Loading…
November 16-17, 2017 - Yokohama, Japan
Click Here For Information and Invitation to Register
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, November 15
 

10:00

Full-Day Course: FOSSology - Hands On Training - Michael Jaeger, FOSSology.org / Siemens AG, Kate Stewart, The Linux Foundation
* This training course requires $99.00 participation fee *

FOSSology is an open source license compliance software system and toolkit. As a toolkit, you can run automated license, copyright and export control scans from the command line. As a system, a Web interface provides you with a compliance workflow. License, copyright and export control scanners are tools used in the workflow. Analyzing open source license compliance requires expert knowledge. Consequently, the use of the tool requires understanding of license analysis problems and how they are covered by FOSSology.

The following elements are provided: 1) Challenges in real world examples at license analysis 2) Learning how to cope with license proliferation and custom license texts Efficiently managing large open source components with heterogeneous licensing 3) Saving work with reusing license conclusions of open source packages when analyzing.
4) News in the past year of FOSSology.

This is a Paid ($99) Training Course. You can sign up to this course from the Open Compliance Summit Registration menu. (You "add on" this course during your registration process)

Speakers
MC

Michael C. Jaeger

Maintainer at FOSSology and SW360, Siemens AG
Michael C. Jaeger is one of the maintainers for Linux Foundation's FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. | | At Siemens Corporate Technology in Munich, Germany, Michael... Read More →
avatar for Kate Stewart

Kate Stewart

Sr. Director of Strategic Programs, The Linux Foundation
Kate Stewart is a Senior Director of Strategic Programs, responsible for the Open Compliance programs encompassing the SPDX, FOSSology, OpenChain, and other compliance related projects. Kate was one of the founders of SPDX, and is currently the specification lead. Since joining... Read More →


Wednesday November 15, 2017 10:00 - 17:00
TBA
 
Thursday, November 16
 

09:00

Registration
Thursday November 16, 2017 09:00 - 09:30
TBA

09:30

A Curtain-Raiser - Noriaki Fukuyasu, The Linux Foundation
Speakers
avatar for Noriaki Fukuyasu

Noriaki Fukuyasu

VP of Japan Operations, The Linux Foundation
Noriaki is the Vice President of Japan Operations for The Linux Foundation. Prior to joining The Linux Foundation, he led the international business for a leading Japanese Linux distributor, Turbolinux, Inc., as Director of International Business. He also served as the CEO of Zend... Read More →


Thursday November 16, 2017 09:30 - 09:40
TBA

09:40

Open Source Business & Open Compliance Program Update - Jim Zemlin & Mike Dolan, The Linux Foundation
Speakers
avatar for Michael Dolan

Michael Dolan

VP of Strategic Programs, The Linux Foundation
Michael Dolan is VP of Strategic Programs supporting open source projects and legal programs at The Linux Foundation. He has set up and launched dozens of open source and open standards projects covering technology segments including networking, virtualization, cloud, blockchain... Read More →
avatar for Jim Zemlin

Jim Zemlin

The Linux Foundation
Jim’s career spans three of the largest technology trends to rise over the last decade: mobile computing, cloud computing and open source software. Today, as executive director of The Linux Foundation, he uses this experience to accelerate innovation in technology through the use... Read More →


Thursday November 16, 2017 09:40 - 10:20
TBA

10:20

GPL: The Best Business License for Corporate Code - James Bottomley, IBM Research
Permissive licences have been gaining popularity for a while now. However, when looked at holistically it can be shown that the quid-pro-quo element of GPL fosters better collaboration amongs both individual and corporate contributors, facilitates better governance and provides a fairer patent licensing regime than any permissive
licence, thus making GPL the most business friendly open source licence available.

This talk will begin with a review of what corporations seek to get out of open source (namely a shared contribution to a platform or universal adoption of a standard) why equity of participation is essential to this and follow with a detailed comparison of how GPL achieves this vs Apache-2.0. We will also touch on ideal governance an how the compliance requirements of GPL enforce this; how patent licensing equity is achieved and end with tips for promoting the GPL.

