan work group / CC0-1.0
Tips for the lightning talk
Leadership and good atmosphere
We do NOT judge “Good” and “Bad”.
In order to collect important points, format is pre-defined.
We disclose the documents on Wiki.
We share each practice as a reference.
Practices give you good hints.
Leadership and good atmosphere
31. CONFIDENTIAL31 ▇▇▇ The OpenChain project Japan work group / CC0-1.0
Review
Report
Overview of OpenChain Specification
FOSS Policy
Review
Process
FOSS
Responsibility
FOSS
Liaison
Education
Development
Release
Process
Contribution
Policy
BoM
Process
1.1
1.2
1.3
2.12.2
3.1
Management
Program
3.2
4.1
5.1
Contribution
Process
5.2
Conformance
6.1, 6.2
Software ReleaseBoM
FOSS FOSS version
License
Report Package
Copyright
Obligation
Specification =
Policy, Organization and
Process
Customers receives
software and
license meta information
disclosur
e
Source code disclosure,
if needed
32. OSS Compliance –-Organization-- 32
Company Sony
Presente
r
Satoru Ueda Date April 17th, 2018
Organization Dedicated organization / Virtual or community type / by each employee / Alone
(comment:
Number of
person in
charge
Over 100 / 99-21 / 10-20 / few / one / zero
(comment:
Points of
activities
Internal community for OSS license.
Legal, IP department, Public Relation and QA are involved in the activity. Almost all business units
participate in community. Abroad development sites are covered by community.
Some business units have sub-community inside their units.
Issues Skill up of each member: Analogy of medical care model(skillful home doctors and university
hospital)
Supply chain issues.
Free
writing
Please refer to the next page
Translated by Fukuchi@SonyCC-BY-ND-4.0
33. OSS Compliance –-Organization-- 33
Company Hitachi Solution
Presente
r
Ayumu Watanabe Date April 18th, 2018
Organization Dedicated organization / Virtual or community type / by each employee / Alone
(comment: In fact, it is not dedicated to OSS compliance, but “Right Conservation” of IP department
has functionality of OSS compliance.
Number of
person in
charge
Over 100 / 99-21 / 10-20 / few / one / zero
(comment:
Points of
activities
There is the process to check OSS information in rule “Other company’s Right Conservation”.
OSS usage requires to receive approval from the organization.
Issues The approval process is complex for engineers to follow.
Free
writing
The approval process:
Business unit submits a request of OSS(OSS list, license list, use case) to the committee.
The committee(Legal, IP, Procurement) decides to approve or disapprove.
Business unit receives the result of decision. If approval, it starts to take OSS.
Translated by Fukuchi@SonyCC-BY-ND-4.0
34. OSS Compliance –-Organization-- 34
Company Anonymous
Presente
r
Anonymous Date 2018/04/18
Organization Dedicated organization / Virtual or community type / by each employee / Alone
(reference: start to make an organization.
Number of
person in
charge
Over 100 / 99-21 / 10-20 / few / one / zero
(reference: as a candidate working for the OSS compliance.
Points of
activities
The persons in charge have a good and high awareness.
The final decision is made by Business Unit.
Issues There are varies of the knowledge and system from each organization.
Need to maintain the organization and activity.
Difficult to manage each project because of the used software will be a lot (over 10,000)
Free
writing
Study about making a mechanism to manage the information of the OSS compliance and security.
- doing by OSS, need to maintain continuously, need to re-use, these are neccssary.
The materials of OpenChain is helpful for me.
Translated by Kato@PanasonicCC0-1.0
35. OSS Compliance –-Organization-- 35
Company Anonymous
Presente
r
Anonymous Date 2018/04/18
Organization Dedicated organization / Virtual or community type / by each employee / Alone
(reference: actually only one person.
Number of
person in
charge
Over 100 / 99-21 / 10-20 / few / one / zero
(reference: actually only one person.
Points of
activities
The consciousness is low. I’m struggling alone.
Issues How to promote OSS compliance to managements and over company
Free
writing
I would like to improve the awareness of the OSS compliance in the industry.
* increase members working for the OSS license and compliance
* need the education of the OSS license and compliance
- Translation : when proposing on the ML, after that, start to translate.
- Join in the event : when proposing at the 1st JWG meeting, after that, Hitachi did.
- propose : join in the OSC KYOTO
- propose : make MOOCS materials about the education curriculum
Translated by Kato@PanasonicCC0-1.0
36. OSS Compliance –-Organization-- 36
Company Anonymous
Presente
r
Anonymous Date 2018/04/19
Organization Dedicated organization / Virtual or community type / by each employee / Alone
(reference:
Number of
person in
charge
Over 100 / 99-21 / 10-20 / few / one / zero
(reference: The persons who worked for the OSS and OSS compliance in the past submit and prepare
their knowledge of the OSS licenses. We promoted by holding the in-house work shop or so.)
Points of
activities
• Not to use the OSS is the basic policy. (make a rule in the each case)
• The knowledge is documented. Anyone can access and read. (But, unknown whether it is utilized or
not)
• There is a original tools to check the incorporation of the OSS.
Issues • The OSS compliance is depend on the person or the developer. (not organize as a in-house rule).
• It’s depend on the case or the project. When not working for the OSS compliance support, the
consciousness will be low.)
• Can not take measures for the OSS compliance as a organization
• The utilization of the documents or tools is not progressing.
