Featured

NORDEMANN, a law firm based in Germany, is the latest official OpenChain Partner. Based in Berlin, NORDEMANN combines a team with a long pedigree of legal provision with a clear, modern vision for making the complex simple.

“NORDEMANN as an IP/IT boutique law firm from Germany is committed to excellence in its work for its clients, such as IT companies and other industries using open source and contributing to such projects”, says founding partner Christian Czychowski, Honorary Professor at the University of Potsdam. “We are happy to now underline such excellence by having been accepted as partner of the renown OpenChain industry standard for open source compliance. By that can be part of this great community around the globe that sets the rules which help to build the all important trust in supply chains.”

“We are delighted to welcome the NORDEMANN team to the our official partner program,” says Shane Coughlan, OpenChain General Manager. “The availability of reputable legal advice is a key pillar in the effective market growth of our standards for open source license compliance and security assurance. The delivery of more choice in the German market marks a further milestone in the maturity of the OpenChain ecosystem.”

Learn More About NORDEMANN On Their Website

• https://nordemann.de/en/

The OpenChain Legal Work Group is exploring model provisions for OpenChain ISO/IEC 5230 or ISO/IEC DIS 18974 in procurement contracts and similar material. We decided to proceed via mirroring the format of the pre-existing public domain Risk Grid:
https://github.com/OpenChain-Project/Reference-Material/tree/master/General-Compliance-Support-Material/Risk-Grid

Our Current Draft Language Is Hosted On GitHub

• https://github.com/OpenChain-Project/Reference-Material/tree/master/Adoption-Preparation/Model-Provisions

Here Is The Recording Of Our Latest Meeting

Check Out The Slides

legal-work-group-2023-05-25 from Shane Coughlan

The Next Meeting Will Take Place In June

Currently scheduled for June 29th at 09:00 PDT / 16:00 UTC / 18:00 CEST / 00:00 CST / 01:00 KST + JST

Keep Up-To-Date

Join our mailing list to track our work and contribute to the development of the model provisions:
https://lists.openchainproject.org/g/legal-wg

Reminder:

The goal is to ensure people can understand options. We will not be prescriptive and these model provisions will remain part of the OpenChain reference material. They will not be included in the standards themselves.

The OpenChain Project, in collaboration with CAICT, SecTrend and Huawei, will host a governance conference in Shenzhen on the 3rd of June. We have a stellar schedule that will cover all aspects of open source management and processes. Shane Coughlan, OpenChain General Manager, will be there to provide a global perspective, and our local speakers will provide deep insight into matters of key strategic concern to the Chinese market.

Jimmy Ahlberg (OpenChain Chairperson) and Eleftheria Stefanaki have published an article entitled ‘Efficient IP management in a market increasingly using open source’ on IAM.

From The Article

Imagine finding out that 90% of the software in your products is not yours but only licensed in as third-party IP.  As soon as you start reading the agreements, you realise some of them contain terms you are not familiar with or have never even heard of before, such as “source code”, “binary”, “object code”, and “system libraries”. Moreover, you cannot find basic contractual provisions such as “governing law” or “jurisdiction” in the agreements. These agreements (and there are hundreds of them) are all different, non-negotiable, ‘take-it-or-leave-it’ standard template licences.

[…]

Against this background, this article describes the significance of open source management in the context of IP management. We would like to introduce you to the OpenChain Specification 2.1 (ISO/IEC 5230:2020) on open source licence compliance, and the benefits of implementing such a programme within the framework of your existing IP management.

Read The Article

• https://www.iam-media.com/article/efficient-ip-management-in-market-increasingly-using-open-source

Registration required.

About IAM

IAM is the trusted source of worldwide news, analysis and data on the management of intellectual property as a key business asset. It keeps in-house counsel up to speed with the global issues and strategies that matter, giving you the detail and depth you need to operate successfully.

• https://www.iam-media.com/info/about

The Open Compliance Summit (OCS) 2023 has been announced. It will once again be co-located with OSS Japan as a two day event. It takes place on the 7th and 8th December 2023.