Speakers
avatar for James Bottomley

James Bottomley

Distinguished Engineer, IBM
James Bottomley is a Distinguished Engineer at IBM Research where he works on Cloud and Container technology. He is also Linux Kernel maintainer of the SCSI subsystem. He has been a Director on the Board | of the Linux Foundation and Chair of its Technical Advisory Board. He went... Read More →


Thursday November 16, 2017 10:20 - 11:00
TBA

11:00

Coffee Break
Thursday November 16, 2017 11:00 - 11:10
TBA

11:10

Case Study: License Scanning at The Linux Foundation - Steve Winslow & Kate Stewart, The Linux Foundation
In the Linux Foundation, one of the services we provide to our members is performing and sharing licensing and copyright analyses for several of our hosted projects. This information is shared with the projects’ communities to use as a basis for their compliance activities. In this talk we will discuss the methods and tools we use for detecting and analyzing license information. We will then review examples of detected licenses from several Linux Foundation projects’ codebases.

Speakers
avatar for Kate Stewart

Kate Stewart

Sr. Director of Strategic Programs, The Linux Foundation
Kate Stewart is a Senior Director of Strategic Programs, responsible for the Open Compliance programs encompassing the SPDX, FOSSology, OpenChain, and other compliance related projects. Kate was one of the founders of SPDX, and is currently the specification lead. Since joining... Read More →
avatar for Steve Winslow

Steve Winslow

Director of Strategic Programs, The Linux Foundation
Steve Winslow is Director of Strategic Programs at The Linux Foundation. He runs The Linux Foundation’s license scanning and analysis service, advising projects about licenses identified in their source code and dependencies. Steve is also involved with projects including SPDX... Read More →


Thursday November 16, 2017 11:10 - 11:50
TBA

11:50

REUSE: Developer Best Practices for Licensing Expression in Free and Open Source Software Projects - Polina Malaja, Free Software Foundation Europe
The Free Software Foundation Europe (FSFE) has published the guide to machine readable expressions for copyright and licensing information. The guide entails best practices that are meant to demonstrate how to add copyright and license information to a FOSS project in ways which allow for more automation. Polina Malaja will explain which few simple steps to take to make the copyright and licence of the project more easily understood both by humans and machines, and why these are important for FOSS compliance.

Speakers
PM

Polina Malaja

Legal coordinator, Free Software Foundation Europe
Polina Malaja is the Policy Analyst and the Legal Coordinator at the Free Software Foundation Europe (FSFE). Holding LL.M in International Human Rights Law and Intellectual Property Rights Law, she is deeply interested in interactions between fundamental rights and freedoms and technology... Read More →


Thursday November 16, 2017 11:50 - 12:30
TBA

12:30

Lunch
Thursday November 16, 2017 12:30 - 14:00
TBA

14:00

Requirements and State of the Art of Open Source License Compliance Tooling - Mirko Boehm, Open Invention Network
Ensuring Open Source license compliance should be simple. After all, participants in Open Source processes intent to share their creations freely and trust that others do the same. Reality however is not so simple. Software changes quickly, supply chains are messy, and product dependencies are complex. Even without ignorance or malignancy at play, consistently fulfilling all Open Source license requirements is difficult. Surprisingly, no Open Source tools have yet emerged as de-facto standards for managing Open Source license compliance across the supply chain. The presentation reviews what is required of compliance tooling needs to fill this gap, and how existing tooling measures up against that. It aims at encouraging the development of Open Source license compliance tooling that has the potential to become a de-facto standard. Let us make Open Source license compliance simple again!

Speakers
MB

Mirko Boehm

CEO, Endocode AG
Mirko Boehm is a Free Software and Open Source contributor, primarily as a software developer and speaker. He is the founder of the Quartermaster project, and has been a contributor to major Open Source projects including the KDE Desktop since 1997, including several years on the... Read More →


Thursday November 16, 2017 14:00 - 14:40
TBA

14:40

Open Source Due Diligence in M&A Transactions - Ibrahim Haddad, Samsung & Oskar Swirtun, FOSSID AB
Speakers
avatar for Ibrahim Haddad