• Rather than in the past, the consciousness of the developers is low because of the less of the aware-
activities.
Free
writing
[want to know]
• The trend and the recent situation of the recent OSS compliance
• The security measures for the embedded software. (E.G. the security patch is applied or not.)
[Comment]
• We want the developers to have a good awareness of the OSS compliance by introducing theTranslated by Kato@PanasonicCC0-1.0
Editor's Notes
Hi everyone, nice to meet you.
I’m Norio Kobota from Sony Japan.
I was a network and security software engineer. And now, I’m belongs to Open Source Promotion Office (Section).
Today, I’d like to introduce our organization and activities about OSS.
Before introducing our activities about OSS, I’d like to introduce the presentation by Satoru Ueda Sony at the 2018 Embedded Linux Conf..
He told participants at the conference.
‘Who can help you to use OSS?’
---
私たちの取り組みを紹介する前に、弊社上田が2018年のeLinuxで発表した資料を紹介したいと思います。
彼はその講演で、こう問いかけました。
あなたの会社でOSSについてサポートしてくれる方は誰ですか、と。
He told that if you are supported by the “Cathedral” about OSS, it’s very lucky.
Why is that?
Nowadays, as engineers, we are developing very large-scale application and/or system.
And so many Open Source Software is included in it.
It’s very hard work to investigate the licenses and deal properly of all Open Source Software.
On the other hands, engineers who support them and legal staff make no profit.
So there are few companies that can maintain this ”Cathedral” model for OSS.
---
彼は、もしあなたが、カセドラルモデル、OSS専任のメンバーからサポートを受けられているのであれば、それはとても幸せなことだ、と話しました。
何故でしょうか?
私たちエンジニアが扱うソフトウェアの規模は日々拡大しています。また、そこで扱われるOSSの種類も規模も膨大になってきています。
一方で、商品となるソフトウェアを扱うエンジニアをサポートするエンジニア、リーガルスタッフ、その人たちは直接的な利益を創出しません。
つまり、カセドラルモデルで大規模にサポートできる体制を維持できる会社というのはそれほど多くは無いからですね。
Bazaar model, we adopt this in-house OSS community model.
---
さて、バザールモデル。私たちソニーはこの体制を取っています。
In-house bazaar model has the following features,
loose guidelines
many members help each other.(it’s based on the diversity.)
Each business unit who uses OSS has a responsibility of its compliance and so on.
---
バザールモデルを適用した社内コミュニティにおいては、
緩やかなガイドラインで運用されており、
そこにいる多くの人々が手厚い手助けをしてくれる
実際に利用する人々がOSSの適切な利用に対する責任を持つ
という特徴を持っています。
The actual action in Sony was shared at the OpenChain Japan Working Group.
And you can find it from OpenChain wiki.
---
実際に、どのような体制、対応を行っているかは、OpenChain Japan Working Groupで発表させていただきました。
OpenChainのwikiから参照可能となっています。
I’d like to introduce in details of Sony’s organization.
As shown in the figure, Our OSS License Committee consists of about 100 members including non-engneers such as legal and IP department.
And as a coordinator, about 10 people with OSS knowledge are advisors.
All members are not dedicated but volunteer.
We promote the use and the contribution of OSS in this structure.
I feel this works very well now.
---
Sonyの体制を説明させていただきます。
図に示されている通り、OSSライセンス委員会は各ビジネスユニット、法務、知財のメンバーを含んで、約100名で構成されています。
また、OSSコミュニティに知見のあるOSS Strategy Board、約10名をアドバイザーとして、適切なOSSの利用と、外部OSSコミュニティとの連携を行っています。
全てのメンバーはOSSを取り扱うための専任メンバーではなく、ボランティアベースの参加となっています。
We also introduced about our education programs at OpenChain Japan Working Group.
We have 1 day course to learn OSS, 4 times per a year. About 700 people have taken this course.
And we also have web based online courses and about 2,000 people have taken this.
These courses are aimed at learning OSS compliance and learning how to contribute.
So I feel that more and more people in Sony have knowledge about OSS.
But recently, as shown in the red comment, it’s very important to consider about the OSS supply chain targeted by OpenChain.
---
また、同じくOpen Chain Japan Working Groupで発表させていただきましたが、各種教育プログラムも開催しています。
開発者向けの詳細なOSS講座は、年に4回、9時間コースを開催しており、現在までで約700名が受講。
Web Video Streamingなどによるオンライン講座は約2000名が受講を終えています。
同時に、新人研修やOSSコミュニティへのコントリビューションのHowTo講座なども開催しています。
しかしながら、Issueにあるように、最近は社内だけを教育するだけでは正しくOSSを取り扱うことが出来ず、まさにOpen Chainが目的としている、企業間でどのようにOSSを適切に扱っていくか、が大切になってきています。
私は、エンジニアとしてOpen Chainに参加し、エンジニアが適切に、またいかに簡単にそれら開発以外の様々な作業を行えるようにするか、考えていきたいと思っています。
For example, as shown in this figure, a final product consists of so many OSS from many suppliers.
If one of them did not use OSS properly, the final product vendor did not comply OSS license without realizing.
Even if the final product vendor notice it, it is very difficult to solve it.
So I’d like to solve this issue by participating in and working with OpenChain.
This is all for my part and I’d like to hand over Fukuchi-san.
Thank you so much for your kind attention.