Date   

Re: Japan Work Group: All Member Meeting #22 on the 21st of January

Jari Koivisto
 

I guess that Japan WG meetings are mainly in Japanese?

For those who do not know Japanse that well, I did a quick search and found this article: https://mercan.mercari.com/en/articles/25786/

BR, 

   Jari

---
Jari Koivisto
E-mail: jari.p.koivisto@...
Mobile: +41 78 7479791
Skype: jari.p.koivisto
LinkedIn: http://www.linkedin.com/in/jarikoivisto



On Thu, Jan 20, 2022 at 1:01 AM Shane Coughlan <scoughlan@...> wrote:
The OpenChain Japan Work Group will hold their 22nd meeting on the 21st of January. This meeting will take place between 15:00 and 16:00 with a case study covering Mercari’s Open Source Program Office (OSPO). Big thank you, as usual, to SocioNext for hosting us.
https://www.openchainproject.org/featured/2022/01/19/japan-wg-22





OpenChain On Security

 

Over the last 12 months there have been several noteworthy concerns around open source and security. The exposure of vulnerability in software has exposed underlying issues with process management and ultimately with sustainability. The OpenChain Project, steward of ISO/IEC 5230:2020, the International Standard for open source compliance, has been at the forefront of addressing these matters.

In August 2021 we responded to market demand by releasing a Security Assurance Reference Guide. The first version of this document explained how ISO/IEC 5230 could be used through the optics of security. Like all our documentation, it was developed and released in the public arena, and subject to review and contributions from a wide array of stakeholders.

We are now working on the second iteration of this document. It does for security what ISO/IEC 5230 did for compliance: it provides a minimal, broadly applicable list of key requirements to institute a quality assurance program to address the domain space.

We do not intend to replace existing security standards. We do not intend to bloat ISO/IEC 5230. Instead, we are pursuing our proven approach of developing a real-world solution for a real-world problem that can be immediately deployed, and over time fits together with adjacent activities as neatly as a jigsaw puzzle.

For those new to this topic and wondering what OpenChain’s engagement means in practice, a summary of our Specification Work Group discussions throughout 2020-2021 is in order.

We are considering three paths for the security domain. One sees the Security Assurance Reference Guide maintaining its stance solely as a guide. Another sees the Security Assurance Reference Guide evolve into a Reference Specification that may become a de facto industry standard over time. Lastly, there is the option to have the Security Assurance Reference Guide evolve into an optional component for a future iteration of ISO/IEC 5230.

You can contribute to this activity by joining our bi-weekly global work team calls [1], our specification mailing list [2], and opening issues on the relevant repository in GitHub [3].

1.     https://www.openchainproject.org/community
2.     https://lists.openchainproject.org/g/specification
3.     https://github.com/OpenChain-Project/SecurityAssuranceGuide/tree/main/Guide/2.0

The OpenChain Project is far from alone in helping to address concerns around open source and security. The Open Source Security Foundation (OpenSSF) is a sister project at the Linux Foundation dedicated to securing the open source ecosystem. The Software Package Data Exchange Project (SPDX) maintains ISO/IEC 5962:2021, an International Standard for Software Bill of Materials. The Linux Foundation also hosts tools to help with automation in the space. We are collaborating to ensure the future of open source is secure.

You can expect a continuation of these activities throughout 2022. There will be an excellent opportunity for you to get involved during this quarter, as the OpenChain Project hosts a security summit to enable our extensive global community to share notes. To learn more about this, as well as our other activities, join one of our calls or one of our mailing lists. Everyone is welcome.

Get Started With Our Community

Attend The OpenChain Security Summit On February 17th and 18th 

The Security Summit will take place on February 17th 2022 at 17:00 PST / February 18th 2022 02:00 UTC / 09:00 CST / 10:00 JST. It will be hosted on Zoom and it will be free to attend. It will also be recorded. You can expect to come away with a clear understanding of market conditions, how the Linux Foundation is addressing them, and where OpenChain fits into the picture.

 

 


OpenChain 2022 - Our Mini-Summits Evolve Into full Summits

 

The OpenChain Project will host three summits throughout 2022. Each summit will be virtual though our positioning and agenda will reflect a different geography for each topic covered. Here is what you can expect:
  1. Security (North America)
  2. Intellectual Property (China/Japan)
  3. Automation (Germany)
The first summit will focus on Security and will take place on February 17th 2022 at 17:00 PST (February 18th 2022 02:00 UTC / 09:00 CST / 10:00 JST). It will be hosted on Zoom and it will be free to attend. It will also be recorded. You can expect to come away with a clear understanding of market conditions, how the Linux Foundation is addressing them, and where OpenChain fits into the picture.

The dates and times of the Intellectual Property Summit and the Automation Summit will be announced shortly. You can expect the former to provide a snapshot of current thinking around copyright, trademarks and patents in our domain. You can expect the latter to brief you on the state-of-the-art around automation for compliance, security and project health.

