The document discusses OpenChain and using it for open source software supply chain management (OSSSCM). It describes how OpenChain defines requirements for an open source compliance program, including training, policies, and processes. It also discusses how companies can collaborate with their supply chain partners and open source communities through OpenChain to standardize methods and address bottlenecks in understanding open source compliance. OpenChain aims to help companies effectively manage their open source software supply chains.
19. This is how we address software in the supply chain.
20. Using OpenChain ForPractical
“OpenSourceSoftware Supply Chain Management(OSSSCM)”
2019.13th.Mar/Open Source Leadership Summit (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 20
Masato ENDO
ProjectManager
IP StrategicGroup
IntellectualPropertyDiv.
Toyota Motor Corporation
21. Introduction
(c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 21
http://linkedin.com/in/masato-endo-279026159
Communication
Engineering&
Informatics
Industrial&
Management
Systems
Engineering
Business
Administration
Background
Responsibilities
Industrial&
Management
Systems
Engineering
Business
Administration
Intellectual
PropertyRights
IP Strategy OSSGovernance
Community
Works
2019.13th.Mar/Open Source Leadership Summit
22. The History of SCM
(c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 22
‘70s
TPS
‘80s
QR
‘90s
SCM
‘10s
SCRM
‘00s
G11n
Industry
Automotive
Keywords
JIT
(Just InTime)
Apparel
Informatization
Computer
BTO(BuildTo Order)
TOC
(TheoryOf Constraints)
ALL
BCP
(BusinessContinuity
Planning)
ALL
CPFR
(CollaborativePlanning,
Forecastingand
Replenishment)
2019.13th.Mar/Open Source Leadership Summit
23. (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 23
The concept of SCM
Forimproving customer’s experience
Formaximize effectiveness
Realizing Total Optimization
Breaking down the intra- and inter-organizational barriers
WHY?
HOW?
Collaboration with supply chain partners
Managing bottlenecks
WHAT?
2019.13th.Mar/Open Source Leadership Summit
24. (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 24
The Concept of OSSSCM
Respecting the intention of community engineers
Maximizing effectiveness
Realizing Total Optimization
Removing intra / inter-organization barriers
WHY?
HOW?
Collaboration between supply chain partners and community
Managing bottlenecks
WHAT?
2019.13th.Mar/Open Source Leadership Summit
26. Governance of EachOrganization
(c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 26
w/Community
PlatinumMembers:
Adobe/Arm/CISCO/COMCAST/GitHub/
HARMAN/HITACHI/QUALCOMM/SIEMENS
Sony/TOSHIBA/TOYOTA/WesternDigital
Recentlyannounced:
Bosch/Facebook/Google/Microsoft/Uber
Building out self-certification, Audited Certification and
formal standardization
In TOYOTASC
Building an official grouptomanage
OSSrisks andcommunity contributions
IP
Specialist
Security
Specialist
OSS
Developer
CompanywideGroup
R&D
Developing
OSSCulture
Handling
OSSRisks
2019.13th.Mar/Open Source Leadership Summit
27. (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 27
Standardization of Methods
w/Community In TOYOTASC
Discussing Information SharingGuidelines viaOpenChain
toaddress licensing information challenges
TOYOTA
Tier1
Suppliers
Information Sharing Guidelines
SUBWorkingGroups
-PlanningSWG
-FAQSWG
-LeaflettoSupplierSWG
-EducationmaterialforrolesSWG
-LicenseinformationexchangeSWG
-ToolingSWG
-PromotionSWG
● OpenChainJPWG
https://wiki.linuxfoundation.org/openchain/openchain-japanese-working-group
https://github.com/OpenChain-Project/Onboarding-JWG
2019.13th.Mar/Open Source Leadership Summit
28. (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0
DENSOTEN/Fujitsu/
HITACHI/Panasonic/
Pioneer/RENESAS/
RICOH/Sony/TOSHIBA/TOYOTA● JAPAN WORK GROUP
InfoSharingSub-WG
Standardization of Data Exchange
SPDXLite(ex. PackageInfo.)wouldbea efficientwaytomanagesupplychainswheresomesupplierscannot
usethe fullSPDXspecification.
w/Community
2019.13th.Mar/Open Source Leadership Summit
30. (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 30
Decrease Patent Risks
w/Community
The expansion OIN Community
resulted in a continuous reduction of
OSS patent risks.
