 Hi there, this is Shane Coughlin, General Manager of the OpenChain Project. It's great to have you here on our mini-summit today, looking forward to getting quite a few interesting things done. Just for general context, we're gonna kick off with a project update, we'll move into a little bit of information about different geographies, and then we'll head into a discussion on the OpenChain specification. We had a surprising amount of people registered for this particular event, 656 people expressed interest. People are joining right now from various places, which is fantastic. Thank you. As we go through, there is a section for Q&A where you can type in questions. I'd encourage you to do so. This is meant to be a summit where people can learn about OpenChain or dig deeper into it, so I would value your questions and comments as we go. On the line right now for speakers, we've got myself, and we have also Mark Eacy, the chair of the OpenChain specification work team. So on my side, I coordinate the global activities around OpenChain, and on Mark's side, he's the person who brings together all of the activity into the specification building our standard. Whether you want to talk about the current version of the standard, the version that's going through ISO or future iterations, he's definitely the right person to talk with. General project update time. Okay, so the project has been very busy because our de facto industry standard, which is seeing increased adoption around the world, just by way of example, we had Cisco announce conformance about two weeks ago. This de facto standard is now being made into a formal standard via ISO. So we're going through a type of fast track process. It's called publicly available specification. We're doing this in collaboration with something called the Joint Development Foundation. And in a nutshell, what's happening is there's a process to convert de facto standards into a formal standard in a relatively short time scale. So about nine months instead of 50 or 60. We are doing this right now. And the voting process for our standard is underway in ISO. We expect the voting process to have completed on September 22. So Open Chain, as the industry standard for open source compliance, will graduate the ISO process in Q3. This is exciting because it means that when we're talking with people who are not familiar with open source, they can very easily understand and engage with the project via understanding it as an ISO standard. One example is that people in sales and procurement can easily utilize it in their purchasing decisions and discussions. We're very excited about Open Chain as an ISO standard. And that's definitely the main thing we've been focusing on this year. Adjacent to doing something like this formal standardization, we have been continuing to grow the Open Chain community. We now have local work groups meeting in China, Japan, Korea, Taiwan, India and Germany. In July, we'll be launching the Open Chain UK work group. Each of these work groups provides a local platform and where appropriate in the local language to allow people to engage with the project. It's been tremendous for us actually to learn from people in places like China about their market conditions and their requirements. This has really fed into the growth in maturity and adoption of the project in the last year or so. One quick example here is that in April 2019, we released Open Chain 2.0, the current version of the standard. And when we released Open Chain 2.0, it was incorporating a lot of feedback from people who did not speak English natively. So we managed between 1.2 and 2.0 to choose language that was much easier to understand and much easier to translate. And we have directly to thank people in countries like Japan, China for this support and helping us make the standard better. That equally applies to our work in ISO. People have been providing a lot of feedback, suggestions and help. When it comes to North America, we have traditionally dealt with North America via pre-existing infrastructure. So, you know, a lot of the people involved in Open Chain are also involved in to-do group, which has meetings. We have some great platforms with conferences in the US and very frequently we'd have things like this mini summit as our rolling work group. Probably due to the COVID-19 situation, we will start to introduce a more formalized Open Chain North America with online meetings on a regular schedule. Talking of online meetings, first of all, with the Open Chain project, this year, we don't expect any physical travel. So everything we're doing is virtual. And we've been working on making the project more accessible and useful in that regard. We now hold bi-weekly webinars on the first Monday at 9am, third Monday at 5pm Pacific. And these webinars provide an opportunity to hear from and talk with speakers that we would otherwise meet at conferences around the world. Additional to these ongoing events, we have an automotive work group that holds quarterly meetings. We have a tooling work group that holds bi-weekly meetings. And we have just recently launched a bi-weekly specification discussion and drafting meeting. So we have a full roster of online activities and everyone who's interested is welcome to join them. We will encourage that and we'll explain it more later. I'm going to wrap up the update by saying that the project has got a terrific amount of community activity. Our mailing list has got over 3,700 subscribers. Our international work groups like Automotive and Tooling Automation have well over 100 subscribers. Work groups in areas like Japan, Japan is particularly busy, it has got almost 200 people from about 100 companies engaging on the work group. We keep a regular cadence of meetings, so Japan meets bi-monthly, China quarterly, India quarterly, Germany quarterly, and so on. We have benefited tremendously from people creating reference material and people helping each other on implementing compliance programs. That's one reason we have this mini-summit today. We want to continue that atmosphere and that access, that feeling of community around events like this. On the line right this moment, I see we've got 53 people live. So we're seeing a nice group of people here. I'm going to have a quick look at what type of people we've got. Some of the people here today are people well-known to the open chain community. I see we have Kato San from Panasonic by way of example. But we have a ton of people on the line as well who are not part of the day-to-day open chain community. Okay, so for everyone who's new, please feel free to jump in at any point as we go through the day. We're going to have a Europe update, an Asia update, and then we're going to head over to Mark for specification. For the Europe update, this is a pre-recorded discussion with Miriam Bellhausen in Germany. She is the chair of our conformance work team. The reason