Loading…
December 17 - 18, 2019 | Tokyo, Japan
View More Details & Request an Invitation

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, December 17
 

08:00 JST

Light Breakfast
Tuesday December 17, 2019 08:00 - 09:00 JST
4F Foyer

08:00 JST

Registration
Tuesday December 17, 2019 08:00 - 18:00 JST
4F Foyer

09:00 JST

Welcome & State of the Union - Jim Zemlin, Executive Director, The Linux Foundation
Speakers
avatar for Jim Zemlin

Jim Zemlin

Executive Director, The Linux Foundation
Jim Zemlin’s career spans three of the largest technology trends to rise over the last decade: mobile computing, cloud computing, and open source software. Today, as executive director of The Linux Foundation, he uses this experience to accelerate innovation in technology through... Read More →


Tuesday December 17, 2019 09:00 - 09:20 JST
Conference Room 402N

09:20 JST

Keynote Session: Open Source in China 2019 - Maggie Wang, Chief Representative, Ladas & Parry LLP
Speakers
avatar for Maggie Wang

Maggie Wang

Chief Representative, Ladas & Perry LLP
Maggie Wang is Chief Representative of Ladas & Parry LLP in China. Maggie started her legal career in 2005 at Huawei Technologies Co. Ltd.. Maggie used to be the interface of the company’s software compliance, dealing with both commercial software companies and open source software... Read More →


Tuesday December 17, 2019 09:20 - 09:40 JST
Conference Room 402N

09:40 JST

Keynote: Open Source in India 2019 - Mishi Choudhary, Managing Partner, Software Freedom Law Centre, India
Speakers
avatar for Mishi Choudhary

Mishi Choudhary

Legal Director, SFLC
Legal Director, Software Freedom Law Center


Tuesday December 17, 2019 09:40 - 09:55 JST
Conference Room 402N

10:00 JST

Keynote Session: Open Source Compliance? Achieve all Together by Sharing and Collaborating - Haksung Jang, LG Electronics
Everyone knows that open source software is making great strides through sharing and collaboration. Compliance activities are essential to using open source software well. The OpenChain Project make it possible to achieve compliance simply and consistently through sharing and collaboration.

In 2019, Korean companies agreed to this idea and formed the OpenChain Korea Work Group and started activities. In this presentation, Haksung will introduce how the OpenChain Korea Work Group started and what they are doing. Haksung also hope that this session and discussions will give them insight into the future direction of the OpenChain Korea Work Group.

Speakers
avatar for Haksung Jang

Haksung Jang

Open Source Professional, LG Electronics
OpenChain Korea Work Group Lead



Tuesday December 17, 2019 10:00 - 10:20 JST
Conference Room 402N
  Keynote Sessions
  • Session Slides Included Yes

10:20 JST

Coffee Break
Tuesday December 17, 2019 10:20 - 11:00 JST
4F Foyer

11:00 JST

Keynote: The Comcast OSPO Journey - Nithya Ruff, Head of Open Source Practice, Comcast
Speakers
avatar for Nithya Ruff

Nithya Ruff

Head, Open Source Program Office, Amazon
Nithya A. Ruff is the Head of Amazon's Open Source Program Officer and the Chair of The Linux Foundation Board. Prior to that, she was Head of Comcast’s Open Source Program Office where she drove Open Source culture and transformation inside of Comcast and expanded engagement with... Read More →


Tuesday December 17, 2019 11:00 - 11:20 JST
Conference Room 402N

11:20 JST

Keynote: Uber Journey to Conformance - Matt Kuipers, Senior Counsel, Intellectual Property, Uber
Speakers
MK

Matt Kuipers

Sr. Counsel, Intellectual Property, Uber



Tuesday December 17, 2019 11:20 - 11:40 JST
Conference Room 402N
  Keynote Sessions
  • Session Slides Included Yes

11:40 JST

Keynote: Arm's Journey to Conformance - Sami Atabani, Director of Third Party IP Licensing, Arm Limited
Speakers
SA

Sami Atabani

Director of Third Party IP Licensing, Arm Limited
Responsible for Third Party IP management across Arm including use of open source software in Arm products. This includes licence compliance to ensure Arm meets its obligations. In addition, I am a member of the Arm Open Source Office with responsiblity for defining open source contributions... Read More →


