Arm has worked to become OpenChain conformant by establishing clear open source policies and processes, training employees, and implementing tools to track open source use. This included creating an Open Source Office, open source training modules, and an online tool to track third party IP. Being OpenChain conformant provides benefits like easily approving the use of libraries from conformant open source projects through SPDX files.

1. © 2019 Arm Limited
Sami Atabani
Director of Third Party IP Licensing
February 2020
Arm’s Journey to
OpenChain Conformance

2. 2 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
I wonder if I can use this OSS in
this latest AI product… hmmm I
should talk to legal

3. 3 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
Hi, Lady Justice, I would
like to use this OSS in
our latest AI product, is
that okay?

4. 4 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
Hi developer, maybe…
what is the license and
which product is it going
to be redistributed in?

5. 5 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
It’s for the neural
network, I think the
OSS is under erm….
apache

6. 6 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
Sigh…
Can you check?

7. 7 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
I have just checked,
I think it is Apache 2.0

8. 8 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
Apache 2.0 is a
whitelisted license
according to our policy,
can you extract the
license text and copyright
notices to fulfil the
obligations?

9. 9 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
Sure, I’ll be in touch
soon

10. 10 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
Some time later…

11. 11 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
Hi, Lady Justice, I am
back

12. 12 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
So… do you have the
license text and copyright
notices so we can fulfil
the license obligations?

13. 13 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
Sort of… I have the
copyright notices, but
the license is GPLv2.0
but it is Apache 2.0 on
the project homepage

14. 14 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
Hmmm…. We need to do
further digging to confirm
which license applies.

15. © 2019 Arm Limited
The History of Open Source at Arm

16. 16 © 2019 Arm Limited
How Arm historically interacted with Open Source
(Prior to 2014)
Create an Arm open source project
Create a new standards body
Contribute to external
open source project
• On behalf of Arm
• As an individual
Join an open source
project, standards body or
other collaborative group
Use TPIP (incl. open source
software & implementing a
standard)
• Internally
• In an Arm product

17. 17 © 2019 Arm Limited
Historical management of OSS within Arm
(Prior to 2014)
Development
Solutions
Legal
Licensing
Engineers
Process
Processors
Group
Legal
Licensing
Engineers
Process
Graphics
Group
Legal
Licensing
Engineers
Process

18. © 2019 Arm Limited
The Vision in 2014
Clearly defined TPIP policy
Documented TPIP process
Searchable TPIP tracking tool
Training is easily accessible

19. 19 © 2019 Arm Limited
Future vision
Development
Solutions
Processors
Group
Graphics
Group
Engineering Engineers Engineers
LegalLicensingProcess
Request
Legal
review
Business
Review
Approved

20. © 2019 Arm Limited
Road to OpenChain
Conformance
Do we have a clear policy governing open source?
Do we have a documented process adopted across Arm?
Do we have the necessary tooling?
Have Arm employees who interact with open source
including licence compliance been trained?

21. 21 © 2019 Arm Limited
Road to OpenChain Conformance
Arm informally joins
OpenChain
Informally establishes
an Open Source Office
TPIP tracking project
launches
Establish a core
team
Hire OS/Standards
attorney
Arm formally joins
OpenChain
TPIP tracker launched
Arm uses Anaqua for
managing Collaborate
and Create requests
Arm donates its training material to
OpenChain
Arm ranks its conformance with
OpenChain v1.1
Arm formally establishes its OSO
Open Source Compliance playbook
made available online
Created four online
training modules
Continue with
tracking
Rollout of training
Arm announces its
conformance with
OpenChain during Open
Source Summit in San Diego
2014 2015 2016 2017 2018 2019

22. 22 © 2019 Arm Limited
Road to OpenChain Conformance
1.1.1 Documentation of FOSS policy
1.1.2 Internal communication of
policy
1.2.1 Training material
1.2.2 Documented way of tracking
training
1.2.3 >85% Software staff complete
training
1.1.1 Documentation of
FOSS policy
1.1.2 Internal
communication of policy
1.2.1 Training material
1.2.2 Documented way of
tracking training
1.2.3 >85% Software staff
complete training
Training modules created:
• Introduction to Intellectual Property Law
• Introduction to Patents
• Introduction to Open Source Software and Licenses
• Introduction to Processes for Third Party IP,
Open Source, and Standards
Available via Learning Portal, mandatory for some
2017 2018 2019

23. 23 © 2019 Arm Limited
Road to OpenChain Conformance
1.1.1 Documentation of FOSS policy
1.1.2 Internal communication of
policy
1.2.1 Training material
1.2.2 Documented way of tracking
training
1.2.3 >85% Software staff complete
training
1.1.1 Documentation of
FOSS policy
1.1.2 Internal
communication of policy
1.2.1 Training material
1.2.2 Documented way of
tracking training
1.2.3 >85% Software staff
complete training
1.1.1 Documentation of
FOSS policy
1.1.2 Internal
communication of policy
1.2.1 Training material
1.2.2 Documented way
of tracking training
1.2.3 >85% Software staff
complete training
(currently 91% - over
5000 employees)
2017 2018 2019

24. © 2019 Arm Limited
What does success look like?
Clearly defined TPIP policy and process
Searchable TPIP tracking tool
Governance and structure

25. 25 © 2019 Arm Limited
Arm is an intellectual property company and our business success is built on having
our IP rights respected and fully protected by others. In return we must respect,
protect and treat the IP rights of others with the same degree of care as our own.
Arm Third Party IP Policy

26. 26 © 2019 Arm Limited
Tooling for tracking Open Source
• Online tooling to track TPIP
• Accessible across Arm
• Capture key details
• Record compliance obligations
• Clear process for fulfilling
source code release
• Working on automation of
compliance

27. 27 © 2019 Arm Limited
Arm management of OSS, third party IP, and standards
Create an Arm open source project
Create a new standards body
TPIP Tracker
(ServiceNow)
Use TPIP (incl. open
source software &
implementing a standard)
• Internally
• In an Arm product
Contribute to external
open source project
• On behalf of Arm
• As an individual
Join an open source
project, standards body or
other collaborative group
Contribution Flow (Anaqua)
Open Source Office, TPIP
Team, Standards & Alliances Team

28. 28 © 2019 Arm Limited
Next steps

29. 29 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
Hi, Lady Justice, I want
to use this library from
this OpenChain
conformant project.

30. 30 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
Hi developer, can you
send me the SPDX file?

31. 31 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
Sure… in fact I have the
SPDX file here

32. 32 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
Great! Let me look over it.

33. 33 © 2019 Arm Limited
Have you seen this?
Short time later…

34. 34 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
Yes, these licenses are
whitelisted with the
company policy. You can
go ahead and record this
request in the TPIP tracker

35. 35 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
Sure. I will also attach
the SPDX file

36. 36 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
Great! I will approve it
later today.

37. 37 © 2019 Arm Limited
Have you seen this?
OSS Developer Legal
Being OpenChain conformant
makes my life easier

38. Thank You
Danke
Merci
谢谢
ありがとう
Gracias
Kiitos
감사합니다
धन्यवाद
‫ا‬ً‫شكر‬
‫תודה‬
© 2019 Arm Limited