Ibrahim Haddad

Vice President of R&D, Samsung Electronics
Ibrahim Haddad (Ph.D.) is Vice President of R&D and the Head of the Open Source Group at Samsung Research America. He is responsible for overseeing Samsung's open source strategy and execution, internal and external R&D collaborations, supporting M&A activities, and representing Samsung... Read More →
OS

Oskar Switrun

CEO, FOSSID AB
Oskar Swirtun is the Founder and CEO of FOSSID AB, a company offering the most innovative and effective open source compliance solution on the market today. Oskar has worked extensively with open source software since 2001, when he introduced Linux and wrote the directive for use and contributions to open source at Ericsson. Since then he has held several leadership positions, focusing on open source software as a business strategy... Read More →


Thursday November 16, 2017 14:40 - 15:20
TBA

15:20

Partnering for a Good Compliance Program - Nithya Ruff, Comcast
Creating a sound compliance program is the best way companies can show respect for open source licenses. A successful compliance program requires partnership between legal, the business, engineering and external organizations like OCI, OpenChain. Each of these groups has different needs and perspectives and these need to be balanced to achieve a successful program I will share a case study of how we setup the compliance program inside Comcast that respects and balances need for innovation with need for compliance. Our industry is fast moving but full of challenges and needs a lightweight but complete compliance program.

Speakers
avatar for Nithya Ruff

Nithya Ruff

Sr. Director, Open Source Practice, Comcast
Nithya A. Ruff is the Senior Director for Comcast’s Open Source Practice. She is responsible for growing Open Source culture inside of Comcast and engagement with external communities. Prior to this, she started and grew the Western Digital’s Open Source Strategy Office. She first... Read More →


Thursday November 16, 2017 15:20 - 16:00
TBA

16:00

Coffee Break
Thursday November 16, 2017 16:00 - 16:30
TBA

16:30

The rise of the copyright troll - Armijn Hemel, Owner of Tjaldur Software Governance Solutions
Abstract: In the last few years there have been a few instances of open source developers using their copyrights for frivolous legal action against companies (see for example https://lwn.net/Articles/721458/ ). In this talk I will dive into the backgrounds of recent enforcement cases and discuss solutions to these and possible future threats.

Speakers
AH

Armijn Hemel

Owner, Tjaldur Software Governance Solutions
Armijn Hemel, MSc, is the owner of Tjaldur Software Governance Solutions in the Netherlands. He is an expert in the field of compliance engineering and supply chain management for compliance, having written the Binary Analysis Tool (BAT) and co-develop the OSADL license compliance... Read More →


Thursday November 16, 2017 16:30 - 17:10
TBA

17:10

Toyota’s Activities for OSS Compliance - Masato Endo, Toyota Motor Corporation
The automotive industry has seen increased adoption of open source in recent years. Also, the adoption of OSS will expand throughout the Toyota.

Especially, we’re promoting Automotive Grade Linux (AGL) project as a platinum member. We rolled out the first AGL-based infotainment system on the 2018 Toyota Camry in the U.S.
And, we’re also promoting some activities to decrease IP risks of OSS such as patent risks and copyright risks.

We’d like to share our activities for OSS compliance with open source community such as Open Invention Network and OpenChain Project.

Speakers
ME

Masato Endo

Project Manager, Connected Vehicle Group, Intellectual Property Division, Toyota Motor Corporation
Masato Endo is Project Manager of the Connected Car Technology-related IP group in the Toyota IP Division. He is engaged in the planning and implementation of the IP strategy for the Toyota Connected Company. He focuses mainly on building the OSS governance structure within Toyota... Read More →


Thursday November 16, 2017 17:10 - 17:50
TBA

18:30

Evening Event (Location To Be Announced)
Thursday November 16, 2017 18:30 - 20:00
TBA
 
Friday, November 17
 

09:00

Registration
Friday November 17, 2017 09:00 - 09:30
TBA

09:30

Ensuring the Long-Term Sustainability of Technology Infrastructure through Reproducible Builds - Chris Lamb
Can you imagine pushing a code update to a "smart" lightbulb without knowing what has been changed? How about a vehicle's brakes? What about a nuclear reactor…?

