Mr. Zemlin will discuss how the industry can work together to make it simple for organizations to comply with open source software licenses. By using some simple tools and integrating compliance into an every day business process industry will get more out of open source for an even lower cost.
Oracle is one of the world’s largest consumers and producers of open source software, offering a complex ecosystem of proprietary, FOSS, and dual licensed products, cloud applications, hardware and professional services. Jim Wright, lead counsel for MySQL, Oracle Linux, and other well known products will discuss compliance practices and lessons learned in the context of Oracle's broad and heterogeneous portfolio. Topics will include tools and techniques for compliance management, open source in acquisitions, community participation, and compliance for cloud offerings.
As enterprise use of open source software approaches 100% it's more imperative than ever for businesses to determine what open source software is being used, establish open source policies, and ensure license compliance. Litigation, loss of revenue and compromised bargaining positions are some of the risks associated with lack of compliance. As a result, open source audits are becoming common requirements in a wide variety of scenarios, including mergers and acquisitions, financing, software distribution and even internal use cases. Enterprises typically do not have dedicated staff for this important work effort, staff is overworked and not familiar with the hundreds of license variations and the hundreds of thousands of open source packages they may encounter yet the organization still has a policy imperative to stay in compliance. Audits are great first step! This session provides an overview of what an open source audit entails and why audits are necessary. Topics covered include what audit methods are available including possible outsourcing, what issues can arise as a result of an audit and how to leverage the resulting audit report. The session is ideal for anyone who is involved with enterprise open source license compliance or is planning or conduction an open source audit.
Last year, Twitter established a Open Source Office to not only ensure legal compliance, but also to maintain a healthy, reciprocal relationship with open communities relevant to our interests. This talk will describe our journey of creating an open source program and instilling an open source culture. We'll discuss our philosophy, open source review process, lessons learned and what works for us as we scale as a company.
In the early days of open source, public domain was considered to be thebest approach to releasing something for all to use. This worked wellright up until the time AT&T, with the unix lawsuit over who owned whatin the code, showed us that we all needed to pay attention to releasingcode explicitly under licence. Later, Richard Stallman, with thebrilliant concept of using the distribution terms of the licence to bindpeople further down the stream of code to requirements that could beused to embody the ethos of the developers (something he calledcopyleft) showed us that a licence could be much more than simply adocument outlining the loose terms of use for the code and it could,instead, be used in part to embody the philosophy and practices of thecommunity using the licence.
Today, the licence that still most closely matches the community spiritof Linux is GPLv2 and as a corollary to this, anyone who violates theterms of the licence not only commits a legal infraction, whichcompanies usually expect will be remediable by cash, but also commits aviolation of the community ethos which tends to cause significantirritation (and consequent blowback to the violating company).
This talk will explore the evolution of the intertwining of communitywith licence and try to explain why the licence and its potentialviolation causes such significant and severe reactions in open sourcedevelopers.
The cornerstone of the success of much Open Source software is the license: many products would very likely have stayed small if the promise of being open was not there. Licenses are something that you need to take care of properly. This is not always easy, but it is also not rocket science. Unfortunately often it goes wrong, either due to lack of knowledge, sloppiness, time pressure and cutting corners to keep the price low. Copyright holders of GPL licensed software have often disapproved of this in the past and some of them have taken companies to court in Europe and the USA to have the companies comply with the license terms.
In this talk, I will discuss my personal experiences with GPL enforcement. In the past, I have been involved in many of the GPL cases in Germany (Harald Welte & gpl-violations.org), but I have also helped companies who were being sued by BusyBox in the USA to come into compliance. I will talk about who the different copyright holders are, what they are aiming for, where approaches differ and what steps have to be taken to resolve license issues. I especially want to highlight what the legal gray areas are that will likely lead to legal conflicts in the future.
Open source compliance is just part of a more holistic open source management. Understanding this approach helps companies view open source from a more strategic point of view. This presentation explains an ideal open source governance process: how to manage open source in an organization, how to handle components in supply chain, how to interact with communities and how to assure license compliance.
As a world CE manufacturer, Panasonic promotes OSS compliance activities in order to comply with OSS license obligations for software embedded in its various products. Panasonic engineers and legal started its activities more than ten years ago, but it seems Android changed situation drastically and we had hard time to cope with the big challenges.
In order to become OSS license compliant, definitely it is very important to read and understand each license terms. However before reading such terms, you must be reminded some important aspects exist because the licensors are open community people. In this session, I would like to talk about the very basics to become OSS license compliant based on my experiences communicating with community and my thoughts.
This presentation will introduce the success story of OSS governance in Samsung SDS with respect to safe and maximum usage of OSS. In addition, it shows how Samsung SDS has conducted various projects and achieved huge results in order to complete an internal echo system not only for risk management of OSS license but also for effective application of OSS IP assets. Specifically, it gives an clear explanation about policy, process, training, system operation, asset management, community participation, corporate collaboration and business development directly related to OSS.