this is pre-recorded is because it's a weird time in Germany. In fact, for all of us not in the United States, I'm in Japan, it's a weird time. Here in Japan we're at 5.30 a.m., our friends in China 4.30 a.m., and in Germany it's evening time, family time. Nevertheless, we have pulled together some of our international group to help brief you on some of the cool things happening. Let's kick off with Miriam Bellhausen. If there are any issues with the audio, just let me know in the Q&A. Oh hey, I just got a shout out from Marcel. Thanks for the efforts. Good job. My pleasure. Okay, so Miriam now, and as the recording with Miriam is playing, you can jump in and ask questions. I'm very happy to address those as we go. It's very much based around all market transactions, so we've heard varying stories where some companies are concerned that their budgets might be cut into future, so they're trying to use the current year budget to get things done as quickly as possible. We've heard other stories that companies are cutting back on activities that are not super mission critical, so let's say the legal side. There's a bit of an audio skip there. Let me see if I can fix that for us right now. Hold on. By the way, if anyone is having trouble with the work they're doing on the Q&A and so on, just let us know. We actually have a technician on the line, so you'll be able to help out. One second, I'll just get this audio fixed. Alrighty, sorry for that. I'm about to replay that audio, so we're going to be hearing from Miriam about the German situation. I was just wondering, have companies changed their behavior in laws? Are they reducing investment and kind of nice to have improvements, or are German companies that you're aware of basically continuing as normal, continuing to invest in improving processes, continuing to invest in teams in areas that aren't mission critical, but might be strategically useful? I think I would really differentiate there. Up until, let's say, end of May, I would have said they are cutting back on everything that's not necessary, and there's a lot of work that apparently had to get done or that they had just pulled, so that needed to get done immediately, and it got pushed out quicker than it would have been pushed out otherwise. Since May begins of June, it feels like that's changed a bit. Certainly, there are different parts of the economy where they are still holding back quite a bit, but it feels like it's also getting back to normal in that area where companies are still prioritizing things that really need to get done right now, of course, but they are also again starting to focus again on policy aspects that maybe are mission critical right now. They are nice to have, but they are still trying to put that back in focus and trying to find a solution how to proceed with that. Maybe not right now, but down the line, maybe fall after the summer break, maybe even late fall considering that maybe we might be heading into a second wave in fall. That's what I would say is currently the status. That's a pretty interesting observation. I guess it indicates that if there was a change from crisis note back into, let's say, standard investment vote in May, that indicated quite a lot of confidence that the company itself, the German economy, the German social situation, was probably getting under control. I mean, things weren't back to normal, but it was a path to control the virus. Yes, I would agree with that. And if you look at kind of the numbers, infections that we had and also deaths and additional new infections every day, how the testing developed, that kind of falls within that time frame as well. So that was when most of the schools at least partially reopened. That was when stores partially reopened, restaurants partially reopened. And of course, it's been increasing ever since, but at least currently, most of the restrictions that were in place have been listed and they have been listed over the last, let's say, four to six weeks. So that kind of falls within the same area. Companies are going back to normal office work or at least partially normal office work. And I think that has a lot to do with it. And I think that's another factor that we shouldn't dismiss too easily. This whole work from home, kids at home, everyone's at home all the time, that of course has an impact on the type of work that you give out, right? You need to, you probably can't get as much work done at home with everyone else of you. So you need to prioritize even there. So even if there isn't a company strategy, you really need to find out what you can get done with the limited amount of time that you have available. And I would feel that that's also a large factor why certain types of work get pushed and other types of work are kind of on hold. It's not because there's necessarily a company policy behind it, but also because people just can't deal with that right now. That's the next point because there were lost periods around the world. To be frank, Asia and Germany seem to be roughly the same with China ahead of us all by a couple of months. Japan is slightly ahead of Germany in terms of the opening up. The timescales are roughly the same. However, during the crisis period, let's say January to March and China, everything shall be mid-February until late April, Japan is very much going to get involved on how to do this work from home, when can we expect so. So there were lost months where productivity wasn't shut down. It's just that people had to work out, had to change their business, they didn't really have so much time for community outreach. But that seems to be changed. Just last week, we had China, Japan and Korea, virtual reasons for open change. We had a lot of attendees. Japan was exceptionally at 66 people on the line, which was bigger than our world's open meetings. And this week, I wasn't sure if it worked or not, because everyone in Germany was ready to do more community outreach. But the German meeting that we're having this week, the 22nd of June, just because this is recording, a lot of people have said they're coming. A lot of people are done. So it seems like people are getting a handle on working from home and now they're contributing to the community again. Yeah, I would agree with that. Do you think that we can expect open source communities in particular to continue to function effectively, or are there perhaps some measures we need to do or something we need to do to help bring momentum back, keep momentum? So in Germany in particular, do we need to have some kind of activity, let's say, ensuring that the events have specific international knowledge? Or can we have events which are much more about interpersonal sharing? So do we need to change course from basically interpersonal sharing into trying to deliver more outside business knowledge to ensure people can allocate time? Or will people be able to allocate time this