Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, November 16
 

10:00am

Curtain-Raiser: event overview -what to expect in 2 days- Noriaki Fukuyasu, The Linux Foundation
Speakers
avatar for Noriaki Fukuyasu

Noriaki Fukuyasu

VP of Japan Operations, The Linux Foundation


Wednesday November 16, 2016 10:00am - 10:10am
TBA

10:10am

State of Linux and Open Source Compliance, Mike Dolan, VP of Strategic Program, The Linux Foundation
Speakers
avatar for Michael Dolan

Michael Dolan

Sr. Director of Client Services, The Linux Foundation
Michael Dolan is Sr. Director of Strategic Programs responsible for Collaborative Projects and legal programs. The Linux Foundation’s Collaborative Projects aim to spread the collaborative DNA of Linux to other projects in order to accelerate innovation and build ecosystems. Mr. Dolan has launched the AllSeen Alliance, OpenDaylight Project (ODL), Open Platform for NFV (OPNFV), Xen Project, Open Virtualization Alliance (OVA), OpenBEL and... Read More →


Wednesday November 16, 2016 10:10am - 10:50am
TBA

10:50am

Improving Open Source security through stronger project governance, Nicko Van Someren, CTO, Linux Foundation
Speakers
avatar for Nicko Van Someren

Nicko Van Someren

Chief Technology Officer, Linux Foundation
Nicko is The Linux Foundation’s chief technology officer focused on the Core Infrastructure Initiative and other security-focused efforts at the organization. He has extensive experience across the security and networking industries. Most recently, he was the chief technology officer of Good Technology, where he oversaw future technology strategy and research. Prior to joining Good, Nicko served as chief security architect at Juniper... Read More →


Wednesday November 16, 2016 10:50am - 11:30am
TBA

11:30am

Lunch Break
Wednesday November 16, 2016 11:30am - 1:00pm
TBA

1:00pm

Open Source Compliance is the key to Community Interaction, Oskar Swirtun, CEO, FOSSID AB

Software is in the center of growth for all technology companies today. Whether it’s an automotive company trying to build an autonomous car or just optimizing the performance of their combustion engine, a telecom company, a cloud provider, a finance institution, or any other technology company, they all need to become software authorities.

Software development is to a large extent about re-use of code and successful technology companies need to master open source which is the main source of software components today. But success is also about being able to protect the ideas and the companies’ specific domain expertise.

To re-use and share software may be contradictory to protecting proprietary software assets and that contradiction defines the importance of compliance in any technology company. Open source compliance is the key to consumption, contributions and to successful community interaction. Once the development strategy, policies and directives are defined, compliance is all about implementation.

It’s not about policing the engineers; it is about enabling engineers to securely tap into the vast open source software resources available in order to create the most efficient software development organizations in their respective technology domains.

In this talk, Oskar Swirtun (Founder and CEO of FOSSID) will discuss the problems enterprises face when it comes to implementing successful open source software strategies and will explore various compliance flows that will enable enterprises to have faster and more effective development, better community interaction, and lasting differentiation for technology companies.


Speakers
OS

Oskar Swirtun

CEO, FOSSID
Oskar Swirtun is the Founder and CEO of FOSSID AB, a company offering the most innovative and effective open source compliance solution on the market today. Oskar has worked extensively with open source software since 2001, when he introduced Linux and wrote the directive for use and contributions to open source at Ericsson. Since then he has held several leadership positions, focusing on open source software as a business strategy... Read More →


Wednesday November 16, 2016 1:00pm - 1:40pm
TBA

1:40pm

Automating Open Source Compliance: Next Steps, Kate Stewart, Sr. Director of Strategic Program, The Linux Foundation

Open Source is "open source" because of the license the developer of the code decided to release under.    Time to market is key for business, so suddenly getting stalled out, and not able to ship a hot new product due to licensing issues in the code, is every product managers nightmare.  

As the software development landscape has increased in complexity, components being re-used, being able to accurately and efficiently understanding the licensing is key.   This talk will summarize some of the open projects that will help us get to an automated summarizing of licensing obligations and next steps we shoul consider.



Speakers
avatar for Kate Stewart

Kate Stewart

Sr. Director of Strategic Programs, The Linux Foundation
SPDX, Open Compliance, Open Chain, FOSSology


Wednesday November 16, 2016 1:40pm - 2:20pm
TBA

2:20pm

Coffee Break
Wednesday November 16, 2016 2:20pm - 2:40pm
TBA

2:40pm

cregit: Identifying the contributors of an open source system - Daniel German
Open Source Systems like the Linux Kernel are created by many different
contributors.  These contributors continuously improve the system by
adding/moving/editing/removing source code.  Unless the project has a
centralized ownership of the code (for example, by requiring copyright transfer
agreements), it becomes difficult to determine who the copyright owner or owners
of the system are.  Version control systems, such as git, provide a record of
who contributes what to the code base.