From The Official Website:

OCS is an event for Linux Foundation members and select invitees to discuss process management and automation related to open source license compliance, security assurance and adjacent subjects. This is the world’s foremost venue to discuss and network around these topics. Our goal is to ensure the global supply chain works effectively and efficiently.

Submit a Talk

The Call for Papers is open and will continue until October 1st 2023.

Suggested Topics:

• Licensing
• Security
• Legal / IPR
• Other Process Management

SUBMIT A PROPOSAL

Important Dates

• CFP Closes: Sunday, October 1 at 11:59 PM PDT
• CFP Notifications: Monday, October 16
• Schedule Announcement: Tuesday, October 17
• Presentation Slide Due Date: Friday, December 1
• Event Dates: Wednesday, December 7 – Thursday, December 8

Official Website

• https://events.linuxfoundation.org/open-compliance-summit/

The OpenChain Project held a mini-summit adjacent to the Linux Foundation Open Source Summit North America. Check out our opening keynote for some substantial data points on our project, our standards for license compliance and security assurance, and the type of support you can get with adoption.

OpenChain Mini-Summit May 2023 from Shane Coughlan

We continued with a presentation from our board member Helio (CARIAD), with a strong focus on how people can use automation in the practical implementation of important compliance and security processes at scale.

OpenChain Mini-Summit 2023 – State of Tooling in Open Source Automation from Shane Coughlan

The final presentation drilled further down the stack, and we had a great contribution from the LG Electronics team as their explained FOSSLight, an open source tool for open source compliance or security management with sophisticated dashboard and automation. This solution is gaining traction in South Korea and is well worth attention globally.

FOSSLight at the OpenChain Mini-Summit May 2023 from Shane Coughlan

The overarching event this year had around 2,000 physical attendees and 2,000 virtual, and we were delighted to welcome some new faces to our corner of the open source community. It was also a pleasure to see many familiar faces in the room.

CARIAD, the wholly-owned division of VW Group creating advanced software for future vehicles, has joined the Governing Board of the OpenChain Project as a Platinum Member.

Helio Chissini de Castro, who will be representing CARIAD on the OpenChain Governing Board, is a familiar face to many in the OpenChain Project. He was previously our board member for BMW and is currently our co-chair of the Specification Work Group. As an old hand at Linux and other open technologies, Helio brings immense practical experience about open source and business management to the table.

About CARIAD

CARIAD is the software powerhouse of Volkswagen Group. Its mission: to bundle and further expand the software competencies of the Volkswagen Group. Mobility made easy. For everyone. Software driven. With a focus on the digital experience and automated driving, CARIAD is building the leading tech stack for the automotive industry. Aiming to create a new automotive experience and increase the innovation speed of Volkswagen Group to make the car a digital companion. The software-defined vehicle powered by CARIAD is a crucial contribution to the success of the Group’s NEW AUTO strategy.

The OpenChain Project is releasing the first draft case studies created by ChatGPT on our GitHub. These are not intended to replace our community contributions, but to make it fast for people to add ideas and adjustments. This will specifically address one of the greatest challenges in creating new material: the initial time spent for drafting.

Why?

Our community feedback shows that people usually enjoy commenting and polishing more than drafting. Check them out and let us know what you think!

It took ChatGPT less than ten minutes to create eight case studies:
https://github.com/OpenChain-Project/Reference-Material/tree/master/Adoption-Case-Studies/Official/en/ChatGPT

LG Electronics (LG) now has an OpenChain Security Assurance Specification 1.1 (ISO/IEC DIS 18974) conformant program. This standard defines the key requirements of a quality open source security assurance program, and helps to both reduce errors and increase efficiency across the global supply chain. This builds on their previous adoption of ISO/IEC 5230, the International Standard for open source license compliance.

“LG Electronics has a long history in open source and a well-known open source office,” says Shane Coughlan, OpenChain General Manager. “Their governance contributions like the FOSSLight tooling to help other companies has been an inspiration in South Korea and beyond. The conformance announcement today comes from the LG Cybersecurity Governance Team and underscores a company-wide commitment to excellence. As LG joins BlackBerry and Interneuron in driving the future of open source security assurance, we both welcome this announcement, and look forward to close collaboration in the future.”