morning? I would say that the pandemic is going to be a boost for open source and sharing and just in general looking at technology. And if you look at what companies are doing, it feels like over the last couple of months, a lot more companies had been open sourcing their products. And if you look at this entire discussion around the contact tracing app, for Germany there was a big topic, everything was open sourced, it was all over the news. And I think it kind of got to the attention of even more people who were able to reach the pool. And with companies like Germany, FAP and Deutsche Telecom developers app, they are well-known companies and probably people wouldn't have put them in contact with open source and now everyone's realizing, well they are actually really active in this area. And I think there's going to be a big boost for companies dealing with open source, looking at open source or trying to find solutions like Open Chain is doing. I think availability of information is going to be key because it's coming up in conversations much more naturally than before. So people are going to be looking for information on everything and entirely different topics. I'm open source, how do I set up a compliance program? How do I ensure compliance? Just all of these topics, they are just going to be coming up and companies will want information on that. So I don't think that there needs to be a specific focus, it just needs to be make sure that people have access to information if they are looking for it and that they can get it whenever they want to get it. So that would be what I'm seeing right now as a company doing in the open source sector. I would feel that if companies are focusing more on open source, there's going to be at least some more or less natural boost for the community as well. But of course the community that doesn't have corporate backing as much maybe necessary in some occasions, there may be bigger issues due to the pandemic just because of cutbacks and things like that. Oh absolutely. I guess when it comes to, let's say, vendor activities, so we have various companies like Consultancy, small firms, sort of buyers in Germany, strategically speaking there was a little bit of a concern that their business might get hit by economic cutbacks and certainly that still appears to be potentially true in the United States for the pandemic is not under control by any measure. But it seems in Japan for example that companies will be working with their vendors pretty much as normal and it sounds like Germany might be the same in this post-made period. Yes, I guess I would agree. As I said, I think there may be sectors where that's totally different and where access would entirely disagree with me. But for the most part and overall I think yes, companies are working with their vendors as normal. Business is kind of picking up again and also supply chains are still disrupted, but it seems like they are not disrupted that much anymore. So yeah, I think it's getting back to normal. And I think one factor that again with regard to open source that we should keep in mind for Germany and maybe even for all of Europe is that there's a very big push from public authorities, public offices, cities, you name it, to move towards open source, move towards open data. There's EU initiatives actually pushing and requesting open data initiatives and I think that's going to be again another big move for all of these open source open data players where they're still moving further into the discussion and you know still becoming a bigger topic across Europe for the next couple of months. Especially with like the new legislation coming into force in or necessarily becoming into force in all member states like mid next year. So I think that's again going to be a big push at least in this public sector and that always triggers through to everyone else, right? If they are requesting open then you need to provide open at some point. And I have a somewhat related question to this and we're moving away from let's say the open source community change into the more general copyright. We of course famously had Patrick McCardy as a copyright holder in Germany. But his mode of operation seems to have adjusted that he's not doing the situation where we go to a company with one piece of income plan firmware then sign a contract and then scan all of their catalog and come back with comforts of potential compliance violations instead of appearances approaching companies with potential violation and essential charging engineering hours. The interesting thing with McCardy is that the perceived threats of McCardy himself or copyright trolls who copy him appears to be drunk. That's the perception we have in many geographies because we haven't seen the emergence of copycats. We haven't seen McCardy's activities growing, making them decreasing and more effective defense against them. I was just wondering because actually McCardy operates in Germany, is your perception that that aspect of risk vectoring open source while not gone appears to be more contextualized, more controlled at this juncture? Or do you think it's still a very touchy subject in the German area for German companies? I think it depends again on the type of company that you're talking to. I feel the same for both international players or companies that have been targeted by McCardy at some point in the past. If you look at the number of enforcement that's still going on, it feels like he's still very active, but the target seems to have shifted a little bit to maybe not the large multinational companies, but rather something that's more local companies that may not have their compliance in place and compliance policy strategies in place. I can understand that internationally people are feeling this is becoming less relevant for Germany. I don't think it is, but the target is obviously shifted this way. What I heard as well, and I found this to be really interesting, is that he's actually reaching out to companies that have been in compliance for several years, essentially just sending them a little help saying, okay, we're actually declaring the agreement that we signed with you five, ten, I don't know, years ago, to be invalid now, because we don't want to rely on these claims anymore, so you can destroy it, which seems to be an interesting step, I'd say, but he has been doing that for a little while now. It's always good to get some information around him, because I suppose McCarty symbolizes the greatest nervousness that people have around open source, whether it was patents or copyright, and seeing what had a successful attack vector, and could leverage it, and sort of embodies one of the successful attack vectors, and people like to track how it's evolving, so I really appreciate a journey site there. The last site I'd like to cover would essentially be Open Chain is set to be an ISO standard, according to the ISO