Loading…
Open Compliance Summit has ended
December 6 -7 - Yokohama, Japan
Click for Open Compliance Summit Information & Registration

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Thursday, December 6
 

08:00 JST

Registration
Thursday December 6, 2018 08:00 - 09:00 JST
Conference Room 7&8

09:00 JST

Welcome
Thursday December 6, 2018 09:00 - 09:05 JST
Conference Room 7&8

09:05 JST

State of the Union - Mike Dolan, VP of Strategic Programs, The Linux Foundation
Speakers
avatar for Mike Dolan

Mike Dolan

VP of Strategic Programs, The Linux Foundation
Michael Dolan is VP of Strategic Programs supporting open source projects and legal programs at The Linux Foundation. He has set up and launched dozens of open source and open standards projects covering technology segments including networking, virtualization, cloud, blockchain... Read More →


Thursday December 6, 2018 09:05 - 09:20 JST
Conference Room 7&8

09:20 JST

09:40 JST

Today in Japan - Shane Coughlan, The Linux Foundation & Hiroyuki Fukuchi
Speakers
avatar for Shane Coughlan

Shane Coughlan

OpenChain General Manager, Linux Foundation
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional... Read More →


Thursday December 6, 2018 09:40 - 10:00 JST
Conference Room 7&8

10:00 JST

Today in China - Maggie Wang, Ladas & Parry LLP
Speakers
avatar for Maggie Wang

Maggie Wang

Chief Representative, Ladas & Perry LLP
Maggie Wang is Chief Representative of Ladas & Parry LLP in China. Maggie started her legal career in 2005 at Huawei Technologies Co. Ltd.. Maggie used to be the interface of the company’s software compliance, dealing with both commercial software companies and open source software... Read More →


Thursday December 6, 2018 10:00 - 10:20 JST
Conference Room 7&8

10:20 JST

Coffee Break
Thursday December 6, 2018 10:20 - 11:00 JST

11:00 JST

Linux Foundation Compliance Program Update - Kate Stewart, The Linux Foundation
Speakers
avatar for Kate Stewart

Kate Stewart

Senior Director of Strategic Programs, Linux Foundation
Kate Stewart is a Senior Director of Strategic Programs, responsible for Embedded and Open Compliance programs. Since joining The Linux Foundation, she has launched Real-Time Linux, Zephyr Project, CHAOSS, and ELISA.


Thursday December 6, 2018 11:00 - 11:20 JST
Conference Room 7&8

11:20 JST

Quick Guide: Choosing A License in 2018 - Software, Hardware, Documents and Data - Andrew Katz, Moorcrofts LLP
Speakers
avatar for Andrew Katz

Andrew Katz

Managing Partner, Moorcrofts LLP
Andrew Katz is managing partner and head of the tech department at Moorcrofts LLP, a boutique law firm based in the Thames Valley near London. He specialises in free and open source software and other opens, and is also CEO of Orcro Limited, an OpenChain partner providing specialist... Read More →


Thursday December 6, 2018 11:20 - 11:40 JST
Conference Room 7&8

11:40 JST

Panel Discussion: How We Did It: Open Source Programs and Company Culture - Charles Eckel, Cisco; Krista Khare, Comcast; Chandana Rao, Cognizant
Speakers
avatar for Charles Eckel

Charles Eckel

Global Technology Standards, Cisco Systems
Charles is a recognized champion of open source, standards, and interoperability. At Cisco, Charles is responsible for identifying and guiding open source efforts related to key standards initiatives. In addition to work in MEF, Charles is active in IETF, where he started and runs... Read More →
avatar for Krista Khare

Krista Khare

Open Source Compliance and Delivery Manager, Comcast
Krista Khare is a Program Manager with Comcast’s Open Source Practice and has been with Comcast since early 2017. In her role, Krista helps engineers to open source their software and also acts as a consultant on open source compliance. She enjoys launching and managing early-stage... Read More →
CR

Chandana Rao

Cognizant


Thursday December 6, 2018 11:40 - 12:20 JST
Conference Room 7&8

12:20 JST

Lunch
Thursday December 6, 2018 12:20 - 14:00 JST
Conference Room 4&5

14:00 JST

Don’t Ship that Container – On the Challenges of Compliance of Container Images - Dirk Hohndel, VMware
Containers are on everyone’s mind. They are the future. They make everything better, easier, faster, cleaner, simpler, and more secure. At least that’s the impression you could get, listening to the hype or attending some of the conferences on the topic.
One area, however, you don’t hear much about, is compliance, specifically compliance with the open source license obligations of the components that are used to build said containers. And this is where things get a bit murky. And complicated. And confusing.