Adoption of ISO/IEC DIS 18974 was driven by the LG Cybersecurity Governance Team. They are responsible for:

• Establishing LG’s software development process (LG-SDL: Secure Development Lifecycle) to develop secure software for all LG Electronics products
• Reflecting the latest Global Standards (ETSI, ENISA, NIST, etc.) and adapting them for the LG development ecosystem
• Operating LG VulDOC (Vulnerability Detection Of Code) DevSecOps to Identify and resolve potential security vulnerabilities through various software verification methods 
• Managing the LG Product Security Response Team (PSRT) to minimize security damage to our customers through authentic communication with security registrants and external stakeholders
• Managing Third-Party developed software supply chain risk management

About LG Electronics

LG Electronics is a global innovator in technology and consumer electronics with a presence in almost every country and an international workforce of more than 74,000. LG’s four companies – Home Appliance & Air Solution, Home Entertainment, Vehicle component Solutions and Business Solutions – combined for global revenue of over KRW 80 trillion in 2022. LG is a leading manufacturer of consumer and commercial products ranging from TVs, home appliances, air solutions, monitors, service robots, automotive components and its premium LG SIGNATURE and intelligent LG ThinQ brands are familiar names world over.

About the OpenChain Project

The OpenChain Project maintains the International Standard for open source license compliance and the de-facto standard for open source security assurance. These allow companies of all sizes and in all sectors to adopt the key requirements of quality open source compliance or security assurance programs. They are open standards. All parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standards.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

ByteDance, a leading social media company, and the innovator behind TikTok, has announced an OpenChain ISO/IEC 5230 conformant program. Their adoption of the international standard for open source license compliance underlines their commitment to engagement and excellence around open source projects, platforms and solutions.

“We are delighted to welcome ByteDance to the OpenChain ISO/IEC 5230 community of conformance,” says Shane Coughlan, OpenChain General Manager. “Their team has created social networks with stunning speed of scaling in Douyin (抖音) and TikTok. This innovation has been powered by open source, and their work around building an Open Source Program Office (OSPO), communicating their work, and now using international standards speaks to a bright future. We are looking forward to next steps in our collaboration.”

Read Their Full Announcement In Simplified Chinese

• https://mp.weixin.qq.com/s/G2Jlr6gzGrY3FLWKtYz_wg

ByteDance Website

• https://www.bytedance.com/en/

About ByteDance

ByteDance was founded in 2012 by a team led by Yiming Zhang and Rubo Liang, who saw opportunities in the then-nascent mobile internet market, and aspired to build platforms that could enrich people’s lives. The company launched Toutiao, one of its flagship products, in August 2012. It followed that success with the launch of Douyin in September 2016. Approximately a year later, ByteDance accelerated globalization with the launch of its global short video product, TikTok. It quickly took off in markets like Southeast Asia, signaling a new opportunity for the company. ByteDance acquired Musical.ly in November 2017 and subsequently merged it with TikTok. Today, the TikTok platform, which is available outside of China, has become the leading destination for short-form mobile videos worldwide.

In support of its mission to Inspire Creativity and Enrich Life, ByteDance has made it easy and fun for people to connect with, create and consume content. People are also able to discover and transact with a suite of more than a dozen products and services such as TikTok, CapCut, TikTok Shop, Lark, Pico and Mobile Legends: Bang Bang, as well as products and services specific to the China market, including Toutiao, Douyin, Fanqie, Xigua, Feishu and Douyin E-commerce.

ByteDance has over 150,000 employees based out of nearly 120 cities globally, including Austin, Barcelona, Beijing, Berlin, Dubai, Dublin, Hong Kong, Jakarta, London, Los Angeles, New York, Paris, Seattle, Seoul, Shanghai, Shenzhen, Singapore, and Tokyo.

About the OpenChain Project

The OpenChain Project maintains the International Standard for open source license compliance and the de-facto standard for open source security assurance. These allow companies of all sizes and in all sectors to adopt the key requirements of quality open source compliance or security assurance programs. They are open standards. All parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standards.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.