The goal - as always - is to ensure you have the information necessary to make informed, effective decisions around the open source supply chain. We seek to build trust in the quality of programs used by you, your customers and your suppliers. We are proud to have taken significant strides in our field throughout 2021. We expect to push the boundaries of what is possible once again in 2022.


Re: [partners] Supplier Education Leaflet – Help Wanted

 

Update: the source documents are in InDesign format for professional printing. This raises some complications for community translation. I am checking with a designer if there is a way we can work around this.

On Jan 17, 2022, at 16:40, Malcolm Bain <malcolm.bain@...> wrote:

No problem with Spanish – coming up on Wednesday!

Malcolm


De: partners@... <partners@...> En nombre de Shane Coughlan via lists.openchainproject.org
Enviado el: lunes, 17 de enero de 2022 6:36
Para: OpenChain Main <main@...>
CC: OpenChain Partners <partners@...>
Asunto: [partners] Supplier Education Leaflet – Help Wanted

The OpenChain Project has a lot of reference material to support the adoption of OpenChain ISO/IEC 5230 and with open source compliance, security and export control more broadly. One of the foundation documents we have is a supplier education leaflet. It was created by the OpenChain Japan Work Group and – with the recent addition of Dutch – is now available in eight languages.

We would like your help to expand the reach of this document. We especially want help with translations into French and Spanish.

Check Out The Source Code On GitHub:
https://github.com/OpenChain-Project/Reference-Material/tree/master/Suppliers/Leaflet/Official/2.1

<image001.png>


Japan Work Group: All Member Meeting #22 on the 21st of January

 

The OpenChain Japan Work Group will hold their 22nd meeting on the 21st of January. This meeting will take place between 15:00 and 16:00 with a case study covering Mercari’s Open Source Program Office (OSPO). Big thank you, as usual, to SocioNext for hosting us.
https://www.openchainproject.org/featured/2022/01/19/japan-wg-22


Marks and Clerk France Becomes The First OpenChain Law Firm Partner in France

 

Leading intellectual property firm, Marks and Clerk France is now able to advise clients in the implementation of open source programs, and enable them to achieve OpenChain ISO/ IEC 5230 standard.

“OpenChain ISO 5230 provides a compelling solution to quality open source compliance,” says Shane Coughlan, OpenChain General Manager. “OpenChain offers the freedom of choice for companies to conform via self-certification, independent assessment, or third party certification and we are delighted to name Marks and Clerk France as our first partner in the country.”

Learn More:
https://www.openchainproject.org/featured/2022/01/19/marks-and-clerk-france-becomes-the-first-openchain-law-firm-partner-in-france


Fieldfisher is the latest law firm to join the OpenChain Partner Program

 

“It is with great pleasure that we welcome Chris and the rest of the team at Fieldfisher to the OpenChain Partner ecosystem,” says Shane Coughlan, OpenChain General Manager. “The availability of legal support is a vital part of ensuring an effective, efficient supply chain, and in the context of process management it can dramatically reduce uncertainty when rolling out an OpenChain ISO/IEC 5230 conformant program.”

I am delighted to be working with OpenChain and, in doing so, supporting our clients to achieve better governance when it comes to open technologies,” says Chris Eastham, Partner, Fieldfisher.

About Fieldfisher

Fieldfisher is an exciting, forward-thinking organisation with key sector specialisms in technology, financial services, energy and natural resources, and life sciences.
In 2019, Fieldfisher was awarded a 5 star ranking for client service by The Legal 500. It was one of only five firms in the top 25 list of UK-headquartered firms to receive 5 stars based on client feedback. In 2021, our Technology and Privacy practices were top ranked as Tier 1 and Band 1 in the Legal 500 and Chambers rankings respectively, recognised as one of Europe’s leading law firms in these practices.

We regularly support the world’s biggest organisations and some of the most exciting growth companies. Our clients trust us with work that can have a huge impact on their business or organisation.

We are a law firm built around people with all their diversity, and we strike a healthy balance between legal excellence and a down-to-earth practical approach to our clients’ needs.


Re: Frequent Misunderstandings of OSS licenses V7

ouchi yoshiko
 

Date-san, Nicolas-san,

Thank you for reading the FAQ.
Your message will encourage the FAQ-SG members.
We will add more FAQs, so please look forward to it.