This talk will shine a light on some of the challenges that today’s container technologies (specifically, the tooling for creating and packaging container images) bring to the topic of open source license compliance. I’ll show some of the obvious and not so obvious pitfalls, the concerns with the so called industry best practices and ideas how to work around them.

Speakers
avatar for Dirk Hohndel

Dirk Hohndel

Chief Open Source Officer, VMware, Inc.
Dirk is VMware’s Chief Open Source Officer, leading the company’s Open Source Program Office, directing the efforts and strategy around use of and contribution to open source projects and driving common values and processes across the company for VMware’s interaction with the... Read More →


Thursday December 6, 2018 14:00 - 14:20 JST
Conference Room 7&8

14:20 JST

Auto Industry Implementation of “Open Source Software Supply Chain Management (OSSSCM)” - Masato Endo, Toyota Motor Corporation
The adoption of Open Source Software in the auto industry is expanding rapidly. This is especially true for advanced technology fields such as autonomous driving and connected vehicles, both areas where Open Source Software has an essential necessity.

Because the scale of supply chain of auto industry the importance of the risk management across the whole supply chain is also increasing. This presentation will propose a conceptual Open Source Software Supply Chain Management and in the process introduce community activities that support such an initiative such as OpenChain, OIN and GPL Cooperation Commitment.

Speakers
avatar for Masato Endo

Masato Endo

Project Manager, Toyota Motor Corporation
Masato Endo is Project Manager of the IP Strategic Group in the Toyota IP Division. He is engaged in the planning and implementation of the IP strategy for the Toyota Motor Corporation. He focuses mainly on building the OSS governance structure within Toyota and developing relationships... Read More →


Thursday December 6, 2018 14:20 - 14:40 JST
Conference Room 7&8

14:40 JST

Best Practices For Accepting Code Contributions - Dashiell Renaud, Google
This talk will present best practices for corporations receiving code contributions from third parties. These best practices consist of three components: employing an Apache-type Contributor License Agreement (CLA), implementing a procedure for accepting CLA signatures, and implementing a procedure for accepting code submitted under the agreement.

I will discuss the specific laws and risks attendant to each part of the CLA signing and code acceptance process.

Speakers
DR

Dashiell Renaud

Program Manager, Google
Dashiell Renaud is a member of Google's Open Source Programs Office responsible for setting open source policies across Alphabet and overseeing open source compliance for Alphabet's products and services. Dashiell received a Juris Doctor from Vanderbilt University Law School in... Read More →


Thursday December 6, 2018 14:40 - 15:00 JST
Conference Room 7&8
  Conference Session
  • Experience Level Any

15:00 JST

Coffee Break
Thursday December 6, 2018 15:00 - 15:40 JST

15:40 JST

Case Study: Introducing Binary Analysis Next Generation: A Dive Into New Features and Functionalities - Armijn Hemel
This talk will introduce a new open source tool called Binary Analysis Next Generation (BANG). This tool represents a rethinking of how binary analysis can be applied with modern enterprise-friendly code, and in doing so how fidelity, speed and customization can be greatly enhanced. As with previous open source binary scanning tools, BANG does not conduct reverse engineering to obtain results, and it is explicitly designed for easy interaction with frameworks like FOSSology.

Speakers
AH

Armijn Hemel

Chief Tea Officer, Tjaldur Software Governance Solutions
(see other submission)


Thursday December 6, 2018 15:40 - 16:00 JST
Conference Room 7&8

16:00 JST

Building an Artificial Intelligence (AI) License Compliance Assistant - Jon Aldama, FOSSID AB
Explosive growth of Open Source Software makes finding the correct origin and licensing information for the free software ever more complicated for companies. But engineers are not licensing experts and need guidance before incorporating Open Source Software components into the products they build.

