SlideShare ist ein Scribd-Unternehmen logo

Using OpenChain for Practical Open Source Software Supply Chain Management (OSSSCM)

Als PPTX, PDF herunterladen
Shane Coughlan
Shane Coughlan

The document discusses OpenChain and using it for open source software supply chain management (OSSSCM). It describes how OpenChain defines requirements for an open source compliance program, including training, policies, and processes. It also discusses how companies can collaborate with their supply chain partners and open source communities through OpenChain to standardize methods and address bottlenecks in understanding open source compliance. OpenChain aims to help companies effectively manage their open source software supply chains.

Software
1 von 34
Context: Why, How and Who OpenChain Project - The Linux Foundation Available under the CC Attribution-NoDerivatives 4.0 International license.
How do I trust my open source supply chain?
The OpenChain Project defines the key requirements for a quality open source compliance program.
Training Policy Process Inbound Outbound
Companies have the flexibility to decide the content of each specific process, policies and training.
OpenChain is run by users companies for user companies.
7
Our Latest Platinum Member
9 Publicly Announced Conformant Programs
Our New Responsive Self-Certification App
Self-Certify or “health check” for free and in private: https://certification.openchainproject.org
45% of organizations access the web app for conformance, 45% access it for health checks.
Audited Certification is an Option
OpenChain is Community First
Meetings in Japan 0 10 20 30 40 50 60 70 2017/Dec/272018/Feb/222018/Apr/192018/Jun/132018/Aug/312018/Oct/312018/Nov/202018/Dec/52019/Feb/282019/Apr/xx Num. of attendees Num. of entities Linear (Num. of attendees) Linear (Num. of entities) Sub Group活動開始
Japanese Mailing List 14 22 34 75 90 97 108 8 13 18 37 40 42 48 0 20 40 60 80 100 120 2/6/2018 3/6/2018 4/6/2018 5/6/2018 6/6/2018 7/6/2018 8/6/2018 9/6/2018 10/6/2018 11/6/2018 12/6/2018 1/6/2019 2/6/2019 Japan WG ML registration Person Entity
OpenChain: raising all the boats for the benefit of all.
This is how we address software in the supply chain.
Using OpenChain ForPractical “OpenSourceSoftware Supply Chain Management(OSSSCM)” 2019.13th.Mar/Open Source Leadership Summit (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 20 Masato ENDO ProjectManager IP StrategicGroup IntellectualPropertyDiv. Toyota Motor Corporation
Introduction (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 21 http://linkedin.com/in/masato-endo-279026159 Communication Engineering& Informatics Industrial& Management Systems Engineering Business Administration Background Responsibilities Industrial& Management Systems Engineering Business Administration Intellectual PropertyRights IP Strategy OSSGovernance Community Works 2019.13th.Mar/Open Source Leadership Summit
The History of SCM (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 22 ‘70s TPS ‘80s QR ‘90s SCM ‘10s SCRM ‘00s G11n Industry Automotive Keywords JIT (Just InTime) Apparel Informatization Computer BTO(BuildTo Order) TOC (TheoryOf Constraints) ALL BCP (BusinessContinuity Planning) ALL CPFR (CollaborativePlanning, Forecastingand Replenishment) 2019.13th.Mar/Open Source Leadership Summit
(c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 23 The concept of SCM Forimproving customer’s experience Formaximize effectiveness Realizing Total Optimization Breaking down the intra- and inter-organizational barriers WHY? HOW? Collaboration with supply chain partners Managing bottlenecks WHAT? 2019.13th.Mar/Open Source Leadership Summit
(c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 24 The Concept of OSSSCM Respecting the intention of community engineers Maximizing effectiveness Realizing Total Optimization Removing intra / inter-organization barriers WHY? HOW? Collaboration between supply chain partners and community Managing bottlenecks WHAT? 2019.13th.Mar/Open Source Leadership Summit
(c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 25 Collaboration Maker CustomerRetailersupplierCommunity Executive Planning R&D Legal/IP Sales Procurement CS PR 1. Developing an OSSgovernancestructure topromotecollaboration 2. Standardizationofmethods forsmartcollaboration 2019.13th.Mar/Open Source Leadership Summit
