 OK, thank you so much for gathering today. And thank you so much for this precious opportunity. Today, we'd like to have the panel about the Ospo. Anna-san already introduced about the Ospo. And some question has happened in Japan. The situation is what's happened right now. So today, we'd like to discuss about Ospo in Japan. So we can take masks, maybe? Speakers, maybe? Yeah. OK. At first, a self-introduction from Kamino-san, OK? Hello, my name is Hidekatsu Kamino. I'm the head of IP at Mercury. And I'm also an IP counselor at Mercury. And I'm a program manager of Mercury Ospo. Thank you. I'm happy to be here today. Hello. I'm Akane Yamasaki. I'm working at Mercury, same as Mr. Kamino. And also, I work as a member of Ospo. Hello, everyone. I am Noryo Kobota from Sony Group Corporation. And I am an alliance manager of Ospo, Sony Group Corporation. And as a chair of the internal OSS committee, I usually make a lead to make a lose and processes and so on in Sony Group. And sorry, I look cheat sheet. Sorry. And communicate with some kind of open source communities, such as OpenChain and SPDX and so on. Thank you very much. Hi, everyone. I'm Teppei Asaba, director at Linux Development Division of Fujitsu. We maintain in-house Linux distro for embedded system, which is used by server equipment system, storage system, network equipment, equipment, IoT device, car multi-media system, and so on. That distro has developed since start 2003. And that based on Yacht Project since 2013. We are number one contributor in Yacht Project. Our efforts are Meta-SPDX scanner, which provides SPDX in build process. And DNF plug-in TUI, which provides OSS license compliance archives, which includes SPDX and sources in make root effects process. And my favorite license is GPL3. And my current interest is LFX. LFX is provided by Linux Foundation. I used research, internal OSS activities, and outside marketing. Thank you. OK. Oh, this line is today's keynote by Indo-san speaks, Fujitsu's contribution to open source. We contribute to cloud platform and IoT devices. OK. My name is Indo. I come from Toyota Motor Corporation. Four or five years ago, I set up Toyota's open source structure as a member of the IP division. And I also joined OpenChain as automotive chair. And at the same time, I also engaged in the leader of the promotion subgroup of OpenChain, Japanwork Group. And in this period, I'm a manager of the software and the body care service development of Toyota. I'm a manager of the software development and the new service development in Toyota right now. And from now on, OK. So today is a Japan special Ospo discussion. So we prepare some special costume. So I'm very sorry for the German people or Spanish people. But today is a very special day for Japanese people against the Croatia. So we have to make tension up right now. So this is very important thing for us. I'm sorry. So today, Anna-san already explained about Ospo. So briefly, introduction about Ospo. Ospo is an open source program office. Open source program to promote open source culture or open source risk management inside the company at the same time. So the promote the relationship with the community and the company is also promoted inside Ospo. So Ospo has a work inside and outside of organization like a company, university or government. And mission of Ospo is one big mission is building the open source culture inside the organization. And for example, contribution to community and the strategic use of the open source ecosystems and the risk management like license compliance and security and so on. And in Japan, some company have very active for making the Ospo. For example, this year, Cyberfrust press about finding the Ospo. And today, Merukari and Sony and Fujitsu are very active for promote Ospo in Japan. So today, we already information sharing like at IT articles. And we'd like to expand this information all over the world. And we'd like to discuss about Ospo in Japan more deeply. So we have this chance to discuss another panel discussion. So at first, Kamino-san and Yamasaki-san, please introduce Merukari's situation of the Ospo, Merukari's of Ospo, please. So first, let me briefly introduce Merukari Ospo. Our activity is project-based. So there's no fixed organization. And project members come from various teams, engineering, security, and IP. And our work covers all of Merukari group, including foreign subsidiaries. And this is the photo of Merukari Ospo. And this is a little outdated. So Akane is not here. But now we are five, six members at Merukari Ospo. And next, why open source and Merukari? Here, I copied the statement by our CTO. And this statement says we, Merukari, will commit at open source to give back to open source committee. Because our management, including CTO, we cannot build our product without open source. And this is with introduction of our mission and vision. Merukari Ospo's mission is employee engagement, especially engineers' engagement. We understand that compliance is an important issue. But employee engagement is a big challenge for our company itself. And our vision is to be a good member of open source community in terms of releasing open source and exercising compliance regarding open source usage, like license compliance, and sharing the information in the community, like this. And now I'd like I will ask Akane to talk about our practice at Merukari Ospo. OK, from here, I'll talk about what happened after launch of Merukari Ospo's. In this slide, I will talk about publishing OSS. It's our process for publishing. So first step, engineers submit an application for publication for the OSS they want to publish, using pull request on GitHub. And then IP members of Ospo, which means now me and Mr. Kamino, check the license, the open source licenses, dependencies, CLA patents, and trade marks as IP review. And at the same time, Ospo engineers check it in terms of security as engineer review. So if everything is OK, we publish the OSS on GitHub. And then next, I'll talk about using open source. At the first, we implemented a scanning tool. And then we established a list of licenses that allow to use as Merukari's license policy. After that, a scanning tool scanned all production calls. And we resolved all policy violations. It resulted in zero policy violations. So in my daily walk, I will check the policy violations. If there is really policy violation, I communicate with engineers in church. And I work to resolve the policy violations. Yeah, that's it. Discussion? Sorry. From now on, we start the discussion about the Ospo. I think