Using OpenChain for Practical Open Source Software Supply Chain Management (OSSSCM)

Context: Why, How and Who
OpenChain Project - The Linux Foundation
Available under the CC Attribution-NoDerivatives 4.0 International license.

How do I trust my open source supply chain?

The OpenChain Project defines the key requirements
for a quality open source compliance program.

Training
Policy
Process
Inbound Outbound

Companies have the flexibility to decide the content of
each specific process, policies and training.

OpenChain is run by users companies for user
companies.

9
Publicly Announced Conformant Programs

Using OpenChain for Practical Open Source Software Supply Chain Management (OSSSCM)

Our New Responsive Self-Certification App

Self-Certify or “health check” for free and in private:
https://certification.openchainproject.org

45% of organizations access the web app for
conformance, 45% access it for health checks.

Audited Certification is an Option

Meetings in Japan
0
10
20
30
40
50
60
70
2017/Dec/272018/Feb/222018/Apr/192018/Jun/132018/Aug/312018/Oct/312018/Nov/202018/Dec/52019/Feb/282019/Apr/xx
Num. of attendees Num. of entities Linear (Num. of attendees) Linear (Num. of entities)
Sub Group活動開始

Japanese Mailing List
14
22
34
75
90
97
108
8
13
18
37
40
42
48
0
20
40
60
80
100
120
2/6/2018 3/6/2018 4/6/2018 5/6/2018 6/6/2018 7/6/2018 8/6/2018 9/6/2018 10/6/2018 11/6/2018 12/6/2018 1/6/2019 2/6/2019
Japan WG ML registration
Person Entity

OpenChain: raising all the boats for the benefit of all.

This is how we address software in the supply chain.

Using OpenChain ForPractical
“OpenSourceSoftware Supply Chain Management(OSSSCM)”
2019.13th.Mar/Open Source Leadership Summit (c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 20
Masato ENDO
ProjectManager
IP StrategicGroup
IntellectualPropertyDiv.
Toyota Motor Corporation

Introduction
(c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0 21
http://linkedin.com/in/masato-endo-279026159
Communication
Engineering&
Informatics
Industrial&
Management
Systems
Engineering
Business
Administration
Background
Responsibilities
Industrial&
Management
Systems
Engineering
Business
Administration
Intellectual
PropertyRights
IP Strategy OSSGovernance
Community
Works
2019.13th.Mar/Open Source Leadership Summit

The History of SCM
‘70s
TPS
‘80s
QR
‘90s
SCM
‘10s
SCRM
‘00s
G11n
Industry
Automotive
Keywords
JIT
(Just InTime)
Apparel
Informatization
Computer
BTO(BuildTo Order)
TOC
(TheoryOf Constraints)
ALL
BCP
(BusinessContinuity
Planning)
ALL
CPFR
(CollaborativePlanning,
Forecastingand
Replenishment)

The concept of SCM
Forimproving customer’s experience
Formaximize effectiveness
Realizing Total Optimization
Breaking down the intra- and inter-organizational barriers
WHY?
HOW?
Collaboration with supply chain partners
Managing bottlenecks
WHAT?

The Concept of OSSSCM
Respecting the intention of community engineers
Maximizing effectiveness
Realizing Total Optimization
Removing intra / inter-organization barriers
WHY?
HOW?
Collaboration between supply chain partners and community
Managing bottlenecks
WHAT?

Collaboration
Maker CustomerRetailersupplierCommunity
Executive
Planning
R&D
Legal/IP
Sales
Procurement
CS
PR
1. Developing an OSSgovernancestructure
topromotecollaboration
2. Standardizationofmethods
forsmartcollaboration

Governance of EachOrganization
w/Community
PlatinumMembers:
Adobe/Arm/CISCO/COMCAST/GitHub/
HARMAN/HITACHI/QUALCOMM/SIEMENS
Sony/TOSHIBA/TOYOTA/WesternDigital
Recentlyannounced:
Bosch/Facebook/Google/Microsoft/Uber
Building out self-certification, Audited Certification and
formal standardization
In TOYOTASC
Building an official grouptomanage
OSSrisks andcommunity contributions
IP
Specialist
Security
Specialist
OSS
Developer
CompanywideGroup
R&D
Developing
OSSCulture
Handling
OSSRisks

Standardization of Methods
w/Community In TOYOTASC
Discussing Information SharingGuidelines viaOpenChain
toaddress licensing information challenges
TOYOTA
Tier1
Suppliers
Information Sharing Guidelines
SUBWorkingGroups
-PlanningSWG
-FAQSWG
-LeaflettoSupplierSWG
-EducationmaterialforrolesSWG
-LicenseinformationexchangeSWG
-ToolingSWG
-PromotionSWG
● OpenChainJPWG
https://wiki.linuxfoundation.org/openchain/openchain-japanese-working-group
https://github.com/OpenChain-Project/Onboarding-JWG