Governance of EachOrganization (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 26 w/Community PlatinumMembers: Adobe/Arm/CISCO/COMCAST/GitHub/ HARMAN/HITACHI/QUALCOMM/SIEMENS Sony/TOSHIBA/TOYOTA/WesternDigital Recentlyannounced: Bosch/Facebook/Google/Microsoft/Uber Building out self-certification, Audited Certification and formal standardization In TOYOTASC Building an official grouptomanage OSSrisks andcommunity contributions IP Specialist Security Specialist OSS Developer CompanywideGroup R&D Developing OSSCulture Handling OSSRisks 2019.13th.Mar/Open Source Leadership Summit
(c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 27 Standardization of Methods w/Community In TOYOTASC Discussing Information SharingGuidelines viaOpenChain toaddress licensing information challenges TOYOTA Tier1 Suppliers Information Sharing Guidelines SUBWorkingGroups -PlanningSWG -FAQSWG -LeaflettoSupplierSWG -EducationmaterialforrolesSWG -LicenseinformationexchangeSWG -ToolingSWG -PromotionSWG ● OpenChainJPWG https://wiki.linuxfoundation.org/openchain/openchain-japanese-working-group https://github.com/OpenChain-Project/Onboarding-JWG 2019.13th.Mar/Open Source Leadership Summit
(c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 DENSOTEN/Fujitsu/ HITACHI/Panasonic/ Pioneer/RENESAS/ RICOH/Sony/TOSHIBA/TOYOTA● JAPAN WORK GROUP InfoSharingSub-WG Standardization of Data Exchange SPDXLite(ex. PackageInfo.)wouldbea efficientwaytomanagesupplychainswheresomesupplierscannot usethe fullSPDXspecification. w/Community 2019.13th.Mar/Open Source Leadership Summit
(c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 29 Managing Bottlenecks Maker CustomerRetailersupplierCommunity Executive Planning R&D Legal/IP Sales Procurement CS PR Infrastructuresof OSS 1. Decreasing PatentRisks 2. Decreasing LicenseRisks 3.PromoteInternalandExternalUnderstandingOSSCompliance 2019.13th.Mar/Open Source Leadership Summit
(c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 30 Decrease Patent Risks w/Community The expansion OIN Community resulted in a continuous reduction of OSS patent risks. In TOYOTASC 2016 2017 2018 44% 55% 68% Roughly Estimation ofOIN Coverage New MajorLicenseesOIN: HITACHI/KDDI/Microsoft TOYOTA promoted its inclusion in the OIN Patent Non- Aggression Community. As aresult, AGL technology has become part of this community. LinuxSystemDefinition OINBoardMembers Google/IBM/NEC/PHILIPS/ RedHat/Sony/SUSE/TOYOTA Approved 2019.13th.Mar/Open Source Leadership Summit
(c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 31 Decrease License Risks w/Community GPL Cooperation Commitment (GPLCC) introduces a cure opportunity for GPLv2 and LGPLv2. This community is expanding rapidly. In TOYOTASC Amazon/Arm/Canonical/GitLab/Intel/Liferay/Linaro/ MariaDB/NEC/Pivotal/RoyalPhilips/SAS/TOYOTA/VMware Adobe/Alibaba/Amadeus/AntFinancial/Atlassian, Atos/AT&T/Bandwidth/Etsy/GitHub/Hitachi/NVIDIA/ Oath/Renesas/Tencent/Twitter CATechnologies/Cisco/HewlettPackard Enterprise/Microsoft/SAP/SUSE RedHat/Facebook/Google/IBMNov.2017 Mar.2018 Jul.2018 Nov.2018 The eight boardmembers of OIN announced that they had unanimously adopted GPLCC. https://www.openinventionnetwork.com/pressrelease_details/?id=88 TOYOTA became the firstautomotive company tojoin GPLCC. https://www.toyota.co.jp/jpn/sustainability/governance/compliance/Toyota_GPL_Commitment.pdf TOYOTA is introducing GPLCCat community events such as the AGL All Members Meeting. 2019.13th.Mar/Open Source Leadership Summit
(c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 32 Promote Understanding w/Community In TOYOTASC The OpenChain Japan WG is identifying bottlenecks caused by lack of understanding aroundcompliance and building Sub-Groups for each bottleneck. Executive Planning R&D Legal/IP Sales Procurement CS PR FAQSub-G Educationmaterial forrolesSub-G LeaflettoSupplier Sub-G TOYOTA introduced an OSSlicense manual on the employees intra-net andis sharing information with subsidiaries all over the world. Outside professionals aredelivering lectures for our engineers tofurther develop internal OSSculture. 2019.13th.Mar/Open Source Leadership Summit
Level of Understanding (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 33 Level1 NOTunderstand Importanceof OSSCompliance Level2 NOTunderstand whattodo Level3 NOTunderstand howtodo Level4 NotUnderstand howtoget certification ●Tojoinevents (forEngineers/ Legalpeople/ IP people) ●Workshop ●PR (Traditional Media/ Tech Media/ SNS) ●CaseMaterials (Wiki/ Handbook/ Academic paper) ●Consultation ●Training support ●Self certification support ●Third-party certification Comprehensivesupportis being developed We havetoreachpeoplewhodoesn'trecognizeOSScompliance 2019.13th.Mar/Open Source Leadership Summit
Engage with OpenChain – Start Your OSSSCM Join the community: https://www.openchainproject.org/community Self-certify an organization: https://certification.openchainproject.org