database September 22nd. We have a lot of support from companies, but at the time of this recording, we haven't announced it yet, so I can't say who it is, but a major journal, a lot of companies just joined the Open Chain board, and this type of investment, this activity is really growing. Now that we're about to be an ISO standard, we're about to go deeply into procurement and sales outside of the open source offices, outside of the open source strategy, more generally across corporate procurement. Do you have any suggestions for what we can do in Germany to make sure that companies feel comfortable and find it easy to adopt Open Chain? Particularly something that we might not be doing today, and I say this because the Open Chain community, well not super insular, it's a few hundred companies with people who know open source very well, but of course in a few months, our audience will be thousands of companies, many of whom use open source but aren't really part of the community and they don't necessarily have that background, and there might be a bridge we need to build to ensure they can engage effectively or they don't get confused, and I was just wondering if you had any thoughts on that? Yes, I think once the key factors are going to be that companies, people in general feel they can safely ask questions without being alas that, or make fun of, or people thinking, oh my god, what are they doing? And I think to communicate, we're not blaming anyone if you don't have this in place, this is not something that you should have had for years, or that is so well established that it's really bad if you don't have it, that is going to be a key factor where people go, okay, this is someone I can reach out to, they are not going to communicate this openly, it's not going to be known to all my competitors that maybe I didn't have this before, I think that's going to be an important factor. I think we already do that in open chain, and I think that is very well known with everyone who's already engaged, but if you're just adding out in that area, you may not feel like that is actually happening, and people are going to keep things, let's say secret or at least not, who's paying for it, so yeah, that would be something I focus on, and I would make decisions. Hypothetically speaking then, and this was something that bounced around a few times, but we never explicitly launched it, perhaps the open chain project explicitly on the front page should make it clear that you can book a one-to-one call in private with, for instance, General Manager to talk through some of these items to which, as a bridging system to bring people in, and then of course companies, if they want specific help and support, then there's a very large partner ecosystem that they can get commercial services off, and it's a very large community ecosystem where they can talk to their peers. Yeah, I think that that may actually make sense to have something on there, if that's going to be published on the website, I would also make clear that this is just a talk through, this is just for you to ask questions, so you don't have to reach out to like a mailing list where you don't know who's on there, who will be responding, you know exactly who you'll be talking to, who you can pick, who you want to talk to, and maybe just reach out also in a language that you feel comfortable with, right? Things like that, so yeah, I would make that really clear as well, that this is something that is open and welcoming for everyone, so they feel comfortable reaching out. Absolutely, and that's a very good point, and we have to of course have a clear distinction between helping people understand the thing, and actually explicitly endorse a particular solution as a solution, and I just mentioned that because sometimes companies approach me directly, which is great, but they ask me questions like, what is the correct training for open training? And the answer is, it depends, it depends on what you are. That's right, it's a very lawyerly response. Yeah, well, the last thing I want to do is frighten wet companies by overloading them with inappropriately complex mechanisms when they might need something very simple, and at the same time, we don't want to tell companies to do something very simple when they might need something more robust, so it's really a case of let's connect extra to a workload and see. Yes, and that's something that especially when you're just starting out, or maybe you've already used open source for quite a long time, but you want to professionalize it a bit more, where it needs to be clear to everyone that this is something that everyone has down from the beginning, and you're the only one who has an issue with that. It's really a question of finding something that works for you, works for your business model, works for the type of software that you're using, or even the types of licenses that are relevant in your context, right? All of this, I think that's something that needs to be really clear for people starting out and coming into contact with this for the first time. Yes, that's a really good point. I suppose the last item would be, how do you personally manage it, because you're kind of on your hat, the community hat of conformance and open chain, you've guided that from zero into a proper structured performance approach, you went to things like our self-certification, and you also have a separate hat as a lawyer. And I was wondering, in the community sense, how have you managed to deal with the two hats? Did you ever find situations where you had to swap someone over from, oh, what you're talking about today isn't community conformance, but you're talking about a specific company activity and that belongs more in a privileged conversation and so on. Did you ever find that balance difficult, or has it just been something that works naturally in the way you approach the community anyway? I think as a lawyer, you always have to kind of balance that, because you need to have, to really be able to advise on certain topics. You need to have that contact to the community, the sector, whatever you're working with. So I think that's kind of a balance everyone needs to strike if you're working as a lawyer. I personally would always say, you know, especially when I'm talking to clients and I'm talking at events, I would always say, okay, this is something that I'm talking about as open chain work chair, working chair. Now, this is something that I know from experience, because I've been working as a lawyer, for example, advising on compliance projects, for example, involved in enforcement cases or something like that. So I would always try and make clear what the role is that I'm taking on at this time. And it may also be that, you know, even within the conversation that I'm saying, okay, this is not now I'm switching from this position to this position. And that's, I know something about this