Regards,
Yoshiko Ouchi

-----Original Message-----
From: main@... <main@...> On Behalf Of Nicolas Toussaint via lists.openchainproject.org
Sent: Friday, January 14, 2022 10:05 PM
To: main@...
Subject: Re: [openchain] Frequent Misunderstandings of OSS licenses V7

Hi Ouchi San,

I would also like to thank you for compiling and obviously sharing the
contents of the FAQ, I realize that this is a lot of effort.
We, at Orange, are currently using it to improve our own documentation.
I can't even say that we will propose new entries, because it looks
pretty complete already !

nico

--

Nicolas Toussaint - Open Source Expert
OBS/SMS, OBS Open Source Program Office (OSPO)
OBS - Orange Business Services - Lyon, France
Tel: +33 608 763 559

On 14/01/2022 13:37, Masahiro Date wrote:

Hi ouchi-san,

I would like to thank you for your effort regarding the FQA.

I understand that it is difficult to create this kind of FQA despite
of differences of laws of countries.  However, your trying is very
important while this circumstances to share common understanding of
OSS governance worldwide.

Regards,

M. Date


2022年1月14日(金) 10:54 ouchi yoshiko <ouchi.yoshiko@...
<mailto:ouchi.yoshiko@...>>:

Shane San

Thank you for the FAQ promotion.
We would be happy if it is useful for people using OSS.

Regards
Yoshiko Ouchi
-----Original Message-----
From: main@...
<mailto:main@...>
<main@...
<mailto:main@...>> On Behalf Of Shane Coughlan
Sent: Thursday, January 13, 2022 4:38 PM
To: main@...
<mailto:main@...>
Subject: Re: [openchain] Frequent Misunderstandings of OSS licenses V7

Thank you Ouchi San! Chris!

I’m going to promote this FAQ across our social media channels
tomorrow to welcome the weekend 🙂

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan
<https://meetings.hubspot.com/scoughlan>

> On Jan 12, 2022, at 19:07, ouchi yoshiko
<ouchi.yoshiko@... <mailto:ouchi.yoshiko@...>> wrote:
>
> Chris Wood san
>
> Regarding the note I informed you in the previous email, I have
made the following changes due to comments from others.
>
> ◆The answers to the FAQ are based on business practices of Japan
WG FAQ Subgroup members in Japan. The interpretation on OSS
license may vary depending on the customary practice and/or
judicial district. Consult your company or organization's
intellectual property counsel for specific issues.
>
> Best Regards
> Yoshiko Ouchi
> -----Original Message-----
> From: main@...
<mailto:main@...>
> <main@...
<mailto:main@...>> On Behalf Of Christopher
Wood
> Sent: Wednesday, January 12, 2022 10:19 AM
> To: main@...
<mailto:main@...>
> Subject: Re: [openchain] Frequent Misunderstandings of OSS
licenses V7
>
> Ouchi San
> My pleasure to offer helpful advice. That looks good to me,
covers the subject concisely.
> Best Regards
> Chris
>
>> On Jan 11, 2022, at 7:01 PM, ouchi yoshiko
<ouchi.yoshiko@... <mailto:ouchi.yoshiko@...>> wrote:
>>
>> Chris Wood san
>>
>> Thank you for very good advice.
>> Updated the FAQ cover page with the following note.
>>
>> ◆This FAQ is based on Japanese law. Laws vary from country to
>> country, and measures for each case may vary from company to
company.
>> Consult your company or organization's intellectual property
counsel for specific issues.
>>
>> Please let me know if there is any shortage.
>>
>> Best Regards
>> Yoshiko Ouchi
>> -----Original Message-----
>> From: main@...
<mailto:main@...>
>> <main@...
<mailto:main@...>> On Behalf Of Christopher
Wood
>> Sent: Wednesday, January 12, 2022 12:38 AM
>> To: main@...
<mailto:main@...>
>> Subject: Re: [openchain] Frequent Misunderstandings of OSS
licenses
>> V7
>>
>> Shane and Ouchi
>> I agree that there is much good information in the document.
The responses are well thought out and may be directly
implementable after review with Legal.
>>
>> However, I do see that there may also be some inconsistencies
in interpretation both at a country and individual company level.
>>
>> Would you consider perhaps overall disclaimer for the FAQ
responses that directs the reader to discuss application of the
specific issue and answer with the Company or Organization’s
Intellectual Property Legal Counsel? That Legal Counsel would be
responsible to determine the precise interpretation under the
Country and Company laws or policies.
>> Best Regards
>> Chris Wood PhD CISSP
>>
>>>> On Jan 11, 2022, at 3:04 AM, Shane Coughlan
<scoughlan@...
<mailto:scoughlan@...>> wrote:
>>>
>>> This is fantastic! I will promote this across our social media!
>>>
>>>>> On Jan 6, 2022, at 18:31, ouchi yoshiko
<ouchi.yoshiko@... <mailto:ouchi.yoshiko@...>> wrote:
>>>>
>>>> Hello.
>>>> I am Ouchi from OpenChain Japan WG (FAQ-SG).
>>>> We have published the English version of "Frequent
Misunderstandings of OSS licenses V7".
>>>> We hope this will be useful for you..
>>>>
https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Educ
<https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Educ>
>>>> ation_Material/FAQ
>>>>
>>>> Regards
>>>>
>>>> Yoshiko Ouchi
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
>
>
>
>
>
>
>











_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.