Empfohlen

Automotive Processes and Open Source
Automotive Processes and Open SourceAutomotive Processes and Open Source
Automotive Processes and Open Source
Shane Coughlan
 
Sur fnet open-conext-apereo2014
Sur fnet open-conext-apereo2014Sur fnet open-conext-apereo2014
Sur fnet open-conext-apereo2014
Niels van Dijk
 
OpenChain Germany Work Group Meeting 1
OpenChain Germany Work Group Meeting 1OpenChain Germany Work Group Meeting 1
OpenChain Germany Work Group Meeting 1
Shane Coughlan
 
GENIVI Development Platform, la plataforma para desarrolladores de software l...
GENIVI Development Platform, la plataforma para desarrolladores de software l...GENIVI Development Platform, la plataforma para desarrolladores de software l...
GENIVI Development Platform, la plataforma para desarrolladores de software l...
Agustin Benito Bethencourt
 
OpenChain Telco - 2022-02-03
OpenChain Telco - 2022-02-03OpenChain Telco - 2022-02-03
OpenChain Telco - 2022-02-03
Shane Coughlan
 
OSGi - Four Years and Forward - J Barr
OSGi - Four Years and Forward - J BarrOSGi - Four Years and Forward - J Barr
OSGi - Four Years and Forward - J Barr
mfrancis
 
Mobile Web Europe
Mobile Web EuropeMobile Web Europe
Mobile Web Europe
3GDATING
 
Case Study: Interval Leisure Group Paints a Picture-Perfect View of Member Ex...
Case Study: Interval Leisure Group Paints a Picture-Perfect View of Member Ex...Case Study: Interval Leisure Group Paints a Picture-Perfect View of Member Ex...
Case Study: Interval Leisure Group Paints a Picture-Perfect View of Member Ex...
CA Technologies
 

Empfohlen

Automotive Processes and Open Source
Automotive Processes and Open SourceAutomotive Processes and Open Source
Automotive Processes and Open Source
Shane Coughlan
 
Sur fnet open-conext-apereo2014
Sur fnet open-conext-apereo2014Sur fnet open-conext-apereo2014
Sur fnet open-conext-apereo2014
Niels van Dijk
 
OpenChain Germany Work Group Meeting 1
OpenChain Germany Work Group Meeting 1OpenChain Germany Work Group Meeting 1
OpenChain Germany Work Group Meeting 1
Shane Coughlan
 
GENIVI Development Platform, la plataforma para desarrolladores de software l...
GENIVI Development Platform, la plataforma para desarrolladores de software l...GENIVI Development Platform, la plataforma para desarrolladores de software l...
GENIVI Development Platform, la plataforma para desarrolladores de software l...
Agustin Benito Bethencourt
 
OpenChain Telco - 2022-02-03
OpenChain Telco - 2022-02-03OpenChain Telco - 2022-02-03
OpenChain Telco - 2022-02-03
Shane Coughlan
 
OSGi - Four Years and Forward - J Barr
OSGi - Four Years and Forward - J BarrOSGi - Four Years and Forward - J Barr
OSGi - Four Years and Forward - J Barr
mfrancis
 
