 Hi everyone, welcome to this presentation. I'm Takanari Suzuki and today I will talk about what we learned from creating Ospo at Cybertrust Japan. This is a gender. At first I will talk about me and then I will talk a bit about my company Cybertrust Japan. Then I will talk why we need to make Ospo and how was the situation before Ospo. After launching the Ospo, when we make the Ospo, what we learned from the 2D Groups Ospo resources. Then I will talk about what changed after creating Ospo and the future plan and the conclusion. About me, I'm Takanari Suzuki. I'm leading Cybertrust Japan Ospo to open source officer. I'm also an open source engineer. About open source on me, when I was a university student in 1999, I read the Cathedral and the Bowser essay and I learned about open source at that time. And in 2007, I joined Cybertrust Japan. At that time it was a miracle in us. I worked for Miracle ZBX and Miracle Renact as an open source engineer. And currently working also for Miracle Renact development system. This is my company Cybertrust Japan. As you see, there are 3 sections. The left side is original Cybertrust Japan's businesses like authentication or securities. The right one originally came from Miracle Renact. It merged to Cybertrust in 2017. It has Renact and open source business. As you see, there are some logos like Miracle ZBX. It is a system monitoring software. In the bottom, there is embedded Linux distribution EM Linux and cyber Linux distribution Miracle Linux. There is also the IoT section. It's based on the security technology and open source technologies. Currently our company is based on open source and security. We have some open source products. I will talk about how was the situation before the Ospo about open source culture and open source business mind. As I told, the current Cybertrust Japan is the result of the merger of 2 companies Cybertrust Japan and Miracle Renact's open source company. There was some gap in open source mind. We need to keep and extend open source culture and open source business mind because there are some different people coming from different cultures. We need to sometimes explain why we need to contribute to open source or why we need to talk with community people. Sometimes we need to talk such things in our company. Before that, I was in Miracle Renact. In Miracle Renact, it was natural thing to do open source. Actually, I didn't mind so much about why I have to communicate with open source committee or why I have to contribute to open source. But now we need to have some system as a company to communicate with each other to contribute and use open source. As I said, it was natural. Our open source culture was mainly kept by the branched open source engineers. Each developer contributes a source code to each open source software. Actually, it's natural thing and we didn't talk so much about each other as a report. We found some bug in open source software and just contributed. Actually, it's a bit volunteered and not system as a company. We need to build a system as a company to keep it. Some workers and management people thought open source was only about technology and intelligence and compliance and securities. We had a bit of gap in the mind. Open source strategy about joining open source development or events often individually in each section or each engineer decision. Actually, we just did such things because we wanted or we need. Actually, we can cooperate more with each other and we need to do such things. About open source compliance. Some people have enough open source license knowledge but others not. There are some issues. My response to these issues, as I said, I've read Cathedral and Bazaar and especially the magic card run. It's written about open source business and open source community relationships. I already know the open source community and open source business can go together. I need to find or make some model or guide to do such open source system in our company. In 2021, I found the Renax Foundation and 2D Group's OSPA resources. In such 2D Group's OSPA resources, there are many useful guides and resources to apply open source to our company. It also suggests Cathedral and Bazaar as one of the must read books. Actually, I thought this is what I was searching so OSPA is what we need. So we created the OSPA. We launched the OSPA this year, 2022. This is the press release. This is translated June 23. What we learned from 2D Group's OSPA resources. As you see, there are many guides and case studies. In such guides, there is how to make the ecosystem of the community or how to host the open source project or the compliance or also about open source commercial ecosystems. OSPA is covering not only about technology thing or contributing code. Of course, the contributing code is the most important thing I think and it's useful for business, security and compliance. So this is good for us. Also, the many case studies is important. Also, this training module, actually I'm still reading this. I'm not yet finished but it's interesting because there is an open source business strategy course. So if we can share which kind of open source existing and we can know the open source business model common sense so we can talk more easily in our company. So I think it's so good training modules. So OSPA is not only for technology but also for culture, business and compliance and so on. There are stages of OSPA. This is a picture. Often the telegroup introduces this picture and for making OSPA more effective we need to collaborate on open source more strategically not only individually. And by collaborating more we can contribute more strategically or getting more leadership in open source so it will become a benefit for company. So this kind of guide or resources is useful for us. After creating OSPA we defined the five goals of our OSPA. The first one is assisting in development, sharing and implementing open source utilization strategy. This is what I'm doing. These five goals is actually this one. The second goal is working with open source communities to keep and extend effective contribution. The third one is promoting effective use of open source in products and services. It means process development, how to apply open source to our product and services. The fourth one is keeping and extending open source license compliance. The fifth one is promoting open source culture in the company. And this is our OSPA activity field. Actually, the most important thing in open source is contributing and writing code, the open source activity. That is the center part of the box. But actually, for doing that, just doing that is not easy to do, actually making our culture or training or supporting the new developers or collaborating with other sections needed. And actually bridging the open source activity and business strategy is important. Without such thing, it's difficult to continue or getting help or difficult to get in budget. So for doing open source contribution and activities, we need to do these green boxes. Actually, the blue one is what we will get by these activities. So these are our OSPA activity fields. And I mapped the five goals I talked to these activity fields. The first one is the goal about assisting in development, sharing and implementing open source utilization strategy. This one will affect everything about the open source thing in our company. So this is the first thing and it will affect everything in our company. So after writing or making these five goals is what I am doing. And actually still kindly building the strategy. Next one is working with open source community to keep and extend effective contributions. We could keep the contributing to CanalCI