Our mission is to help companies achieve maximum Open Source Software adoption by simplifying the compliance work. AI is the key to delivering on that promise.

Our AI engine will combine the largest and highest performing knowledge base of Open Source on the market with millions of Open Source identifications that we have access to, in order to dramatically cut costs in the software auditing process, reduce risks for tech companies and accelerate overall innovation.

The goal for this talk is to give the audience an update about how AI can simplify their compliance work.

Speakers
JA

Jon Aldama

CTO, FOSSID
Jon Aldama (M.Sc.) is co-Founder and VP Products at FOSSID. Jon has profound engineering background, having worked with open source software compliance in large corporations as FOSS advisor and evangelist. Jon is an expert in product development, strategy, and positioning, and has... Read More →


Thursday December 6, 2018 16:00 - 16:20 JST
Conference Room 7&8

16:20 JST

FOSSology - Two New Approached for License Scanning - Maximilian Huber, TNG Technology Consulting GmbH & Aman Jain, Mercari
Most license scanners are rule-based: Defined occurrences of text patterns let software identify a particular licensing in open source software. This approach is straight forward and easy to understand.

But there are two major drawbacks: first a license expert is required to define such rules. Secondly, since many licenses share common text portions imprecise license classifications occur.

In the FOSSology project, recently two new approaches
have been implemented: One approach is called Atarashi and uses information retrieval statistics about license texts and attempts to identify licensing statements based on computed statistics. The other approach named Rigel uses machine learning to understand licensing in source code, based on previously made clearing decisions.

This presentation covers the challenges of license recognition and explains how different approaches cover them.

Speakers
avatar for Maximilian Huber

Maximilian Huber

Senior Consultant, TNG Technology Consulting GmbH
He is part of the Linux Foundation project FOSSology, as a committer and in the the Steering Committee. Further he is also involved in SW360, which is currently an Eclipse incubator project. He previously gave FOSSology related talks on the Linux Foundation Collaboration Summit 2016... Read More →
avatar for Aman Jain

Aman Jain

Search Engineer, Mercari
I am currently a Software Engineer at Mercari, Japan. I graduated from Indian Institute of Technology, Roorkee as a Mechanical Engineer. Successfully completed Google Summer of Code project with Fossology. Winner of GEDigital hacakthon, winner of Shopclues hackathon and my interests... Read More →


Thursday December 6, 2018 16:20 - 16:40 JST
Conference Room 7&8
  Conference Session
  • Experience Level Any

16:40 JST

Workshop: Using OSS Tooling for Open Source Compliance - Michael Jaeger, Siemens AG
This session shows less slides but rather demonstrates the use of open source based compliance tooling - it shows an end-to-end example of how license scanning is combined with component management. As a workshop session, attendees are encouraged to discuss the shown example together with the presenter.

The presentation will use the open source project FOSSology as license scanning and analysis tool. FOSSology consists of several building blocks that can be integrated into a compliance toolchain. And, it can be deployed as a Web server application allowing multiple users for analyzing OSS and sharing results. The presented component management system will be SW360, also an open source project. Organizations can use SW360 for maintaining an inventory of used software components to keep track of a software bill of material and reuse compliance information.

Speakers
avatar for Michael C. Jaeger

Michael C. Jaeger

Project Lead, FOSSology.org
Michael C. Jaeger is one of the maintainers for Linux Foundation\\'s FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. At Siemens Corporate Technology in Munich, Germany, Michael... Read More →


Thursday December 6, 2018 16:40 - 17:30 JST
Conference Room 7&8
  Workshop
 
Friday, December 7
 

08:00 JST

09:00 JST

Experiences from Open Source Program Office in an Established Company - Keiichi Seki, NEC
Today, Open Source Software Communities are major source of innovations. Open Source Compliance is very important for companies.
In established companies, the internal governance systems or organizations are not always optimized for Open Source way.
Sometimes, they are not aware of Open Source. This might stop or slow down things regarding Open Source issues.
In this presentation, Seki will share typical Open Source problems to be raised in established companies.
And Seki will also share importance of spreading Open Source literacy and culture from his experiences.

