 Hello everyone. First of all, thank you for the opportunity to introduce our open source program. We started open source compliance 15 years ago and evolved open source governance continuously. Finally, we established open source programs now. I think our case study helps other companies which didn't start open source program yet. Before starting my presentation, let me introduce myself. I'm working for LG Electronics since 2003 for over 18 years. When I first joined LG, I developed UPNP on a protocol and Linux driver and so on. I am a developer. I went on maternity leave at the end of 2006 and when I joined the team again after their vacation, my boss introduced me with some new tasks. One of them was to create enterprise-wide open source guidelines. That's when I started working on open source, which I've been working with for almost half of my life. It's very easy to calculate how many years I've been doing open source work. It's the same age as my child. Thanks to my child, I came across a new job, open source, starting with open source compliance, building open source governance, and open source programs in LG. And starting the first light open source project this year. This time, I would like to briefly talk about LG's open source story for about 15 years. Most of the LG home appliances were based on ITOS before 2006. Around 2006, TVs based on embedded Linux began to be released. I was in the Linux technology development team at that time, and as our team doing research on Linux, we realized that Linux is open source and there is an open source license, so we have to comply with the open source license obligations. TV is the first product we included open source software notice. As we started making Linux product, we learned about the obligations of open source licenses and started to check and notify open source only for specific product families, not all of them. In December 2009, SFAC filed against 14 companies using bgbox, it's a very big case then. So it was able to allow executives to the importance of open source compliance. After this news, we could establish a company wide open source compliance process and disseminated it throughout the company in 2010. This is the beginning of a structured open source compliance process and launch it on open source distribution site, where customers can download open source notice and open source code in using ICE. This compliance risk for several major items company wide. In 2011 compliance team found out that open source was important so open source compliance risk was added to the main compliance management target. In 2011, open source compliance risk prevention activities have been carried out every year. As we manage our compliance risk every year like this, we feel the need for our system because while editing open source notice manually and repetitive tasks were caught often. So sometimes we missed open source notice by mistake. So we need to manage them efficiently. Finally, in 2014, we developed a system which can manage open source and license and automatically create open source of the notice. In doing so, while using the system in 2017, we developed a post right that can perform all open source compliance in only one system and provide in-house service for all compliance processes. This way, systematically proceeding with open source compliance in 2019, we announced as an open chain conformance company. And post right, which was serviced internally before since 2017 has been turned into an open source project this year. It's the Rome story of LGE. Let's take a closer look at LGE case more. Through many years of experience, I have compiled a list of the five major component of open source compliance. This is also what I learned from lots of documents and lectures from Linus Foundation. The first is organization. In order to start anything, we have to have someone first. There may be only one person first, but it is also an organization responsible for open source compliance anyway. Also an organization is created. There must be a company's policy and process. This is because policy and process such as available licenses may vary depending on the type or size of a company's service. Education is in the company based on this policy and process and compliance management based on it. To proceed open source compliance management like this, you will naturally need to use tools, which will be explained in more details later. LGE electronics has built open source compliance along this big axis. And let's take a look at LGE's open source compliance in details. First of all, organizations. LGE has an organization that manages the company-wide open source compliance and establish company-wide policies and processes. LGE is OSPO, open source program office. Since LGE has several businesses, open source organizations has been created for each business division and open source compliance teams in each business division guide, each development team, each. In other words, it has a centralized organization. We have four major policies. These are open source users' policy to be followed by using open source. The policy used when importing software from third-party and the policy to respond effectively when requested related to open source from outside. And last is the policy to contribute to open source communities. First, let me introduce this open source compliance process based on Reynolds Foundation's guideline. Reynolds Foundation has 10 steps and we have only four steps. If we follow this process when developing software, we automatically meet all open source license obligations. We found that we need a tool and system to check properly and run efficiently without missing anything. So we use the open source program compliance tools and system in this start area. And this is the beginning of the first slide, which we started in 2014. Based on these policies and processes, we are conducting in-house training by creating online content and we educate developers about open source licenses and so on. And we also create and provide video contents to make it easier to use open source compliance tools. In addition, open source representatives get together and hold open source workshops every quarter to share important issues such as latest open source cases and trends and so on. Last, we provide open source consulting in-house. We use the issue-tracking system to answer open source compliance related inquiries. And based on this, we accumulate and provide open source related information as a week. We are also working to raise awareness of open source across the company by sending out on open source