Loading…
Open Compliance Summit 2022 has ended
In-person Event | December 7-8, 2022
View More Details

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for the Open Compliance Summit to participate in the sessions. 

Open Compliance Summit is an exclusive event for Linux Foundation members and select invitees. Attendance is limited to ensure ease of networking and collaboration. The summit (like prior) will be held under Chatham House Rule. Please consent to this rule before you request an invitation.

Please note: This schedule is automatically displayed in Japan Standard Time (UTC+9:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, December 7
 

8:00am JST

Registration & Badge Pick-up
Wednesday December 7, 2022 8:00am - 5:30pm JST

9:30am JST

Keynote: Welcome + Opening Remarks - Shane Coughlan, The Linux Foundation
Speakers
avatar for Shane Coughlan

Shane Coughlan

General Manager, OpenChain
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include building the largest open source governance community in the world through the OpenChain Project, spearheading the licensing team that elevated Open Invention... Read More →


Wednesday December 7, 2022 9:30am - 9:35am JST
304

9:35am JST

Keynote: We Have Standards for License Compliance, Security and SBOM. Now What? - Shane Coughlan, The Linux Foundation
Speakers
avatar for Shane Coughlan

Shane Coughlan

General Manager, OpenChain
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include building the largest open source governance community in the world through the OpenChain Project, spearheading the licensing team that elevated Open Invention... Read More →


Wednesday December 7, 2022 9:35am - 9:40am JST
304

9:40am JST

Keynote: State of the Union - Michael Dolan, The Linux Foundation
Speakers
avatar for Mike Dolan

Mike Dolan

Senior Vice President & General Manager of Projects, The Linux Foundation
Michael Dolan is SVP and GM of Projects at the Linux Foundation supporting open source projects and legal programs He has set up and launched hundreds of open source and open standards projects covering technology segments including networking, virtualization, cloud, blockchain, Internet... Read More →



Wednesday December 7, 2022 9:40am - 9:55am JST
304

10:00am JST

Sponsored Keynote: Renewal Process of OpenChain Conformance Over Organizational Changes - Tadayuki Osaki, Fujitsu Limited
OpenChain is the International Standard for open source compliance and adding its importance these days where inter-company cooperation has a crucial role, such as SBOM sharing in a supply chain. To confirm compliant state for conformant organizations, OpenChain specification requires organizations to renew its conformance every 18 month.

In the session, I would like to share part of our experiences we faced in renewal process, different from newly obtaining process.

Speakers
avatar for Tadayuki Osaki

Tadayuki Osaki

OSS compliance manager, Legal & Intellectual Property Unit, Fujitsu Limited
Tadayuki "Tom" Osaki is OSS compliance manager of Fujitsu's Legal and Intellectual Property Unit. His team is serving for internal OSS compliance governance and open-communities-related activities. He is currently a board member of the Linux Foundation OpenChain Project.Prior to working... Read More →


Wednesday December 7, 2022 10:00am - 10:10am JST
304

10:15am JST

Sponsored Keynote: OBEY: The Challenges of Open Source Compliance Training - Sarajane Whitfield, Google
A robust training program is essential to build and sustain a culture of compliance, but it comes with a number of challenges. This session will discuss four features that are critical to address when developing such a program.

Speakers
avatar for Sarajane Whitfield

Sarajane Whitfield

Open Source Advisor, Google


Wednesday December 7, 2022 10:15am - 10:20am JST
304

10:25am JST

Keynote: Grabbing the Compliance Bull by the Horns: Why We Need to be Much More Proactive Towards Compliance Issues and Tooling and How - Armijn Hemel, Tjaldur Software Governance Solutions
Speakers
AH

Armijn Hemel

General Manager, Tjaldur Software Governance Solutions
Armijn Hemel, MSc is the general manager/owner at Tjaldur Software Governance Solutions and an internationally recognized expert on GPL license enforcement and GPL license compliance.