Fujitsu-san has many relationships with many companies in Japan to promote usage of the open source software. So I think Asaba-san well-done about the Japanese company situation of the access rate of Ospo in Japan. So please share your knowledge about that. OK. Since the early days, we have been working to Linux and OSS to apply to mission-critical systems such as servers, storage systems, NVD systems, and other equipment. We are working with the Intellectual Property Department to provide internal guidelines for the use of US OSS, as well as manage license and security issues as a system. And we are having a lot of discussions about how to work well without a structured organization in the future. With the speed of business and the trend of OSS accelerating, I also feel the need to make top-down decisions and act as an organization with authority such as C-Level. By the way, as an SIR, Fujitsu also supports for clients to how to manage OSS. Almost requests are from the automotive companies. I believe that the purpose of using OSS is to further develop our own technologies and business-using OSS standard technology. However, we often receive inquiries from clients regarding risk management, such as, isn't it license-violation? If we focus too much on risk management, we may easily lose sight of what we originally wanted to do with OSS. I think that what is necessary for OSS management is not risk management, but how to achieve the goal of using OSS. I understand that because to discuss with executives about risk management is very easy because this is a very big security issue or big compliance issues happen. So we have to prepare that. But I think in Japan, the importance of the community works or the cycle of the open source is, of course, everyone understands well. But it is very difficult to make the decision-making for investment much to assign the people. So I think this is a very big issue to understand well. But I think, for example, Sonisa is a very many history to do with the connection with the community. So I think this is a big hint of Japanese companies because Sonisa, one of the most proceed most big tech companies in Japan. So I'd like to know about the Sonisa situation, please. OK, thank you, Endo-san. First, I'd like to tell you about the history of OSPO in Sony Group. Sony starts OSPO-like, OSPO-like organization and activities about 20 years ago. And at first, we'd like to apply Linux for embedded products. But at first, we don't know how should we do for contributing OSS license compliance and so on. So we've started a small team with a few core members and some volunteers. And also, at the same time, we've planned some community event for the embedded developers. And the activities are continuing. And as you know, the event is now called as the embedded Linux conference. And the chair of the embedded Linux conference, Tim Bird is coming today. Sorry. And as you know, but recently, open source software world is expanding and used by several industries. And as you may know, Sony has many businesses in several industries. So now we are changing to focusing more about the contribution for open source communities. So sorry. So it's a little hard to convince the importance of the open source activities for our top management. And one solution, one good solution to convince them how the contribution is very important for our business is showing the example of other companies, a global and cutting-edge companies will is expanding and proceeding their businesses with open source communities. And it is a fact. So it is one of our tasks. We as OSPO staff need to convince them how important to contribute to the open source communities. And after this panel session, Sato and Fukuchi will have a session about this survey. So I hope you can join the session afterwards. Thank you very much. Thank you so much. I'm also looking forward to Fukuchi-san's session after lunch. And I think Melchale-Sans already made the OSPO and Kamino-san and Emasaki-san's introduction is very impressive for us. And so I think some task or some challenge to making the OSPO some kind of a challenge. Thank you. To Melchale-san, at the early stage of OSPO, the one challenge was a budget. First, I introduced open source compliance issue with two top management as a compliance issue. That's straightforward way. But it's difficult to get budget from them. And I changed my strategy. And I introduced this compliance issue as a security issue. And at that way, I got a budget from top management. So that's a little tips. And the second challenge, in my opinion, that is human resource. As an IP professional, it's very difficult to find an IP professional who has good experience in open source compliance. So that's why I hired Akane. At that time, she has no experience on open source. And I've been training her. So I'd like to have some comments from her. What kind of comment I... It is... Yeah, first of all, I have no knowledge about OSES things. I mean, I just know world OSES and also GitHub. But I didn't know there are different types of OSES licenses or something like that. So first, I read the textbook many times and also asked Mr. Kamino a lot of questions. So yeah, even now, I reread the OSES license in the textbook. But yeah, I'm moving on. So is it fine? So I think Yamazaki-san is very happy because Kamino-san is a big guru of the OSES compliance in Japan. And I think that almost all company has no teacher or master of the open source. But the open source is completely open. I also studied from the... Ueda-san, Eto-san, Shibata-san also, many people of the industry in Japan, not only, but also all over the world, like Japanese soccer player, run from the Bundesliga or Liga Espanola. Yeah, yes. And so you can access all information from the to-do group or open chain and many information of the web. And we can connect with the other company or other country people very easily. This is, I think, one of the ecosystems of the open source. And I believe also spread, also can spread in Japan using such approaches. And of course, I think in Japan is a little about what different cultures exist. So I think I'd like to collaborate with the government or some industry association to promote open source program of peace. And so, for example, Saba-san or Kobo-san, do you have some opinion on how to spread Ospo in Japan? Something? Your hint? Yeah, okay. Most difficult thing I feel is open source software and open source, as I said before previously, but almost all everyone agree about the important of the OSS activities. But in some case, some managers