Loading…
Virtual Event | December 16, 2021
View More Details

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for the Open Compliance Summit to participate in the sessions. 

Open Compliance Summit is an exclusive event for Linux Foundation members and select invitees. Attendance is limited to ensure ease of networking and collaboration. The summit (like prior) will be held under Chatham House Rule. Please consent to this rule before you request an invitation.

Please note: This schedule is automatically displayed in Japan Standard Time (UTC+9:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Simple
Expanded
Grid
By Venue
Thursday, December 16
 

09:00 JST

Welcome & Opening Remarks - Shane Coughlan, The Linux Foundation
Speakers
avatar for Shane Coughlan

Shane Coughlan

OpenChain General Manager, The Linux Foundation
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated OIN into the largest patent non-aggression community in history and establishing the first global network for open... Read More →

Thursday December 16, 2021 09:00 - 09:06 JST
  Keynote Sessions

09:06 JST

State of the Union - Shane Coughlan, The Linux Foundation
Speakers
avatar for Shane Coughlan

Shane Coughlan

OpenChain General Manager, The Linux Foundation
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated OIN into the largest patent non-aggression community in history and establishing the first global network for open... Read More →

Thursday December 16, 2021 09:06 - 09:29 JST
  Keynote Sessions

09:29 JST

Getting in on the ACT: Updates in the Automating Compliance Tooling Project - Rose Judge, VMware
The Automating Compliance Tooling (ACT) Project exists to support development of open source tooling for efficient and effective exchange of software bill of materials to enable license compliance, security, export control, pedigree and provenance workflows. ACT is made up of maintainers and developers associated with compliance-focused open source tools like FOSSology, OSS Review Toolkit, SPDX Tools, Tern, QMSTR and more. This talk will summarize the current ongoing security and compliance efforts happening in member open source projects and how those efforts contribute to the overall mission and future of ACT.
Speakers
avatar for Rose Judge

Rose Judge

Senior Open Source Engineer, VMware
Rose Judge is a Senior Open Source Engineer at VMware where she co-maintains Tern, an open source container inspection tool that generates container SBOMs. Additionally, she is a member of the SPDX Steering Committee and chair of the Linux Foundation’s Automating Compliance Tooling... Read More →

OCS ACT Keynote Slides pdf
Thursday December 16, 2021 09:29 - 09:46 JST
  Keynote Sessions
  • Presentation Slides Attached Yes

09:50 JST

How Ready are you for Open Source - The Open Source Maturity Model in Practice -Andrew Aitken, Wipro Lmtd
DESCRIPTION Every organization is on an open source journey, but where is yours along the path and what's your destination? The Open Source Maturity Model (OSMM) helps you answer these questions and many more. Developed and released under Creative Commons by Wipro, the OSMM is the result of more than 300 client engagements with organizations across all vertical industries and geographies and decades of cumulative experience and research. The model categorizes open source into three core dimensions with multiple elements in each. Based on an online survey followed by qualitative interviews an organization is plotted into one of five stages of maturity. Each stage is broken down into attributes, implications and suggested activities to reach the next level. Multiple outputs are generated to help companies understand visually where they are and where they want to go. During this talk we'll tell you all about the OSMM, including: Where and how to access it Tips for how to use the OSMM for strategic planning Insights from organizations who have gone through the OSMM Join us for this introduction to the OSMM and get your organization on the path to open source maturity.
Speakers
avatar for Andrew Aitken

Andrew Aitken

Global Open Source Leader, Wipro
Mr. Aitken has 22 years of open source business and strategy-related experience. Andrew launched and sold his own open source startup, Olliance Consulting Group, to Black Duck Software and worked on many early OEM and ISV strategies. He has been deeply engaged with the venture community... Read More →