In this presentation I will describe the difficulties of mapping the version
control history to who the copyright owners of the system are.  I will also
describe cregit, a system that we have developed to improve the traceability of
how code gets added to a system and addresses some of these challenges. I will
also describe its deployment on the Linux Kernel:
https://cregit.linuxsources.org, and how it makes it possible to inspect how
each element of the source code in Linux has been contributed, and who its
contributor is.

Speakers
DG

Daniel German

Professor, University of Victoria
I am a professor of computer science at the University of Victoria. For the last 8 years I have been doing research in open source licensing and recently I have become interested in the use of distributed version control systems, such as git.


Wednesday November 16, 2016 2:40pm - 3:20pm
TBA

3:20pm

FOSSology - License Analysis in HD and SPDX, Michael Jaeger, Senior Research Scientist, Siemens AG
FOSSology is an industry standard tool for the end-to-end analysis of software components in a single Web server application. It lets organizations scan source code for:

· License information,
· Copyright notices,
· Export control relevant statements.

It makes software analysis more efficient by offering high precision with few false positives, greatly reducing overhead costs. FOSSology lets users generate compliance documentation according to the organization's needs, in a variety of data formats, emphasizing SPDX tag-value and RDF documents. FOSSology is an Open Source Software tool licensed under GPL-2.0 and a Linux Foundation collaboration project. The presentation points out important points to consider at software license analysis and how to generate high-definition SPDX documents. This presentation represents an prequel to the tutorial/training proposed for this event.

Speakers
MC

Michael C. Jaeger

Contributor, FOSSology.org
Michael contributes to the OSS projects Fossology and SW360 (on Github), both in the area of OSS handling for license compliance and component management. At Siemens Corporate Technology in Munich / Germany, Michael worked in several roles as project lead, software architect, trainer and consultant for distributed systems, server applications and their development with open source software.


Wednesday November 16, 2016 3:20pm - 4:00pm
TBA

4:00pm

Coffee Break
Wednesday November 16, 2016 4:00pm - 4:20pm
TBA

4:20pm

Strategies in practical GPL enforcement, Harald Welte
Enforcement of copyleft licenses like the GNU GPL has always been a somewhat controversial topic.  Some people are not in favor of enforcement at all (but then, why choose the GPL and not a permissive license?). 
Other people have less inhibitions in enforcing the license.  But then this raises the next questions?  Enforcement using which strategy?  Enforcement using which methods?  The Linux Kernel developer community has recently re-fueled that debate on the ksummit-discuss mailing list.

Ultimately, most projects and developers are looking for the downstream developers and companies to participate in a collaborative development model.  The copyleft principle is just a legal "hack" to codify some part of that based on copyright.  As a result, license compliance is not an end in itself, but the very bare legal minimum of what needs to be done when engaging in (particularly corporate/commercial) re-use of Free Software.

This talk will look at the different (GPL) license enforcement approaches and present their advantages and disadvantages.

Speakers
HW

Harald Welte

Harald Welte is a data communications freelancer, enthusiast and hacker | who is working with Free Software (and particularly GNU/Linux) | since 1995  His major code contribution to the Linux kernel was as a | core developer of the netfilter/iptables packet filter. | | He has co-started a number of other Free Software and Open Hardware | projects, from RFID to telephony - including the worlds first 100% Open | Free Software based mobile... Read More →


Wednesday November 16, 2016 4:20pm - 5:00pm
TBA

5:00pm

Open Source Community responses to recent compliance enforcement, Armijn Hemel, Founder, Tjaldur Software Governance Solutions
Recently there has been a lot of public discussion about enforcement activity in Germany. In this talk I will look at community responses to the subject and explore what lessons can be learned.

Speakers
AH

Armijn Hemel

Owner, Tjaldur Software Governance Solutions
Armijn Hemel, MSc, is the owner of Tjaldur Software Governance Solutions in the Netherlands. He is an expert in the field of compliance engineering and supply chain management for compliance, having written the Binary Analysis Tool (BAT) and co-develop the OSADL license compliance audit.


Wednesday November 16, 2016 5:00pm - 5:20pm
TBA

6:00pm

All Attendee's Reception
Wednesday November 16, 2016 6:00pm - 8:00pm
TBA
 
Thursday, November 17
 

9:30am

OSS License Compliance together with our partners, Satoru Ueda, Sony
n this session we would like to discuss what should be shared with our business partners, such as ODM/OEM manufacturers.

The items which should be shared will be different in accordance with the phases. At the beginning stage, we should share very fundamental principles of the Open Source Software which highly relate to the License compliance issue.  Then, what will be the principles and why they are important for the license compliance?