don't really agree to spend the developer time for all OSS communities. So we need to convince them how the importance of the communicating open source communities is how, how should I say, how effective for your business. And it is the responsibility of Ospo team staff. But at this moment, we'd like to investigate the key factors to how, what is the key KPI about Ospo? So we need to continue to collaborate with each other and the activities, I believe, the activities to collaborate with each other is expanding Ospo team, I think. Thank you. Sorry. I talked about Melgar Ospo mission is engagement for engineers. So that's why I heard from my CTO that we want to hire software engineers who love to write a code. So it's not only about the work time. And at the spare time, they are willing to write code by themselves. So that's why I write CTO, said I wanted to create a good culture for open source in my company. Because that leads to the, so that's why our engineers at Melgari want to work here. So that's not the traditional way to build up the Ospo. I think we used to create Ospo in view of compliance. So I think this relatively new way is a good fit for especially for internet company like us. Thank you so much. I think the last 10 minutes has a Q&A session. So please something question from venue. So in Twitter, so it is very difficult to define the OSP because in this period, at first we set like Ospo making the governance structure in company, collaborate with the IP division and security division and the software development division. So each division has some KPI like risk management or code of commitment and so on. And so in this period, there is a virtual Ospo. So each division has a KPI. But I think more ideal style is the company's policy and the company's total KPI. And that is the umbrella of each division's KPI. This is a very constructed KPI. So it is under the way for this type of KPI in Twitter. How about Melgari-san says some KPI OSP? We have not, we don't have any fixed hard KPI, but there are several numbers we are interested in. One needs a number of OSS release request from engineers. And the other is the licensed policy violations Ospo resolved. Fujitsu doesn't have Ospo, but I think open source activities is needed joy and fun. So KPI, I think KPI is engagement service core. This is my only my opinion, but it's easy to measure how many contributors in Sony contribute to open source software. It's the one measurable value. But it's difficult because if we don't use open source software, how much we cost? But usually we use open source software. So we can't measure between not to use open source software and using software. But I think Good Governance Initiative published some key takeaways and key factors to measure the Ospo function. So at this moment I don't have the document, but Open Change Japan Working Group is now translating Good Governance Initiative documents and published later. I'm not sure about when it's published, but we will certainly publish the translation of Good Governance Initiative documents. So I think it is helpful to understand, check the key KPI. Yeah, so regarding with this, that you were thinking about KPI, I just wanted to say that Chaos Community was collaborating with Tudor Group and have created like a Ospo Metrics Working Group. So Chaos focused on how to bring like standard ways of metrics for different areas. And we found like this was a really important topic to bring on the table to have a dedicated working group. And we will be starting this meeting soon. So this is false under Chaos Project, but we are bringing also the Tudor community to start thinking on metrics and so on. So it will be great to have more contributors to serve these KPIs anonymously, of course. So other organizations can start saying like, like it's kind of a miss a list of KPIs and we can start better defining those. So I just wanted now that we are think talking about KPIs and standardized metrics, I think that it's important to raise. I think Anna-san's last session says Ospo is different from each organization. And I think KPIs also have to be different because if we set the number of the commitment or something, so quality or understanding not promoted. For example, early stage company have to start not not disturb each engineer is very important. I think that two engineers intention want to contribute the community is very important. But in Japan, some companies regulation or some companies rule is not played for the contribution. So how to eliminate this type of regulation or rule is a very important factor at the early stage. And after that, I think if the cycle is turned and where I think to set the number of the KPIs of the number is I think good strategy. But I think it depends the situation what stage of the company. And as a question or something, okay, Ito-san. Do you have any solution to inappropriate usage open source by the innocent awareness engineers in your company just like education or any systematic checkpoint for delivery or any other solution do you have? Using a scandal, we monitor the, compatibility of license. Every time our CI CD works. So I think we can check the all activities because our software base is almost of them our software code base is on GitHub and we integrated our tool with GitHub. You mentioned that you're using the scan tool when you're delivering the product. Do you have an intake process for open source code or you only check at delivery? One example, an engineer will add to your project on GPL3 license and your whole project is not compatible with that. That means that at delivery time you will have to scrape the project or replace it with a component that is compatible. If you have an intake process then you will reject the intake when you basically design the product. We can detect that license violation when that GPL3 component is in our repository, added to our repository. So usually we will release that repository after several weeks or at least several days after adding that component to our repository. So usually I think we can detect before releasing that product. Okay, I think finally I have some information about the open chain from this December we started the open chain advent calendar. We posted 25 blogs about the open source compliance or OSPO and SBOM and so on. And please search for Google advent open chain advent calendar you can access. And almost all blogs has English summary so everyone can read it. And after that Fukuchi San Sessions and also has a Cybertrol San Sessions also so please enjoy it. Thanks so much. Thank you.