and CIP and other open sources. And one member is now CanalCI TSC member and maintainer. And also we assisted to boost open source activity about our open source products. So for example, we started Miracle Renux user meetup and made new wiki for getting more users of Miracle Renux distribution. And also we encouraged the EmRenux team, its EmRenux distribution to attract and gather more interest. And not only joined open source event but actively participated. For example, we were joining the open source event individually or just joined and not being sponsored. But in this year Open Source Summit Europe 2022 we had a session about CanalCI and we sent a developer about CanalCI and the corporate part was accepted. And this event, Open Source Summit Japan we encouraged management people to sponsor the event. And actually we became a goal sponsor of this event and we sent three speakers including me to this event. And also another guy will talk as Open SSF Day. So actually four speakers. And next one is promoting effective use of open source in products and services. As I told, we are now starting Open SSF related team. We are assisted to start that team, improve collaboration with each section. Actually, that Open SSF team originally started in the EmRenux section but actually the open source security is so much important and it's not only about EmRenux system. So now we are involving the many sections and because also we could talk with marketing or some other people we could join the Open Source Security Summit Japan and we could join in the discussion and also we could involve our authentication section. It's originally the previous Cyber Trust Japan section. So someone knows Open Source but not so much so we are involving them to join this Open SSF team because there is a six store project. Six store project is about code signing. So such authentication section team is so much interested in this project so we involve them. And next one is keeping and extending Open Source license compliance. We started internal Open Source license study meeting with legal section so we could also involve the legal section and actually also tomorrow, after tomorrow there is an Open Compliance Summit our legal section member will also go that conference so I think it's going good to involving them. And we also assisted to start cross-bought company S1 team. S1 is also an important thing recently and originally it started at security section and embedded system section but they were working individually in each section so we need to communicate with each other so we could make such cross-company team because of Ospo we could have connection to talk with each other about the next one, the promoting Open Source culture in the company. We could start Open Source contribution assisting project so because we can teach each other for how to contribute Open Source or teaching the experience because by such things new developer can be Open Source contributor more faster so we started such project and also we started internal technical casual meeting we can talk casually about Open Source experience or contributions and Open Source activities became more encouraged by our company so for example we praised active Open Source engineers like the Karnel CI person is now praised because of the person became Karnel CI TSC member and maintainer and also another guy became Python JP chairman so that person also got prize so we are encouraging engineers to do more Open Source activities and also we are encouraging members to join Open Source event and supporting the cost actually because before that each developer went Open Source event by themselves by their money actually because they wanted to go but after we said after we need to support them because that becomes our company profit so we became to support them so this is the progress status of our Ospo activity fields after everything already checked is anyway we need to continue so it's not finished actually we need to continue but in many fields we could do many things making community, bridging the Open Source activity and business strategy or such things and still but there is some boxes we need to do so this is the status future plan actually I wrote future plan but actually this is issues issues to solve future issues so there are some issues because Ospo is actually going well because many sections request ask us to how to join Open Source community or how to do the Open Source activity or also the management people said how to use the Open Source for new business for example actually Open Source SSF is we are trying to concentrate so actually we got many requests from many sections so actually it's going good but in some aspect we need more human resources for expanding Ospo activity in our company so it's a kind of happy problem but still a problem so we need to allocate more Ospo members of us is needed and also the Open Source knowledge gap in our company actually we are doing some supporting project but still there is a gap so we need to keep having such project and adding more training course or using the training course in Relax Foundation or the training modules still thinking about this and also I'm thinking about how our Ospo should be as a company owning the Open Source products and communities like MNACRINACS and EMNACS because you know often the Open Source consuming Open Source is most easily consuming and sometimes we find about we contribute to that Open Source or getting presents in the community but hosting the Open Source products or communities is in opposite side we have to attract people to join our community or attract people to use our product so actually we are now building the communities for MNACRINACS and perhaps also the EMNACS so still we are thinking about how we should be these things are issues to solve so anyway as a conclusion these are conclusions the two groups Ospo documents are fundamental resources for implementing Ospo Cyber Trust Japan is improving OSS contribution by Ospo Cyber Trust Japan Ospo is covering technology, culture, business, compliance and so on so that's all for my presentation thank you so do you have any questions? the mic will come I think that it's a little bit difficult to build Ospo team small organization so do you think Ospo tasks can be outsourced? outsourcing in our company or outside of company you mean? if you can can I speak in Japanese? it's a company that has a little bit of a relationship so it's not a company that has the hope to build Ospo but in the future I would like you to talk about consulting about Ospo business so outside of company of course perhaps some kind of tasks can be outsourced and after we need help from other people because at least for us we are still searching what is good for Ospo so outsourcing is one of the options but I think some essential part is still needed in the company is it okay for your question? thank you for the presentation my question is how did you secure the legal team's involvement do you have someone from legal team working with you in Ospo full time or is it dedicated a certain percentage like they work 10% on Ospo matters and is it the same people in legal department whoever is available at the time if you need help currently part of their time will be used for Ospo but actually not is so much using for Ospo but anyway full time Ospo member is not always best I think because bridging each section is important for Ospo so doing the bigger section work and also Ospo work is good for bridging each section so I think of course actually we have too many things to do so we need more help but still doing both section work I think is better for doing Ospo is it okay? thank you okay okay I see okay thank you