[oshug] OSHUG 65 — Yanking the Chain: open source software compliance in the supply chain, Thursday 22nd March.
andrew at abopen.com
Tue Feb 6 19:23:40 UTC 2018
Details incoming for talk #3:
— How License Compliance Engineering Can be Simplified
When people are confronted with license compliance for the first time it
feels overwhelming because there are many aspects to it: license
scanning of hundreds of thousands of files, complete and corresponding
source code, derivative works and code clone detection, and so on.
Clients often say that they simply do not know where to start.
However, experience demonstrates that license compliance does not need
to be overly complicated, as there are short-cuts that can be taken and
have zero risk, but that will vastly speed up compliance processes. This
talk will highlight a few best practices learned from compliance work
with clients and explain how information from upstream projects can be
used to make the license compliance processes quicker, predictable and
* Armijn Hemel, MSc, is an expert in open source license compliance
engineering. From 2005-2012 he helped enforce the GPL license in Germany
several hundred times as part of the coreteam of gpl-violations.org.
Since then he has assisted companies to come into compliance (including
in recent troll cases in Germany) and is actively involved in advancing
the field of compliance by exploring new topics and tooling.
On 31/01/18 21:28, Andrew Back wrote:
> We have another 1-day event in March, which this time will be dedicated
> to the topic of open source software compliance, featuring talks and
> workshops on topics such as OpenChain, SW360 and FOSSology.
> There are additional sessions in the pipeline, but we were keen to get
> details out sooner rather than later, given this is a full day, now less
> than 2 months away, and diaries fill up quick.
> Further details will be provided in due course!
> OSHUG #65 — Yanking the Chain: open source software compliance in the
> supply chain
> On the 22 March 2018, 09:00 - 17:00 at BCS London, 1st Floor, The
> Davidson Building, 5 Southampton Street, London, WC2E 7HA.
> Registration: http://oshug.org/event/65
> With the ever increasing complexity of embedded device software stacks,
> coupled with the proliferation of new mechanisms for distributing
> complex server software stacks, open source compliance has never been
> more important — or indeed more of a challenge.
> Fortunately, there are growing number of tools and methods at our
> disposal to support open source software compliance efforts. This 1-day
> event will feature talks and hands-on workshops covering a number of
> these, with insights into practical experiences and lessons learned.
> The preliminary programme can be found below and please note that
> further details will be published in due course as additional sessions
> are confirmed.
> — Introducing OpenChain
> OpenChain is a scalable, flexible compliance programme, developed by the
> Linux Foundation. It provides a great foundation for businesses of all
> sizes to adopt appropriate practices and procedures in place to control
> development and supply chain risks. Already adopted by companies like
> Qualcomm, Toyota and ARM, it's equally applicable to SMEs.
> * Andrew Katz is a lawyer and former programmer who advises extensively
> on free and open source software and other opens. He is head of the
> technology department at Moorcrofts LLP, a boutique technology law firm,
> which is one of the 5 OpenChain pilot partners in the world, and has
> been involved in drafting many of the OpenChain materials.
> — Eclipse SW360 - Open Source Management with Open Source
> SW360 manages software components with their license compliance
> documentation in SPDX and allows for setting up bills-of-material to
> provide comprehensive documentation for products and projects.
> Organizations can use SW360 as a one-stop shop for sharing component
> information, tracking their usage in projects or products. This involves
> the handing of compliance information, but also, as an example, matching
> for vulnerabilities from data providers.
> As an EPL-1.0 licensed Open Source project, it is highly customizable,
> letting organizations keep their confidential product development data
> on premises, and prevents them from becoming dependent on a single
> vendor. This presentation shows briefly features and a walk through the
> application to demonstrate capabilities and use cases of SW360.
> * Michael C. Jaeger is one of the maintainers for the projects,
> FOSSology and SW360, both of which are in the area of license compliance
> and component management with open source software. At Siemens Corporate
> Technology in Munich, Germany, Michael manages the Siemens contributions
> to SW360 and FOSSology. Michael is a certified software architect and
> received a German PhD degree from the faculty of electrical engineering
> and computer science at TU Berlin.
> *** Workshops
> — Using FOSSology - License Analysis Hands On
> FOSSology is an open source license compliance software system and
> toolkit. As a toolkit, you can run license, copyright and export control
> scans from the command line. As a system, a database and Web user
> interface provide you with user interface and functionality to analyse
> the licensing situation of open source software.
> * Hosted by: Michael C. Jaeger.
> Note: Please aim to arrive by 08:45 as the workshop will start at 09:00
More information about the oshug