Thursday December 16, 2021 09:50 - 10:10 JST
TBA
  New Ideas

10:15 JST

Developing Skill Standard of Open Source Compliance - Masato Endo, Toyota Motor Corporation & Ayumi Watanabe, Hitachi Solutions, Ltd.
Utilization of Open Source is expanding in many industries around the world. In addition, as Open Chain and SPDX becoming international standards, Open Source Compliance activities in companies have become remarkable fields also. On the other hand, in order to handle Open Source Compliance operations smoothly, corporation between multiple departments within the company is required. Furthermore, In addition, the members of each department must have abilities and knowledge. Especially, many non-IT companies have little knowledge of software. Therefore, in order to develop human resources, guidelines for the roles of each department and the required ability level are required. Therefore, the OpenChain Project Japan Work Group OSS Skill Standard Development Team is developing skill standards for Open Source Compliance. In this session, we will share the latest development status of skill standards.
Speakers
avatar for Ayumi Watanabe

Ayumi Watanabe

Senior OSS Specialist, Hitachi Solutions, Ltd.
Ayumi Watanabe is a Senior OSS Specialist of Hitachi Solutions, Ltd. She is also a core member of OpenChain Japan Sub Workgroup and known as a SBOM evangelist. Her strong point is a knowledge of many tools for SBOM generation and management, a wide range of experiences as an OSS management... Read More →
avatar for Masato Endo

Masato Endo

Toyota Motor CorporationGroup Manager of OSPO, Toyota Motor Corporation
Masato Endo is a Group Manager of TOYOTA. He focuses also on building the Open Source governance structure within Toyota and developing relationships with the Open Source community, through projects such as AGL and OIN. From 2017, he began to work with the OpenChain Project as a board... Read More →

Developing Skill Standard of Open Source Compliance PresentationSlides pdf
Thursday December 16, 2021 10:15 - 10:35 JST
TBA
  New Ideas
  • Presentation Slides Attached Yes

10:40 JST

Open Source Governance for Enterprises Based on the Open Source International Standard - Haksung Jang, SK Telecom
ISO/IEC 5230 is the only international standard for open source compliance. In order for companies in the software supply chain to be reliable and transparent with open source compliance, they need to know what the core requirements of this international standard are and how to comply with it. This presentation details how companies can create a governance system that complies with the core requirements of ISO/IEC 5230, in terms of personnel, policies, processes, tools, and training.
Speakers
avatar for Haksung Jang

Haksung Jang

Open Source Program Manager, SK Telecom
Haksung is the Open Source Program Manager at SK telecom and the OpenChain Korea Work Group Lead. He plays a crucial role in building and managing open source governance within the company and the community. His work helps to achieve effective open source compliance through collaboration... Read More →

OpenSourceGovernanceForEnterprisesHaksungJang pdf
Thursday December 16, 2021 10:40 - 11:00 JST
TBA
  Visions

11:05 JST

Attribution Requirements in Open Source Licenses - Dashiell Renaud, Google
One of the most common features among open source licenses is the instruction to provide attribution to the authors of the open source material whenever that material is redistributed. We will examine the way this requirement is worded in various open source licenses and discuss the practical consequences of this requirement for license compatibility and compliance purposes.
Speakers
avatar for Dashiell Renaud

Dashiell Renaud

Program Manager, Google
Dashiell Renaud is a member of Google's Open Source Programs Office responsible for setting open source policies across Alphabet and overseeing open source compliance for Alphabet's products and services.Dashiell received a Juris Doctor from Vanderbilt University Law School in 2013... Read More →

Attribution Requirements in Open Source Licenses pdf
Thursday December 16, 2021 11:05 - 11:25 JST
  New Ideas
  • Presentation Slides Attached Yes

11:25 JST

Break
Thursday December 16, 2021 11:25 - 11:45 JST
  Breaks

11:45 JST

The Many Aspects of an Open Source Compliance Program - Nithya Ruff, Comcast
There are many aspects of creating and running a comprehensive compliance program in an organization. We often focus on the license compliance aspects for when distributing our software. But there are many other aspects that covers all aspects of open source use, contribution, and distribution. I will share how we have organized our program at Comcast and the tools, process and people that make it work for us.
Speakers
avatar for Nithya Ruff