Tuesday December 17, 2019 11:40 - 12:00 JST
Conference Room 402N

12:00 JST

Keynote: The Open Source Tooling Group, An Overview - Oliver Fendt, Senior Manager, Open Source, Siemens AG
The well-known OpenChain project launched in Sept 2019 a Tooling Group. The objective of this group is to realize a turn-key Open Source toolchain for Open Source Compliance, which is / can be easily integrated in the software development CI/CD pipelines. The Tooling Group uses open source principles to accomplish this, creating a meritocracy producing real world solutions for real world challenges, and sharing these results with all interested parties. The presentation gives an overview of the Tooling group its objectives, the areas of focus, the current state and future plans.

Speakers
avatar for Oliver Fendt

Oliver Fendt

Senior Manager Open Source, Siemens AG
Oliver is in charge of the topic Open Source Software (OSS) and other 3rd party software at Siemens. In this role he heading the Open Source Task Force, which is a company-wide board of experts, who are in charge of the license compliant use of OSS in products, solutions and services... Read More →



Tuesday December 17, 2019 12:00 - 12:20 JST
Conference Room 402N
  Keynote Sessions
  • Session Slides Included Yes

12:20 JST

Lunch
Tuesday December 17, 2019 12:20 - 14:00 JST
Conference Room 406

14:00 JST

Keynote: Dirk Hohndel, Vice President & Chief Open Source Officer, VMware
Speakers
avatar for Dirk Hohndel

Dirk Hohndel

Chief Open Source Officer, Cardano Foundation
Dirk is the Chief Open Source Officer of the Cardano Foundation, focused on creating a vibrant open source third party contribution ecosystem for the Cardano infrastructure. Dirk was previously VMware’s Chief Open Source Officer, where he lead the company’s Open Source Program... Read More →


Tuesday December 17, 2019 14:00 - 14:20 JST
Conference Room 402N

14:20 JST

Keynote: Michael Dolan, Vice President of Strategic Programs, The Linux Foundation & Keith Bergelt, Chief Executive Officer, Open Invention Network
Speakers
avatar for Keith Bergelt

Keith Bergelt

CEO, Open Invention Network
Keith Bergelt is the CEO of Open Invention Network (OIN), the largest patent non-aggression community in history, created to support freedom of action in Linux as a key element of open source software. Funded by Google, IBM, NEC, Philips, Sony, SUSE, and Toyota, OIN has more than... Read More →
avatar for Mike Dolan

Mike Dolan

Senior Vice President & General Manager of Projects, The Linux Foundation
Michael Dolan is VP of Strategic Programs supporting open source projects and legal programs at The Linux Foundation. He has set up and launched dozens of open source and open standards projects covering technology segments including networking, virtualization, cloud, blockchain... Read More →


Tuesday December 17, 2019 14:20 - 14:40 JST
Conference Room 402N

14:40 JST

Enterprise Architecture & Scaling Open Source Compliance - Carlos Cheung, FOSSA
Learn how best software companies in the world are using enterprise architecture to scale their open source usage & open source compliance.

Best practices pulled from engineering conversations with TD Ameritrade, Uber, Ericsson, Ford, Cisco, and Twitter.

Speakers
avatar for Carlos Cheung

Carlos Cheung

VP of Partner Engineering, FOSSA
M&A, Intellectual Property, Software Bill of Materials


Tuesday December 17, 2019 14:40 - 15:00 JST
Conference Room 402N

15:00 JST

Beating Swords into Ploughshares: Aftermath of Open Source Infringement - Sachin Bhakar, Hewlett Packard Enterprise
Sachin will make an attempt to educate the audience about Open Source Infringement and shed light on how to mitigate and resolve issues post infringement. Sachin will put forward the analysis by comparing different copyright legislation across the world and factors that influence copyright damages, moving forward Sachin will test the application of these legislation in pre-existing cases of open source infringements.

