Every year, the Linux Foundation hosts its Open Compliance Summit in Japan as a venue for open source compliance practitioners and researchers to connect, exchange best practices, and collaborate on new projects that make open source compliance easier, faster and cheaper to achieve. The event attracts international, global participation, and is a destination for open source leaders focused on ensuring open source compliance.
At FOSSID, we have participated as attendees and speakers in the 2016 and 2017 edition of the event. In 2018, we stepped up our participation to become a sponsor as a way to show appreciation for what the event is working to achieve, and to support the open source compliance community with its efforts. We had a booth table where we were able to showcase and demonstrate our solution to the attendees, and connect with our clients in Japan in an informal way, discussing upcoming features in new releases.
FOSSID’s Artificial Intelligence (AI) Open Source License Compliance Assistant
Earlier in 2018, FOSSID received a grant by the Swedish government agency for innovation to execute research on adapting and applying artificial intelligence methods in open source auditing solutions. In a speaking session at the Open Compliance Summit, Jon Aldama, our VP of Product Development, described how AI can simplify compliance work and how FOSSID is integrating AI in its tool to drive efficiencies and increase accuracy of source code identification.
The premise is that the explosive growth of open source makes finding the correct origin and licensing information very complicated, and FOSSID’s approach is to use use artificial intelligence to enable faster and more accurate auto-identification of source code licenses in software packages and snippets. FOSSID’s combines its AI engine with its high-performing knowledge base to dramatically cut costs in the software auditing process, reduce risks for tech companies, and accelerate overall innovation.
Teaming up with the Software Heritage
Software Heritage is a non profit organization initiated by Inria, a French research institute for computer science. It is in partnership with Unesco, and has attracted attention from industry leaders, universities, and governmental bodies worldwide.
The goal of the initiative is to collect, preserve, and share software code—both freely licensed and not—in a universal software storage archive. It has already archive more than 4 billion unique source code files and 1 billion unique commits, coming from more than 80 million development projects. The Software Heritage archive is a mutualized infrastructure that serves a number of use cases, from cultural preservation to scientific reproducibility and software analysis.
FOSSID and Software Heritage announced at the summit a collaboration, where FOSSID establishes the first independent mirror of Software Heritage’s source code archive – currently the largest in the world.
At FOSSID, we are very proud to support this massive revolution with the world’s largest database for code scanning. Our support for the Software Heritage is a natural move in our commitment to protect and preserve today’s most valuable, shared technologies.
OpenChain is Expanding
Great news on OpenChain from the summit! OpenChain has reached a high level of maturity with significant amounts of work led by Japanese companies. The project announced several new members (Facebook, Google and Uber) joining OpenChain at the Summit, which a significant indication of the progress and footprint OpenChain is making in the open source compliance space. In addition, OpenChain announced a number companies pioneering standards compliance.
At FOSSID, we support the OpenChain project and appreciate the leadership of Shane Coughlan in driving this project and making it happen at such a scale.
New Open Source Tools Announced
The Linux Foundation, the host of the summit, announced the formation of the new Automated Compliance Tooling (ACT) project. The goal of ACT is to consolidate investment in, and increase interoperability and usability of, open source compliance tooling, which helps organizations manage compliance obligations. The projects currently hosted under the ACT are FOSSology, QMSTR, SPDX Tools and Tern.
New Edition of “Open Source Compliance in the Enterprise”
Additional exciting news from the summit was the release of the second edition of “Open Source Compliance for the Enterprise” by Ibrahim Haddad. The ebook is available for free download here.
It outlines best practices for organizations to adopt and use open source code in products and services, as well as participate in open source communities in a legal and responsible way. The second edition includes updated content and four new chapters that cover SPDX, OpenChain, M&A audits, and metrics to evaluate source code scanning tools.
Benefits of Open Source Compliance
The field of open source compliance continues to expand, and more companies are realizing not just the responsibilities but also the benefits of ensuring compliance with the licenses of free and open source software.
Our mission at FOSSID is to support companies achieve compliance as they adopt more open source software and incorporate it in their product and services.
Give us a call or drop us an email and let’s explore how we can support you!