Wednesday December 7, 2022 10:25am - 10:45am JST
304

10:50am JST

Open Source Compliance Takes a Village - David Hirsch, Dynatrace
There are numerous considerations that must be made when setting up and managing a comprehensive open source compliance and security program in an organization. We usually  focus only on compliance when consuming, contributing or creating open source and tend o forget about who all of this is for.Throughout this session, David will share how Dynatrace has evolved this process over the last year, and will share the tools, process and teams that have made it possible.

Speakers
avatar for David Hirsch

David Hirsch

OSPO Program Manager, Dynatrace
David works as Program manager at Dynatrace's Open Source Program Office. He is driving process, compliance and security efforts around Open source within the company, as well as contribution and the creation of new projects. He also supports projects in their early stages, helping... Read More →



Wednesday December 7, 2022 10:50am - 11:10am JST
304
  End-User Sessions

11:10am JST

Coffee Break
Wednesday December 7, 2022 11:10am - 11:30am JST

11:30am JST

Policy as [Versioned] Code - Andres Vega, ControlPlane
Beyond just "don’t run everything as root" In this talk Carmen and Andres will trace back the origins of how policies are often incepted, how it can get out of hand, be slow if not impossible to update and measure compliance, and often lead us to question of **is the policy helping or hindering**.

Speakers
avatar for Andres Vega

Andres Vega

Vice President of Operations, ControlPlane
Andrés Vega is Vice President of Operations at ControlPlane focused on securing modern applications from supply-chain and runtime attacks with a zero trust, continuous security approach He is also an open source maintainer, contributor, and author.


Wednesday December 7, 2022 11:30am - 11:50am JST
304
  End-User Sessions

11:55am JST

OSS Lifecycle Management with SPDX - Keiya Nobuta, Fujitsu
Fujitsu supports SPDX evolution and the movement to an international standard that provides a common SBOM basis for software exploitation for companies throughout the supply chain. We have long provided multilateral support for SPDX, especially thorough activities in Yocto and SPDX-Lite. From 2016, we have been joining maintainers of meta-spdxscanner, enabling SPDX functionality for the Yocto Project. While the SBOM is static in terms of license compliance, lifecycle management including the dynamic element of vulnerability is important. In this session, we will introduce the mechanism of SPDX output and vulnerability detection using Yocto, and an example of lifecycle management of SBOM by using SW360.

Speakers
avatar for keiya nobuta

keiya nobuta

Software Engineer, Fujitsu
I am Embedded Linux Developer. I joined the Fujitsu Corporation since 2015. My major job is Linux kernel development for Embedded Systems.



Wednesday December 7, 2022 11:55am - 12:15pm JST
304
  Technical Sessions

12:20pm JST

How I Learned to Stop Worrying and Love the Bom - Simon Vestin & Manabu Niseki, LINE Corporation
SBOM, Software Bill of Materials, is a new concept in securing the software supply chain. With it, providing transparency for software consumers is possible, making vulnerable components hiding deep down in dependency hell visible. There is an abundance of tools for generating SBOMs, but the majority are based on static lock files. Lock files are not necessarily present on servers after software is deployed, making the generation of SBOMs incomplete without knowing exactly the source of all deployed software. The usage of lock files is neither mandatory in all programming languages, making lock file based SBOM for certain software doomed. To tackle this issue, SBOM collection also needs to some extent be done at runtime. In this talk, the speakers will explain the difference between static and runtime SBOM collection. This is followed by an elaboration on how they utilize the SBOM concept to collect metadata across multiple ecosystems in an infrastructure with over 150,000 servers, using the two methods. The methods' pros/cons will also be discussed. Furthermore, a brief note on how generated SBOMs can aggregate with an open source vulnerability database adopting the OpenSSF OSV format will be included.