Speakers
avatar for Sachin Bhakar

Sachin Bhakar

Open Source Counsel, Hewlett Packard Enterprise
Sachin dons two hats as he holds a degree in engineering and law. He is currently working with Hewlett Packard Enterprise as their Open Source Counsel. Sachin has experience in advising teams on various legal topics covering different aspects of Open Source, Contracts & IP. Sachin... Read More →


Tuesday December 17, 2019 15:00 - 15:20 JST
Conference Room 402N

15:20 JST

Coffee Break
Tuesday December 17, 2019 15:20 - 16:00 JST
4F Foyer

16:00 JST

How we Took Down a GPL Copyright Troll - Armijn Hemel, Tjaldur Software Governance Solutions
In the past few years a GPL copyright troll caused a lot of trouble in the Linux ecosystem. Although the troll is still active we managed to severely reduce the threat. In this talk I want to show what we did, how it helped and dig more into some of the core claims of the troll and how we would counter them.

Speakers
AH

Armijn Hemel

General Manager, Tjaldur Software Governance Solutions
Armijn Hemel, MSc is the general manager/owner at Tjaldur Software Governance Solutions and an internationally recognized expert on GPL license enforcement and GPL license compliance.


Tuesday December 17, 2019 16:00 - 16:20 JST
Conference Room 402N

16:20 JST

A Systematic Method to Establish a Solid Governance Framework for Preventing and Resolving OSS Compliance Issues - Yunjae Jung, OpenWisdom
This proposal presents a practical method for establishing a solid defense system to prevent OSS license risks and resolve open source software related compliance issues not only for an enterprise but also for a group of affiliates. Since the method is based on the flow of open source inside and outside of the enterprise, it also contributes to constructing a framework for software supply chain management in terms of OSS license compliance. Its external benefit is to make a trustworthy infrastructure of OSS ecosystem. In addition, its internal benefit is to give a legally safe platform for maximum usage of OSS.

Speakers
avatar for Yunjae Jung

Yunjae Jung

CEO, OpenWisdom
1. Education Ph.D. in Computer Science and Engineering, University of Minnesota, Twin City, USA2. Job Career 2015.9 ~ present CEO, OpenWisdom 2003.1 ~ 2015.3 Senior Principal Researcher, OSS Specialist, ICT R&D Division, Samsung SDS 2001.2 ~ 2002.10 Senior Engineer, Qwest... Read More →



Tuesday December 17, 2019 16:20 - 16:40 JST
Conference Room 402N

16:40 JST

Panel Discussion: Open Source License Compliance - Better Together - Thomas Steenbergen, HERE Technologies; Yoshitake Kobayashi, Toshiba Corporation; Kate Stewart, Linux Foundation & Michael C. Jaeger, Siemens AG
Collaboration is not only a good means to develop software together. Also managing Open Source software benefits a lot from collaboration between companies.

The Open Source Tooling Group has been formed by OSS project contributors and experts in OSS license compliance: the goal is to jointly support open source projects and to work on integration cases between tools. This collaboration enables turn-key license compliance solutions, because individual OSS projects do not cover all areas of OSS license compliance in companies.

The proposed panel presents experts both from developing OSS-based solutions and managing OSS license compliance programs.

The panel focuses on discussion about the following three questions: What is being worked on currently for integrating the existing open source license compliance software? Where are more efforts needed? Where is the trend in future going to?

Speakers
avatar for Yoshitake Kobayashi

Yoshitake Kobayashi

Director, Toshiba
Yoshitake Kobayashi is the Senior Manager of The Open Source Technology Department at Toshiba Corporation. The team provides a Linux based system and related technologies such as Database and Web application frameworks for various Toshiba products. His research interests include operating... Read More →
avatar for Kate Stewart

Kate Stewart

Senior Director of Strategic Programs, Linux Foundation
Kate Stewart is a Senior Director of Strategic Programs, responsible for Embedded and Open Compliance programs. Since joining The Linux Foundation, she has launched Real-Time Linux, Zephyr Project, CHAOSS, and ELISA.
avatar for Michael C. Jaeger

Michael C. Jaeger

Project Lead, Siemens AG
Michael C. Jaeger is one of the maintainers for Linux Foundation\\'s FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. At Siemens Corporate Technology in Munich, Germany, Michael... Read More →
avatar for Thomas Steenbergen

Thomas Steenbergen

Head of Open Source Program Office, EPAM Systems
Thomas Steenbergen is the Head of Open Source Program Office at EPAM Systems (www.epam.com). He is steering committee member and one of the co-founders/organizers of the European Chapter of the TODO group and co-founder of the OpenChain Reference Tooling Work Group - both industry... Read More →


