Open Compliance Summit: Full Schedule

December 6 -7 - Yokohama, Japan
Click for Open Compliance Summit Information & Registration

08:00 JST

Registration

Thursday December 6, 2018 08:00 - 09:00 JST
Conference Room 7&8

Special Events / Meals / Breaks

09:00 JST

Welcome

Thursday December 6, 2018 09:00 - 09:05 JST
Conference Room 7&8

Conference Session

09:05 JST

State of the Union - Mike Dolan, VP of Strategic Programs, The Linux Foundation

Speakers

Mike Dolan

VP of Strategic Programs, The Linux Foundation

Michael Dolan is VP of Strategic Programs supporting open source projects and legal programs at The Linux Foundation. He has set up and launched dozens of open source and open standards projects covering technology segments including networking, virtualization, cloud, blockchain... Read More →

Thursday December 6, 2018 09:05 - 09:20 JST
Conference Room 7&8

Conference Session

09:20 JST

Panel: New Members @ OpenChain

Thursday December 6, 2018 09:20 - 09:40 JST
Conference Room 7&8

Conference Session

09:40 JST

Today in Japan - Shane Coughlan, The Linux Foundation & Hiroyuki Fukuchi

Speakers

Shane Coughlan

OpenChain General Manager, Linux Foundation

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional... Read More →

Hiroyuki Fukuchi

Thursday December 6, 2018 09:40 - 10:00 JST
Conference Room 7&8

Conference Session

10:00 JST

Today in China - Maggie Wang, Ladas & Parry LLP

Speakers

Maggie Wang

Chief Representative, Ladas & Perry LLP

Maggie Wang is Chief Representative of Ladas & Parry LLP in China. Maggie started her legal career in 2005 at Huawei Technologies Co. Ltd.. Maggie used to be the interface of the company’s software compliance, dealing with both commercial software companies and open source software... Read More →

Thursday December 6, 2018 10:00 - 10:20 JST
Conference Room 7&8

Conference Session

10:20 JST

Coffee Break

Thursday December 6, 2018 10:20 - 11:00 JST

Special Events / Meals / Breaks

11:00 JST

Linux Foundation Compliance Program Update - Kate Stewart, The Linux Foundation

Speakers

Kate Stewart

Senior Director of Strategic Programs, Linux Foundation

Kate Stewart is a Senior Director of Strategic Programs, responsible for Embedded and Open Compliance programs. Since joining The Linux Foundation, she has launched Real-Time Linux, Zephyr Project, CHAOSS, and ELISA.

Thursday December 6, 2018 11:00 - 11:20 JST
Conference Room 7&8

Conference Session

11:20 JST

Quick Guide: Choosing A License in 2018 - Software, Hardware, Documents and Data - Andrew Katz, Moorcrofts LLP

Speakers

Andrew Katz

Managing Partner and CEO, Moorcrofts LLP and Orcro LLP

Andrew Katz is a practising lawyer based in England, and has been advising on open source and related issues for over 30 years. He has lectured and published widely on open source software, open hardware and open content. He has been an active participant in the OpenChain community... Read More →

Thursday December 6, 2018 11:20 - 11:40 JST
Conference Room 7&8

Conference Session

11:40 JST

Panel Discussion: How We Did It: Open Source Programs and Company Culture - Charles Eckel, Cisco; Krista Khare, Comcast; Chandana Rao, Cognizant

Speakers

Charles Eckel

Principal Engineer, Global Technology Standards, Cisco

Charles is a recognized champion of open source, standards, and interoperability. As a member of Cisco's Global Technology Standards team, Charles is responsible for identifying and guiding open source efforts related to key standards initiatives. In IETF, he started and runs the... Read More →

Krista Khare

Open Source Compliance and Delivery Manager, Comcast

Krista Khare is a Program Manager with Comcast’s Open Source Practice and has been with Comcast since early 2017. In her role, Krista helps engineers to open source their software and also acts as a consultant on open source compliance. She enjoys launching and managing early-stage... Read More →