Mobile Web Europe
Mobile Web EuropeMobile Web Europe
Mobile Web Europe
3GDATING
 
Case Study: Interval Leisure Group Paints a Picture-Perfect View of Member Ex...
Case Study: Interval Leisure Group Paints a Picture-Perfect View of Member Ex...Case Study: Interval Leisure Group Paints a Picture-Perfect View of Member Ex...
Case Study: Interval Leisure Group Paints a Picture-Perfect View of Member Ex...
CA Technologies
 
OpenChain: Great Open Source Compliance for Everyone (Version 7)
OpenChain: Great Open Source Compliance for Everyone (Version 7)OpenChain: Great Open Source Compliance for Everyone (Version 7)
OpenChain: Great Open Source Compliance for Everyone (Version 7)
Shane Coughlan
 
Great Open Source Compliance for Everyone - Version 6
Great Open Source Compliance for Everyone - Version 6Great Open Source Compliance for Everyone - Version 6
Great Open Source Compliance for Everyone - Version 6
Shane Coughlan
 
Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11
Shane Coughlan
 
OpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonOpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - Lyon
Shane Coughlan
 
A Brief Introduction to OpenChain - February 2020
A Brief Introduction to OpenChain - February 2020A Brief Introduction to OpenChain - February 2020
A Brief Introduction to OpenChain - February 2020
Shane Coughlan
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply Chain
Shane Coughlan
 
Great Open Source Compliance For Everyone (Version 3)
Great Open Source Compliance For Everyone (Version 3)Great Open Source Compliance For Everyone (Version 3)
Great Open Source Compliance For Everyone (Version 3)
Shane Coughlan
 
IoT Developer Survey 2018
IoT Developer Survey 2018IoT Developer Survey 2018
IoT Developer Survey 2018
Eclipse IoT
 
OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17
Shane Coughlan
 
OpenChain - Today and Tomorrow - Korean Work Group
OpenChain - Today and Tomorrow - Korean Work GroupOpenChain - Today and Tomorrow - Korean Work Group
OpenChain - Today and Tomorrow - Korean Work Group
Shane Coughlan
 
IoT Developer Survey 2018
IoT Developer Survey 2018IoT Developer Survey 2018
IoT Developer Survey 2018
Benjamin Cabé
 
Soluciones de Código Abierto - Perspectivas, Resultados y Soluciones de Valor
Soluciones de Código Abierto - Perspectivas, Resultados y Soluciones de ValorSoluciones de Código Abierto - Perspectivas, Resultados y Soluciones de Valor
Soluciones de Código Abierto - Perspectivas, Resultados y Soluciones de Valor
WSO2
 
2023-06-cute
2023-06-cute2023-06-cute
2023-06-cute
Shane Coughlan
 
2023-06-classic
2023-06-classic2023-06-classic
2023-06-classic
Shane Coughlan
 
2023-06-corporate
2023-06-corporate2023-06-corporate
2023-06-corporate
Shane Coughlan
 
OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27
Shane Coughlan
 
Auto Industry Implementation of Open Source Software Supply Chain Management ...
Auto Industry Implementation of Open Source Software Supply Chain Management ...Auto Industry Implementation of Open Source Software Supply Chain Management ...
Auto Industry Implementation of Open Source Software Supply Chain Management ...
Shane Coughlan
 
Creating Authentic Value: Open Source vs. Open Core
Creating Authentic Value: Open Source vs. Open CoreCreating Authentic Value: Open Source vs. Open Core
Creating Authentic Value: Open Source vs. Open Core
Deborah Bryant
 
OSS - enterprise adoption strategy and governance
OSS - enterprise adoption strategy and governanceOSS - enterprise adoption strategy and governance
OSS - enterprise adoption strategy and governance
Prabir Kr Sarkar
 
BUDDY White Paper
BUDDY White PaperBUDDY White Paper
BUDDY White Paper
Achmad Surya Afandy
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
Shane Coughlan
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
Shane Coughlan
 

Weitere ähnliche Inhalte

Ähnlich wie Using OpenChain for Practical Open Source Software Supply Chain Management (OSSSCM)

Creating Authentic Value: Open Source vs. Open Core
Creating Authentic Value: Open Source vs. Open CoreCreating Authentic Value: Open Source vs. Open Core
Creating Authentic Value: Open Source vs. Open Core
Deborah Bryant
 

Ähnlich wie Using OpenChain for Practical Open Source Software Supply Chain Management (OSSSCM) (20)