Whether or not they are aware of it, nearly every technology company in the world encounters, uses, and possibly creates open source software. Compliance does not happen by accident -- without a conscious effort to address open source compliance, even the most well-intentioned company can make easily avoidable mistakes. This presentation will focus on how businesses of all different sizes and types can create effective, scalable approaches to open source compliance.
SPDX is the Linux Foundation’s standard for describing and exchanging licensing information of programs, open source packages and even large systems. When creating SPDX data the natural instinct is to automate the task. Although automation offers the obvious benefit of huge time savings, it comes at the cost - quality. We explored two different approaches to creating SPDX 1.1 data. One method uses only computer automation heuristics, and the other is highly dependent on human experts aided by supporting tools. We will describe, compare and contrast these methods, and present the challenges and benefits in the context of creating an SPDX file for the Linux Kernel.
The release of Windows-8 is imminent, meaning that secure boot nowbecomes a reality Linux must deal with. This talk will detail whatsecure boot is, how it works, how Linux people have been interactingwith Microsoft and the UEFI forum to make sure the present incarnationof Secure Boot is compatible with all the Linux Licensing requirements.We will also explain how the problem divides into two pieces: that ofsimply ensuring that Linux continues to boot on modern hardware and thatof trying to take advantage of secure boot to enhance the security ofLinux. We will finish with discussion of the four current solutionsavailable today for Secure Boot (the Linux Foundation pre-bootloader,Fedora shim, SUSE MOK and Ubuntu's signed efilinux loader).
We will introduce the example of open source compliance process.We'll also examine the case studies of compliance issues and how to handle the problems.There are lots of difficulties in the embedded space.
Open Source is collaborative development governed by licenses. It inherently involves using and re-distributing a large amount of third-party IPR. This talk explores how this situation can be effectively managed by businesses, and to what extent they need to adhere to community norms as well as the letter of licenses. It is targeted towards business decision-makers, project managers and lawyers who have to approve Open Source use. No prior knowledge of Open Source licensing is required.
Taiwan is one of the most important ICT manufacture countries in the world, therefore utilizing Free and Open Source Software (FOSS) to cut down expenses and to increase competitive advantages is an inevitable method and unavoidable evolution for the majority of Taiwan companies. While implementing FOSS in commercial product developments, many Taiwan companies might have violated license obligations due to their misunderstanding, ignorance or the wrong conduct. Although it is a long way to go, some positive changes are going on. In this talk the speaker will go through these changes on a basis of the FOSS license consultation practice in the past few years, given by the OSSF legal team, which is a FOSS promoting project launched by the most preeminent academic institution, Academia Sinica in Taiwan. From the analyses of questions the Taiwan companies have submitted, we can know what they concerned in the first place about FOSS, how they got the related knowledge about FOSS, and which way they are trying to do of being in compliance with the license terms about FOSS. The important FOSS-related organizations and projects in Taiwan will be also introduced in the talk.
Audits are great first step! This session provides an overview of what an open source audit entails and why audits are necessary. Topics covered include what audit methods are available including possible outsourcing, what issues can arise as a result of an audit and how to leverage the resulting audit report. The session is ideal for anyone who is involved with enterprise open source license compliance or is planning or conduction an open source audit.
The OSS governance within the big Korean companies significantly developed since several years after 2009. But the level and of governance system thereof is still in ambiguity, because they keep the relevant information on such system confidential and we have few cases that could verify the function and structure of such system. Otherwise, the governmental assistance for OSS governance with the small-medium companies is staying only on the beginning stage.While the technical consulting for OSS governance has been well developed by the compliance tool companies, the legal consulting for it has only three year short history after the setup of KOSS Law Center. The Center has been confronted with two problems; firstly, the passive policy of such big companies not to open their governance, and secondly, lack of legal specialists in OSS area. It may take a little more time to change such policy of big company, while we can get now many fellow candidates from the new beginner lawyers armored with technical background. The government has a very progressive policy to promote OSS with a vision. We have just started to deliberate on establishment of the “KOSS Foundation” as the center of OSS in Korea and Asia, to organize and manage all the technical and legal affairs originated from OSS. In the near future, we wish to have a very well organized governance system to contribute to OSS eco-system world-wide as well as national-wide.
Panel Moderator: Shane Couglan (OIN)
Panel Participants:
The restaurant is across the street from the Emperor's Castle.
The restaurant web site (Japanese only) is: http://www.w-funsuikouen-r.com/outline.html
This 1-day course readies the organization to define and implement an end-to-end open source compliance program. Course modules cover the fundamentals of open source development; compliance obligations and requirements and their implications for functional teams; ways to organize and manage the compliance function, including the role of the OSRB; tools and automation for compliance, including commercial and open source tools; and approval of community contributions. An overview of the compliance program suitable for executive management is included, as well as discussion of the compliance contributions needed from various functional groups such as the Law Department, Supply Chain, Technical Documentation, and Configuration Management. Course details are available from: https://training.linuxfoundation.org/courses/open-source-compliance/overview-of-open-source-compliance-end-to-end-process