Chandana Rao

Cognizant

Thursday December 6, 2018 11:40 - 12:20 JST
Conference Room 7&8

Conference Session

12:20 JST

Lunch

Thursday December 6, 2018 12:20 - 14:00 JST
Conference Room 4&5

Special Events / Meals / Breaks

14:00 JST

Don’t Ship that Container – On the Challenges of Compliance of Container Images - Dirk Hohndel, VMware

Containers are on everyone’s mind. They are the future. They make everything better, easier, faster, cleaner, simpler, and more secure. At least that’s the impression you could get, listening to the hype or attending some of the conferences on the topic.
One area, however, you don’t hear much about, is compliance, specifically compliance with the open source license obligations of the components that are used to build said containers. And this is where things get a bit murky. And complicated. And confusing.

This talk will shine a light on some of the challenges that today’s container technologies (specifically, the tooling for creating and packaging container images) bring to the topic of open source license compliance. I’ll show some of the obvious and not so obvious pitfalls, the concerns with the so called industry best practices and ideas how to work around them.

Speakers

Dirk Hohndel

Vice President & Chief Open Source Officer, VMware

Dirk is VMware’s Chief Open Source Officer, leading the company’s Open Source Program Office, directing the efforts and strategy around use of and contribution to open-source projects and driving common values and processes across the company for VMware’s interaction with the... Read More →

Thursday December 6, 2018 14:00 - 14:20 JST
Conference Room 7&8

Conference Session

Experience Level Intermediate

14:20 JST

Auto Industry Implementation of “Open Source Software Supply Chain Management (OSSSCM)” - Masato Endo, Toyota Motor Corporation

The adoption of Open Source Software in the auto industry is expanding rapidly. This is especially true for advanced technology fields such as autonomous driving and connected vehicles, both areas where Open Source Software has an essential necessity.

Because the scale of supply chain of auto industry the importance of the risk management across the whole supply chain is also increasing. This presentation will propose a conceptual Open Source Software Supply Chain Management and in the process introduce community activities that support such an initiative such as OpenChain, OIN and GPL Cooperation Commitment.

Speakers

Masato Endo

Group Manager, Toyota Motor Corporation

Masato Endo is the Group Manager of Driver Monitoring Group, Value Chain Service and Technology Development, Technical Project Field of Advanced R&D and Engineering Company in TOYOTA. He focuses also on building the Open Source governance structure within Toyota and developing relationships... Read More →

Thursday December 6, 2018 14:20 - 14:40 JST
Conference Room 7&8

Conference Session

Experience Level Intermediate

14:40 JST

Best Practices For Accepting Code Contributions - Dashiell Renaud, Google

This talk will present best practices for corporations receiving code contributions from third parties. These best practices consist of three components: employing an Apache-type Contributor License Agreement (CLA), implementing a procedure for accepting CLA signatures, and implementing a procedure for accepting code submitted under the agreement.

I will discuss the specific laws and risks attendant to each part of the CLA signing and code acceptance process.

Speakers

Dashiell Renaud

Program Manager, Google

Dashiell Renaud is a member of Google's Open Source Programs Office responsible for setting open source policies across Alphabet and overseeing open source compliance for Alphabet's products and services.Dashiell received a Juris Doctor from Vanderbilt University Law School in 2013... Read More →

Thursday December 6, 2018 14:40 - 15:00 JST
Conference Room 7&8

Conference Session

Experience Level Any

15:00 JST

Coffee Break

Thursday December 6, 2018 15:00 - 15:40 JST

Special Events / Meals / Breaks

15:40 JST

Case Study: Introducing Binary Analysis Next Generation: A Dive Into New Features and Functionalities - Armijn Hemel

This talk will introduce a new open source tool called Binary Analysis Next Generation (BANG). This tool represents a rethinking of how binary analysis can be applied with modern enterprise-friendly code, and in doing so how fidelity, speed and customization can be greatly enhanced. As with previous open source binary scanning tools, BANG does not conduct reverse engineering to obtain results, and it is explicitly designed for easy interaction with frameworks like FOSSology.

Speakers

Armijn Hemel

General Manager, Tjaldur Software Governance Solutions

Armijn Hemel, MSc is the general manager/owner at Tjaldur Software Governance Solutions and an internationally recognized expert on GPL license enforcement and GPL license compliance.