Re: [partners] Supplier Education Leaflet – Help Wanted

Malcolm Bain
 

No problem with Spanish – coming up on Wednesday!

 

Malcolm

 

 

De: partners@... <partners@...> En nombre de Shane Coughlan via lists.openchainproject.org
Enviado el: lunes, 17 de enero de 2022 6:36
Para: OpenChain Main <main@...>
CC: OpenChain Partners <partners@...>
Asunto: [partners] Supplier Education Leaflet – Help Wanted

 

The OpenChain Project has a lot of reference material to support the adoption of OpenChain ISO/IEC 5230 and with open source compliance, security and export control more broadly. One of the foundation documents we have is a supplier education leaflet. It was created by the OpenChain Japan Work Group and – with the recent addition of Dutch – is now available in eight languages.


We would like your help to expand the reach of this document. We especially want help with translations into French and Spanish.

 

Check Out The Source Code On GitHub:

 


Supplier Education Leaflet – Help Wanted

 

The OpenChain Project has a lot of reference material to support the adoption of OpenChain ISO/IEC 5230 and with open source compliance, security and export control more broadly. One of the foundation documents we have is a supplier education leaflet. It was created by the OpenChain Japan Work Group and – with the recent addition of Dutch – is now available in eight languages.

We would like your help to expand the reach of this document. We especially want help with translations into French and Spanish.

Check Out The Source Code On GitHub:


Re: ACTION REQUIRED: OpenChain Participation Certificates

 

Greetings all!

Last call. If you want a participation certificate for your contribution to OpenChain in 2021 (and before), please list yourself in this spreadsheet:
https://1drv.ms/x/s!AsXJVqby5kpnkTHvJmDpwpuZE2kP

Regards

Shane

On Dec 21, 2021, at 11:53, Shane Coughlan via lists.openchainproject.org <scoughlan=linuxfoundation.org@...> wrote:

Recently the Linux Foundation has been recognizing the amazing contributions of our community through digital certificates. For example, if you have been a speaker at an event, you will have received one.

The OpenChain Project is going to do the same. As we enter 2022, OpenChain is prepare digital certificates to show what you have been doing in our community, and to show our appreciation.

We would like you to take a moment to fill out the form here with an overview of who you are, what work groups you are part of, and how long you have been in our community:
https://1drv.ms/x/s!AsXJVqby5kpnkTHvJmDpwpuZE2kP

Please help us recognize you with an official OpenChain certificate :)




Re: Frequent Misunderstandings of OSS licenses V7

Nicolas Toussaint
 

Hi Ouchi San,

I would also like to thank you for compiling and obviously sharing the contents of the FAQ, I realize that this is a lot of effort.
We, at Orange, are currently using it to improve our own documentation.
I can't even say that we will propose new entries, because it looks pretty complete already !

nico

--

Nicolas Toussaint - Open Source Expert
OBS/SMS, OBS Open Source Program Office (OSPO)
OBS - Orange Business Services - Lyon, France
Tel: +33 608 763 559

On 14/01/2022 13:37, Masahiro Date wrote:

Hi ouchi-san,

I would like to thank you for your effort regarding the FQA.

I understand that it is difficult to create this kind of FQA despite of differences of laws of countries.  However, your trying is very important while this circumstances to share common understanding of OSS governance worldwide.

Regards,

M. Date


2022年1月14日(金) 10:54 ouchi yoshiko <ouchi.yoshiko@... <mailto:ouchi.yoshiko@...>>:

Shane San

Thank you for the FAQ promotion.
We would be happy if it is useful for people using OSS.

Regards
Yoshiko Ouchi
-----Original Message-----
From: main@...
<mailto:main@...>
<main@...
<mailto:main@...>> On Behalf Of Shane Coughlan
Sent: Thursday, January 13, 2022 4:38 PM
To: main@...
<mailto:main@...>
Subject: Re: [openchain] Frequent Misunderstandings of OSS licenses V7

Thank you Ouchi San! Chris!

I’m going to promote this FAQ across our social media channels
tomorrow to welcome the weekend 🙂

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan
<https://meetings.hubspot.com/scoughlan>

