Open Compliance Summit

Containers are on everyone’s mind. They are the future. They make everything better, easier, faster, cleaner, simpler, and more secure. At least that’s the impression you could get, listening to the hype or attending some of the conferences on the topic.
One area, however, you don’t hear much about, is compliance, specifically compliance with the open source license obligations of the components that are used to build said containers. And this is where things get a bit murky. And complicated. And confusing.

This talk will shine a light on some of the challenges that today’s container technologies (specifically, the tooling for creating and packaging container images) bring to the topic of open source license compliance. I’ll show some of the obvious and not so obvious pitfalls, the concerns with the so called industry best practices and ideas how to work around them.

The adoption of Open Source Software in the auto industry is expanding rapidly. This is especially true for advanced technology fields such as autonomous driving and connected vehicles, both areas where Open Source Software has an essential necessity.

Because the scale of supply chain of auto industry the importance of the risk management across the whole supply chain is also increasing. This presentation will propose a conceptual Open Source Software Supply Chain Management and in the process introduce community activities that support such an initiative such as OpenChain, OIN and GPL Cooperation Commitment.

Explosive growth of Open Source Software makes finding the correct origin and licensing information for the free software ever more complicated for companies. But engineers are not licensing experts and need guidance before incorporating Open Source Software components into the products they build.

Our mission is to help companies achieve maximum Open Source Software adoption by simplifying the compliance work. AI is the key to delivering on that promise.

Our AI engine will combine the largest and highest performing knowledge base of Open Source on the market with millions of Open Source identifications that we have access to, in order to dramatically cut costs in the software auditing process, reduce risks for tech companies and accelerate overall innovation.

The goal for this talk is to give the audience an update about how AI can simplify their compliance work.

This session shows less slides but rather demonstrates the use of open source based compliance tooling - it shows an end-to-end example of how license scanning is combined with component management. As a workshop session, attendees are encouraged to discuss the shown example together with the presenter.

The presentation will use the open source project FOSSology as license scanning and analysis tool. FOSSology consists of several building blocks that can be integrated into a compliance toolchain. And, it can be deployed as a Web server application allowing multiple users for analyzing OSS and sharing results. The presented component management system will be SW360, also an open source project. Organizations can use SW360 for maintaining an inventory of used software components to keep track of a software bill of material and reuse compliance information.

Today, Open Source Software Communities are major source of innovations. Open Source Compliance is very important for companies.
In established companies, the internal governance systems or organizations are not always optimized for Open Source way.
Sometimes, they are not aware of Open Source. This might stop or slow down things regarding Open Source issues.
In this presentation, Seki will share typical Open Source problems to be raised in established companies.
And Seki will also share importance of spreading Open Source literacy and culture from his experiences.

Fujitsu is an IT vendor which provides communication systems, IT systems, and related services. Fujitsu uses many OSSs in its business, and contributions from engineers to OSS communities are incresing. Mr. Harada from Fujitsu explains about Fujitsu's "Community Participation Guideline" which stipulates internal rules and has resolved some internal problems which had arised when engineers participate in communities.

It is certainly an arguable position that without enforcement there's
really no incentive for compliance because without sanction anyone
can do anything in open source with impunity and we might as well all
simply use permissive licences. To most people,
especially those dealing with the GPL family of licences "enforcement"
means "legal action".
However, the purpose of this talk is to walk us back from extremist
positions: in fact, enforcement can simply imply taking one's view of
compliance and getting others to align with it either by persuasion or
by more forceful means. Even the latter doesn't
necessarily mean legal action, it can mean anything from strong
representation (i.e. advocacy) through commercial sanction, the latter
potentially being simply applied by refusing to purchase products from
non SPDX badged suppliers (or non open chain conformant
manufacturers).

Software Heritage is the largest public archive of software source code. It has already archive more than 4 billion unique source code files and 1 billion unique commits, coming from more than 80 million development projects.

The Software Heritage archive is a mutualized infrastructure that serves a number of use cases, from cultural preservation to scientific reproducibility and software analysis. In this talk we will present the project with a focus on its industrial use cases.

In particular we will discuss how Software Heritage enables universal provenance tracking and artifact identifications for the entire corpus of Free/Open Source Software (FOSS), and how it allows to outsource specific FOSS license obligations, such as making available complete and corresponding source code (CCS) tarballs for the shelf life of IT products.

Developers often have questions about the use of trademarks in open source projects, yet very few trademark attorneys weigh in on this topic. Non-attorney advice on the topic abounds in message boards with varying degrees of accuracy. Our recent casebook chapter on trademarks in open source attempts to shape the conversation on common questions about trademark usage based on actual case law. In-house compliance officers can expect to field questions about how to handle trademarks in open source, and may need to consider how to draft an open source trademark policy. Can developers simply license trademarks the same way that they license copyrights and patents? Does forking run in opposition to trademark protection? Why should developers care about trademarks? Tune in for a thoughtful discussion of these topics.