In TOYOTASC
2016 2017 2018
44%
55%
68%
Roughly Estimation ofOIN Coverage
New MajorLicenseesOIN: HITACHI/KDDI/Microsoft
TOYOTA promoted its inclusion in the OIN Patent Non-
Aggression Community.
As aresult, AGL technology has become part of this
community.
LinuxSystemDefinition
OINBoardMembers
Google/IBM/NEC/PHILIPS/
RedHat/Sony/SUSE/TOYOTA
Approved
2019.13th.Mar/Open Source Leadership Summit
31. (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 31
Decrease License Risks
w/Community
GPL Cooperation Commitment (GPLCC) introduces a cure
opportunity for GPLv2 and LGPLv2.
This community is expanding rapidly.
In TOYOTASC
Amazon/Arm/Canonical/GitLab/Intel/Liferay/Linaro/
MariaDB/NEC/Pivotal/RoyalPhilips/SAS/TOYOTA/VMware
Adobe/Alibaba/Amadeus/AntFinancial/Atlassian,
Atos/AT&T/Bandwidth/Etsy/GitHub/Hitachi/NVIDIA/
Oath/Renesas/Tencent/Twitter
CATechnologies/Cisco/HewlettPackard Enterprise/Microsoft/SAP/SUSE
RedHat/Facebook/Google/IBMNov.2017
Mar.2018
Jul.2018
Nov.2018
The eight boardmembers of OIN announced that they had
unanimously adopted GPLCC.
https://www.openinventionnetwork.com/pressrelease_details/?id=88
TOYOTA became the firstautomotive
company tojoin GPLCC.
https://www.toyota.co.jp/jpn/sustainability/governance/compliance/Toyota_GPL_Commitment.pdf
TOYOTA is introducing GPLCCat
community events such as the AGL All Members Meeting.
2019.13th.Mar/Open Source Leadership Summit
32. (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 32
Promote Understanding
w/Community In TOYOTASC
The OpenChain Japan WG is identifying bottlenecks caused
by lack of understanding aroundcompliance and building
Sub-Groups for each bottleneck.
Executive
Planning
R&D
Legal/IP
Sales
Procurement
CS
PR
FAQSub-G
Educationmaterial
forrolesSub-G
LeaflettoSupplier
Sub-G
TOYOTA introduced an OSSlicense manual on the
employees intra-net andis sharing information with
subsidiaries all over the world.
Outside professionals aredelivering lectures for our
engineers tofurther develop internal OSSculture.
2019.13th.Mar/Open Source Leadership Summit
33. Level of Understanding
(c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 33
Level1
NOTunderstand
Importanceof
OSSCompliance
Level2
NOTunderstand
whattodo
Level3
NOTunderstand
howtodo
Level4
NotUnderstand
howtoget
certification
●Tojoinevents
(forEngineers/
Legalpeople/
IP people)
●Workshop
●PR
(Traditional
Media/
Tech Media/
SNS)
●CaseMaterials
(Wiki/
Handbook/
Academic
paper)
●Consultation
●Training
support
●Self
certification
support
●Third-party
certification
Comprehensivesupportis being developed
We havetoreachpeoplewhodoesn'trecognizeOSScompliance
2019.13th.Mar/Open Source Leadership Summit
34. Engage with OpenChain – Start Your OSSSCM
Join the community:
https://www.openchainproject.org/community
Self-certify an organization:
https://certification.openchainproject.org