Tuesday December 17, 2019 16:40 - 17:10 JST
Conference Room 402N

17:10 JST

What's the Value in Being Licensee/Member of OIN and Arriving at the Decision - Tsugikazu Shibata, Open Invention Network; Yoshitake Kobayashi, Toshiba Corp.; Tae Sugimura, Toyota Motor Corp.; Hirokazu Matsumura, Hitachi, Ltd & Yoshiaki Otora, NEC Corp.
OIN has over 3K+ licensees as a part of patent non aggression community now, because Open Source is "must use" technology for companies and thus companies must address patent risk in Open Source. On the other hand, companies can feel caught in between open source culture and traditional patent culture especially in the case of companies that own large number of patents.
In this panel, we invite Licensee and Member companies of OIN to share their reason why they joined OIN, how they decided this and what kind of discussion happened internally. In addition, current state of affairs and what they are expecting in the future for OIN will be discussed.

Speakers
avatar for Yoshitake Kobayashi

Yoshitake Kobayashi

Director, Toshiba
Yoshitake Kobayashi is the Senior Manager of The Open Source Technology Department at Toshiba Corporation. The team provides a Linux based system and related technologies such as Database and Web application frameworks for various Toshiba products. His research interests include operating... Read More →
TS

Tae Sugimura

Project Manager, IP Promotion Dept., Intellectual Property Div, / Internal Audit Dept., Toyota Motor Corporation
Tae Sugimura is in charge of developing and executing IP strategies for connected vehicles. She is also responsible for establishing the management system of handling Open Source Software as well as setting up the specialized organization for OSS compliance within Toyota. On top... Read More →
avatar for Tsugikazu SHIBATA

Tsugikazu SHIBATA

Techinical Director, ASIA, Open Invention Network
Tsugikazu Shibata has been working on coordinating between industry and the open source community for many years. He is currently Technical Director, Asia at the Open Invention Network (OIN), known as a largest patent non-aggression community in history, created to support freedom... Read More →
HM

Hirokazu Matsumura

Japanese Patent Attorney, Hitachi
Hirokazu Matsumura is planning and executing intellectual property strategies for digital solutions and IoT platform at Hitachi. He is a member of Technical Advisory Council (TAC) of Open Invention Network (OIN).
YO

Yoshiaki Otora

Manager, Intellectual Property Management Division, Licensing Department, NEC Corporation
Yoshiaki Otora has been working on promoting and leading IP-related activities such as licensing, patent sales, IP litigation, counseling in NEC Corporation.  He is also a member of Open Invention Network (OIN) board. OIN is known to a patent non-aggression community that supports... Read More →


Tuesday December 17, 2019 17:10 - 17:40 JST
Conference Room 402N

18:00 JST

 
Wednesday, December 18
 

08:00 JST

Light Breakfast
Wednesday December 18, 2019 08:00 - 09:00 JST
4F Foyer

08:00 JST

Registration
Wednesday December 18, 2019 08:00 - 16:30 JST
4F Foyer

09:00 JST

Open Source Economics for Licence and Compliance Experts - James Bottomley, IBM
Thanks to various populist articles by Venture Capitalists, there is a significant expectation of an open source economic model which is being thwarted by various leaders and licence experts. The object of this session is to arm lawyers, compliance experts and leaders with the facts so they can better respond when put on the spot by various interests (and also when clients and others picking up on the hype ask similar questions). The truth, of course, is that Open Source Licences have no associated Economic models. However, there are various models of how open source communities operate which have economic implications an can be discussed with clients. This session will explain the basics of economics as it relates to open source, how best to debunk the VC claims, and how to discuss economic models in open source rationally with clients

Speakers
avatar for James Bottomley

James Bottomley

DE, IBM
James Bottomley is a Distinguished Engineer at IBM Research where he works on Cloud and Container technology. He is also Linux Kernel maintainer of the SCSI subsystem. He has been a Director on the BoardJames Bottomley is a Distinguished Engineer at IBM Research where he works on... Read More →


Wednesday December 18, 2019 09:00 - 09:20 JST
Conference Room 402N

09:20 JST

Challenges of Contributing Open Source in the Enterprise - Sujin Kim, Samsung
Using open source and contributing to the open source community are both important. In terms of running the Open Source Compliance Office in Samsung, we can experience many various case study. Especially, imagine that contributions to open source in the company. Perhaps after developing important source code for a project for a company, the company would have decided to open the code through a major big decision. What should be considered in an open source compliance perspective in this process? The announcement shares what Samsung considers to be important and priorities. Sujin Kim will Introduce open source programs to overcome many of the challenges that arise from open source contribution.

