Open Compliance Summit 2017: Full Schedule

November 16-17, 2017 - Yokohama, Japan
Click Here For Information and Invitation to Register

10:00 JST

Full-Day Course: FOSSology - Hands On Training - Michael Jaeger, FOSSology.org / Siemens AG, Kate Stewart, The Linux Foundation

* This training course requires $99.00 participation fee *

FOSSology is an open source license compliance software system and toolkit. As a toolkit, you can run automated license, copyright and export control scans from the command line. As a system, a Web interface provides you with a compliance workflow. License, copyright and export control scanners are tools used in the workflow. Analyzing open source license compliance requires expert knowledge. Consequently, the use of the tool requires understanding of license analysis problems and how they are covered by FOSSology.

The following elements are provided: 1) Challenges in real world examples at license analysis 2) Learning how to cope with license proliferation and custom license texts Efficiently managing large open source components with heterogeneous licensing 3) Saving work with reusing license conclusions of open source packages when analyzing.
4) News in the past year of FOSSology.

This is a Paid ($99) Training Course. You can sign up to this course from the Open Compliance Summit Registration menu. (You "add on" this course during your registration process)

Speakers

Michael C. Jaeger

Project Lead, Siemens AG

Michael C. Jaeger is one of the maintainers for Linux Foundation\\'s FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. At Siemens Corporate Technology in Munich, Germany, Michael... Read More →

Kate Stewart

Senior Director of Strategic Programs, Linux Foundation

Kate Stewart is a Senior Director of Strategic Programs, responsible for Embedded and Open Compliance programs. Since joining The Linux Foundation, she has launched Real-Time Linux, Zephyr Project, CHAOSS, and ELISA.

Wednesday November 15, 2017 10:00 - 17:00 JST
TBA

Training, Intermediate

09:00 JST

Registration

Thursday November 16, 2017 09:00 - 09:30 JST
TBA

Break

09:30 JST

A Curtain-Raiser - Noriaki Fukuyasu, The Linux Foundation

Speakers

Noriaki Fukuyasu

VP of Japan Operations, The Linux Foundation

Noriaki is the Vice President of Japan Operations for The Linux Foundation. Prior to joining The Linux Foundation, he led the international business for a leading Japanese Linux distributor, Turbolinux, Inc., as Director of International Business. He also served as the CEO of Zend... Read More →

Thursday November 16, 2017 09:30 - 09:40 JST
TBA

Conference Session

09:40 JST

Open Source Business & Open Compliance Program Update - Jim Zemlin & Mike Dolan, The Linux Foundation

Speakers

Mike Dolan

Senior Vice President & General Manager of Projects, The Linux Foundation

Michael Dolan is SVP and GM of Projects at the Linux Foundation supporting open source projects and legal programs He has set up and launched hundreds of open source and open standards projects covering technology segments including networking, virtualization, cloud, blockchain, Internet... Read More →

Jim Zemlin

The Linux Foundation

Jim’s career spans three of the largest technology trends to rise over the last decade: mobile computing, cloud computing and open source software. Today, as executive director of The Linux Foundation, he uses this experience to accelerate innovation in technology through the use... Read More →

Thursday November 16, 2017 09:40 - 10:20 JST
TBA

Conference Session

10:20 JST

GPL: The Best Business License for Corporate Code - James Bottomley, IBM Research

Permissive licences have been gaining popularity for a while now. However, when looked at holistically it can be shown that the quid-pro-quo element of GPL fosters better collaboration amongs both individual and corporate contributors, facilitates better governance and provides a fairer patent licensing regime than any permissive
licence, thus making GPL the most business friendly open source licence available.

This talk will begin with a review of what corporations seek to get out of open source (namely a shared contribution to a platform or universal adoption of a standard) why equity of participation is essential to this and follow with a detailed comparison of how GPL achieves this vs Apache-2.0. We will also touch on ideal governance an how the compliance requirements of GPL enforce this; how patent licensing equity is achieved and end with tips for promoting the GPL.