We presume most of embedded system related industries are positioned at the initial stage to consider and take some action of the OSS license compliance together with our business partners.  We wish this session to initiate such discussion.

Speakers
SU

Satoru Ueda

Manager, Sony Corp.
From early 2003, Satoru Ueda has been engaged in a project to widely use Linux for consumer electronics appliances. In the project he has been supporting to establish and enhance collaborative relationship between the community and the embedded system developers. As from 2012, he participates in the Keio university Leading Graduate School program as the Project Professor (in charged for education) and considering the value of open community for... Read More →


Thursday November 17, 2016 9:30am - 10:10am
TBA

10:10am

Case Study: Evolving Compliance Needs and Treatment in Acquisitions, Nithya Ruff,Director, Open Source Strategy Office, SanDisk
When companies come together, they come with different levels of Open Source adoption and different IP profiles. The creation of a common policy that works in the integrated company and takes into account the business model and IP strategy has been an interesting experience for us at SanDisk as we acquired and got acquired. A successful compliance policy is a living breathing document that evolves with the business needs and learnings. I will share our story of how we balanced our patent and open source strategies and grew through our m&a activities.


Speakers
avatar for Nithya Ruff

Nithya Ruff

Director, Open Source Strategy Office, SanDisk, A Western Digital Brand
Nithya A. Ruff is the Director of SanDisk’s Open Source Strategy Office. SanDisk is a global leader in flash storage solutions from edge devices to cloud and enterprise data centers. She currently is working on bringing best in class open source ideas and to grow community and commercial engagement for SanDisk. In addition to her day job, Nithya is also is on the board of SanDisk’s Women’s Innovation Network or WIN. WIN is a global affinity... Read More →


Thursday November 17, 2016 10:10am - 10:50am
TBA

10:50am

OSS Compliance Management in Hitachi, Nobuo Imada, Engineer, Hitachi
Over 15 years, Hitachi has been using and developing Open Source Software for its products, including enterprise servers and embedded systems. Hitachi also manufactures proprietary software. Therefore, it needs to establish strict compliance management system. In this presentation, Hitachi would like to introduce our activities in OSS license compliance management and share the experiences and practices with the audience.

Speakers
NI

Nobuo Imada

Engineer, OSS Solution Center, Hitachi
Nobuo is an engineer, OSS Solution Center, Hitachi, Ltd. He has been involved in research and development of optical system for optical disk systems, design and engineering of optical fiber transmission systems, system engineering for cellular phone base stations, network systems etc.


Thursday November 17, 2016 10:50am - 11:30am
TBA

11:30am

Lunch Break
Thursday November 17, 2016 11:30am - 1:00pm
TBA

1:00pm

Common pitfalls and solutions, Armijn Hemel, Founder, Tjaldur Software Governance Solutions
Speakers
AH

Armijn Hemel

Owner, Tjaldur Software Governance Solutions
Armijn Hemel, MSc, is the owner of Tjaldur Software Governance Solutions in the Netherlands. He is an expert in the field of compliance engineering and supply chain management for compliance, having written the Binary Analysis Tool (BAT) and co-develop the OSADL license compliance audit.


Thursday November 17, 2016 1:00pm - 1:40pm
TBA

1:40pm

Supply Chain Security: Managing Binary Code in Bulk, Shane Coughlan, VP, Global Business Development, Insignary
Large companies have many devices in development, deployed or under support. Many of these devices share common chipsets, drivers and other components that use Open Source Software. This applies equally to devices released by a single company and to devices from different companies sharing the same OEMs or ODMs. The global shared supply chain allows reduced costs and time to market for all participants. However, it also means the "hack" of one device or a single CVE report may indicate a substantial multi-device, multi-company issue. This talk will explain how we can address this challenge using manual and automated approaches. It will also explore what Open Source tooling and commercial solutions exist to support corporate security teams in minimising risk for their company and their customers.

Speakers
avatar for Shane Coughlan

Shane Coughlan

VP, Global Business Development, Insignary
Shane Coughlan is an expert in communication, security and business development. He is well known for building bridges between commercial and non-commercial stakeholders in the technology sector. His professional accomplishments include establishing a legal department for the primary NGO promoting Free Software in Europe, building a professional network of over 270 legal counsel and technical experts across 4 continents, and launching the first... Read More →


Thursday November 17, 2016 1:40pm - 2:20pm
TBA

2:20pm

Coffee Break
Thursday November 17, 2016 2:20pm - 2:30pm
TBA

2:30pm

SPDX 2.1: overview and roadmap, Kate Stewart, Sr. Director of Strategic Program, The Linux Foundation
Speakers
avatar for Kate Stewart

Kate Stewart

Sr. Director of Strategic Programs, The Linux Foundation
SPDX, Open Compliance, Open Chain, FOSSology