or that's why, you know, I want to talk to you about that. And of course, everything that needs to be handled in like a client attorney setting. I would obviously not talk about discussions in the community, maybe try and bring knowledge to the table that you know, because certain, or that you have, because certain companies or certain types of companies have been dealing with the same questions. But then, of course, generalize it so that it becomes something that they don't maybe recognize by others as well as an issue that they've been dealing with. That's a great point. I suppose this underlines once again, the fact that in an open source community like this, people can engage effectively with multiple assets and hesitations people have and setting forward are understandable. But in practice, we manage it effectively, and we don't have issues around contribution, while also being a professional in the field. And I just bring that up because companies new to this area might find a little healing to see that happen. Yeah, but I mean, no, of course, to actually engage, right? You're welcome to just listen in, at least for the time being, and find out how others are doing it. It's not like you need to contribute from day one. So I think, you know, you can learn to strike that balance and to find a way that works for you in your specific setting, which may include that you're not ever contributing because it's not a word, but you can still learn from what everyone else is doing. And maybe in kind of conversations, have a discussion about what might be possible. Let's say, for example, in the defense sector, where you certainly have higher confidentiality obligations than in other sectors. So I think that's an option as well. Absolutely, that makes a lot of sense. And I guess at that point, I would just note that the overchain main mailing list certainly embodies that. Last time I checked, incredibly, we've got more than 2,700 subscribers, which is a lot. And of course, the active community is smaller, so it's clear how many people are staying and waiting to see how things fall. So Miriam, your time today has been fantastic to be able to run through these items with you. And I think it's really valuable to people around the world in our community. Well, thank you for chatting. So there we have it, a little bit of a chat with Miriam to get the European perspective on how open chain is being perceived. One of the main takeaways, I think from Miriam, is that Germany is pretty much back to business as normal, perhaps, but a slightly larger buy-in to open source predicted. Naturally, not exactly business as normal companies like Daimler companies like BMW were going to sell significantly less product, but the shutdown situation is not preventing, since May, engagement that is useful for communities like ours. And as we mentioned in the talk, we just had a meeting in Germany, which was nicely attended, and we had some really great feedback about things like local translations of information. In Asia, and that's the next section for us, the Asia update, it's very similar. I think it was just last week, or the week before, we had three meetings, one China, one Japan, one Korea. All of the meetings were well attended. Some of them, like in China, we had a little bit of an international focus who went over things like the McCarty issue. Some of them, like in Japan, there was a great deal of discussion about sub-work groups and so on doing work locally. And in Korea, there was a lot of note sharing between companies. I think we had Kako talking about how they are working in open source. It's a messenger platform in Korea. On the line today, we actually have a bunch of our Japanese community members. So just by way of example, I just had a question from Kubota-san if there will be a recording of this made available. Yes, I'm recording this and I will be making the audio available. We have people like Osaki-san from Fujitsu and Njoji-san from Toshiba. These are board members of the Open Jam project. Kato-san from Panasonic as well. So we have some great people on the line if you have specific questions for Asia. But the overarching story here is that in Asia, in Japan, we have a mixture of remote and local working. In China, people are pretty much back at the office. In Korea, it's still a lot of remote work, but people are working away as usual. And of course, in some geographies like the situation with Taiwan is that they never really had a problem with COVID and they're back to work. So for us in Asia, it's pretty clear that things are functioning alright. One thing that's worth noting about Asia is that some of the companies in places like China have been increasingly involved in international open source. So a good example is that OPPO, the company that makes a lot of cell phones, for instance it recently sold this 188 million cell phone in India, they joined the Open Chain Board. So they are standing alongside their peers from companies like Japan and so on. What a very strong international focus. And that's notable because for a long time we were looking at kind of open source going into places like China. Now what we're seeing is that the massive companies with huge investment in open source from China are going to take global leadership roles. Actually we just had a meeting yesterday with our partner review and membership review subcommittees for the governing board and the people sitting on the committee, we had Dave Mark our chairman from Qualcomm. Now we had Chris Pan from OPPO and we had S.C. Lin from Moxa Taiwanese IoT company. I think they're number three in the world for smart connection devices. So you know very international flavor on our project and a lot of our Asian contributors are very active in building material and community that affects the global side. One thing I'd like to do here is actually bring in one or two of the Asian community members. So Kubota-san if it's okay for you to type in the question area, I'm just checking our what subgroup are you in in the Japanese open chain community because we have, this is for the audience, in Japan it's amazing how many work teams we have. We've got subgroups for licensing, FAQ, planning. These subgroups are all working on materials and solutions for their geography and of course internationally. Japan is a supplier education leaflet and the supplier education leaflet was created simultaneously in Japanese and English. This subsequently being translated into Korean simplified Chinese traditional Chinese that's gone around the world. It's been remarkable how that information has passed through. No typing from Kubota-san at the moment. Okay so what we're going to do here is I'm going to move us on after saying we're doing a lot in Asia and you can track it on the website. I'm going to move us towards the spec which is the real meat of what we're doing here. The open chain specification is in the