Speakers

James Bottomley

Distinguished Engineer, IBM

James Bottomley is a Distinguished Engineer at IBM Research where he works on Cloud and Container technology. He is also Linux Kernel maintainer of the SCSI subsystem. He has been a Director on the Board of the Linux Foundation and Chair of its Technical Advisory Board. He went to... Read More →

Thursday November 16, 2017 10:20 - 11:00 JST
TBA

Conference Session, Intermediate

11:00 JST

Coffee Break

Thursday November 16, 2017 11:00 - 11:10 JST
TBA

Break

11:10 JST

Case Study: License Scanning at The Linux Foundation - Steve Winslow & Kate Stewart, The Linux Foundation

In the Linux Foundation, one of the services we provide to our members is performing and sharing licensing and copyright analyses for several of our hosted projects. This information is shared with the projects’ communities to use as a basis for their compliance activities. In this talk we will discuss the methods and tools we use for detecting and analyzing license information. We will then review examples of detected licenses from several Linux Foundation projects’ codebases.

Speakers

Kate Stewart

Senior Director of Strategic Programs, Linux Foundation

Steve Winslow

VP of Compliance & Legal, The Linux Foundation

Steve Winslow is Vice President of Compliance and Legal at The Linux Foundation. He runs The Linux Foundation’s license scanning and analysis support program, advising projects about licenses identified in their source code and dependencies. Steve is also involved with projects... Read More →

Thursday November 16, 2017 11:10 - 11:50 JST
TBA

Conference Session

11:50 JST

REUSE: Developer Best Practices for Licensing Expression in Free and Open Source Software Projects - Polina Malaja, Free Software Foundation Europe

The Free Software Foundation Europe (FSFE) has published the guide to machine readable expressions for copyright and licensing information. The guide entails best practices that are meant to demonstrate how to add copyright and license information to a FOSS project in ways which allow for more automation. Polina Malaja will explain which few simple steps to take to make the copyright and licence of the project more easily understood both by humans and machines, and why these are important for FOSS compliance.

Speakers

Polina Malaja

Legal coordinator, Free Software Foundation Europe

Polina Malaja is the Policy Analyst and the Legal Coordinator at the Free Software Foundation Europe (FSFE). Holding LL.M in International Human Rights Law and Intellectual Property Rights Law, she is deeply interested in interactions between fundamental rights and freedoms and technology... Read More →

Thursday November 16, 2017 11:50 - 12:30 JST
TBA

Conference Session, Beginner

12:30 JST

Lunch

Thursday November 16, 2017 12:30 - 14:00 JST
TBA

Break

14:00 JST

Requirements and State of the Art of Open Source License Compliance Tooling - Mirko Boehm, Open Invention Network

Ensuring Open Source license compliance should be simple. After all, participants in Open Source processes intent to share their creations freely and trust that others do the same. Reality however is not so simple. Software changes quickly, supply chains are messy, and product dependencies are complex. Even without ignorance or malignancy at play, consistently fulfilling all Open Source license requirements is difficult. Surprisingly, no Open Source tools have yet emerged as de-facto standards for managing Open Source license compliance across the supply chain. The presentation reviews what is required of compliance tooling needs to fill this gap, and how existing tooling measures up against that. It aims at encouraging the development of Open Source license compliance tooling that has the potential to become a de-facto standard. Let us make Open Source license compliance simple again!