OpenChain: Great Open Source Compliance for Everyone (Version 7)
OpenChain: Great Open Source Compliance for Everyone (Version 7)OpenChain: Great Open Source Compliance for Everyone (Version 7)
OpenChain: Great Open Source Compliance for Everyone (Version 7)
 
Great Open Source Compliance for Everyone - Version 6
Great Open Source Compliance for Everyone - Version 6Great Open Source Compliance for Everyone - Version 6
Great Open Source Compliance for Everyone - Version 6
 
Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11Great Open Source Compliance For Everyone - Version 11
Great Open Source Compliance For Everyone - Version 11
 
OpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - LyonOpenChain Automotive Work Group Meeting #2 - Lyon
OpenChain Automotive Work Group Meeting #2 - Lyon
 
A Brief Introduction to OpenChain - February 2020
A Brief Introduction to OpenChain - February 2020A Brief Introduction to OpenChain - February 2020
A Brief Introduction to OpenChain - February 2020
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply Chain
 
Great Open Source Compliance For Everyone (Version 3)
Great Open Source Compliance For Everyone (Version 3)Great Open Source Compliance For Everyone (Version 3)
Great Open Source Compliance For Everyone (Version 3)
 
IoT Developer Survey 2018
IoT Developer Survey 2018IoT Developer Survey 2018
IoT Developer Survey 2018
 
OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17
 
OpenChain - Today and Tomorrow - Korean Work Group
OpenChain - Today and Tomorrow - Korean Work GroupOpenChain - Today and Tomorrow - Korean Work Group
OpenChain - Today and Tomorrow - Korean Work Group
 
IoT Developer Survey 2018
IoT Developer Survey 2018IoT Developer Survey 2018
IoT Developer Survey 2018
 
Soluciones de Código Abierto - Perspectivas, Resultados y Soluciones de Valor
Soluciones de Código Abierto - Perspectivas, Resultados y Soluciones de ValorSoluciones de Código Abierto - Perspectivas, Resultados y Soluciones de Valor
Soluciones de Código Abierto - Perspectivas, Resultados y Soluciones de Valor
 
2023-06-cute
2023-06-cute2023-06-cute
2023-06-cute
 
2023-06-classic
2023-06-classic2023-06-classic
2023-06-classic
 
2023-06-corporate
2023-06-corporate2023-06-corporate
2023-06-corporate
 
OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27
 
Auto Industry Implementation of Open Source Software Supply Chain Management ...
Auto Industry Implementation of Open Source Software Supply Chain Management ...Auto Industry Implementation of Open Source Software Supply Chain Management ...
Auto Industry Implementation of Open Source Software Supply Chain Management ...
 
Creating Authentic Value: Open Source vs. Open Core
Creating Authentic Value: Open Source vs. Open CoreCreating Authentic Value: Open Source vs. Open Core
Creating Authentic Value: Open Source vs. Open Core
 
OSS - enterprise adoption strategy and governance
OSS - enterprise adoption strategy and governanceOSS - enterprise adoption strategy and governance
OSS - enterprise adoption strategy and governance
 
BUDDY White Paper
BUDDY White PaperBUDDY White Paper
BUDDY White Paper
 

Mehr von Shane Coughlan

OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your Code
Shane Coughlan
 

Mehr von Shane Coughlan (20)

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group - 2024-01-17
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptx
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics Slides
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
 
OpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your CodeOpenChain Webinar #56: Generative AI and Your Code
OpenChain Webinar #56: Generative AI and Your Code
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11
 

Kürzlich hochgeladen

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
masabamasaba
 

Kürzlich hochgeladen (20)

%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 

Using OpenChain for Practical Open Source Software Supply Chain Management (OSSSCM)