Speakers
KS

Keiichi Seki

Senior Manager, NEC Corporation
Keiichi Seki is an over 20 years experienced professional software architect in application platform middleware through R&D, marketing and customer support.And now he is working for Open Source Program Office in NEC to cover Licensing, Governance and Community activities.Recently... Read More →


Friday December 7, 2018 09:00 - 09:20 JST
Conference Room 7&8

09:20 JST

Automated OSS and License Detection System at Hitachi - Daisuke Koide, Hitachi, Ltd
Hitachi develops and provides enterprise systems with a large amount of Open Source Software, and the number of OSS used at Hitachi is increasing year by year. It is getting hard that developers recognize the whole stacks of OSS they use, because today’s OSS requires numerous other OSS under the hood and those dependencies are downloaded automatically on demand by tools like package managers. That makes it difficult to perform comprehensive license clearance promptly.
Daisuke established a system to solve this problem. The system is a kind of proxy server, which saves all files flowing through this proxy and detect what OSS and licenses each file includes. It enables developers to know what OSS they actually obtain and what licenses are included as they download. In this talk, Daisuke will present how the system works, how its improvement is, and future work.

Speakers
DK

Daisuke Koide

Software Engineer, Hitachi, Ltd
Daisuke Koide is a software engineer at Hitachi, Ltd. He joined a team developing software component management database, which is aimed at accelerating compliance tasks at Hitachi. He is also a main developer of the automated OSS and license detection system.


Friday December 7, 2018 09:20 - 09:40 JST
Conference Room 7&8
  Conference Session
  • Experience Level Any

09:40 JST

Fujitsu's Internal Operations for Participating in the OSS Communities - Takashi Harada, Fujitsu Limited
Fujitsu is an IT vendor which provides communication systems, IT systems, and related services. Fujitsu uses many OSSs in its business, and contributions from engineers to OSS communities are incresing. Mr. Harada from Fujitsu explains about Fujitsu's "Community Participation Guideline" which stipulates internal rules and has resolved some internal problems which had arised when engineers participate in communities.

Speakers
avatar for Takashi HARADA

Takashi HARADA

Assistant Manager, Fujitsu Limited
In Fujitsu, Takashi HARADA is providing in-house intellectual property service including OSS license compliance related service, at IP innovation div. For about 10 years, he has been working on patent application, prosecution, negotiation, licensing, and litigation in Fujitsu and... Read More →


Friday December 7, 2018 09:40 - 10:00 JST
Conference Room 7&8

10:00 JST

Open Source at Microsoft Scale, A Tale of Millions - Jeff McAffer, Microsoft
Open source is fundamental to Microsoft's products and services with several million uses of open source components across thousands of teams at the company. At the same time, compliance, security, and supply chain demands are increasing. These challenges introduce friction and risk into the system. To address this, the team at Microsoft has developed a comprehensive set of policies, processes and tools that, combined with quality data, enable the automated handling of 99%+ of use cases. In this talk Jeff outlines the challenges, details the approaches taken and tools used, and describes how you can apply similar techniques in your enterprise.

Speakers
JM

Jeff McAffer

Director, Open Source Programs Office, Microsoft
Jeff McAffer is the Director of the Open Source Programs Office at Microsoft where he and the team are helping drive the company’s transition to an “open source engagement first” model at enterprise scale. He is a founder of several open source projects including ClearlyDefined... Read More →


Friday December 7, 2018 10:00 - 10:20 JST
Conference Room 7&8
  Conference Session

10:20 JST

Coffee Break
Friday December 7, 2018 10:20 - 11:00 JST

11:00 JST

Does Compliance Require Enforcement? - James Bottomley, IBM
It is certainly an arguable position that without enforcement there's
really no incentive for compliance because without sanction anyone
can do anything in open source with impunity and we might as well all
simply use permissive licences. To most people,
especially those dealing with the GPL family of licences "enforcement"
means "legal action".
However, the purpose of this talk is to walk us back from extremist
positions: in fact, enforcement can simply imply taking one's view of
compliance and getting others to align with it either by persuasion or
by more forceful means. Even the latter doesn't
necessarily mean legal action, it can mean anything from strong
representation (i.e. advocacy) through commercial sanction, the latter
potentially being simply applied by refusing to purchase products from
non SPDX badged suppliers (or non open chain conformant
manufacturers).