Speakers

Mirko Boehm

CEO, Open Invention Network

Mirko Boehm is a Free Software and Open Source contributor, primarily as a software developer and speaker. He is the founder of the Quartermaster project, and has been a contributor to major Open Source projects including the KDE Desktop since 1997, including several years on the... Read More →

Thursday November 16, 2017 14:00 - 14:40 JST
TBA

Conference Session, Intermediate

14:40 JST

Open Source Due Diligence in M&A Transactions - Ibrahim Haddad, Samsung & Oskar Swirtun, FOSSID AB

Speakers

Ibrahim Haddad

Samsung Electronics, Samsung

Ibrahim Haddad (Ph.D.) is Vice President of R&D and the Head of the Open Source Group at Samsung Research America. He is responsible for overseeing Samsung's open source strategy and execution, internal and external R&D collaborations, supporting M&A activities, and representing Samsung... Read More →

Oskar Swirtun

CEO, FOSSID AB

Oskar Swirtun is the Founder and CEO of FOSSID AB, a company offering the most innovative and effective open source compliance solution on the market today. Oskar has worked extensively with open source software since 2001, when he introduced Linux and wrote the directive for use... Read More →

Thursday November 16, 2017 14:40 - 15:20 JST
TBA

Conference Session

15:20 JST

Partnering for a Good Compliance Program - Nithya Ruff, Comcast

Creating a sound compliance program is the best way companies can show respect for open source licenses. A successful compliance program requires partnership between legal, the business, engineering and external organizations like OCI, OpenChain. Each of these groups has different needs and perspectives and these need to be balanced to achieve a successful program I will share a case study of how we setup the compliance program inside Comcast that respects and balances need for innovation with need for compliance. Our industry is fast moving but full of challenges and needs a lightweight but complete compliance program.

Speakers

Nithya Ruff

Head, Amazon OSPO, Amazon

Nithya Ruff is the Head of Amazon’s Open Source Program Office. Open Source has proven to be one of the world’s most prolific enablers of innovation and collaboration and Amazon’s customers increasingly value open source innovation and the and cloud’s role in helping them... Read More →

Thursday November 16, 2017 15:20 - 16:00 JST
TBA

Conference Session, Intermediate

16:00 JST

Coffee Break

Thursday November 16, 2017 16:00 - 16:30 JST
TBA

Break

16:30 JST

The rise of the copyright troll - Armijn Hemel, Owner of Tjaldur Software Governance Solutions

Abstract: In the last few years there have been a few instances of open source developers using their copyrights for frivolous legal action against companies (see for example https://lwn.net/Articles/721458/ ). In this talk I will dive into the backgrounds of recent enforcement cases and discuss solutions to these and possible future threats.

Speakers

Armijn Hemel

General Manager, Tjaldur Software Governance Solutions

Armijn Hemel, MSc is the general manager/owner at Tjaldur Software Governance Solutions and an internationally recognized expert on GPL license enforcement and GPL license compliance.

Thursday November 16, 2017 16:30 - 17:10 JST
TBA

Conference Session

17:10 JST

Toyota’s Activities for OSS Compliance - Masato Endo, Toyota Motor Corporation

The automotive industry has seen increased adoption of open source in recent years. Also, the adoption of OSS will expand throughout the Toyota.

Especially, we’re promoting Automotive Grade Linux (AGL) project as a platinum member. We rolled out the first AGL-based infotainment system on the 2018 Toyota Camry in the U.S.
And, we’re also promoting some activities to decrease IP risks of OSS such as patent risks and copyright risks.

We’d like to share our activities for OSS compliance with open source community such as Open Invention Network and OpenChain Project.

Speakers

Masato Endo

Group Manager, Toyota Motor Corporation

Masato Endo is the Group Manager of Driver Monitoring Group, Value Chain Service and Technology Development, Technical Project Field of Advanced R&D and Engineering Company in TOYOTA. He focuses also on building the OSS governance structure within Toyota and developing relationships... Read More →

Thursday November 16, 2017 17:10 - 17:50 JST
TBA

Conference Session, Beginner

18:30 JST

Evening Event (Location To Be Announced)

Thursday November 16, 2017 18:30 - 20:00 JST
TBA

Evening Event

09:00 JST

Registration

Friday November 17, 2017 09:00 - 09:30 JST
TBA

Break

09:30 JST

Ensuring the Long-Term Sustainability of Technology Infrastructure through Reproducible Builds - Chris Lamb

Can you imagine pushing a code update to a "smart" lightbulb without knowing what has been changed? How about a vehicle's brakes? What about a nuclear reactor…?