  • 1. Context: Why, How and Who OpenChain Project - The Linux Foundation Available under the CC Attribution-NoDerivatives 4.0 International license.
  • 2. How do I trust my open source supply chain?
  • 3. The OpenChain Project defines the key requirements for a quality open source compliance program.
  • 5. Companies have the flexibility to decide the content of each specific process, policies and training.
  • 6. OpenChain is run by users companies for user companies.
  • 7. 7
  • 10.
  • 11. Our New Responsive Self-Certification App
  • 12. Self-Certify or “health check” for free and in private: https://certification.openchainproject.org
  • 13. 45% of organizations access the web app for conformance, 45% access it for health checks.
  • 16. Meetings in Japan 0 10 20 30 40 50 60 70 2017/Dec/272018/Feb/222018/Apr/192018/Jun/132018/Aug/312018/Oct/312018/Nov/202018/Dec/52019/Feb/282019/Apr/xx Num. of attendees Num. of entities Linear (Num. of attendees) Linear (Num. of entities) Sub Group活動開始
  • 17. Japanese Mailing List 14 22 34 75 90 97 108 8 13 18 37 40 42 48 0 20 40 60 80 100 120 2/6/2018 3/6/2018 4/6/2018 5/6/2018 6/6/2018 7/6/2018 8/6/2018 9/6/2018 10/6/2018 11/6/2018 12/6/2018 1/6/2019 2/6/2019 Japan WG ML registration Person Entity
  • 18. OpenChain: raising all the boats for the benefit of all.
  • 19. This is how we address software in the supply chain.
  • 20. Using OpenChain ForPractical “OpenSourceSoftware Supply Chain Management(OSSSCM)” 2019.13th.Mar/Open Source Leadership Summit (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 20 Masato ENDO ProjectManager IP StrategicGroup IntellectualPropertyDiv. Toyota Motor Corporation
  • 21. Introduction (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 21 http://linkedin.com/in/masato-endo-279026159 Communication Engineering& Informatics Industrial& Management Systems Engineering Business Administration Background Responsibilities Industrial& Management Systems Engineering Business Administration Intellectual PropertyRights IP Strategy OSSGovernance Community Works 2019.13th.Mar/Open Source Leadership Summit
  • 22. The History of SCM (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 22 ‘70s TPS ‘80s QR ‘90s SCM ‘10s SCRM ‘00s G11n Industry Automotive Keywords JIT (Just InTime) Apparel Informatization Computer BTO(BuildTo Order) TOC (TheoryOf Constraints) ALL BCP (BusinessContinuity Planning) ALL CPFR (CollaborativePlanning, Forecastingand Replenishment) 2019.13th.Mar/Open Source Leadership Summit
  • 23. (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 23 The concept of SCM Forimproving customer’s experience Formaximize effectiveness Realizing Total Optimization Breaking down the intra- and inter-organizational barriers WHY? HOW? Collaboration with supply chain partners Managing bottlenecks WHAT? 2019.13th.Mar/Open Source Leadership Summit
  • 24. (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 24 The Concept of OSSSCM Respecting the intention of community engineers Maximizing effectiveness Realizing Total Optimization Removing intra / inter-organization barriers WHY? HOW? Collaboration between supply chain partners and community Managing bottlenecks WHAT? 2019.13th.Mar/Open Source Leadership Summit
  • 25. (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 25 Collaboration Maker CustomerRetailersupplierCommunity Executive Planning R&D Legal/IP Sales Procurement CS PR 1. Developing an OSSgovernancestructure topromotecollaboration 2. Standardizationofmethods forsmartcollaboration 2019.13th.Mar/Open Source Leadership Summit
  • 26. Governance of EachOrganization (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 26 w/Community PlatinumMembers: Adobe/Arm/CISCO/COMCAST/GitHub/ HARMAN/HITACHI/QUALCOMM/SIEMENS Sony/TOSHIBA/TOYOTA/WesternDigital Recentlyannounced: Bosch/Facebook/Google/Microsoft/Uber Building out self-certification, Audited Certification and formal standardization In TOYOTASC Building an official grouptomanage OSSrisks andcommunity contributions IP Specialist Security Specialist OSS Developer CompanywideGroup R&D Developing OSSCulture Handling OSSRisks 2019.13th.Mar/Open Source Leadership Summit