> On Jan 12, 2022, at 19:07, ouchi yoshiko
<ouchi.yoshiko@... <mailto:ouchi.yoshiko@...>> wrote:
>
> Chris Wood san
>
> Regarding the note I informed you in the previous email, I have
made the following changes due to comments from others.
>
> ◆The answers to the FAQ are based on business practices of Japan
WG FAQ Subgroup members in Japan. The interpretation on OSS
license may vary depending on the customary practice and/or
judicial district. Consult your company or organization's
intellectual property counsel for specific issues.
>
> Best Regards
> Yoshiko Ouchi
> -----Original Message-----
> From: main@...
<mailto:main@...>
> <main@...
<mailto:main@...>> On Behalf Of Christopher
Wood
> Sent: Wednesday, January 12, 2022 10:19 AM
> To: main@...
<mailto:main@...>
> Subject: Re: [openchain] Frequent Misunderstandings of OSS
licenses V7
>
> Ouchi San
> My pleasure to offer helpful advice. That looks good to me,
covers the subject concisely.
> Best Regards
> Chris
>
>> On Jan 11, 2022, at 7:01 PM, ouchi yoshiko
<ouchi.yoshiko@... <mailto:ouchi.yoshiko@...>> wrote:
>>
>> Chris Wood san
>>
>> Thank you for very good advice.
>> Updated the FAQ cover page with the following note.
>>
>> ◆This FAQ is based on Japanese law. Laws vary from country to
>> country, and measures for each case may vary from company to
company.
>> Consult your company or organization's intellectual property
counsel for specific issues.
>>
>> Please let me know if there is any shortage.
>>
>> Best Regards
>> Yoshiko Ouchi
>> -----Original Message-----
>> From: main@...
<mailto:main@...>
>> <main@...
<mailto:main@...>> On Behalf Of Christopher
Wood
>> Sent: Wednesday, January 12, 2022 12:38 AM
>> To: main@...
<mailto:main@...>
>> Subject: Re: [openchain] Frequent Misunderstandings of OSS
licenses
>> V7
>>
>> Shane and Ouchi
>> I agree that there is much good information in the document.
The responses are well thought out and may be directly
implementable after review with Legal.
>>
>> However, I do see that there may also be some inconsistencies
in interpretation both at a country and individual company level.
>>
>> Would you consider perhaps overall disclaimer for the FAQ
responses that directs the reader to discuss application of the
specific issue and answer with the Company or Organization’s
Intellectual Property Legal Counsel? That Legal Counsel would be
responsible to determine the precise interpretation under the
Country and Company laws or policies.
>> Best Regards
>> Chris Wood PhD CISSP
>>
>>>> On Jan 11, 2022, at 3:04 AM, Shane Coughlan
<scoughlan@...
<mailto:scoughlan@...>> wrote:
>>>
>>> This is fantastic! I will promote this across our social media!
>>>
>>>>> On Jan 6, 2022, at 18:31, ouchi yoshiko
<ouchi.yoshiko@... <mailto:ouchi.yoshiko@...>> wrote:
>>>>
>>>> Hello.
>>>> I am Ouchi from OpenChain Japan WG (FAQ-SG).
>>>> We have published the English version of "Frequent
Misunderstandings of OSS licenses V7".
>>>> We hope this will be useful for you..
>>>>
https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Educ
<https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Educ>
>>>> ation_Material/FAQ
>>>>
>>>> Regards
>>>>
>>>> Yoshiko Ouchi
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
>
>
>
>
>
>
>











_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.


Re: Frequent Misunderstandings of OSS licenses V7

Masahiro Date
 

Hi ouchi-san,

 

I would like to thank you for your effort regarding the FQA.

 

I understand that it is difficult to create this kind of FQA despite of differences of laws of countries.  However, your trying is very important while this circumstances to share common understanding of OSS governance worldwide. 

 

Regards,

M. Date


2022年1月14日(金) 10:54 ouchi yoshiko <ouchi.yoshiko@...>:

Shane San

Thank you for the FAQ promotion.
We would be happy if it is useful for people using OSS.

Regards
Yoshiko Ouchi
-----Original Message-----
From: main@... <main@...> On Behalf Of Shane Coughlan
Sent: Thursday, January 13, 2022 4:38 PM
To: main@...
Subject: Re: [openchain] Frequent Misunderstandings of OSS licenses V7

Thank you Ouchi San! Chris!

I’m going to promote this FAQ across our social media channels tomorrow to welcome the weekend 🙂