(c)TOYOTA MOTOR CORPORATION CCBY-SA 4.0
DENSOTEN/Fujitsu/
HITACHI/Panasonic/
Pioneer/RENESAS/
RICOH/Sony/TOSHIBA/TOYOTA● JAPAN WORK GROUP
InfoSharingSub-WG
Standardization of Data Exchange
SPDXLite(ex. PackageInfo.)wouldbea efficientwaytomanagesupplychainswheresomesupplierscannot
usethe fullSPDXspecification.
w/Community

Managing Bottlenecks
Maker CustomerRetailersupplierCommunity
Executive
Planning
R&D
Legal/IP
Sales
Procurement
CS
PR
Infrastructuresof OSS
1. Decreasing PatentRisks 2. Decreasing LicenseRisks
3.PromoteInternalandExternalUnderstandingOSSCompliance

Decrease Patent Risks
w/Community
The expansion OIN Community
resulted in a continuous reduction of
OSS patent risks.
In TOYOTASC
2016 2017 2018
44%
55%
68%
Roughly Estimation ofOIN Coverage
New MajorLicenseesOIN: HITACHI/KDDI/Microsoft
TOYOTA promoted its inclusion in the OIN Patent Non-
Aggression Community.
As aresult, AGL technology has become part of this
community.
LinuxSystemDefinition
OINBoardMembers
Google/IBM/NEC/PHILIPS/
RedHat/Sony/SUSE/TOYOTA
Approved

Decrease License Risks
w/Community
GPL Cooperation Commitment (GPLCC) introduces a cure
opportunity for GPLv2 and LGPLv2.
This community is expanding rapidly.
In TOYOTASC
Amazon/Arm/Canonical/GitLab/Intel/Liferay/Linaro/
MariaDB/NEC/Pivotal/RoyalPhilips/SAS/TOYOTA/VMware
Adobe/Alibaba/Amadeus/AntFinancial/Atlassian,
Atos/AT&T/Bandwidth/Etsy/GitHub/Hitachi/NVIDIA/
Oath/Renesas/Tencent/Twitter
CATechnologies/Cisco/HewlettPackard Enterprise/Microsoft/SAP/SUSE
RedHat/Facebook/Google/IBMNov.2017
Mar.2018
Jul.2018
Nov.2018
The eight boardmembers of OIN announced that they had
unanimously adopted GPLCC.
https://www.openinventionnetwork.com/pressrelease_details/?id=88
TOYOTA became the firstautomotive
company tojoin GPLCC.
https://www.toyota.co.jp/jpn/sustainability/governance/compliance/Toyota_GPL_Commitment.pdf
TOYOTA is introducing GPLCCat
community events such as the AGL All Members Meeting.

Promote Understanding
w/Community In TOYOTASC
The OpenChain Japan WG is identifying bottlenecks caused
by lack of understanding aroundcompliance and building
Sub-Groups for each bottleneck.
Executive
Planning
R&D
Legal/IP
Sales
Procurement
CS
PR
FAQSub-G
Educationmaterial
forrolesSub-G
LeaflettoSupplier
Sub-G
TOYOTA introduced an OSSlicense manual on the
employees intra-net andis sharing information with
subsidiaries all over the world.
Outside professionals aredelivering lectures for our
engineers tofurther develop internal OSSculture.

Level of Understanding
Level1
NOTunderstand
Importanceof
OSSCompliance
Level2
NOTunderstand
whattodo
Level3
NOTunderstand
howtodo
Level4
NotUnderstand
howtoget
certification
●Tojoinevents
(forEngineers/
Legalpeople/
IP people)
●Workshop
●PR
(Traditional
Media/
Tech Media/
SNS)
●CaseMaterials
(Wiki/
Handbook/
Academic
paper)
●Consultation
●Training
support
●Self
certification
support
●Third-party
certification
Comprehensivesupportis being developed
We havetoreachpeoplewhodoesn'trecognizeOSScompliance

Engage with OpenChain – Start Your OSSSCM
Join the community:
https://www.openchainproject.org/community
Self-certify an organization:
https://certification.openchainproject.org

Using OpenChain for Practical Open Source Software Supply Chain Management (OSSSCM)

Using OpenChain for Practical Open Source Software Supply Chain Management (OSSSCM)

Recommandé

Contenu connexe

Similaire à Using OpenChain for Practical Open Source Software Supply Chain Management (OSSSCM)

Similaire à Using OpenChain for Practical Open Source Software Supply Chain Management (OSSSCM)(20)

Plus de Shane Coughlan

Plus de Shane Coughlan(20)

Dernier

Dernier(20)

Using OpenChain for Practical Open Source Software Supply Chain Management (OSSSCM)