Nithya Ruff

Chair, Board of Directors / Head, Open Source Program Office, The Linux Foundation / Amazon
Nithya A. Ruff recently joined Amazon as the Head of Amazon’s Open Source Program Office. Amazon is guided by four principles: Customer Obsession, Invent and Simplify, and Think Big; especially as they relate to the engagement, contribution, and participation in the broader Open... Read More →

NithyaRuffOCS121521pdf pdf
NithyaRuffOCS121521pdf pdf
Thursday December 16, 2021 11:45 - 12:05 JST
TBA
  Case Studies
  • Presentation Slides Attached Yes

12:10 JST

Introduction of Sony In-house OSS Training Courses - Satoru Ueda, Sony
Sony has been holding in-house OSS training courses which consists of 4 courses. They are named "Basic course", "License course", "Practical course" and "Strategy course". In this session, a brief outline of those courses will be introduced. The training courses were started in 2015. Now, the problems needing to be solved are changing and increasing along with the evolution of the software supply chain, as well as the increasingly wide and deep use of OSS. The training courses are still in the process of improving. We would like to discuss the way to deal with the latest situations.
Speakers
avatar for Satoru Ueda

Satoru Ueda

Chief Open Alliance Manager, Sony corp.
From 2003, I have been engaged in a project to widely use Linux for consumer electronics appliances. In the project I have been supporting to establish and enhance collaborative relationship between the community and the embedded system developers. The challenge to harmonize with... Read More →

202112 OCS rv2 video T4 HOut pdf
Thursday December 16, 2021 12:10 - 12:30 JST
TBA
  Case Studies
  • Presentation Slides Attached Yes

12:35 JST

A Hybrid Case Study. What Businesses Won’t Admit They Find Really Difficult About Compliance But Actually Do - Andrew Katz, Orcro Limited
Every open source compliance project will reveal a number of issues which need remediating, some simple, some more challenging. Andrew Katz has been carrying out compliance exercises for organisations of many sizes for many years, and this talk will highlight several of the more unusual and interesting compliance issues that he has encountered including some surprising ways of dealing with them speedily and effectively.
Speakers
avatar for Andrew Katz

Andrew Katz

CEO, Orcro Limited
Andrew Katz, is a lawyer (solicitor) and CEO of Moorcrofts LLP, a boutique corporate and technology law firm near London in the UK. At Moorcrofts, he advises individuals, corporations, foundations and public sector organisations on the law concerning free and Open Source software... Read More →

Thursday December 16, 2021 12:35 - 12:55 JST
TBA
  Case Studies

13:00 JST

2021 State of SBOM Readiness - Stephen Hendrick, The Linux Foundation
Linux Foundation Research conducted worldwide empirical research into organizational SBOM readiness and adoption in the third quarter of 2021. A total of 412 organizations from around the world participated in a survey. This session highlights the key findings from the research. Topics to be addressed are as follows:       
  • The key drivers that are stimulating demand for SBOMs  
  • Organizational familiarity and readiness
  • Actual and planned SBOM production and consumption
  • SBOM challenges and benefits
Speakers
avatar for Steve Hendrick

Steve Hendrick

VP Research, The Linux Foundation
Steve Hendrick is VP of Linux Foundation Research. He has expertise in developing content and services to support product development, product positioning, marketing, business strategy, and messaging. Steve is a subject matter expert in application development and deployment topics... Read More →