ISO fast track process and brace yourself this is a wordy sentence because it's the formal description. The open chain submission is via the ISO IEC JTC1 pass transposition process to result in an international standard. The process usually takes seven to 11 months our ISO IEC JTC1 submission is in the ISO database the DIS ballot which is DIS 5230 launched on June 30th and concludes September 22nd. Before that there was an eight week period for national standard bodies to translate to submission. Depending on the DIS ballot result and comments received there may need to be a further FDIS ballot which could take eight weeks or that will be skipped and will just be an international standard. The actual international standard will be published within six weeks of the DIS ballot if there are no further comments or requirements and that has been done with great help from some of our friends in the open chain board Osaka-san from Fujitsu for example has been super helpful here David Rudin at Microsoft fantastic Seth Newbury over at the Joint Development Foundation and our past mentor Brian McAuliffe long story short open chain 2.0 becoming an ISO standard functionally identical open chain 2.0 and the ISO standard we're going to be hosting the ISO formatted standard on our website it'll be freely available we're going to label it open chain 2.1 because it's formatting has changed but none of the requirements have changed that said you know this is an open project we never stay still and with open chain one of the important things for us has been how do we capture the feedback I mean as we go out there in ISO as thousands or tens of thousands of companies work with open chain we're going to be getting feedback from a lot of people about the standard and we want to make sure that from day one we can capture that effectively we don't plan to replace or update our ISO standard at any high speed because it takes a long time to deploy standards and procurement we know that we do plan to start taking notes right now and in fact last month we launched that process in June so we're having bi-weekly specification meetings chaired by mark DC to take on board suggestions comments about the current open chain standard and what can happen in the future some of these comments and suggestions will be resolved by making reference material clarification material as needed some of these comments and suggestions will be incorporated in future drafts of the standard what I'd like to do is to hand over to mark now to let him talk through a bit about how that process goes you know this is separate from our ISO standard publication this is about how we capture the feedback and how that feedback informs the future and it's a very important process because this is a genuine community project it means everyone's voice is heard and everyone's opinion is counted so I'm going to hand over to mark if that's okay let's see if the transition works well hi hey shine can you hear me can you hear me can you hear me okay all right I got a message it sounds great so one of the interesting things to understand is that um open chain is an open source project and it's based on contributions from over 200 professionals and so that this spec is not just a small group of people but it's been through the eyes of many and the feedback has been incorporated and what it represents the spec really represents is a set of requirements that every high quality compliance program should meet so if you're for example a supplier and you want to convey that to your customers then obtaining open chain conformance is a great way to communicate that if you're an internal legal department and you want to get more comfort in how your company is handling open source then obtaining open chain conformance is really helpful to giving that comfort that assurance so I think that if you're a actual company that receives in software from a supplier then this is an opportunity to ask them your your suppliers whether they're open chain conforming or not now it sounds like a big burden sometimes to say oh you must be you don't have to require them to be 100% what you can do to help them along is to suggest that they come forward with just the requirements they can satisfy and show you some evidence of that in fact at our company at Wind River we're audited several times a year from very big vendors and oftentimes in those audits they're coming in to review our open source um sorry our engineering software engineering processes and one of the standard questions that exists is how do you handle open source and what I always start that conversation out with saying since we're open chain conforming I say here's the specification we're satisfying all these requirements and we can show you evidence for each of those requirements and it turns that conversation to what could be an hour or two into less than a half hour sometimes because it's very well laid out and by talking to the spec it gives people a contract of how that dialogue should go and it allows that conversation to happen very quickly so there are many benefits as I just highlighted there could be you could be a supplier you want to represent your discipline around open source or you want your suppliers to show you their disciplines um then you can ask for it or you could be an internal you know legal group possibly or a group that's concerned about discipline around open source so um I think that's always helpful to highlight I don't know if it's possible for me to uh share my screen I can pop a few slides up if if anybody is new I have a a few slides that will tell the story about open chain in under four minutes um let me see if I can share my screen let's put this down can you see my screen let's see actually hold on a second here okay so the one thing to know one of the things I like to highlight is open chain is about a program it's about the conformance to a set of requirements for a given program and what happens is incomes a you know a set of software that's being used um and you want to disclose all the open source within that software and then what happens is as part of the process a bill of materials is um created which then um is input into the whole clearance process and then the output of that compliance program is obviously some software but also a collection of compliance artifacts including the source code the legal notices and the aspects data and possibly the bill materials itself some customers would like to receive that as well what open chain um says is that I can trust that program and not only can I trust that you have a discipline program but that I can trust those artifacts that you're giving me that they've been prepared with discipline okay um I always like to highlight you know when I think about the open chain spec I think about six core pillars that it represents it ensures that every company that is open chain conforming has a policy in place