Thursday November 17, 2016 2:30pm - 3:10pm
TBA

3:10pm

A Smart Way to Manage OSS Compliance with Yocto+SPDX, Maohui Lei, Fujitsu
A Smart Way to Manage OSS Compliance with Yocto+SPDX (Lei Maohui, Fujitsu) - If you are interested in Open Source Licensing and Compliance program, this presentation will be helpful. A smart way named Yocto+SPDX will help you manage OSS Compliance information for your Embedded-Product. The goal of Yocto+SPDX is to integrate automated SPDX generation in upstream open source projects. But the current Yocto+SPDX isn't in full compliance with SPDX specification. I have some experiences about generating SPDX file by Yocto+SPDX. And I am working to improve Yocto+SPDX to make it friendly. This presentation will show how to generate SPDX files with Yocto Project, discuss what we plan to do to improve Yocto+SPDX, and show what we have done.

Speakers
ML

Maohui Lei

Fujitsu
Maohui Lei joined the Fujitsu Corporation in 2011. Her main job is developing a In-House Distro for Embedded Systems which is based on Yocto project and LTSI Kernel


Thursday November 17, 2016 3:10pm - 3:50pm
TBA

3:50pm

Coffee Break
Thursday November 17, 2016 3:50pm - 4:00pm
TBA

4:00pm

Open Chain Update & Practice, Catharina Maracke, Ass. Professor, Keio University
With the formal establishment of the OpenChain workgroup and the public discussion of a first draft of the OpenChain specification more and more companies are starting to work on internal FOSS compliance processes to become OpenChain conforming. Internal communication and documentation processes are being reviewed and revised, which raises a couple of practical questions around individual process and workflow optimisation. The proposed session will give a short overview of the current status of the OpenChain project and especially the current OpenChain workgroups focussing on 1) specification, 2) certification, and 3) curriculum. It will then present best practices to create systematic milestones for FOSS compliance processes to become OpenChain conforming.


Speakers
avatar for Catharina Maracke

Catharina Maracke

Associate Professor, Keio University
Dr. Catharina Maracke is an associate professor at the Graduate School for Media and Governance, Shonan Fujisawa Campus, at Keio University. Her current work and interests include intellectual property law and policy, standardization efforts for public licensing schemes, and the general interaction between law and technology. Catharina is also a fellow at the Berkman Center for Internet & Society at Harvard Law School and fellow at the... Read More →


Thursday November 17, 2016 4:00pm - 4:40pm
TBA

4:40pm

Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum, Shane Coughlan, VP, Global Business Development, Insignary
This talk will explain how the OpenChain Curriculum team has created and released compliance training material under CC-0 licensing so that every company in the global Open Source supply chain can easily adopt and customise best practices to suit their needs. It will expand on how this helps to comply with the OpenChain Specification and why this matters. It will also provide an explanation of how to engage with the OpenChain Specification, the OpenChain Curriculum, and what can be expected around Open Source supply chain management in the coming year.

Speakers
avatar for Shane Coughlan

Shane Coughlan

VP, Global Business Development, Insignary
Shane Coughlan is an expert in communication, security and business development. He is well known for building bridges between commercial and non-commercial stakeholders in the technology sector. His professional accomplishments include establishing a legal department for the primary NGO promoting Free Software in Europe, building a professional network of over 270 legal counsel and technical experts across 4 continents, and launching the first... Read More →


Thursday November 17, 2016 4:40pm - 5:20pm
TBA
 
Friday, November 18
 

9:30am

Full-Day Course: FOSSology - Hands On Training - Michael Jaeger, Kate Stewart
FOSSology is an open source license compliance software system and toolkit. As a toolkit, you can run license, copyright and export control scans from the command line. As a system, a Web interface provides you with a compliance workflow. License, copyright and export control scanners are tools used in the workflow.

Analyzing open source license compliance requires expert knowledge. Consequently, the use of the tool requires understanding of license analysis problems and how they are covered by FOSSology. The following elements are provided:

Challenges in real world examples at license analysis

Learning how to cope with license proliferation and custom license texts

Efficiently managing large open source components with heterogeneous licensing

Saving work with reusing license conclusions of open source packages when analyzing

Please see http://sched.co/7pGQ for more info.

Speakers
MC

Michael C. Jaeger

Contributor, FOSSology.org
Michael contributes to the OSS projects Fossology and SW360 (on Github), both in the area of OSS handling for license compliance and component management. At Siemens Corporate Technology in Munich / Germany, Michael worked in several roles as project lead, software architect, trainer and consultant for distributed systems, server applications and their development with open source software.
avatar for Kate Stewart

Kate Stewart

Sr. Director of Strategic Programs, The Linux Foundation
SPDX, Open Compliance, Open Chain, FOSSology


Friday November 18, 2016 9:30am - 5:00pm
TBA