The motivation behind "reproducible" builds is to ensure that no malicious flaws have been injected during the build processes. They prevent machine compromise, blackmail and compliance mistakes by ensuring identical binaries are always generated from a given source. However, reproducible builds will become essential to ensure the long-term sustainability of the technology underpinning our civilisation.

This is not only through reducing deployment risk but in an age increasingly concerned with compliance and licensing issues, reproducible builds also provide a means to transparently audit the actual powering our technology products and infrastructure. This talk explains how and why this is a vital and long-overdue topic.

Friday November 17, 2017 09:30 - 10:10
TBA

10:10

Implementing and Managing an Open Source Compliance Program - Ibrahim Haddad, Samsung
Speakers
avatar for Ibrahim Haddad

Ibrahim Haddad

Vice President of R&D, Samsung Electronics
Ibrahim Haddad (Ph.D.) is Vice President of R&D and the Head of the Open Source Group at Samsung Research America. He is responsible for overseeing Samsung's open source strategy and execution, internal and external R&D collaborations, supporting M&A activities, and representing Samsung... Read More →


Friday November 17, 2017 10:10 - 10:50
TBA

10:50

How to Manage FOSS Compliance Information in an Ecosystem - Maohui Lei, Fujitsu
How to manage FOSS compliance information in an ecosystem (Lei Maohui, Fujitsu) - If you are interested in FOSS Licensing or Compliance Program, this presentation will be helpful. A specification named SPDX can make it easy to manage FOSS licensing compliance. This presentation will show how to manage SPDX files and source archives for Yocto Project users. With SPDX files, it is easier to make your working compliance under OpenChain that help you avoid compliance pitfalls. But the old Yocto+SPDX isn't in full compliance with SPDX specification. We have been maintaining a new layer called meta-spdxscanner to make spdx module more friendly; in addition, these created SPDX files can also be managed by dnf just like source packages.

Speakers
ML

Maohui Lei

Developer, Fujitsu
Maohui Lei joined the Fujitsu Corporation in 2011. Her main job is developing an In-House Distro for Embedded Ecosystems which is based on Yocto project and LTSI Kernel.


Friday November 17, 2017 10:50 - 11:30
TBA

11:30

Lunch
Friday November 17, 2017 11:30 - 13:00
TBA

13:00

OSS Compliance Management at Hitachi - Software Component Management Database - Nobuo Imada, Hitachi, Ltd.
In last year’s presentation at the Open Compliance Summit, Hitachi gave an overview of its activities and efforts for OSS compliance management. This year, Hitachi would like to focus on its Software Component Management Database. This database is used to manage software component bill of materials, license files attached to OSS packages, license information and interpretations, project information and so on, making it easy for Hitachi to conform to some of the requirements of OpenChain specification. Hitachi joined OpenChain project as a Platinum Member in September 2017. Hitachi believes that Hitachi can contribute to the development and adoption of OpenChain with its expertise and knowledge of OSS compliance management.

Speakers
NI

Nobuo Imada

Engineer, Hitachi, Ltd.
Nobuo Imada is an engineer, OSS Solution Center, Hitachi, Ltd. | He has been involved in research and development of optical system for optical disk systems, design and engineering of optical fiber transmission systems, system engineering for cellular phone base stations, network... Read More →


Friday November 17, 2017 13:00 - 13:40
TBA

13:40

Giving Everyone Access To Open Source Best Practices: The OpenChain Specification and Curriculum - Shane Coughlan, OpenChain Project
This talk will explain how the OpenChain Specification and Curriculum were created. It will explore how these materials help every company in the global supply chain comply with open source licenses in a standard manner and why this saves resources. It will show how the Specification provides a framework for compliance and the Curriculum provides the foundation for applying best practices. It will demonstrate the Specification requirements and the Curriculum compliance training in enough detail to help any company begin their process of adoption. It will provide an explanation of how to engage with the Specification and the Curriculum moving forward and what can be expected around open source supply chain management in the coming year.