Thursday December 16, 2021 13:00 - 13:20 JST
TBA
  Case Studies

13:20 JST

Break
Thursday December 16, 2021 13:20 - 14:20 JST
  Breaks

14:20 JST

Remediating Open Source Software Issues - Jari Koivisto, Independent
Let’s assume that you have had an internal or external software composition analysis, i.e., code scan & audit done. There can be hundreds or thousands of line items in the audit report and you need to think about how to proceed with these license compliance issues. In this session, you will learn some strategies for how to mitigate typical open source issues found in the code audit. All of these ideas and strategies come from real-life examples I have seen in the audits that were conducted for M&A projects. You will learn, for example: - What things to find out when a GPL licensed component is used in a proprietary product and how to mitigate possible issues; - Mitigation options available when CC BY-SA snippets are found in the codebase; and - What are options when components without any license are found in the codebase;
Speakers
avatar for Jari Koivisto

Jari Koivisto

Freelance Engineer, Independent
Jari Koivisto is a high-tech professional, who is one of the most experienced open source due diligence leads in the world. He has led around 50 open source due diligences for Cisco Systems’ acquisitions and he is very familiar with the open source compliance issues that can be... Read More →

Ideas for Remediating Open Source Issues Jari Koivisto 2021 12 16 pdf
Thursday December 16, 2021 14:20 - 14:40 JST
TBA
  New Ideas
  • Presentation Slides Attached Yes

14:45 JST

The Supply Chain for Open Source Software at OSPOs: Learnings from the TODO Group - Ana Jiménez Santamaria, TODO Group, The Linux Foundation
By creating an Open Source Program Office (AKA OSPO, OS Tech Center, and more), businesses can enable, streamline and organize the use of open source in ways that tie it directly to a company’s long-term business plan. An OSPO is designed to be the center of the universe for a company’s open source operations and structure, helping to bring all the needed components together. The TODO Group emerges as an open network group of organizations that want to collaborate on practices, tools, and other ways to run successful and effective open source projects and programs. When looking through the lens of OSPOs, securing the supply chain of the open-source software by implementing a complete end-to-open source compliance program is always one of the first activities to handle across the many stages of the Open Source Journey. This talk will bring a discussion about security considerations and best practices organizations should learn when setting up the open source strategy and how to potentially build bridges between OpenChain and the TODO Group.
Speakers
avatar for Ana Jimenez Santamaria

Ana Jimenez Santamaria

Senior OSPO Program Manager, The TODO Group
Ana is the OSPO Program Manager at the TODO Group, a LF project and an open community of practitioners who aim to create and share knowledge and collaborate on practices, tools, and other ways to run successful and effective Open Source Program Offices. Formerly she worked at Bitergia... Read More →

Thursday December 16, 2021 14:45 - 15:05 JST
TBA
  Visions

15:10 JST

The Chinese Market - Kris Feng, OPPO; King Gao, Huawei; Chloe Zhong, Honor; JunXia Zhang & Xue Guo, CAICT; Moderated by Shane Coughlan, The LInux Foundation
Speakers
avatar for Shane Coughlan

Shane Coughlan

OpenChain General Manager, The Linux Foundation
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated OIN into the largest patent non-aggression community in history and establishing the first global network for open... Read More →
avatar for Kris Feng

Kris Feng

Representative, OPPO
Kris Feng is a member of OPPO OpenSource Committee. He has 10+ years experience with Open Source projects.He is working for open source communities activities as well as internal OSS compliance activities. He defined many OPPO OpenSource policies and worked with OPPO CPE team to obtain... Read More →
KG

King Gao kun

OSS governance expert, Huawei
He has more than 10 years experience in open source management.He used to work in OSS internal use management reduce the risk on license,security,he build the process,organization and tools etc. After 2020, he transfer to opensource community team, involve in Linux Foundation OpenChain,SPDX,CHAOSS... Read More →
avatar for Chloe ZHONG

Chloe ZHONG

Open Source Managerment Lead, Honor
JZ

JunXia Zhang

Representative, CAICT
XG

Xue Guo

Representative, CAICT

Thursday December 16, 2021 15:10 - 15:45 JST
  Visions

15:50 JST

The OpenChain Automation Case Study - Shane Coughlan, The Linux Foundation
Speakers
avatar for Shane Coughlan