Speakers
SK

Sujin Kim

Manager, Samsung
Samsung Research Open Source Group



Wednesday December 18, 2019 09:20 - 09:40 JST
Conference Room 402N
  Conference Sessions
  • Session Slides Included Yes

09:40 JST

How to Manage Compliance for Ecosystem - Lei Maohui, Fujitsu
If you are working on compliance efforts, this presentation will be benefit. Fujitsu has been working on compliance for many years. Now we are maintaining a layer named meta-spdxscanner in YP project and a dnf plugin project which used to manage SPDX files. Besides, we have developed a project related to SPDX for users not using YP project. This presentation will show the features and the usage of these projects. So, users can handle compliance covers generating SPDX files, clearing license and managing SPDX files in a supply chain to make compliance be more overall and credible for an ecosystem.

Speakers
LM

Lei Maohui

IT Engineer, Fujitsu
Lei Maohui joined the Fujitsu Corporation in 2010. Her main job is developing an In-House Distro for Embedded Ecosystems which is based on Yocto project. Now she is the maintainer of a layer about SPDX of Yocto project.



Wednesday December 18, 2019 09:40 - 10:00 JST
Conference Room 402N

10:00 JST

Obtaining OpenChain Spec2.0 Conformance by Self-certification - Tadayuki Osaki, Fujitsu
In November 29, the Linux Foundation announced that Fujitsu become OpenChain Spec2.0 conformant. Here, activities inside Fujitsu for obtaining conformance is introduced, such as examining internal procedures and education contents, updating them to fit the Specification, and persuasion of related organizations.

Speakers
TO

Tadayuki Osaki

Specialist, Fujitsu
Tadayuki "Tom" Osaki is a compliance specialist of OSS compliance team in Fujitsu's IP division. He is working for internal OSS compliance governance and open communities activities. He is currently a sub-member of the Linux Foundation OpenChain Project. Prior to working in OSS compliance... Read More →



Wednesday December 18, 2019 10:00 - 10:20 JST
Conference Room 402N

10:20 JST

Coffee Break
Wednesday December 18, 2019 10:20 - 11:00 JST
4F Foyer

11:00 JST

Finessing the Sample Open Source Policy for OpenChain v2.1 - Andrew Katz, Moorcrofts LLP
Moorcrofts LLP drafted a sample open source policy which was tailored for OpenChain v1.2. The policy has been a success, with impressive uptake. With the release of the OpenChain Specification v2.0, this has now been updated accordingly, and has been improved immeasurably following input from members of the OpenChain working groups based in both the Eastern and Western Hemispheres. A face-to-face workshop at the Open Compliance Summit presents a fantastic opportunity for input and discussion to the latest version of the Policy.

This workshop will consist of a run-through and introduction to the policy, following by a hands-on drafting session to ensure the policy provides the best possible compliance options for businesses of all sizes who want to adopt the OpenChain Specification 2.0.

Speakers
avatar for Andrew Katz

Andrew Katz

Managing Partner, Moorcrofts LLP
Andrew Katz is managing partner and head of the tech department at Moorcrofts LLP, a boutique law firm based in the Thames Valley near London. He specialises in free and open source software and other opens, and is also CEO of Orcro Limited, an OpenChain partner providing specialist... Read More →


Wednesday December 18, 2019 11:00 - 11:20 JST
Conference Room 402N

11:20 JST

Automating Compliance Visibility: SBOM's, CII & Text Processing - Sean Goggins, University of Missouri / CHAOSS
The presentation will focus on the full automation of CHAOSS Risk metrics focused on licensing, and review metrics focused on other concerns, including business viability, security and safety critical systems concerns.