  • 27. (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 27 Standardization of Methods w/Community In TOYOTASC Discussing Information SharingGuidelines viaOpenChain toaddress licensing information challenges TOYOTA Tier1 Suppliers Information Sharing Guidelines SUBWorkingGroups -PlanningSWG -FAQSWG -LeaflettoSupplierSWG -EducationmaterialforrolesSWG -LicenseinformationexchangeSWG -ToolingSWG -PromotionSWG ● OpenChainJPWG https://wiki.linuxfoundation.org/openchain/openchain-japanese-working-group https://github.com/OpenChain-Project/Onboarding-JWG 2019.13th.Mar/Open Source Leadership Summit
  • 28. (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 DENSOTEN/Fujitsu/ HITACHI/Panasonic/ Pioneer/RENESAS/ RICOH/Sony/TOSHIBA/TOYOTA● JAPAN WORK GROUP InfoSharingSub-WG Standardization of Data Exchange SPDXLite(ex. PackageInfo.)wouldbea efficientwaytomanagesupplychainswheresomesupplierscannot usethe fullSPDXspecification. w/Community 2019.13th.Mar/Open Source Leadership Summit
  • 29. (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 29 Managing Bottlenecks Maker CustomerRetailersupplierCommunity Executive Planning R&D Legal/IP Sales Procurement CS PR Infrastructuresof OSS 1. Decreasing PatentRisks 2. Decreasing LicenseRisks 3.PromoteInternalandExternalUnderstandingOSSCompliance 2019.13th.Mar/Open Source Leadership Summit
  • 30. (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 30 Decrease Patent Risks w/Community The expansion OIN Community resulted in a continuous reduction of OSS patent risks. In TOYOTASC 2016 2017 2018 44% 55% 68% Roughly Estimation ofOIN Coverage New MajorLicenseesOIN: HITACHI/KDDI/Microsoft TOYOTA promoted its inclusion in the OIN Patent Non- Aggression Community. As aresult, AGL technology has become part of this community. LinuxSystemDefinition OINBoardMembers Google/IBM/NEC/PHILIPS/ RedHat/Sony/SUSE/TOYOTA Approved 2019.13th.Mar/Open Source Leadership Summit
  • 31. (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 31 Decrease License Risks w/Community GPL Cooperation Commitment (GPLCC) introduces a cure opportunity for GPLv2 and LGPLv2. This community is expanding rapidly. In TOYOTASC Amazon/Arm/Canonical/GitLab/Intel/Liferay/Linaro/ MariaDB/NEC/Pivotal/RoyalPhilips/SAS/TOYOTA/VMware Adobe/Alibaba/Amadeus/AntFinancial/Atlassian, Atos/AT&T/Bandwidth/Etsy/GitHub/Hitachi/NVIDIA/ Oath/Renesas/Tencent/Twitter CATechnologies/Cisco/HewlettPackard Enterprise/Microsoft/SAP/SUSE RedHat/Facebook/Google/IBMNov.2017 Mar.2018 Jul.2018 Nov.2018 The eight boardmembers of OIN announced that they had unanimously adopted GPLCC. https://www.openinventionnetwork.com/pressrelease_details/?id=88 TOYOTA became the firstautomotive company tojoin GPLCC. https://www.toyota.co.jp/jpn/sustainability/governance/compliance/Toyota_GPL_Commitment.pdf TOYOTA is introducing GPLCCat community events such as the AGL All Members Meeting. 2019.13th.Mar/Open Source Leadership Summit
  • 32. (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 32 Promote Understanding w/Community In TOYOTASC The OpenChain Japan WG is identifying bottlenecks caused by lack of understanding aroundcompliance and building Sub-Groups for each bottleneck. Executive Planning R&D Legal/IP Sales Procurement CS PR FAQSub-G Educationmaterial forrolesSub-G LeaflettoSupplier Sub-G TOYOTA introduced an OSSlicense manual on the employees intra-net andis sharing information with subsidiaries all over the world. Outside professionals aredelivering lectures for our engineers tofurther develop internal OSSculture. 2019.13th.Mar/Open Source Leadership Summit
  • 33. Level of Understanding (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 33 Level1 NOTunderstand Importanceof OSSCompliance Level2 NOTunderstand whattodo Level3 NOTunderstand howtodo Level4 NotUnderstand howtoget certification ●Tojoinevents (forEngineers/ Legalpeople/ IP people) ●Workshop ●PR (Traditional Media/ Tech Media/ SNS) ●CaseMaterials (Wiki/ Handbook/ Academic paper) ●Consultation ●Training support ●Self certification support ●Third-party certification Comprehensivesupportis being developed We havetoreachpeoplewhodoesn'trecognizeOSScompliance 2019.13th.Mar/Open Source Leadership Summit
  • 34. Engage with OpenChain – Start Your OSSSCM Join the community: https://www.openchainproject.org/community Self-certify an organization: https://certification.openchainproject.org