Open Source Summit + AI_dev Japan 2024

At Open Source Summit Japan, within the Operation Management Summit, Keith Bergelt, CEO of Open Invention network, will address ways to mitigate risk to open source projects, developers and distributors. Few developers or businesses will show interest in contributing to an open source project if it doesn't address potential bugs, security issues, or feature additions to its repository. This is well understood by the OSS community and spurred its growth into new technological areas such as AI/ML, FinTech and Automotive, among many others. However, many of today’s most popular open source licenses do not adequately address patent risk for open source projects. As patent risk is a challenge that must be addressed, this presentation will discuss the key tenets around patent non-aggression in open source, key patent-related risks, and the best practices that open source projects and their management should consider moving forward to “address the issue.” . Key Takeaways: - An understanding of the patent threat matrix to open source projects - Ways patent litigation risks are rising & ways to reduce these risks - Best practice solutions for management to mitigate these challenges

To sustain the OS industry, we must assess the efficiency of the open source 3P cycle (Projects, Products, and Profits). Companies build products using open source software and generate revenue. This should incentivize them to reinvest in open source communities, thereby creating better products and increasing profits. However, the 3P cycle is not functioning smoothly. While companies utilize open source technologies, they often do so without collaborating with the community. This lack of interaction reduces their interest in reinvesting in the open source ecosystem. This issue significantly impacts the Japanese industry. Companies miss opportunities to leverage cutting-edge technologies and remain less inclined to invest in talent development within and outside their organizations. The resulting talent shortage poses a serious sustainability challenge for the industry. In this session, LF Japan evangelists will discuss this topic from their respective areas of expertise, including cloud, blockchain, security, compliance, and OSPO. Attendees will learn about the latest trends in open source and business and engage in discussions on how to enhance the 3P cycle in Japan.

International standards addressing specific challenges around open source provide organizations significant opportunities for increasing efficiency and reducing risk. This talk will explain practical ways for procurement departments to use these standards to benefit product teams, IP departments, legal departments or OSPOs supporting corporate policy. The focus will be on ISO/IEC 5230 (license compliance), ISO/IEC 18974 (security assurance) and ISO/IEC 5962 (SBOM), all mature standards maintained by Linux Foundation Projects. The audience of this talk will be equipped to immediately improve their supply chain management as either customers or suppliers in any industry sector.

This session will introduce the SPDX Lite profile, its background, and what and how it solves with many JSON examples. The Lite profile of SPDX 3.0 is designed to make it quick and easy to start creating a Software Bill of Materials (SBOMs) when a company has limited capacity for introducing new items into its process. Over the past few years, the importance of SBOM has increased. As interest in SBOM from government agencies and industries grows, the SBOM specification extends significantly to meet these various needs. SPDX Lite is a lightweight and compact SBOM specification. The OpenChain Project Japan WG explores and promotes SBOM. The focus is on making the SBOM practical from security assurance and license compliance perspectives and on sharing and transferring SBOM across the global software supply chain in any industry. SPDX Lite is one of the achievements of collaboration between the OpenChain project and the SPDX project. Attendees in this session will learn the first steps to creating an SBOM using the Lite profile of SPDX 3.0 by several examples of SBOM documents that address regulations and requirements.