CHAOSS tools like Augur now include license scanners like NOMOS, license probability estimates, Core Infrastructure Initiative detailed badging status information, and metrics in focus areas including code quality and transparency.

The detailed software bill of materials that is automatically generated by Augur is combined with metrics that aid in the assessment of test coverage, and code complexity using a COCOMO based algorithm. We will show how how the value added by advanced license compliance software and scanning, combined with these other risk oriented features, hold's the potential for enhancing relationships between compliance groups and their organiztions.

Speakers
avatar for Sean Goggins

Sean Goggins

Professor, CHAOSS Project
Sean is a Professor of Electrical Engineering and Computer Science at the University of Missouri, where his research foci are open source software, and human centered data science. Sean is a founding member of the Linux Foundation’s working group on community health analytics for... Read More →


Wednesday December 18, 2019 11:20 - 11:40 JST
Conference Room 402N

11:40 JST

Open Source Compliance in Supply Chains - Masato Endo, Toyota Motor Corporation & Michael Cheng, Facebook
As companies in a broad range of industries begin to establish their own internal software development divisions, we have also witnessed a commiserate rise in the adoption of Open Source Software across private and public sectors alike. This increased usage of Open Source Software also brings unique challenges to suppliers and customers of Open Source Software alike. This is especially true when it comes to managing risk in the complexity and scale of the supply chain, and is traditionally addressed by Supply Chain Management (SCM).
This presentation will introduce examples of improvements of Open Source Compliance of Supply Chain with Suppliers in Technology and Automotive industry from Facebook and Toyota. This talk will promote understanding of OSS SCM about both web systems and embedded software.

Speakers
avatar for Michael Cheng

Michael Cheng

Facebook, Facebook
Lawyer. Raspberry Pi Fanatic. Currently supporting mergers & acquisitions and the open source program office at Facebook. Former IT sysadmin, investment banker and high school dropout. Spent most of my professional career in China and Asia before moving to the US.
avatar for Masato Endo

Masato Endo

Group Manager, Toyota Motor Corporation
Masato Endo is the Group Manager of Driver Monitoring Group, Value Chain Service and Technology Development, Technical Project Field of Advanced R&D and Engineering Company in TOYOTA. He focuses also on building the OSS governance structure within Toyota and developing relationships... Read More →



Wednesday December 18, 2019 11:40 - 12:00 JST
Conference Room 402N
  Conference Sessions
  • Session Slides Included Yes

12:00 JST

Container Compliance: A Comcast Case Study - Annania Melaku, Comcast
The Comcast Open Source Program Office (OSPO) had representation at the 2018 Open Compliance Summit and took notes during Dirk Hohndel’s talk “Don’t Ship That Container.” In that presentation, Dirk gave an introduction to the complexities of open source license compliance regarding containers. In this talk, Annania Melaku will tell a story on what Comcast’s OSPO has done since hearing Dirk’s presentation to bring one of their own container images into compliance in addition to the resulting policy from that study. This policy is expected to transform over time alongside the evolving landscape with considerations for compliance tools as well as existing and emerging best practices.

Speakers
avatar for Annania Melaku

Annania Melaku

OSPO Program Manager, Comcast
Annania Melaku is a Technical Program Manager in the Open Source Program Office at Comcast. Her current role is focused on automated solutions for open source license compliance and delivery. She has a demonstrated history working in the defense & aerospace industry as well as in... Read More →


Wednesday December 18, 2019 12:00 - 12:20 JST
Conference Room 402N

12:20 JST

Lunch
Wednesday December 18, 2019 12:20 - 14:00 JST
Conference Room 406

14:00 JST

Supply Chain Compliance of the Future, Scalable, Trusted and Automated - Oskar Swirtun, FOSSID AB
As software becomes more and more ubiquitous and globalization contributes to complex and geographically distributed supply chains, compliance stays more or less the same. We need to integrate modern tools and workflows into the compliance universe while making sure that we do not force the vast diaspora of actors into a one-size-fits-all. Small research projects will approach compliance differently than large enterprises but in today's world we might face situations where code from both are integrated in the same software stack. We propose a vendor-neutral approach based on open standards to create a robust scalable model that allows for flexible and deeply integrated workflows. We also present a concrete example of how such an implementation might look in a way that outsources compliance report generation without exposing any actual source code.