newsletters regularly every month. We also pick semantic overview of the tools we use for compliance. When developing software, we do open source analysis with personalized scanner. This includes dependency analysis, source code analysis, and binary analysis. At the end of this analysis process, we can get open source BOM, bill of materials. After we enter this into First Right Hub, which is generated on open source notice, which will be published on the open source distribution site. Here's a close look at using First Right Hub part of the process. In the identification stage, the development team analyzed what open source used to develop the software. The result of the analysis is a First Right report which concluded open source BOM, bill of materials, and open source list. In the approval stage, the development team sends the open source list to OSPRO, open source program office, our team, and the case to review and OSPRO reviews and confirms that open source license is correct or not, and what the obligations are. The result is open source BOM. In the notice and verification stage, the development team creates an open source package by collecting source code to be disclosed based on license obligations. OSPRO generates an open source notice after verifying that this package has been created properly. Last in the distribution stage, the development team can comply with the open source obligation by distributing the open source package and open source notice generated by OSPRO to the distribution site. For example, opensource.se.com. This is a space when customers can view and download open source software notice and open source package. First Right Hub and First Right Scanner will release this part. If you take a close look at First Right Scanner, there are dependency scanner and analyze dependencies and source code scanner that analyze source code and binary scanner that analyze binaries. So we have developed the Android scanner and Yachter scanner that analyze more efficiently based on each platform. It's not open source yet, but we are considering whether to disclose this part also. First Right Hub can be seen as an all-in-one system that manages open source compliance and vulnerabilities at once. Let's look into First Right Hub by each menu. First Right manages licenses and open source and performs OSC processes in unit of project. It is also possible to review and manage open source received from a third party. This process is similar to project level identification stage. OSPRO's review is absolutely necessary in project and third party management, but self-check allows developers to check each open source license and vulnerabilities by themselves without OSPRO's review. Finally, open source vulnerability management is also possible. And it also provides a mailing function when new vulnerabilities are discovered in the existing project. The First Right Hub is truly a hub for all open source related things. Manage licenses and manage open source and manage vulnerabilities based on it. It also manages the entire compliance process as we saw earlier. BOM management is very important. First Right manages open source BOM also. You can manage the open source BOM for each product project, and when an issue occurs, all the history is managed, so each tracking is possible. LG announced the open chain conformance, and I think this is thanks to First Right. This is because First Right satisfies the following specification of open chain. For example, a bit of materials license compliance and compliance artifact. If you want the perfect open source compliance, definitely First Right is essential. We released the open source compliance system developing for seven years as the First Right open source project. Many people ask that First Right means, and whether the logo is a paper airplane or not, actually First Right means the light of free open source software, and we hope to illuminate the open source compliance world. The First Right site and guide can be found here. Here you can find a detailed description of the First Right Hub and First Right scanner and how to install it and use it. You can find the REST APIs of First Right. You can integrate the other system, for example, source scanning system or binary scanning system and so on. In the guide, you can run the tools by doing it yourself. The guide will be continuously updated and is provided Korean and English. You can also use multiple languages supported. If First Right is a good tool, I believe it translates naturally into multiple languages by contributors, it's my dream. Yeah, I welcome to the contributions. You can create a demo site to make it easy to experience First Right without installing it. We also provide a local image to provide an easy way for each company to install. So first code for yourself by visiting github.com First Right. There are First Right Hub and First Right Scanners. So scanner and depends on scanner and binary scanner will be released soon. And let's take a quick look at how it is performing open source compliance through First Right. Let's watch the video together. For First Right, I think you can do everything with First Right because it's on open source. Let's watch one more video. Using First Right Hub, developers can check open source license or so vulnerabilities by just uploading open source reports without any review. It's very useful. Open source program office. OSS.az.com site describes as its open source programs. Also, not many here, you can also check out open source projects run by AZ. In addition, AZ's open source governance guide is publicly introduced so that other companies can refer to it. Recently, we opened YouTube channel. You can watch more videos related to First Right and there is English version and Korean version. As we do open source compliance and open source activities by releasing open source tools as First Right, we naturally play your role as an open source program office. We are conducting processes, tools, consulting, and external responses, which are the major pillars of compliance. By building processes for contribution and operating on open source portal site and operating on open source project, we cover the open source contribution part. Next, the part we need to supplement a little more is the spread of open source culture. It is necessary to further disseminate the communications and discussions that are common in open source project through training. So far we have talked about the history of 15 years before AZ's open source program was created. I hope this case study will be of some help to you and thank you for listening.