The motivation behind "reproducible" builds is to ensure that no malicious flaws have been injected during the build processes. They prevent machine compromise, blackmail and compliance mistakes by ensuring identical binaries are always generated from a given source. However, reproducible builds will become essential to ensure the long-term sustainability of the technology underpinning our civilisation.

This is not only through reducing deployment risk but in an age increasingly concerned with compliance and licensing issues, reproducible builds also provide a means to transparently audit the actual powering our technology products and infrastructure. This talk explains how and why this is a vital and long-overdue topic.

Friday November 17, 2017 09:30 - 10:10 JST
TBA

Conference Session, Intermediate

10:10 JST

Implementing and Managing an Open Source Compliance Program - Ibrahim Haddad, Samsung

Speakers

Ibrahim Haddad

Samsung Electronics, Samsung

Friday November 17, 2017 10:10 - 10:50 JST
TBA

Conference Session

10:50 JST

How to Manage FOSS Compliance Information in an Ecosystem - Maohui Lei, Fujitsu

How to manage FOSS compliance information in an ecosystem (Lei Maohui, Fujitsu) - If you are interested in FOSS Licensing or Compliance Program, this presentation will be helpful. A specification named SPDX can make it easy to manage FOSS licensing compliance. This presentation will show how to manage SPDX files and source archives for Yocto Project users. With SPDX files, it is easier to make your working compliance under OpenChain that help you avoid compliance pitfalls. But the old Yocto+SPDX isn't in full compliance with SPDX specification. We have been maintaining a new layer called meta-spdxscanner to make spdx module more friendly; in addition, these created SPDX files can also be managed by dnf just like source packages.

Speakers

Lei Maohui

IT Engineer, Fujitsu

Lei Maohui joined the Fujitsu Corporation in 2010. Her main job is developing an In-House Distro for Embedded Ecosystems which is based on Yocto project. Now she is the maintainer of a layer about SPDX of Yocto project.

Friday November 17, 2017 10:50 - 11:30 JST
TBA

Conference Session, Any

11:30 JST

Lunch

Friday November 17, 2017 11:30 - 13:00 JST
TBA

Break

13:00 JST

OSS Compliance Management at Hitachi - Software Component Management Database - Nobuo Imada, Hitachi, Ltd.

In last year’s presentation at the Open Compliance Summit, Hitachi gave an overview of its activities and efforts for OSS compliance management. This year, Hitachi would like to focus on its Software Component Management Database. This database is used to manage software component bill of materials, license files attached to OSS packages, license information and interpretations, project information and so on, making it easy for Hitachi to conform to some of the requirements of OpenChain specification. Hitachi joined OpenChain project as a Platinum Member in September 2017. Hitachi believes that Hitachi can contribute to the development and adoption of OpenChain with its expertise and knowledge of OSS compliance management.

Speakers

Nobuo Imada

Engineer, Hitachi, Ltd.

Nobuo Imada is an engineer, OSS Solution Center, Hitachi, Ltd.He has been involved in research and development of optical system for optical disk systems, design and engineering of optical fiber transmission systems, system engineering for cellular phone base stations, network systems... Read More →

Friday November 17, 2017 13:00 - 13:40 JST
TBA

Conference Session, Any

13:40 JST

Giving Everyone Access To Open Source Best Practices: The OpenChain Specification and Curriculum - Shane Coughlan, OpenChain Project

This talk will explain how the OpenChain Specification and Curriculum were created. It will explore how these materials help every company in the global supply chain comply with open source licenses in a standard manner and why this saves resources. It will show how the Specification provides a framework for compliance and the Curriculum provides the foundation for applying best practices. It will demonstrate the Specification requirements and the Curriculum compliance training in enough detail to help any company begin their process of adoption. It will provide an explanation of how to engage with the Specification and the Curriculum moving forward and what can be expected around open source supply chain management in the coming year.