Speakers
avatar for Oskar Swirtun

Oskar Swirtun

CEO, FOSSID AB
Oskar Swirtun is the Founder and CEO of FOSSID AB, a company offering the most innovative and effective open source compliance solution on the market today. Oskar has worked extensively with open source software since 2001, when he introduced Linux and wrote the directive for use... Read More →


Wednesday December 18, 2019 14:00 - 14:20 JST
Conference Room 402N

14:20 JST

OSS Review Toolkit: Using FOSS Tools for FOSS Reviews in CI/CD World - Thomas Steenbergen, HERE Technologies
In an ideal world, a FOSS review is highly automated and done often and early so that any FOSS issues - whether technical, licenses or security - can be caught and resolved as they appear. However, despite many proprietary tools existing, the OSS community has been without review tooling that is compatible with modern SW development practices like using package managers, continuous integration and continuous delivery (CI/CD).

Without this review capability, FOSS projects often are released without clear metadata, resulting in reduced adoption and contribution numbers, rendering the projects less successful.

In this talk we demonstrate the latest version of OSS Review Toolkit (ORT) which enables highly automated OSS reviews within CI/CD by combining FOSS dependency and scanning tools like ScanCode with ClearlyDefined, a platform to discover, curate and share FOSS component metadata.

Speakers
avatar for Thomas Steenbergen

Thomas Steenbergen

Head of Open Source Program Office, EPAM Systems
Thomas Steenbergen is the Head of Open Source Program Office at EPAM Systems (www.epam.com). He is steering committee member and one of the co-founders/organizers of the European Chapter of the TODO group and co-founder of the OpenChain Reference Tooling Work Group - both industry... Read More →



Wednesday December 18, 2019 14:20 - 14:40 JST
Conference Room 402N
  Conference Sessions
  • Session Slides Included Yes

14:40 JST

Managing OSS Vulnerability with Software Component Catalogue, SW360 - Yosuke Yamada, Hitachi, Ltd
Hitachi develops and provides enterprise systems with a large amount of software including OSS, and the number of software used at Hitachi is increasing year by year. Additionally, software vulnerability is detected and reported quite often. Therefore, it is getting hard for Hitachi to continuously recognize vulnerabilities of all software components. SW360 is an OSS software that can manage software components in projects and can collect related vulnerability information, by using CVE security vulnerability information database. It can be used to continuously recognize and manage software vulnerabilities in each project. Currently, SW360 doesn’t have vulnerability notification function by email, so he is developing a tool for it. In this session, he will explain connection between Hitachi’s software component management database and SW360, configuration and usage of REST API of SW360.

Speakers
YY

Yosuke Yamada

Developer, Hitachi, Ltd
Yosuke Yamada is a software engineer at Hitachi, Ltd. He is a member of OSS software component management database team to accelerate compliance tasks in Hitachi. He is using Hitachi’s OSS software component management database for importing vulnerability information to SW360 and... Read More →



Wednesday December 18, 2019 14:40 - 15:00 JST
Conference Room 402N
  Conference Sessions
  • Session Slides Included Yes

15:00 JST

Using SW360 in Compliance Supply Chain - Arun Azhakesan, Siemens Healthineers & Michael C. Jaeger, Siemens AG
Organisations which develop software need to keep track of their third party components.

Keeping track of third party components means two elements: a catalog of components in use. And, a list of software bill or materials, allowing to manage the component versions are used in which product or software projects.

The Open Source Project SW360 provides organisations with such systems. Based on the catalog and the software bill-of-material, different processes are supported, license compliance, product approval or ECC checks

The presentations will cover perspectives and experience from two organisations who run SW360 in productive use. It also hands-on demo of sw360. The audience can ask questions about particular features that can be also shown directly on the software.

Speakers
avatar for Michael C. Jaeger

Michael C. Jaeger

Project Lead, Siemens AG
Michael C. Jaeger is one of the maintainers for Linux Foundation\\'s FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. At Siemens Corporate Technology in Munich, Germany, Michael... Read More →
avatar for Arun Azhakesan

Arun Azhakesan

Sr. Manager Legal & Compliance, Siemens Healthineers
Arun Azhakesan leads the open source compliance activities at Siemens Healthineers. He is an active member of multiple open source communities that focus on developing open source-based tools for open source compliance.