and that that policy is communicated effectively that you have training and all the key people have been properly trained that you have all the required roles and responsibilities properly assigned and resourced and that also um as part of that process you are able to create a bill of materials along the way and that's really important because without that you don't know really what's in the code and with it it could be very very useful for many activities not just open source compliance but also security or export and then also a spec then has a set of requirements around ensuring that you prepare the proper compliance artifacts and then um that if you have uh an opportunity to contribute back to the community that you have a proper policy in place and in a nutshell if you didn't know what open chain was this is the one of the best ways to think about it in the most simplest sense okay and by the way when I get audited from a outside vendor I always put up these slides um to articulate that so if you ever looked inside the spec we're not going to go through the spec in great detail but the one thing to understand about the spec is that if you ever looked at it it's pretty straightforward and simple in its language and it's not a ton of pages to wane through it's really 12 pages with a lot of white space but the key point here is each of those pillars we talked about you have a simple requirement and then some course what we call verification artifacts that you have to satisfy so in this case in order to make sure that you have the policy requirements satisfied it's documented and it's properly communicated just give you another example of another pillar we just talked about there's one about the bill of materials it'll make a simple statement about what you need to do with respect to the bill of materials and have a very explicit set of requirements here it has two requirements at state that you must you know have a documented procedure that shows that you're identified tracking reviewing and clearing and archiving the stuff again I'm just trying to give you a sense of what it is if you're not familiar with it and if you are then this is going to be over very soon and then finally the other pillar we you know we talked about you have the compliance artifacts it talks about having a process in place and then again you have two requirements to satisfy actually what I want to do is change to another slide deck and talk about the spec and then we'll open up to questions we just launched the spec of the 3.0 initiative but as Shane pointed out we're in the process of waiting to hear back from the ISO organization to let us know that we've been accepted and if if you ever wanted to participate or join this activity the specification you're always welcome everybody's welcome it's an open source project and what we do provide is a a wiki page that I just wanted to highlight that exists and if you go there you can see all the previous versions of the spec the current spec and also the process we follow I won't go through it in any detail but you can read that if you want to understand how we work one of the most important things I encourage anybody who wants to contribute to the open chain spec is that we have frequently asked questions I highly encourage you to read those before contributing to understand kind of the philosophy behind that okay one of the key things in our in our efforts to to produce the spec is we follow some key principles first of all one of the most important principles is that we want to ensure that we're building trust around the use of open source the second principle is that we want to make sure that we're focusing on the what and why in other words we're not too prescriptive we're simply stating some high level requirements that we believe every high quality compliance program should have we're not dictating to you how to do it there are many ways to do it we allow everybody to have a lot of flexibility on implementing it but it ensures that certain things are in place as we saw by looking at the spec the other important guiding principles number three is less is more we're very focused on making sure that we keep it very focused very tight to the um quality of a compliance program and and the fact that um there's um it's very easy to get through the spec without having to wane through a lot of um confusing um text and finally as it's been highlighted a little earlier we do function as an open initiative we are also a standard but we're open to everybody to participate and as i noted earlier we've had over 200 people provide feedback on the current version that we have out today as we embark on the 3.0 um drafting these are the um objectives that we set out so if you see something that you relate to and you think you can contribute um to the spec and you haven't this is something to keep in mind um first of um we're really focused on obtaining feedback from people who are ready um from those who are trying to um incorporate the spec um into their organization okay now some people have implemented it successfully some people um some organizations are struggling um and we're trying to always understand what the what the obstacles are um the third um objective is really about um ensuring that we continuously stick to maintaining a very minimum set of requirements we don't want to get too bloated and that we're focused on what we expect every single program every compliance program to have in terms of quality the fourth um objective is is kind of new and interesting um we're actually doing an exploratory um investigation on how the spec might grow to have a wider scope in terms of um it's still about helping people trust open source software but it's more about um you know can we trust it not only with respect to license license compliance but possibly also security vulnerabilities now this is not necessarily something we required of every person as a compliance program but it'd be an optional piece and we're really not um trying to necessarily put that into this 3.0 spec but more explore this option as an add-on or you know to the actual spec and not a mandatory requirement of the spec and we'll probably look at the output of that process or that exercise and decide maybe in the future versions whether we should consider security vulnerabilities with respect to trusting open source and so that that that's that and then finally um I want to highlight to everybody here that um we have a number of resources that are helpful I mentioned them some of them along the way um one of the ones I haven't talked about already um already is the issues list so if you find that you've read the spec and you're having issues with the spec or have recommendations on how to improve the spec we have a place on github where you can list out your issue with respect to how you might want to see this the spec evolve I'm not going to go through these discussions