Thursday December 6, 2018 15:40 - 16:00 JST
Conference Room 7&8

Conference Session

16:00 JST

Building an Artificial Intelligence (AI) License Compliance Assistant - Jon Aldama, FOSSID AB

Explosive growth of Open Source Software makes finding the correct origin and licensing information for the free software ever more complicated for companies. But engineers are not licensing experts and need guidance before incorporating Open Source Software components into the products they build.

Our mission is to help companies achieve maximum Open Source Software adoption by simplifying the compliance work. AI is the key to delivering on that promise.

Our AI engine will combine the largest and highest performing knowledge base of Open Source on the market with millions of Open Source identifications that we have access to, in order to dramatically cut costs in the software auditing process, reduce risks for tech companies and accelerate overall innovation.

The goal for this talk is to give the audience an update about how AI can simplify their compliance work.

Speakers

Jon Aldama

CTO, FOSSID

Jon Aldama (M.Sc.) is co-Founder and VP Products at FOSSID. Jon has profound engineering background, having worked with open source software compliance in large corporations as FOSS advisor and evangelist. Jon is an expert in product development, strategy, and positioning, and has... Read More →

Thursday December 6, 2018 16:00 - 16:20 JST
Conference Room 7&8

Conference Session

Experience Level Intermediate

16:20 JST

FOSSology - Two New Approached for License Scanning - Maximilian Huber, TNG Technology Consulting GmbH & Aman Jain, Mercari

Most license scanners are rule-based: Defined occurrences of text patterns let software identify a particular licensing in open source software. This approach is straight forward and easy to understand.

But there are two major drawbacks: first a license expert is required to define such rules. Secondly, since many licenses share common text portions imprecise license classifications occur.

In the FOSSology project, recently two new approaches
have been implemented: One approach is called Atarashi and uses information retrieval statistics about license texts and attempts to identify licensing statements based on computed statistics. The other approach named Rigel uses machine learning to understand licensing in source code, based on previously made clearing decisions.

This presentation covers the challenges of license recognition and explains how different approaches cover them.

Speakers

Maximilian Huber

Senior Consultant, TNG Technology Consulting GmbH

He is part of the Linux Foundation project FOSSology, as a committer and in the the Steering Committee. Further he is also involved in SW360, which is currently an Eclipse incubator project. He previously gave FOSSology related talks on the Linux Foundation Collaboration Summit 2016... Read More →

Aman Jain

Search Engineer, Mercari

I am currently a Software Engineer at Mercari, Japan. I graduated from Indian Institute of Technology, Roorkee as a Mechanical Engineer. Successfully completed Google Summer of Code project with Fossology. Winner of GEDigital hacakthon, winner of Shopclues hackathon and my interests... Read More →

Thursday December 6, 2018 16:20 - 16:40 JST
Conference Room 7&8

Conference Session

Experience Level Any

16:40 JST

Workshop: Using OSS Tooling for Open Source Compliance - Michael Jaeger, Siemens AG

This session shows less slides but rather demonstrates the use of open source based compliance tooling - it shows an end-to-end example of how license scanning is combined with component management. As a workshop session, attendees are encouraged to discuss the shown example together with the presenter.

The presentation will use the open source project FOSSology as license scanning and analysis tool. FOSSology consists of several building blocks that can be integrated into a compliance toolchain. And, it can be deployed as a Web server application allowing multiple users for analyzing OSS and sharing results. The presented component management system will be SW360, also an open source project. Organizations can use SW360 for maintaining an inventory of used software components to keep track of a software bill of material and reuse compliance information.

Speakers

Michael C. Jaeger

Project Lead, Siemens AG

Michael C. Jaeger is one of the maintainers for Linux Foundation\\'s FOSSology and Eclipse SW360 projects, both available on Github and both in the area of OSS handling w.r.t. license compliance and component management. At Siemens Corporate Technology in Munich, Germany, Michael... Read More →

Thursday December 6, 2018 16:40 - 17:30 JST
Conference Room 7&8

Workshop

Experience Level Intermediate

08:00 JST

Registration

Friday December 7, 2018 08:00 - 09:00 JST
Conference Room 7&8

Special Events / Meals / Breaks

09:00 JST

Experiences from Open Source Program Office in an Established Company - Keiichi Seki, NEC

Today, Open Source Software Communities are major source of innovations. Open Source Compliance is very important for companies.
In established companies, the internal governance systems or organizations are not always optimized for Open Source way.
Sometimes, they are not aware of Open Source. This might stop or slow down things regarding Open Source issues.
In this presentation, Seki will share typical Open Source problems to be raised in established companies.
And Seki will also share importance of spreading Open Source literacy and culture from his experiences.