Wednesday December 18, 2019 15:00 - 15:20 JST
Conference Room 402N

15:20 JST

Coffee Break
Wednesday December 18, 2019 15:20 - 16:00 JST
4F Foyer

16:00 JST

Architecting a Security and Compliance System - Jeff McAffer & William Bartholomew, GitHub
Managing the open source used by an enterprise is a daunting task. It is trivial for developers to pull in hundreds, if not thousands, of pieces of open source in just one product. More often than not these are indirect dependencies brought in unknowingly. Each component must be detected, analyzed, reviewed for security and compliance issues, approved, attributed, cataloged, and tracked for future vulnerabilities. Automation is key, and structuring an automated system the challenge.

In this talk, we outline the full spectrum of confidence-inspiring security and compliance steps, discuss a high-level architecture for such a system, and dive into recent developments on key elements. Attendees will come away understanding the scope of security and compliance tooling and how to integrate it into their supply chain, thus enabling better decisions about acquiring or creating their own.


Speakers
avatar for Jeff McAffer

Jeff McAffer

Senior Director of Product, GitHub
I love open source and love bringing more open source to more people and teams. My current role at GitHub fits that perfectly – enabling organizations to engage with open source @ scale. Whether it’s understanding communities and business models, or open source governance and... Read More →
WB

William Bartholomew

Staff Product Manager, GitHub
William Bartholomew is a Product Manager on the Security and Compliance team at GitHub. He is an active contributor to the SPDX project and a member of the Software Bill of Materials (SBOM) working group at the Object Management Group (OMG).



Wednesday December 18, 2019 16:00 - 16:20 JST
Conference Room 402N
  Conference Sessions
  • Session Slides Included Yes

16:20 JST

Collaborative Authorship Models in Open Source - Dashiell Renaud, Google
When a work is authored collaboratively, a number of legal mechanisms can be employed to allocate copyright rights to the collaborators. These mechanisms range from acknowledging only one single person as the copyright holder to treating all collaborators as co-authors that share copyright ownership equally. Because open source projects are collaborative works, and because copyright assignment has significant legal ramifications, these mechanisms are an important topic in the field of open source compliance. This talk will cover the criteria used to determine which authorship model applies to a given collaborative work, the impact these mechanisms have on the rights and permissions of contributors, and best practices for establishing a collaborative authorship model that serves the needs of your open source project.

Speakers
avatar for Dashiell Renaud

Dashiell Renaud

Program Manager, Google
Dashiell Renaud is a member of Google's Open Source Programs Office responsible for setting open source policies across Alphabet and overseeing open source compliance for Alphabet's products and services.Dashiell received a Juris Doctor from Vanderbilt University Law School in 2013... Read More →


Wednesday December 18, 2019 16:20 - 16:40 JST
Conference Room 402N

16:40 JST

Panel Discussion: European Update - Shane Coughlan, The Linux Foundation; Andrew Katz, Moorcrofts LLP; Catharina Maracke, Software Compliance Academy
A two way flow of information with the audience
1. An overview of the FOSS compliance regime in the UK and Europe
2. An introduction to Trustable and how it interacts with the OpenChain and other projects.
3. Case studies of European businesses we have worked on which have attained, or are working towards OpenChain compliance.
4. Dealing with the UK and European Supply chain post Brexit
4. Q&A session based on the above.

Speakers
CM

Catharina Maracke

CEO, Software Compliance Academy
avatar for Shane Coughlan

Shane Coughlan

General Manager, OpenChain
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include building the largest open source governance community in the world through the OpenChain Project, spearheading the licensing team that elevated Open Invention... Read More →
avatar for Andrew Katz

Andrew Katz

Managing Partner, Moorcrofts LLP
Andrew Katz is managing partner and head of the tech department at Moorcrofts LLP, a boutique law firm based in the Thames Valley near London. He specialises in free and open source software and other opens, and is also CEO of Orcro Limited, an OpenChain partner providing specialist... Read More →


Wednesday December 18, 2019 16:40 - 17:10 JST
Conference Room 402N

17:10 JST

 
Filter sessions
Apply filters to sessions.