Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

OpenChain - The Industry Standard for Open Source Compliance

213 vues

Publié le

OpenChain is a legal compliance process and standard for the implementation of open source software in the enterprise supply chain. It enables the upstream and downstream of the software supply to follow and share the open source compliance obligations accordingly; moreover, it can also help the enterprises to collaborate with the open source communities positively.

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

OpenChain - The Industry Standard for Open Source Compliance

  1. 1. 有效管理使用開源軟體的法遵之道 開源合規業界標準 本簡報除 Linux Foundation、OpenChain logo、圖示、引用文獻、及另有宣告者外,採 CC0-1.0 公眾領域貢獻宣告釋出。 講者個人演繹之實案例解,僅代表個人,不代表任何組織立場。 Except the Linux Foundation, OpenChain logo, icons, and where otherwise noted, content of this slide is provided under the CC0 1.0 Universal (CC0 1.0) Public Domain Dedication. Part of the real case interpretation can only be acknowledged as speakers' individual opinions, and shall not be treated as the standpoint of any organization involved or not involved.
  2. 2. 2
  3. 3. Open Source Software Rock The World[1] 3
  4. 4. 4
  5. 5. 有關 Linux Foundation 5 1400+ 遍布41個 國度的會員 80% 財富佔全球百大 科技及通訊公司 35,000+ 開發者貢獻 的程式碼 170+ 開源專案 $16B 創造價值 Linux Foundation
  6. 6. OpenChain 專案 定義開源授權合規方案的主要要件以確保其品質
  7. 7. OpenChain白金級會員公司 7
  8. 8. 開源合規解決方案 流程 供貨清單 工具 https://compliance.linuxfoundation.org/ SPS SPDX Tools
  9. 9. 釋出 上游 下游 吸納 訓練 政策 流程 OpenChain定義開源合規佈局的轉折要點
  10. 10. 成果:可預測的B2B合規舉措
  11. 11. 12 符合 OpenChain 合規專案的組織範例
  12. 12. 13
  13. 13. • Main List (3,700+ participants) • GitHub (105+ participants) • Automotive (115+ participants) • Reference Tooling (160+ participants) • China (105+ participants) • Japan (190+ participants) • Korea (40+ participants) • Taiwan (40+ participants) • India (40+ participants) • Germany (30+ participants) 工作小組 + 成員清單 + GitHub專案倉儲
  14. 14. 15 廣泛的參照素材
  15. 15. 16
  16. 16. 17
  17. 17. 全球合作夥伴項目 18
  18. 18. 全球合作夥伴項目 19
  19. 19. 全球合作夥伴項目 20
  20. 20. 全球合作夥伴項目 21
  21. 21. 22
  22. 22. OpenChain 評核可透過下列途徑達成: 線上自我測驗 獨立合規評估 公正第三方驗證 對供應商及客戶都具自由度的評鑑選擇
  23. 23. Self-Certification is at the heart of the OpenChain industry standard. Companies can access a series of yes/no questions to determine if they have implemented the key requirements of a quality open source compliance program. These questions can be found here: https://certification.openchainproject.org Self-Certification / 線上自我測驗
  24. 24. 線上自評問卷
  25. 25. Independent Compliance Assessment works in the same was as the Independent Assessments in other standards. An independent party such as a law firm, consultancy or accounting firm reviews the product of an OpenChain Self-Assessment and offers guidance on whether they perceive it as complete. Independent Compliance Assessment 獨立合規評估
  26. 26. Third-Party Certification is a process whereby a certification authority guides a company through an OpenChain Conformance Process. The certification authority then issues a formal certification document. This activity maps precisely to the forms of third-party certification observed around automotive, infrastructure and similar fields. Third-Party Certification / 公正第三方驗證
  27. 27. OpenChain專案簡要說明的三大要項: 政策書 訓練書 驗證標章 透過政策書及更新訓練來掌握開源合規
  28. 28. https://github.com/OpenChain-Project/Specification-Translations/tree/master/zh-Hant/2.0
  29. 29. 建立OpenChain流程的六大要點 1、開源政策書建立框架 2、聯絡窗口及任務分配 3、開源軟體清單的建立流程 4、開源軟體清單的驗證流程 5、與開源社群互動規範 6、確認以上要點皆被定期更新
  30. 30. 為什麼In-house RD應該提倡OpenChain? I have a phone, I have a bubble tea, uh! "Blue version of the Nokia 3310 mobile phone with German menu", 2008 Discostu @ wikimedia, the author claimed no copyright on it and declared PD for the photo-taking. "Two plastic glasses of Thai Iced Bubble Tea at Sonoma Pho in Petaluma, California.", 2019 © Missvain @ wikimedia, CC BY 4.0.
  31. 31. https://www.change.org/p/htc-htc-needs-timely-kernel-source-releases
  32. 32. https://www.change.org/p/htc-htc-needs-timely-kernel-source-releases
  33. 33. https://groups.google.com/g/linux.kernel/c/rwwruxeiKOY?pli=1
  34. 34. https://freedom-to-tinker.com/2010/10/10/htc-willfully-violates-gpl-t-mobiles-new-g2-android-phone/
  35. 35. https://groups.google.com/g/linux.kernel/c/rwwruxeiKOY?pli=1
  36. 36. https://legal.gpl-violations.narkive.com/RtfbtQGf/experiences-of-huawei-providing-source-code
  37. 37. https://legal.gpl-violations.narkive.com/RtfbtQGf/experiences-of-huawei-providing-source-code
  38. 38. https://legal.gpl-violations.narkive.com/RtfbtQGf/experiences-of-huawei-providing-source-code
  39. 39. OpenChain對台灣 ICT 廠商的好處? 1、權責相配 2、流程可循 3、社群互動 4、化守為攻
  40. 40. 《禮記.禮運》 「故人不獨親其親,不獨子其子,使老有所終,壯有所用,幼 有所長,矜寡孤獨,廢疾者,皆有所養。」 《OpenChain Standard》 「故人不獨開其源,不獨販其產,使納有所登,用有所載,釋 有所本,源碼、聲明、條款,及修改註記,皆有合規。」
  41. 41. 成為其中一員 加入 OpenChain 社群: https://www.openchainproject.org/get-started OpenChain 臺灣網站: https://openchain-project.github.io/OpenChain-TWG/ Telegram 討論頻道 https://t.me/joinchat/O6BDhVXYm17Bm8_4s-aZIg 訂閱臺灣 OpenChain 官方社群 Mailing List https://lists.openchainproject.org/g/taiwan-wg
  42. 42. OpenChain Taiwan Workgroup First Meeting 9/ 18 (Friday afternoon), 2020 Speakers: ● OpenChain GM, Shane from Linux foundation ● JP workgroup leader, Fukuchi-san from Sony ● OSLN.TW co-founder, Lucien C.H Lin ● TW workgroup leader, SZ Lin from Moxa 43
  43. 43. OpenChain Project Taiwan Work Group : SZ Lin (林上智) <sz.lin@moxa.com> Lucien C.H. Lin (林誠夏) <lucien@ocf.tw>
  44. 44. References 45 [1] 2019 OPEN SOURCE SECURITY AND RISK ANALYSIS, Synopsys Cybersecurity Research Center.

×