Speakers
avatar for Manabu Niseki

Manabu Niseki

LINE Corporation
A Botconf, HITCON, OBTS and JSAC speaker. A V3 climber forever.
avatar for Simon Vestin

Simon Vestin

Security Engineer, LINE Corporation
Simon Vestin joined LINE in 2015 upon graduating from university in his home country. He is working mostly in the network security field and in later years as a developer focusing on security infrastructure. Currently involved in building a system to find vulnerabilities / misconfigurations... Read More →



Wednesday December 7, 2022 12:20pm - 12:40pm JST
304
  End-User Sessions

12:45pm JST

Something Interesting and Thought Provoking - Andrew Katz, Moorcrofts
Speakers
avatar for Andrew Katz

Andrew Katz

Managing Partner and CEO, Moorcrofts LLP and Orcro LLP
Andrew Katz is a lawyer who has advised on free and open source software, open hardware and other opens for over 25 years. Formerly a software developer, he qualified as a barrister, requalified as a solicitor and is now partner and head of technology law at Moorcrofts LLP, a boutique... Read More →


Wednesday December 7, 2022 12:45pm - 12:55pm JST
304

1:00pm JST

ORT: Automate Your Open Source Policy Using Open Source & Inner Source - Thomas Steenbergen, EPAM Systems
Setting up or maintaining a FOSS compliance processes is not simple as most organizations use a wide variety of programming languages, code build tools and delivery methods. Ideally, you want to automate most of the compliance work but as most Open Source Program Offices (OSPO) have found out, there are often significant gaps between what is offered by most tools and what you would like to have. Given this, several OSPOs have been collaborating to build OSS Review Toolkit (ORT). In this session Thomas demonstrates how one can use ORT to safely use, integrate, modify and redistribute third party software including FOSS in your software project(s). He will show a FOSS review from start to finish e.g. from scanning a repository for packages, licensing and vulnerabilities to fixing found issues and generating attribution documents, source bundles and SBOMs (CycloneDX/SPDX). By the end of this session you should be able to replicate an ORT-based compliance process within your organization including automating your FOSS policy using Policy as Code and save process/review time by using an InnerSource-based review process and re-using FOSS clearance artifacts from the community.

Speakers
avatar for Thomas Steenbergen

Thomas Steenbergen

Head of Open Source Program Office, EPAM Systems
Thomas Steenbergen is the Head of Open Source Program Office at EPAM Systems (www.epam.com).He is steering committee member and one of the co-founders/organizers of the European Chapter of the TODO group and co-founder of the OpenChain Automation Work Group - both industry working... Read More →



Wednesday December 7, 2022 1:00pm - 1:15pm JST
304
  Technical Sessions

1:15pm JST

Lunch
Wednesday December 7, 2022 1:15pm - 2:15pm JST

2:15pm JST

Export Control: Briefing and Open Discussion
Wednesday December 7, 2022 2:15pm - 2:55pm JST
304

3:00pm JST

Panel: Automation for Open Source Security
Wednesday December 7, 2022 3:00pm - 3:40pm JST
304

3:40pm JST

Coffee Break
Wednesday December 7, 2022 3:40pm - 4:00pm JST

4:00pm JST

Panel: The SBOM Panel of Japan - Masato Endo & Miyu Tanaka, Toyota Motor Corporation; Ayumi Watanabe, Hitachi Solutions, Ltd.; Yoshiyuki Ito, Renesas Electronics
In 2022, SBOM is becoming a larger trend also in Japan for proper license compliance and security management within organizations and supply chains. In fact, some electronics and automotive industries’ supply chains are sharing software component information by SBOM. Recently, Japanese government is actively promoting the use of SBOM and continues to update its collection of case studies of SBOM-related efforts by leading companies. And, some PoC on SBOM management within the supply chain are also underway. The panel will be joined by Japanese front-runners of SBOM, including members involved in the creation of SPDX Lite, members who support companies in implementing SBOM, and members contributing to the Japanese government project. This panel discussion will introduce the latest trends in Japan regarding the implementation of SBOM. Furthermore, we will discuss the challenges Japanese companies are facing in the global supply chain and their solutions.