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

> On Jan 12, 2022, at 19:07, ouchi yoshiko <ouchi.yoshiko@...> wrote:
>
> Chris Wood san
>
> Regarding the note I informed you in the previous email, I have made the following changes due to comments from others.
>
> ◆The answers to the FAQ are based on business practices of Japan WG FAQ Subgroup members in Japan. The interpretation on OSS license may vary depending on the customary practice and/or judicial district. Consult your company or organization's intellectual property counsel for specific issues.
>
> Best Regards
> Yoshiko Ouchi
> -----Original Message-----
> From: main@...
> <main@...> On Behalf Of Christopher Wood
> Sent: Wednesday, January 12, 2022 10:19 AM
> To: main@...
> Subject: Re: [openchain] Frequent Misunderstandings of OSS licenses V7
>
> Ouchi San
> My pleasure to offer helpful advice. That looks good to me, covers the subject concisely.
> Best Regards
> Chris
>
>> On Jan 11, 2022, at 7:01 PM, ouchi yoshiko <ouchi.yoshiko@...> wrote:
>>
>> Chris Wood san
>>
>> Thank you for very good advice.
>> Updated the FAQ cover page with the following note.
>>
>> ◆This FAQ is based on Japanese law. Laws vary from country to
>> country, and measures for each case may vary from company to company.
>> Consult your company or organization's intellectual property counsel for specific issues.
>>
>> Please let me know if there is any shortage.
>>
>> Best Regards
>> Yoshiko Ouchi
>> -----Original Message-----
>> From: main@...
>> <main@...> On Behalf Of Christopher Wood
>> Sent: Wednesday, January 12, 2022 12:38 AM
>> To: main@...
>> Subject: Re: [openchain] Frequent Misunderstandings of OSS licenses
>> V7
>>
>> Shane and Ouchi
>> I agree that there is much good information in the document. The responses are well thought out and may be directly implementable after review with Legal.
>>
>> However, I do see that there may also be some inconsistencies in interpretation both at a country and individual company level.
>>
>> Would you consider perhaps overall disclaimer for the FAQ responses that directs the reader to discuss application of the specific issue and answer with the Company or Organization’s Intellectual Property Legal Counsel? That Legal Counsel would be responsible to determine the precise interpretation under the Country and Company laws or policies.
>> Best Regards
>> Chris Wood PhD CISSP
>>
>>>> On Jan 11, 2022, at 3:04 AM, Shane Coughlan <scoughlan@...> wrote:
>>>
>>> This is fantastic! I will promote this across our social media!
>>>
>>>>> On Jan 6, 2022, at 18:31, ouchi yoshiko <ouchi.yoshiko@...> wrote:
>>>>
>>>> Hello.
>>>> I am Ouchi from OpenChain Japan WG (FAQ-SG).
>>>> We have published the English version of "Frequent Misunderstandings of OSS licenses V7".
>>>> We hope this will be useful for you..
>>>> https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Educ
>>>> ation_Material/FAQ
>>>>
>>>> Regards
>>>>
>>>> Yoshiko Ouchi
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
>
>
>
>
>
>
>











FAQ: Common Misunderstandings about OSS Licensing (English and Japanese

 

The OpenChain Japan work group has released a new revision of its FAQ regarding frequent misunderstandings around open source licenses. This FAQ is available in English and Japanese, and assistance in translating it into other languages is very welcome.

It is important to note that this document is based on real world experiences distilled into very practical knowledge. We are fortunate to have had many companies contribute to it, and it holds great potential to assist the supply chain.

You can get over on GitHub

https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Education_Material/FAQ


Re: Frequent Misunderstandings of OSS licenses V7

ouchi yoshiko
 

Shane San

Thank you for the FAQ promotion.
We would be happy if it is useful for people using OSS.

Regards
Yoshiko Ouchi

-----Original Message-----
From: main@... <main@...> On Behalf Of Shane Coughlan
Sent: Thursday, January 13, 2022 4:38 PM
To: main@...
Subject: Re: [openchain] Frequent Misunderstandings of OSS licenses V7

Thank you Ouchi San! Chris!

I’m going to promote this FAQ across our social media channels tomorrow to welcome the weekend 🙂

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

On Jan 12, 2022, at 19:07, ouchi yoshiko <ouchi.yoshiko@...> wrote:

Chris Wood san

Regarding the note I informed you in the previous email, I have made the following changes due to comments from others.

◆The answers to the FAQ are based on business practices of Japan WG FAQ Subgroup members in Japan. The interpretation on OSS license may vary depending on the customary practice and/or judicial district. Consult your company or organization's intellectual property counsel for specific issues.

Best Regards
Yoshiko Ouchi
-----Original Message-----
From: main@...
<main@...> On Behalf Of Christopher Wood
Sent: Wednesday, January 12, 2022 10:19 AM
To: main@...
Subject: Re: [openchain] Frequent Misunderstandings of OSS licenses V7

Ouchi San
My pleasure to offer helpful advice. That looks good to me, covers the subject concisely.
Best Regards
Chris

On Jan 11, 2022, at 7:01 PM, ouchi yoshiko <ouchi.yoshiko@...> wrote:

Chris Wood san

Thank you for very good advice.
Updated the FAQ cover page with the following note.

◆This FAQ is based on Japanese law. Laws vary from country to
country, and measures for each case may vary from company to company.
Consult your company or organization's intellectual property counsel for specific issues.

Please let me know if there is any shortage.

Best Regards
Yoshiko Ouchi
-----Original Message-----
From: main@...
<main@...> On Behalf Of Christopher Wood
Sent: Wednesday, January 12, 2022 12:38 AM
To: main@...
Subject: Re: [openchain] Frequent Misunderstandings of OSS licenses
V7

Shane and Ouchi
I agree that there is much good information in the document. The responses are well thought out and may be directly implementable after review with Legal.