Shane Coughlan

OpenChain General Manager, The Linux Foundation
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated OIN into the largest patent non-aggression community in history and establishing the first global network for open... Read More →

Thursday December 16, 2021 15:50 - 16:25 JST
  Visions

16:25 JST

Break
Thursday December 16, 2021 16:25 - 16:45 JST
  Breaks

16:45 JST

Open Compliance Reference Tooling Meets Linux - Marcel Kurzmann, Bosch
The tooling group (also part of the OpenChain Tooling Workgroup) works on open source solutions for automated Open Source Management and already came up with "Open Compliance Reference Tooling" representations for some typical use cases (Java, NPM, Python, etc.). Approaches for automated Open Source Compliance Management for Linux systems were already discussed too, but the challenges seem to be of a different nature. Based on the circumstances, that there are different Linux distributions, typically demanding license and obligation setups, architectural aspects to consider and a broad variety of distribution contexts, this could be seen as the "champions league" of Open Source Compliance Management Automation. These demands need a common understanding on the big picture and the problem space to enable collaboration on a common solution. As part of this talk, some existing Open Source Management references and their features shall be compared with a row of typical needs of teams that have to distribute a Linux system. As many of us are looking for a simple and automated solution we want to invite to join a collaborative approach.
Speakers
avatar for Marcel Kurzmann

Marcel Kurzmann

Open Source Officer, Bosch.IO GmbH
Marcel Kurzmann joined Bosch in 1997. After establishing the test-automation service team at Bosch Engineering and Acquisition Project Management in the automotive section he took over the Quality Management of Bosch Software Innovations in 2008. From 2015 he is responsible for the... Read More →

OCS 2021 Open Compliance Reference Tooling meets Linux Marcel Kurzmann pdf
Thursday December 16, 2021 16:45 - 17:05 JST
TBA
  Automation
  • Presentation Slides Attached Yes

17:10 JST

Designing the Future of FOSS Compliance Tooling - Philippe Ombredanne, AboutCode.org and nexB Inc.
Software composition tooling has evolved to encompass three core techniques:
  • Scanning: to find explicit information present in the code (such as package manifests, provenance clues, license or copyright). 
  • Matching: to find similar code using an index of existing code and packages. The matching can be either exact or approximate, and match against file or snippet checksums and fingerprints; code or debug symbols; or against scanned attributes such as package metadata, and other provenance clues. 
  • Tracing: to trace relationships between sources and binaries suhc as using build instrumentation and binary reversing. And SCA tools are either best-of-breed, discrete, special purpose tools focused on a single or a few aspects, or more comprehensive solutions that integrate many tools.
In this interactive session, we will start a short review of the SCA tools state and then we will have an interactive session to discuss and expose the problems of the current generation and provide concrete inputs to the design of the next generation.  Come to contribute with your grievances, ideas and feature requests!
Speakers
avatar for Philippe Ombredanne

Philippe Ombredanne

co-founder and CTO, nexB
Philippe is a passionate FOSS hacker on a mission to make it easier and safer to reuse FOSS code. He is the CTO and co-founder of nexB, and the maintainer of ScanCode and other open source tools for SCA (aboutcode.org). Philippe contributes to several other projects including the... Read More →

Philippe Ombredanne Design Future of SCA 2021 12 v3 pdf
Thursday December 16, 2021 17:10 - 17:30 JST
TBA
  Automation
  • Presentation Slides Attached Yes

17:35 JST

Generating a SPDX SBOM for your Code in GitLab CI using ORT - Thomas Steenbergen, Here Technologies
In this talk Thomas will present how one can use OSS Review Toolkit (ORT) to build a CI/CD workflow to do license/security compliance and generate SBOMs. He will also share some of the key lessons learnt with regards to SCA tools on the market that lead to ORT being developed. The talk will include a demonstration of OSS Review Toolkit and how its various features in combination with GitLab or GitHub -based process can be used to automated FOSS reviews requirements (incl. SPDX SBOM generation) and use crowdsourcing within an organization and the FOSS community to overcome challenges such as large amounts of scan results or missing/incorrect FOSS package metadata.
Speakers
avatar for Thomas Steenbergen