Speakers
avatar for Masato Endo

Masato Endo

Group Manager, Toyota Motor Corporation
Masato Endo is the Group Manager of Driver Monitoring Group, Value Chain Service and Technology Development, Technical Project Field of Advanced R&D and Engineering Company in TOYOTA. He focuses also on building the Open Source governance structure within Toyota and developing relationships... Read More →
avatar for Ayumi Watanabe

Ayumi Watanabe

Senior OSS Specialist, Hitachi Solutions, Ltd.
Ayumi Watanabe is Group Manager of OSS Management Consulting Group of Hitachi Solutions, Ltd. She is an OSS management consultant and help client companies to manage OSS compliance and OSS-related security issues. She is also a core member of OpenChain Japan Workgroup. She and her... Read More →
MT

Miyu Tanaka

Member of Intellectual Property Division, Toyota Motor Corporation
She is engaged in process development and in-house education for using and contributing to the open source software at Toyota Motor Corporation. Recently, she is also focusing on the collaboration between Toyota and its related companies with respect to the open source software c... Read More →
avatar for Yoshiyuki Ito

Yoshiyuki Ito

Principal Expert, Renesas Electronics
Joined NEC at Apr. 1993, NEC electronics at Jun. 2003 and RENESAS Electronics at Apr. 2010. Member of Automotive Digital Products Marketing Division of the RENESAS Electronics. He is the leader of License information exchange Subgroup OpenChain Japan Workgroup.


Wednesday December 7, 2022 4:00pm - 4:40pm JST
304
  Technical Sessions

4:45pm JST

One Step a Day. Vision of Tooling Subgroup at OpenChain Korea WG - Wonjae Park, LG Electronics
Even in the same field, the proficiency of OSPOs at each company differs, and the know-how to achieve opensource compliance is not widely shared. The members of the Tooling Subgroup at OpenChain Korea Working Group share information on opensource and commercial tooling information and were able to build a more efficient opensource compliance chain at each company.  Also, through the activities of the group, collaborating projects between opensource and commercial tools were created and an opensource project initiated by member companies is about to kick off.

Speakers
avatar for Wonjae Park

Wonjae Park

Open Source Program Manager, LG Electronics
Wonjae Park is an Open Source Program Manager at LG Electronics and  have been working on company wide consulting and educating on open source compliance and spreading open source culture. He is very interested in Open Source Compliance tooling, collaborating with industry leaders... Read More →



Wednesday December 7, 2022 4:45pm - 5:05pm JST
304
  End-User Sessions

5:10pm JST

Satisfying Safety Standards with the SPDX Build Profile - Brandon Lum, Google & Kate Stewart, The Linux Foundation
When a system has functionality incorporated that could have serious consequences in terms of a person’s well being or significant loss, the details matter. The level of transparency and traceability may need to be at different levels of details based on the seriousness of the consequences. For safety standards, such as Automotive (ISO 26262), Aviation (DO 178C), and many more, tracking details of configuration management at the build level is vital. How was a piece of software built? Who was it built by? What is the toolchain that was used to build it, and how were they configured? The SPDX Build Profile provides additional extensibility on top of the SPDX SBOM standard. In this talk we will share what the build profile is and how it can be used to capture build metadata and how safety and critical compliance benefits from it.

Speakers
avatar for Brandon Lum

Brandon Lum

Software Engineer, Google
Brandon loves designing and implementing computer systems (with a focus on Security, Operating Systems, and Distributed/Parallel Systems). Brandon is a Co-chair of the CNCF Security TAG, and as a part of Google's Open Source Security Team, he works on improving the security of the... Read More →
avatar for Kate Stewart

Kate Stewart

Vice President of Dependable Embedded Systems, The Linux Foundation
Kate Stewart is Vice President of Dependable Embedded Systems at the Linux Foundation. She works with the safety, security and license compliance communities to advance the adoption of best practices into embedded open source projects. Since joining The Linux Foundation, she has launched... Read More →