Speakers

Keiichi Seki

Senior Manager, NEC Corporation

Keiichi Seki is an over 20 years experienced professional software architect in application platform middleware through R&D, marketing and customer support.And now he is working for Open Source Program Office in NEC to cover Licensing, Governance and Community activities.Recently... Read More →

Friday December 7, 2018 09:00 - 09:20 JST
Conference Room 7&8

Conference Session

Experience Level Intermediate

09:20 JST

Automated OSS and License Detection System at Hitachi - Daisuke Koide, Hitachi, Ltd

Hitachi develops and provides enterprise systems with a large amount of Open Source Software, and the number of OSS used at Hitachi is increasing year by year. It is getting hard that developers recognize the whole stacks of OSS they use, because today’s OSS requires numerous other OSS under the hood and those dependencies are downloaded automatically on demand by tools like package managers. That makes it difficult to perform comprehensive license clearance promptly.
Daisuke established a system to solve this problem. The system is a kind of proxy server, which saves all files flowing through this proxy and detect what OSS and licenses each file includes. It enables developers to know what OSS they actually obtain and what licenses are included as they download. In this talk, Daisuke will present how the system works, how its improvement is, and future work.

Speakers

Daisuke Koide

Software Engineer, Hitachi, Ltd

Daisuke Koide is a software engineer at Hitachi, Ltd. He joined a team developing software component management database, which is aimed at accelerating compliance tasks at Hitachi. He is also a main developer of the automated OSS and license detection system.

Friday December 7, 2018 09:20 - 09:40 JST
Conference Room 7&8

Conference Session

Experience Level Any

09:40 JST

Fujitsu's Internal Operations for Participating in the OSS Communities - Takashi Harada, Fujitsu Limited

Fujitsu is an IT vendor which provides communication systems, IT systems, and related services. Fujitsu uses many OSSs in its business, and contributions from engineers to OSS communities are incresing. Mr. Harada from Fujitsu explains about Fujitsu's "Community Participation Guideline" which stipulates internal rules and has resolved some internal problems which had arised when engineers participate in communities.

Speakers

Takashi HARADA

Assistant Manager, Fujitsu Limited

In Fujitsu, Takashi HARADA is providing in-house intellectual property service including OSS license compliance related service, at IP innovation div. For about 10 years, he has been working on patent application, prosecution, negotiation, licensing, and litigation in Fujitsu and... Read More →

Friday December 7, 2018 09:40 - 10:00 JST
Conference Room 7&8

Conference Session

Experience Level Intermediate

10:00 JST

Open Source at Microsoft Scale, A Tale of Millions - Jeff McAffer, Microsoft

Open source is fundamental to Microsoft's products and services with several million uses of open source components across thousands of teams at the company. At the same time, compliance, security, and supply chain demands are increasing. These challenges introduce friction and risk into the system. To address this, the team at Microsoft has developed a comprehensive set of policies, processes and tools that, combined with quality data, enable the automated handling of 99%+ of use cases. In this talk Jeff outlines the challenges, details the approaches taken and tools used, and describes how you can apply similar techniques in your enterprise.