However, I do see that there may also be some inconsistencies in interpretation both at a country and individual company level.

Would you consider perhaps overall disclaimer for the FAQ responses that directs the reader to discuss application of the specific issue and answer with the Company or Organization’s Intellectual Property Legal Counsel? That Legal Counsel would be responsible to determine the precise interpretation under the Country and Company laws or policies.
Best Regards
Chris Wood PhD CISSP

On Jan 11, 2022, at 3:04 AM, Shane Coughlan <scoughlan@...> wrote:
This is fantastic! I will promote this across our social media!

On Jan 6, 2022, at 18:31, ouchi yoshiko <ouchi.yoshiko@...> wrote:
Hello.
I am Ouchi from OpenChain Japan WG (FAQ-SG).
We have published the English version of "Frequent Misunderstandings of OSS licenses V7".
We hope this will be useful for you..
https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Educ
ation_Material/FAQ

Regards

Yoshiko Ouchi



























Re: Frequent Misunderstandings of OSS licenses V7

 

Thank you Ouchi San! Chris!

I’m going to promote this FAQ across our social media channels tomorrow to welcome the weekend 🙂

Shane Coughlan
OpenChain General Manager
+818040358083
Book a meeting:
https://meetings.hubspot.com/scoughlan

On Jan 12, 2022, at 19:07, ouchi yoshiko <ouchi.yoshiko@...> wrote:

Chris Wood san

Regarding the note I informed you in the previous email, I have made the following changes due to comments from others.

◆The answers to the FAQ are based on business practices of Japan WG FAQ Subgroup members in Japan. The interpretation on OSS license may vary depending on the customary practice and/or judicial district. Consult your company or organization's intellectual property counsel for specific issues.

Best Regards
Yoshiko Ouchi
-----Original Message-----
From: main@... <main@...> On Behalf Of Christopher Wood
Sent: Wednesday, January 12, 2022 10:19 AM
To: main@...
Subject: Re: [openchain] Frequent Misunderstandings of OSS licenses V7

Ouchi San
My pleasure to offer helpful advice. That looks good to me, covers the subject concisely.
Best Regards
Chris

On Jan 11, 2022, at 7:01 PM, ouchi yoshiko <ouchi.yoshiko@...> wrote:

Chris Wood san

Thank you for very good advice.
Updated the FAQ cover page with the following note.

◆This FAQ is based on Japanese law. Laws vary from country to country, and
measures for each case may vary from company to company. Consult your
company or organization's intellectual property counsel for specific issues.

Please let me know if there is any shortage.

Best Regards
Yoshiko Ouchi
-----Original Message-----
From: main@... <main@...> On Behalf Of Christopher Wood
Sent: Wednesday, January 12, 2022 12:38 AM
To: main@...
Subject: Re: [openchain] Frequent Misunderstandings of OSS licenses V7

Shane and Ouchi
I agree that there is much good information in the document. The responses are well thought out and may be directly implementable after review with Legal.

However, I do see that there may also be some inconsistencies in interpretation both at a country and individual company level.

Would you consider perhaps overall disclaimer for the FAQ responses that directs the reader to discuss application of the specific issue and answer with the Company or Organization’s Intellectual Property Legal Counsel? That Legal Counsel would be responsible to determine the precise interpretation under the Country and Company laws or policies.
Best Regards
Chris Wood PhD CISSP

On Jan 11, 2022, at 3:04 AM, Shane Coughlan <scoughlan@...> wrote:
This is fantastic! I will promote this across our social media!

On Jan 6, 2022, at 18:31, ouchi yoshiko <ouchi.yoshiko@...> wrote:
Hello.
I am Ouchi from OpenChain Japan WG (FAQ-SG).
We have published the English version of "Frequent Misunderstandings of OSS licenses V7".
We hope this will be useful for you..
https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Education_Material/FAQ

Regards

Yoshiko Ouchi



























Interested in SBOM? Registration open for SPDX DocFest on Jan 27th

 

From Rose Judge over on the SPDX list:

SPDX is hosting another DocFest on January 27th from 7-11 AM PST. The purpose of this event is to bring together producers and consumers of SPDX documents and discuss differences between tool output and understanding for the same software artifacts.

Specifically, the goals of this DocFest are to:
1) come to agreement on how the fields should be populated for a given artifact
2) identify instances where different use cases might lead to different choices for fields and structures of documents
3) assess how well the NTIA SBOM minimum elements are covered
4) create a set of reference SPDX SBOMs as part of the corpus for further tooling evaluation.

This event will require "sweat equity" – participants who can produce SPDX documents are expected to have generated at least one SPDX document from the target set (either source, built from source, built image or container equivalent). Participants who consume SPDX documents are expected to run at least two SPDX documents through their tooling and share any analysis results. Those who have signed up and have submitted files by January 21, 2022 will receive a meeting invite to the DocFest.

