Presentation is loading. Please wait.

Presentation is loading. Please wait.

OpenChain Third Meeting 10/7/14.

Published byClare James Modified over 6 years ago

Similar presentations

Presentation on theme: "OpenChain Third Meeting 10/7/14."— Presentation transcript:

1 OpenChain Third Meeting 10/7/14

2 OpenChain Agenda for Third Call – 10/7/14 Roll Call – 5 mins
(Continued) Open Source Review Framework Discussion (Yixiong Zou, QTI) – 20 mins Followed by comments and discussion ISO (Joseph Potvin, Opman Company) – 10 mins TODO Project (Mark Radcliffe, DLA/OSI) – 10 mins Collaboration space (Mike Dolan, LF) - 5 mins Upcoming meeting topics (Dave Marr, QTI) – 10 mins Proposed future topics (input requested)

3 License Reporting Framework
Summary from previous meeting Current license reporting process may not be scalable vendors do not have necessary tools & information to perform license check prior to delivery The recipient bears all the burdens of license reporting verification License Reporting Framework as a potential solution Components: Scanner Validation Engine Acceptance Criteria Goal: To have vendors perform some level of license reporting verification prior to the delivery.

4 Basic Software Acceptance Framework for Open Source
A Few More Details The Framework does not dictate a “universal” acceptance criteria. Instead, the recipient of the software define OS Acceptance Criteria based on the specification. “Basic Acceptance”: this test framework is not intended to replace the entire legal review process, rather it is intended to provide some basic automation to streamline the license review process. Recipient may opt to do complimentary scanning (e.g., well-known commercial options) for additional protection.

5 Basic Software Acceptance Framework
Two operational models Independent Service Provider Cloud based service. Turn-key solutions Could be hosted by OpenChain. Downloadable software to establish the entire framework in a local environment.

6 Potential Candidate - Fossology
Features: License detection based on contextual search. More advanced than simple keyword search. Gap: Need support for the acceptance criteria. Also keyword search capability may be desirable for some businesses.

7 Thoughts? Questions?

8 ISO 19600

9 TODO Project

10 Collaboration Space

11 Upcoming meeting topics
Free form aggregation followed by discussion Draft FOSS compliance program (LF circa 2011) Training materials -Syllabus discussion SPDX 101 primer Certified trainers and consultants Software architecture diagrams Distribution flow diagrams

12 Appendix

13 Intro – Software Test Framework
General Concept – Conformance Testing blackbox testing against a target Test Suite 1 Test Suite 2 Test Suite 3 Pass or Fail

14 Intro – Software Test Framework
Benefit of Standardized Conformance Testing Compliance Testing Clarity of the requirement Consistency of the result Efficiency of the process

15 License Reporting in the Context of OpenChain
Existing Process/Methodology License 1 License 2 Initial Scan License 1 ok License 2 not ok Interpretation License 3 Rescan

16 License Reporting in the Context of OpenChain
Reasons for the Inefficiencies Licenses of the Open Source Software unclear Requirements from customer unclear No standard way of validating the OS licenses and customer requirements

17 A Basic OS License Acceptance Test Framework
License Reporting Framework Scanner Acceptance Criteria Validation Engine Overview

18 A Basic OS License Acceptance Test Framework
Scan Validate Pass or Fail Result Sample Process

19 Sample Basic Acceptance Criteria
Acceptance Criteria is based on the business practice of the recipient. The following are some simple examples: Pass if only BSD/MIT licenses are found. Fail if GPL is found. Pass unless AGPL is found. Standard Specification for the Acceptance Criteria: Being a standard specification means the acceptance criteria can potentially work with different open source scanners. Examples: XML Schema.

Download ppt "OpenChain Third Meeting 10/7/14."

Similar presentations

State Machines An approach to assembler coding. Intro State Machines are an integral part of software programming. State machines make code more efficient,

State Machines An approach to assembler coding. Intro State Machines are an integral part of software programming. State machines make code more efficient,
Robert D. Walla, Larry A. Hacker, Ph.D. Astrix Technology Group 1090 King Georges Post Rd Edison, NJ 08837 LIMS Selection In A Forensic Toxicology Laboratory.

Robert D. Walla, Larry A. Hacker, Ph.D. Astrix Technology Group 1090 King Georges Post Rd Edison, NJ LIMS Selection In A Forensic Toxicology Laboratory.
Chapter 2 – Software Processes

Chapter 2 – Software Processes
System Engineering Instructor: Dr. Jerry Gao. System Engineering Jerry Gao, Ph.D. Jan. 1999 - System Engineering Hierarchy - System Modeling - Information.

System Engineering Instructor: Dr. Jerry Gao. System Engineering Jerry Gao, Ph.D. Jan System Engineering Hierarchy - System Modeling - Information.
ISO 9000 Certification ISO 9001 and ISO 9000.3.

ISO 9000 Certification ISO 9001 and ISO
PDS4 Phoenix Beta Review Lynn D. V. Neakrase Atmospheres Node.

PDS4 Phoenix Beta Review Lynn D. V. Neakrase Atmospheres Node.
The Software Development Life Cycle: An Overview

The Software Development Life Cycle: An Overview
Www.methoda.com MethodGXP The Solution for the Confusion.

MethodGXP The Solution for the Confusion.
BTS730 Communications Management Chapter 10, Information Technology Management, 5ed.

BTS730 Communications Management Chapter 10, Information Technology Management, 5ed.
A GENERIC PROCESS FOR REQUIREMENTS ENGINEERING Chapter 2 1 These slides are prepared by Enas Naffar to be used in Software requirements course - Philadelphia.

A GENERIC PROCESS FOR REQUIREMENTS ENGINEERING Chapter 2 1 These slides are prepared by Enas Naffar to be used in Software requirements course - Philadelphia.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Health eDecisions Use Case 2: CDS Guidance Service Strawman of Core Concepts Use Case 2 1.

Health eDecisions Use Case 2: CDS Guidance Service Strawman of Core Concepts Use Case 2 1.
Chapter 2 – Software Processes Lecture 1 Chapter 2 Software Processes1.

Chapter 2 – Software Processes Lecture 1 Chapter 2 Software Processes1.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
LSR Test purposes: adapting the notion of specification to testing Yves Ledru, L. du Bousquet, P. Bontron, O. Maury, C. Oriat, M.-L. Potet LSR/IMAG Grenoble,

LSR Test purposes: adapting the notion of specification to testing Yves Ledru, L. du Bousquet, P. Bontron, O. Maury, C. Oriat, M.-L. Potet LSR/IMAG Grenoble,
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
CS223: Software Engineering Lecture 25: Software Testing.

CS223: Software Engineering Lecture 25: Software Testing.
User Friendly Data Filing Solution

User Friendly Data Filing Solution
ITEC 275 Computer Networks – Switching, Routing, and WANs

ITEC 275 Computer Networks – Switching, Routing, and WANs
Chapter 8 Environments, Alternatives, and Decisions.

Chapter 8 Environments, Alternatives, and Decisions.

Similar presentations

Ads by Google