Speakers

Jeff McAffer

Director, Open Source Programs Office, Microsoft

Jeff McAffer is the Director of the Open Source Programs Office at Microsoft where he and the team are helping drive the company’s transition to an “open source engagement first” model at enterprise scale. He is a founder of several open source projects including ClearlyDefined... Read More →

Friday December 7, 2018 10:00 - 10:20 JST
Conference Room 7&8

Conference Session

Experience Level Beginner

10:20 JST

Coffee Break

Friday December 7, 2018 10:20 - 11:00 JST

Special Events / Meals / Breaks

11:00 JST

Does Compliance Require Enforcement? - James Bottomley, IBM

It is certainly an arguable position that without enforcement there's
really no incentive for compliance because without sanction anyone
can do anything in open source with impunity and we might as well all
simply use permissive licences. To most people,
especially those dealing with the GPL family of licences "enforcement"
means "legal action".
However, the purpose of this talk is to walk us back from extremist
positions: in fact, enforcement can simply imply taking one's view of
compliance and getting others to align with it either by persuasion or
by more forceful means. Even the latter doesn't
necessarily mean legal action, it can mean anything from strong
representation (i.e. advocacy) through commercial sanction, the latter
potentially being simply applied by refusing to purchase products from
non SPDX badged suppliers (or non open chain conformant
manufacturers).

Speakers

James Bottomley

DE, IBM

James Bottomley is a Distinguished Engineer at IBM Research where heworks on Cloud and Container technology. He is also Linux Kernelmaintainer of the SCSI subsystem. He has been a Director on the Boardof the Linux Foundation and Chair of its Technical Advisory Board. Hewent to university... Read More →

Friday December 7, 2018 11:00 - 11:20 JST
Conference Room 7&8

Conference Session

Experience Level Intermediate

11:20 JST

Quick Guide: 3rd Party Open Source Software Compliance Certification - Procedure, Case Study and Benefits

This talk will explore how 3rd party certification around open source compliance can help with risk reduction and operational efficiency for companies deploying code to market. It will focus on the overarching processes needed to make this happen and it will illustrate the application of these processes for real-world organizations.

Speakers

Dr. Andreas Bärwald

Head of Software Solutions, TÜV SÜD Product Service GmbH

Andreas Bärwald is a Senior Manager and Senior Expert for Software with more than 15 years professional experience in different positions. Over the years he worked as Vice President, Business Unit Manager, Business Line Manager, Team Manager, Project Manager, Technical Certifier... Read More →

Takanishi, Kayoko

TÜV SÜD

Nicole Pappler

TÜV SÜD

Friday December 7, 2018 11:20 - 11:40 JST
Conference Room 7&8

Conference Session

11:40 JST

Software Heritage: Archive All the Source Code for Better Compliance - Stefano Zacchiroli, Software Heritage

Software Heritage is the largest public archive of software source code. It has already archive more than 4 billion unique source code files and 1 billion unique commits, coming from more than 80 million development projects.

The Software Heritage archive is a mutualized infrastructure that serves a number of use cases, from cultural preservation to scientific reproducibility and software analysis. In this talk we will present the project with a focus on its industrial use cases.

In particular we will discuss how Software Heritage enables universal provenance tracking and artifact identifications for the entire corpus of Free/Open Source Software (FOSS), and how it allows to outsource specific FOSS license obligations, such as making available complete and corresponding source code (CCS) tarballs for the shelf life of IT products.

Speakers

Stefano Zacchiroli

Co-founder and CTO, Software Heritage

Stefano Zacchiroli is Associate Professor of Computer Science at Université de Paris on leave at Inria. His research interests span formal methods, software preservation, and Free/Open Source Software engineering. He is co-founder and current CTO of the Software Heritage project... Read More →

Friday December 7, 2018 11:40 - 12:00 JST
Conference Room 7&8

Conference Session

Experience Level Intermediate

12:00 JST

A Look at the Copyright Notices in Linux Kernel - Shi Qiu & Katsuro Inoue, Osaka University

There have been some legal cases of FOSS developers enforcing their copyrights against companies. However, establishing the developer’s copyright ownership of FOSS projects only by copyright notice is difficult. On one hand, copyright notice may not refer to the real contributor of the source code. On another hand, copyright ownership can be assessed by the proportion and importance of the developer’s contribution instead of the copyright notice.

This talk will have a look at the thousands of copyright notices in Linux kernel. When and by whom are they created? How are they modified? Could they tell the correct copyright ownership? Not only the present situation of copyright notices but also the dynamic changes during the software evolution will be investigated. This talk aims at drawing the complete life cycle of the copyright notices buried in the large-scale source code.