To indicate interest to participate, please fill in the following form:
https://forms.gle/Mq7ReinTY6gDL4cs9


Japan Work Group: New Series in ITMedia

 

The OpenChain Japan Work Group has collaborated with ITMedia Inc. to produce a new series of articles covering open source and issues around compliance. The first article, by Endo San of Toyota, covers the strategic use of open source and legal risks involved in the enterprise space. OpenChain ISO/IEC 5230, SPDX ISO/IEC 5962 and other LF initiatives like OpenSSF feature heavily.
https://www.openchainproject.org/news/2022/01/12/japan-wg-in-itmedia


Onward Security Is the Latest Official OpenChain Project Partner

 

OpenChain ISO/IEC 5230:2020 has a positive and active relationship with the security sector. Onward Security is our latest official partner and will bolster this part of our ecosystem support.

“Most IoT devices are developed with open source software, and the lack of security by design during product development and the integration of vulnerable third-party OSS into IoT devices are potentially fatal problems. Onward Security is pleased to partner with OpenChain to assist with ISO/IEC 5230 compliance assessment by offering HERCULES SecSAM, a Security Assessment Management platform, as well as security compliance services,” said Morgan Hung, General Manager of Onward Security.

“The OpenChain Project released a Security Assurance Reference Guide in August to address market demand. While our ISO/IEC standard is focused on open source license compliance, the inflection points it identifies are equally application to successful security process management,” says Shane Coughlan, OpenChain General Manager. “Our new relationship with Onward Security is another part of the larger picture to ensure every company, in every sector, of every size can get the information and support they need to excel.”

About Onward Security

Onward Security is a leading brand in cybersecurity compliance solutions for the Internet of Things. It has been selected as Best Cybersecurity Company – Asia Gold Winner by Cyber Security Excellence Awards. In addition to possessing an international IoT cybersecurity testing lab, it develops automated security assessment products with AI and machine learning features. It has been dedicating to helping customers in IoT/IIoT equipment manufacturing, finance, telecom, and other industries for fast obtaining security certification and effectively managing risks and vulnerabilities of open source software to ensure cyber and product security.


Re: Frequent Misunderstandings of OSS licenses V7

ouchi yoshiko
 

Chris Wood san

Regarding the note I informed you in the previous email, I have made the following changes due to comments from others.

◆The answers to the FAQ are based on business practices of Japan WG FAQ Subgroup members in Japan. The interpretation on OSS license may vary depending on the customary practice and/or judicial district. Consult your company or organization's intellectual property counsel for specific issues.

Best Regards
Yoshiko Ouchi

-----Original Message-----
From: main@... <main@...> On Behalf Of Christopher Wood
Sent: Wednesday, January 12, 2022 10:19 AM
To: main@...
Subject: Re: [openchain] Frequent Misunderstandings of OSS licenses V7

Ouchi San
My pleasure to offer helpful advice. That looks good to me, covers the subject concisely.
Best Regards
Chris

On Jan 11, 2022, at 7:01 PM, ouchi yoshiko <ouchi.yoshiko@...> wrote:

Chris Wood san

Thank you for very good advice.
Updated the FAQ cover page with the following note.

◆This FAQ is based on Japanese law. Laws vary from country to country, and
measures for each case may vary from company to company. Consult your
company or organization's intellectual property counsel for specific issues.

Please let me know if there is any shortage.

Best Regards
Yoshiko Ouchi
-----Original Message-----
From: main@... <main@...> On Behalf Of Christopher Wood
Sent: Wednesday, January 12, 2022 12:38 AM
To: main@...
Subject: Re: [openchain] Frequent Misunderstandings of OSS licenses V7

Shane and Ouchi
I agree that there is much good information in the document. The responses are well thought out and may be directly implementable after review with Legal.

However, I do see that there may also be some inconsistencies in interpretation both at a country and individual company level.

Would you consider perhaps overall disclaimer for the FAQ responses that directs the reader to discuss application of the specific issue and answer with the Company or Organization’s Intellectual Property Legal Counsel? That Legal Counsel would be responsible to determine the precise interpretation under the Country and Company laws or policies.
Best Regards
Chris Wood PhD CISSP

On Jan 11, 2022, at 3:04 AM, Shane Coughlan <scoughlan@...> wrote:

This is fantastic! I will promote this across our social media!

On Jan 6, 2022, at 18:31, ouchi yoshiko <ouchi.yoshiko@...> wrote:
Hello.
I am Ouchi from OpenChain Japan WG (FAQ-SG).
We have published the English version of "Frequent Misunderstandings of OSS licenses V7".
We hope this will be useful for you..
https://github.com/OpenChain-Project/OpenChain-JWG/tree/master/Education_Material/FAQ

Regards

Yoshiko Ouchi

















641 - 660 of 5017