Thomas Steenbergen

Head of Open Source Program Office, EPAM Systems
Thomas Steenbergen works on open source governance within organizations and open source security. He is a steering committee member and one of the co-founders/organizers of the European Chapter of the TODO group and co-founder of the OpenChain Automation Work Group - industry working... Read More →

Generating a SPDX SBOM for your code in GitLab CI using ORT Thomas Steenbergen pdf
Thursday December 16, 2021 17:35 - 17:55 JST
TBA
  Automation

18:00 JST

Using SW360 for SBOM Creation & Management - Arun Azhakesan & Abdul Kapti, Siemens Healthineers
Organizations that develop software need to keep track of their third party components. Keeping track of third party components means two elements: a catalogue of components in use. And, a list of software bill of materials (SBOM), allowing to manage the component versions used in which product or software projects. The Open Source Project SW360 provides organizations with such systems. Based on the catalogue and the software bill-of-material, different processes are supported, license compliance, product approval or ECC checks This session presentation covers how Siemens Healthineers uses SW360 in a production environment for SBOM creation. The audience can ask questions about particular features that can be also shown directly on the software.
Speakers
avatar for Abdul Kapti

Abdul Kapti

Software Developer/Contributor at SW360, Siemens Healthineers
Abdul Kapti is one of the contributors for Eclipse SW360 projects, in the area of OSS handling w.r.t. license compliance and component management. At Siemens Healthineers, Bangalore, India, Abdul works as software developer and maintainer for distributed systems, server applications... Read More →
avatar for Arun Azhakesan

Arun Azhakesan

Sr. Manager - Software Compliance, Siemens Healthineers
Arun Azhakesan leads the open source compliance activities at Siemens Healthineers. He is an active member of multiple open source communities that focus on developing open source-based tools for open source compliance.

Thursday December 16, 2021 18:00 - 18:20 JST
TBA
  Automation

18:25 JST

Binary Analysis Next Generation - Reimagining Binary Scanning - Armijn Hemel, Tjaldur Software Governance Solutions
In compliance processes or provenance detection scanning of
binaries is often overlooked with focus mostly on source code scanning,
even though a significant part of software is distributed as binary
only. Although there are binary scanners there has been no good open
source licensed binary scanner for provenance detection. This talk
introduces Binary Analysis Next Generation (BANG), a fairly new project
for binary scanning, which Armijn built based on years of experience
building other binary scanners. Topics covered are the history of the
project, design decisions and techniques used as well as higher level
topics like when to use binary scanning and what we can learn from other
industries, such as virus scanning and malware detection.
Speakers
AH

Armijn Hemel

General Manager, Tjaldur Software Governance Solutions
Armijn Hemel, MSc is the general manager/owner at Tjaldur Software Governance Solutions and an internationally recognized expert on GPL license enforcement and GPL license compliance.

Thursday December 16, 2021 18:25 - 18:45 JST
TBA
  Automation

18:50 JST

Closing Remarks - Shane Coughlan, The Linux Foundation
Speakers
avatar for Shane Coughlan

Shane Coughlan

OpenChain General Manager, The Linux Foundation
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated OIN into the largest patent non-aggression community in history and establishing the first global network for open... Read More →

Thursday December 16, 2021 18:50 - 18:55 JST
  Keynote Sessions
 
  • Timezone
  • Filter By Venue Venues
  • Filter By Type
  • Automation
  • Breaks
  • Case Studies
  • Keynote Sessions
  • New Ideas
  • Visions
  • Presentation Slides Attached
Filter sessions
Apply filters to sessions.
Thursday, December 16
TBA
  • Automation
  • Breaks
  • Case Studies
  • Keynote Sessions
  • New Ideas
  • Visions
  • Presentation Slides Attached
  • Yes