Speakers
avatar for James Bottomley

James Bottomley

DE, IBM
James Bottomley is a Distinguished Engineer at IBM Research where heworks on Cloud and Container technology. He is also Linux Kernelmaintainer of the SCSI subsystem. He has been a Director on the Boardof the Linux Foundation and Chair of its Technical Advisory Board. Hewent to university... Read More →


Friday December 7, 2018 11:00 - 11:20 JST
Conference Room 7&8

11:20 JST

Quick Guide: 3rd Party Open Source Software Compliance Certification - Procedure, Case Study and Benefits
This talk will explore how 3rd party certification around open source compliance can help with risk reduction and operational efficiency for companies deploying code to market. It will focus on the overarching processes needed to make this happen and it will illustrate the application of these processes for real-world organizations.

Speakers
avatar for Dr. Andreas Bärwald

Dr. Andreas Bärwald

Head of Software Solutions, TÜV SÜD Product Service GmbH
Andreas Bärwald is a Senior Manager and Senior Expert for Software with more than 15 years professional experience in different positions. Over the years he worked as Vice President, Business Unit Manager, Business Line Manager, Team Manager, Project Manager, Technical Certifier... Read More →


Friday December 7, 2018 11:20 - 11:40 JST
Conference Room 7&8

11:40 JST

Software Heritage: Archive All the Source Code for Better Compliance - Stefano Zacchiroli, Software Heritage
Software Heritage is the largest public archive of software source code. It has already archive more than 4 billion unique source code files and 1 billion unique commits, coming from more than 80 million development projects.

The Software Heritage archive is a mutualized infrastructure that serves a number of use cases, from cultural preservation to scientific reproducibility and software analysis. In this talk we will present the project with a focus on its industrial use cases.

In particular we will discuss how Software Heritage enables universal provenance tracking and artifact identifications for the entire corpus of Free/Open Source Software (FOSS), and how it allows to outsource specific FOSS license obligations, such as making available complete and corresponding source code (CCS) tarballs for the shelf life of IT products.

Speakers
SZ

Stefano Zacchiroli

co-founder, CTO, Software Heritage
Stefano Zacchiroli is Associate Professor of Computer Science at University Paris Diderot on leave at Inria. His research interests span formal methods, software preservation, and Free/Open Source Software engineering. He is co-founder and current CTO of the Software Heritage project... Read More →


Friday December 7, 2018 11:40 - 12:00 JST
Conference Room 7&8

12:00 JST

A Look at the Copyright Notices in Linux Kernel - Shi Qiu & Katsuro Inoue, Osaka University
There have been some legal cases of FOSS developers enforcing their copyrights against companies. However, establishing the developer’s copyright ownership of FOSS projects only by copyright notice is difficult. On one hand, copyright notice may not refer to the real contributor of the source code. On another hand, copyright ownership can be assessed by the proportion and importance of the developer’s contribution instead of the copyright notice.

This talk will have a look at the thousands of copyright notices in Linux kernel. When and by whom are they created? How are they modified? Could they tell the correct copyright ownership? Not only the present situation of copyright notices but also the dynamic changes during the software evolution will be investigated. This talk aims at drawing the complete life cycle of the copyright notices buried in the large-scale source code.

Speakers
KI

Katsuro Inoue

Professor, Osaka University
Katsuro Inoue received his Ph.D. from Osaka University in 1984. He was an associate professor of University of Hawaii at Manoa from 1984 to 1986. After becoming an assistant professor of Osaka University in 1986, he has been a professor since 1995. His research interest includes software... Read More →
SQ

Shi Qiu

Ph.D. student, Osaka University
Shi Qiu received his B.E. degree of software engineering from Jilin University in 2013 and his M.E. degree of information science and technology from Osaka University in 2017. At present, he is a Ph.D. student in the Graduate School of Information Science and Technology at Osaka University... Read More →


Friday December 7, 2018 12:00 - 12:20 JST
Conference Room 7&8
  Conference Session