Wednesday December 7, 2022 5:10pm - 5:30pm JST
304
  Technical Sessions

5:30pm JST

Keynote: Closing Remarks - Shane Coughlan, The Linux Foundation
Speakers
avatar for Shane Coughlan

Shane Coughlan

General Manager, OpenChain
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include building the largest open source governance community in the world through the OpenChain Project, spearheading the licensing team that elevated Open Invention... Read More →


Wednesday December 7, 2022 5:30pm - 5:35pm JST
304
 
Thursday, December 8
 

9:15am JST

9:30am JST

SPDX Mini-Summit
Over the last year, the SPDX community has been making progress to the underlying 3.0 core model, as well as various domain specific profiles of metadata information to be shared.   Join us in this session to get an understanding of each of the new emerging profiles, as well as how they will interact.   If time permits, we'll also go into the 2.2/2.3 --> 3.0 migration plans.  

Miniconference Schedule
• Core Overview
• Build Profile Overview & Update
• Usage Profile Overview & Update
• Discussion of Overlaps between Build and Usage Profiles
• AI Profile Overview
• Dataset Profile Overview
• OpenDatology applying SPDX profiles
• Security Profile Update
• Licensing Profile Update
• Safety Profile Overview (3.1 target)
• Discussion of overlaps across profiles

Speakers
avatar for Yoshiyuki Ito

Yoshiyuki Ito

Principal Expert, Renesas Electronics
Joined NEC at Apr. 1993, NEC electronics at Jun. 2003 and RENESAS Electronics at Apr. 2010. Member of Automotive Digital Products Marketing Division of the RENESAS Electronics. He is the leader of License information exchange Subgroup OpenChain Japan Workgroup.
avatar for Brandon Lum

Brandon Lum

Software Engineer, Google
Brandon loves designing and implementing computer systems (with a focus on Security, Operating Systems, and Distributed/Parallel Systems). Brandon is a Co-chair of the CNCF Security TAG, and as a part of Google's Open Source Security Team, he works on improving the security of the... Read More →
avatar for Kate Stewart

Kate Stewart

Vice President of Dependable Embedded Systems, The Linux Foundation
Kate Stewart is Vice President of Dependable Embedded Systems at the Linux Foundation. She works with the safety, security and license compliance communities to advance the adoption of best practices into embedded open source projects. Since joining The Linux Foundation, she has launched... Read More →
GK

Gopi Krishnan Rajbahadur

Senior Researcher, Huawei
Gopi Krishnan Rajbahadur is a Senior Researcher at the Centre for Software Excellence at Huawei, Canada. He holds a PhD in computer science from Queen's University, Canada. He received his BE in Computer Science and Engineering from SKR Engineering College, Anna University, India... Read More →


Thursday December 8, 2022 9:30am - 11:00am JST
HALL | BUKATSUDO

11:00am JST

Coffee Break
Thursday December 8, 2022 11:00am - 11:30am JST
KITCHEN | BUKATSUDO

11:30am JST

OpenChain Mini-Summit
Thursday December 8, 2022 11:30am - 12:55pm JST
HALL | BUKATSUDO

12:55pm JST

Keynote: Closing Remarks - Shane Coughlan, The Linux Foundation
Speakers
avatar for Shane Coughlan

Shane Coughlan

General Manager, OpenChain
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include building the largest open source governance community in the world through the OpenChain Project, spearheading the licensing team that elevated Open Invention... Read More →


Thursday December 8, 2022 12:55pm - 1:00pm JST
HALL | BUKATSUDO

1:00pm JST

Lunch
Thursday December 8, 2022 1:00pm - 2:00pm JST
KITCHEN | BUKATSUDO
 
  • Timezone
  • Filter By Date Open Compliance Summit 2022 Dec 7 - 8, 2022
  • Filter By Venue Venues
  • Filter By Type
  • Breaks & Registration
  • End-User Sessions
  • Keynote Sessions
  • Mini-Summits
  • Technical Sessions
  • Content Experience Level
  • Talk Type
  • Presentation Slides Attached

Filter sessions
Apply filters to sessions.