Speakers
avatar for Shane Coughlan

Shane Coughlan

Program Manager, OpenChain Project
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional... Read More →


Friday November 17, 2017 13:40 - 14:20
TBA

14:20

Coffee Break
Friday November 17, 2017 14:20 - 14:30
TBA

14:30

SPDX Update - Kate Stewart, The Linux Foundation
Speakers
avatar for Kate Stewart

Kate Stewart

Sr. Director of Strategic Programs, The Linux Foundation
Kate Stewart is a Senior Director of Strategic Programs, responsible for the Open Compliance programs encompassing the SPDX, FOSSology, OpenChain, and other compliance related projects. Kate was one of the founders of SPDX, and is currently the specification lead. Since joining... Read More →


Friday November 17, 2017 14:30 - 15:10
TBA

15:10

Utilizing the Blockchain to Establish Trust with the Open Source Used Across a Supply Chain - Mark Gisi, Wind River
The SPDX and OpenChain projects provide two critical pieces for solving the supply chain open source compliance puzzle. SPDX reduces the cost and friction around the collection and exchange of critical open source compliance information. OpenChain provides the means by which to establish trust of a specific supplier’s creation of open source compliance artifacts (source code, notices, SPDX data, …) for the their software offering. The missing puzzle piece is a way to manage accountability and providence tracking of the collection of compliance artifacts of manufactured products as they take form passing through the supply chain from conception to end user. We discuss how the Linux Foundation’s Hyperledger project is being used create a “Software Parts Ledger” to solve the puzzle and how the SPDX and OpenChain projects are highly complementary to that solution.

Speakers
MG

Mark Gisi

Director, Open Source, Wind River
Mark Gisi, Directory of Intellectual Property and Open Source at Wind River Systems, has been responsible for managing Open Source policies, processes and programs for the past 12 years. Mark is a key contributor to the Linux Foundation’s SPDX and OpenChain projects and founder... Read More →


Friday November 17, 2017 15:10 - 15:50
TBA

15:50

Coffee Break
Friday November 17, 2017 15:50 - 16:00
TBA

16:00

FOSSology - New Features for License Compliance in HD - Michael Jaeger, FOSSology.org / Siemens AG
FOSSology is an industry standard tool for the end-to-end analysis of software components in a single Web server application. It lets organizations scan source code for: a) License information, b) Copyright notices, c) Export control relevant statements. It makes software analysis more efficient by offering high precision, greatly reducing overhead costs. FOSSology lets users generate compliance documentation according to the organization's needs, in a variety of data formats, emphasizing SPDX tag-value and RDF documents.

FOSSology is Open Source Software licensed under GPL-2.0 and a Linux Foundation collaboration project. In the past year, FOSSology has improved in many areas such as reporting, license management and data exchange capabilities. This talk provides and update about new use cases and targets existing users as well as new persons to FOSSology.

Speakers
MC

Michael C. Jaeger

Maintainer at FOSSology and SW360, Siemens AG
Michael C. Jaeger is one of the maintainers for Linux Foundation's FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. | | At Siemens Corporate Technology in Munich, Germany, Michael... Read More →


Friday November 17, 2017 16:00 - 16:40
TBA

16:40

Open Source with Open Source: Component Management with SW360 - Johannes Kristan, Bosch, Michael Jaeger, Siemens,
We have introduced the Eclipse SW360 a component management hub that allows organizations to manage Open Source, commercial as well as custom components throughout the entire life cycle. Using SW360 as a one-stop shop for component information, organizations can track the components used in projects or products to: *manage compliance *assess security vulnerabilities *manage Bill of Materials As an EPL-1.0 licensed Open Source project (https://www.github.com/sw360), it is highly customizable, letting organizations keep their confidential product development data on premises, and prevents them from becoming dependent on a single vendor. This presentation not only introduces features but also provides a walk through the application to demonstrate capabilities and use cases of SW360. SW360 is designed to work with FOSSology, another license compliance related open source project.

Speakers
MC

Michael C. Jaeger

Maintainer at FOSSology and SW360, Siemens AG
Michael C. Jaeger is one of the maintainers for Linux Foundation's FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. | | At Siemens Corporate Technology in Munich, Germany, Michael... Read More →


Friday November 17, 2017 16:40 - 17:20
TBA

17:20

Closing Remarks
Friday November 17, 2017 17:20 - 17:30
TBA