12:20 JST

Lunch
Friday December 7, 2018 12:20 - 14:00 JST
Conference Room 4&5

14:00 JST

Trademarks in Open Source - Hilary Richardson, Google LLC
Developers often have questions about the use of trademarks in open source projects, yet very few trademark attorneys weigh in on this topic. Non-attorney advice on the topic abounds in message boards with varying degrees of accuracy. Our recent casebook chapter on trademarks in open source attempts to shape the conversation on common questions about trademark usage based on actual case law. In-house compliance officers can expect to field questions about how to handle trademarks in open source, and may need to consider how to draft an open source trademark policy. Can developers simply license trademarks the same way that they license copyrights and patents? Does forking run in opposition to trademark protection? Why should developers care about trademarks? Tune in for a thoughtful discussion of these topics.

Speakers
HR

Hilary Richardson

Open Source Advisor, Google LLC
Hilary Richardson is an open source attorney at Google. She performs licensing due diligence for acquisitions and divestitures, reviews commercial contracts for licensing issues, and sets open source policy across the company. Hilary co-authored an open source casebook chapter about... Read More →


Friday December 7, 2018 14:00 - 14:20 JST
Conference Room 7&8

14:20 JST

Thinking Point: GDPR and Open Source Development - Steve Winslow, The Linux Foundation
Speakers
avatar for Steve Winslow

Steve Winslow

Director of Strategic Programs, The Linux Foundation
Steve Winslow is Director of Strategic Programs at The Linux Foundation. He runs The Linux Foundation’s license scanning and analysis service, advising projects about licenses identified in their source code and dependencies. Steve is also involved with projects including SPDX... Read More →


Friday December 7, 2018 14:20 - 14:40 JST
Conference Room 7&8

14:40 JST

Panel Discussion: Choosing Outside Counsel - Christopher Ekren, Sony Corporation; Andrew Katz, Moorcrofts LLP; Maggie Wang, Ladas & Parry LLP
Speakers
CE

Christopher Ekren

Senior Vice President and Deputy General Counsel, Sony Electronics
avatar for Andrew Katz

Andrew Katz

Managing Partner, Moorcrofts LLP
Andrew Katz is managing partner and head of the tech department at Moorcrofts LLP, a boutique law firm based in the Thames Valley near London. He specialises in free and open source software and other opens, and is also CEO of Orcro Limited, an OpenChain partner providing specialist... Read More →
avatar for Maggie Wang

Maggie Wang

Chief Representative, Ladas & Perry LLP
Maggie Wang is Chief Representative of Ladas & Parry LLP in China. Maggie started her legal career in 2005 at Huawei Technologies Co. Ltd.. Maggie used to be the interface of the company’s software compliance, dealing with both commercial software companies and open source software... Read More →


Friday December 7, 2018 14:40 - 15:10 JST
Conference Room 7&8

15:10 JST

Coffee Break
Friday December 7, 2018 15:10 - 15:50 JST

15:50 JST

Workshop: Putting OpenChain and SPDX to Work - Kate Stewart & Shane Coughlan, The Linux Foundation
Speakers
avatar for Shane Coughlan

Shane Coughlan

OpenChain General Manager, Linux Foundation
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional... Read More →
avatar for Kate Stewart

Kate Stewart

Senior Director of Strategic Programs, Linux Foundation
Kate Stewart is a Senior Director of Strategic Programs, responsible for Embedded and Open Compliance programs. Since joining The Linux Foundation, she has launched Real-Time Linux, Zephyr Project, CHAOSS, and ELISA.


Friday December 7, 2018 15:50 - 16:35 JST
Conference Room 7&8

16:35 JST

Workshop: Using CHAOSS to Measure Risk and Value - Sean Goggins
Speakers
avatar for Sean Goggins

Sean Goggins

Professor, University of Missouri
Sean is an open source software researcher and a founding member of the Linux Foundation’s working group on community health analytics for open source software CHAOSS and leader of the open source metrics tool AUGUR which can be forked and cloned and experimented wtih on GitHub... Read More →


Friday December 7, 2018 16:35 - 17:25 JST
Conference Room 7&8