Speakers

Katsuro Inoue

Professor, Osaka University

Katsuro Inoue received his Ph.D. from Osaka University in 1984. He was an associate professor of University of Hawaii at Manoa from 1984 to 1986. After becoming an assistant professor of Osaka University in 1986, he has been a professor since 1995. His research interest includes software... Read More →

Shi Qiu

Ph.D. student, Osaka University

Shi Qiu received his B.E. degree of software engineering from Jilin University in 2013 and his M.E. degree of information science and technology from Osaka University in 2017. At present, he is a Ph.D. student in the Graduate School of Information Science and Technology at Osaka University... Read More →

Friday December 7, 2018 12:00 - 12:20 JST
Conference Room 7&8

Conference Session

Experience Level Beginner

12:20 JST

Lunch

Friday December 7, 2018 12:20 - 14:00 JST
Conference Room 4&5

Special Events / Meals / Breaks

14:00 JST

Trademarks in Open Source - Hilary Richardson, Google LLC

Developers often have questions about the use of trademarks in open source projects, yet very few trademark attorneys weigh in on this topic. Non-attorney advice on the topic abounds in message boards with varying degrees of accuracy. Our recent casebook chapter on trademarks in open source attempts to shape the conversation on common questions about trademark usage based on actual case law. In-house compliance officers can expect to field questions about how to handle trademarks in open source, and may need to consider how to draft an open source trademark policy. Can developers simply license trademarks the same way that they license copyrights and patents? Does forking run in opposition to trademark protection? Why should developers care about trademarks? Tune in for a thoughtful discussion of these topics.

Speakers

Hilary Richardson

Open Source Attorney, Google

Hilary Richardson is an open source attorney at Google. She performs licensing due diligence for acquisitions and divestitures, reviews commercial contracts for licensing issues, and sets open source policy across the company. Hilary co-authored an open source casebook chapter about... Read More →

Friday December 7, 2018 14:00 - 14:20 JST
Conference Room 7&8

Conference Session

Experience Level Intermediate

14:20 JST

Thinking Point: GDPR and Open Source Development - Steve Winslow, The Linux Foundation

Speakers

Steve Winslow

VP of Compliance & Legal, The Linux Foundation

Steve Winslow is Vice President of Compliance and Legal at The Linux Foundation. He runs The Linux Foundation’s license scanning and analysis support program, advising projects about licenses identified in their source code and dependencies. Steve is also involved with projects... Read More →

Friday December 7, 2018 14:20 - 14:40 JST
Conference Room 7&8

Conference Session

14:40 JST

Panel Discussion: Choosing Outside Counsel - Christopher Ekren, Sony Corporation; Andrew Katz, Moorcrofts LLP; Maggie Wang, Ladas & Parry LLP

Speakers

Christopher Ekren

Global Technology Counsel, Sony Corporation of America

Andrew Katz

Managing Partner and CEO, Moorcrofts LLP and Orcro LLP

Maggie Wang

Chief Representative, Ladas & Perry LLP

Friday December 7, 2018 14:40 - 15:10 JST
Conference Room 7&8

Conference Session

15:10 JST

Coffee Break

Friday December 7, 2018 15:10 - 15:50 JST

Special Events / Meals / Breaks

15:50 JST

Workshop: Putting OpenChain and SPDX to Work - Kate Stewart & Shane Coughlan, The Linux Foundation

Speakers

Shane Coughlan

OpenChain General Manager, Linux Foundation

Kate Stewart

Senior Director of Strategic Programs, Linux Foundation

Friday December 7, 2018 15:50 - 16:35 JST
Conference Room 7&8

Workshop

16:35 JST

Workshop: Using CHAOSS to Measure Risk and Value - Sean Goggins

Speakers

Sean Goggins

Professor, University of Missouri

Sean Goggins is Co-Director of the Linux Foundation's CHAOSS Project. Sean Goggins maintains the CHAOSS Project's Augur Software and created the University of Missouri's Masters's Degree in Data Science in 2015. Sean manages the pipeline between CHAOSS metrics, a taxonomy for project... Read More →

Friday December 7, 2018 16:35 - 17:25 JST
Conference Room 7&8

Workshop