Speakers

Shane Coughlan

OpenChain General Manager, Linux Foundation

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional... Read More →

Friday November 17, 2017 13:40 - 14:20 JST
TBA

Conference Session, Advanced

14:20 JST

Coffee Break

Friday November 17, 2017 14:20 - 14:30 JST
TBA

Break

14:30 JST

SPDX Update - Kate Stewart, The Linux Foundation

Speakers

Kate Stewart

Senior Director of Strategic Programs, Linux Foundation

Friday November 17, 2017 14:30 - 15:10 JST
TBA

Conference Session

15:10 JST

Utilizing the Blockchain to Establish Trust with the Open Source Used Across a Supply Chain - Mark Gisi, Wind River

The SPDX and OpenChain projects provide two critical pieces for solving the supply chain open source compliance puzzle. SPDX reduces the cost and friction around the collection and exchange of critical open source compliance information. OpenChain provides the means by which to establish trust of a specific supplier’s creation of open source compliance artifacts (source code, notices, SPDX data, …) for the their software offering. The missing puzzle piece is a way to manage accountability and providence tracking of the collection of compliance artifacts of manufactured products as they take form passing through the supply chain from conception to end user. We discuss how the Linux Foundation’s Hyperledger project is being used create a “Software Parts Ledger” to solve the puzzle and how the SPDX and OpenChain projects are highly complementary to that solution.

Speakers

Mark Gisi

Director of the Open Source Program Office, Wind River

Mark is the Director of the Open Source Program Office at Wind River Systems where he is responsible for open source adoption; risk mitigation; community engagement and innovation acceleration using open source principles. Mark was an early contributor to the SPDX project and former... Read More →

Friday November 17, 2017 15:10 - 15:50 JST
TBA

Conference Session, Any

15:50 JST

Coffee Break

Friday November 17, 2017 15:50 - 16:00 JST
TBA

Break

16:00 JST

FOSSology - New Features for License Compliance in HD - Michael Jaeger, FOSSology.org / Siemens AG

FOSSology is an industry standard tool for the end-to-end analysis of software components in a single Web server application. It lets organizations scan source code for: a) License information, b) Copyright notices, c) Export control relevant statements. It makes software analysis more efficient by offering high precision, greatly reducing overhead costs. FOSSology lets users generate compliance documentation according to the organization's needs, in a variety of data formats, emphasizing SPDX tag-value and RDF documents.

FOSSology is Open Source Software licensed under GPL-2.0 and a Linux Foundation collaboration project. In the past year, FOSSology has improved in many areas such as reporting, license management and data exchange capabilities. This talk provides and update about new use cases and targets existing users as well as new persons to FOSSology.

Speakers

Michael C. Jaeger

Project Lead, Siemens AG

Friday November 17, 2017 16:00 - 16:40 JST
TBA

Conference Session, Intermediate

16:40 JST

Open Source with Open Source: Component Management with SW360 - Johannes Kristan, Bosch, Michael Jaeger, Siemens,

We have introduced the Eclipse SW360 a component management hub that allows organizations to manage Open Source, commercial as well as custom components throughout the entire life cycle. Using SW360 as a one-stop shop for component information, organizations can track the components used in projects or products to: *manage compliance *assess security vulnerabilities *manage Bill of Materials As an EPL-1.0 licensed Open Source project (https://www.github.com/sw360), it is highly customizable, letting organizations keep their confidential product development data on premises, and prevents them from becoming dependent on a single vendor. This presentation not only introduces features but also provides a walk through the application to demonstrate capabilities and use cases of SW360. SW360 is designed to work with FOSSology, another license compliance related open source project.

Speakers

Michael C. Jaeger

Project Lead, Siemens AG

Johannes Kristan

Bosch

Friday November 17, 2017 16:40 - 17:20 JST
TBA

Conference Session

17:20 JST

Closing Remarks

Friday November 17, 2017 17:20 - 17:30 JST
TBA

Conference Session