that that's all I have for for the spec I want to open it up more to questions let me stop sharing okay so any questions or oh I see I see something here song Lee has just typed what's the perspective group of people who will benefit from open chain project what the revenue may be generated for open chain um the I'm guessing perspective is prospective group uh I would say that the people who will benefit from open chain it's any organization dealing with open source fundamentally open source is third party intellectual property and it's licensed conditional on some various things so you can only gain access to and use this third party IP if you obey the licenses it's that simple and if organizations have issues with licensing they stand several risks one is that they can no longer use the code the other is that they are infringing someone's copyright and it pays legal action and of course there's the issue that because this is third party IP where people are sharing their work if there's an actor who isn't respecting it who isn't playing fair you're not going to get the same benefits of collaboration so long story short anyone who's using open source needs to follow the licenses and if someone wants the easiest way to follow the licenses open chain as a clear standard is the easiest way to get that process in place so any organization using open source can use open chain to one make things a lot simpler and two make sure that they are sharing from the knowledge benefits of everyone else using the standard so it's very similar to if you look at something like ISO 9001 a quality standard the reason everyone uses that is because we all know that there's a baseline of quality with open chain the reason people use that is because we know there's a baseline of compliance approach so as mark said the key requirements of a quality open source program the same question what revenue might be generated um i mark i don't know what how you frame that i'd say i mean if you're talking about organization revenue i'd say you do not gain revenue from using a standard like open chain what you do is you dramatically reduce risk and therefore you save resource costs do you think that would be a good way to put it mark yeah i actually viewed also as um you may prevent yourself from losing revenue and what i mean by that is when you deal with your customers and you enter into contracts so wind river is like in the middle of the supply chain with respect to delivering software and oftentimes our software serves as like a the nervous system of our customers devices for example we offer up a commercial grade Lennox now we enter into a lot of contracts and i can tell you that there are certain contracts we're just not going to sign if we don't have a certain kind of discipline around open source and so i find this actually helps revenue generation in that sense meaning it gives our biggest customers our largest customers that comfort when we're engaging with them and so i think it's necessary in order to articulate that and i only see this growing the the the requests around not just open source you know um compliance but what's grown in the last two years in particular the last six months i've seen is the request for a bill of materials of an open source bill of materials and if your organization cannot deliver that and there's for two reasons right compliance and the second reason is for security around open source people want to know that you can manage that and if you cannot demonstrate that or deliver that then you're not going to be able to sign that contract so um and then finally i think just from as Shane pointed out liability within your own organization if if you mess up and somehow you get into a certain situation where you're not properly handling the open source i've seen one case where a company was trying to get acquired um and they really botched up the management around open source and the acquisition deal um didn't go away completely but a major haircut on the valuation uh took place so i think if you're a company and you just want to make sure you're you're highly you know you're doing the right things um then i think that um especially you know if your company could be sold i think you want to get comfort internally then i think having open chain conformance um give that that comfort is is critical that's actually such a good point um it reminds me a little bit of how open chain is already used in m&a it's inactive discussions with m&a let me see if i can share my screen very briefly uh i don't have a share button here okay all right um so we actually have a whole book about open chain in m&a on our website so it's utilized there in m&a discussions i mean long story short if people are going to use open source we have to know that they're compliant and open chain is the distillation of a huge amount of knowledge of how to be running a compliance program that works so anyone using that is essentially doing the right stuff and we do see a lot of increased adoption so we see a lot of people working with open chain we see it going into areas like procurement as mark said you can expect a lot of people to be asking for open chain conformance so they know that your company meets the minimum requirements of a quality program for conformance um we have a great question in from Marcel uh he says should we communicate quite clearly that 3.0 will only be coming out in a few years otherwise adoption of the existing ISO standard might be affected um i would i would answer yeah i mean the the ISO standard is not intended to iterate quickly so people should message that the ISO standard is it uh we spent years making it it's ready to go and it's not going to be something that we iterate quickly when it comes to our automotive members uh we're looking at a situation where it's literally going to take years for it to go through their procurement process with hundreds of companies so we don't want to have confusion there um but at the same time we want to make sure there's an avenue for capturing information and future drafting from day one so we want to make sure that that process is there uh mark does that capture it adequately in your perspective yes i think it's important for us not to be too dramatic in our changes right for that very reason that's been you know pointed out and that we don't anticipate um a rapid a big change at all but more about probably 3.0 you know will come out in a much longer time frame than we would normally expect and there'll be ample time for people to to migrate to that new version but also we would be very mindful of that new version and and the ability to migrate to it so yeah i mean hypothetically i'm just typing this into the q and a area which is not what i'm meant to do but i'm doing that anyway so even when we do a future iteration it'll be the same iso standard just updated so i'm not saying we're going to iterate quickly i'm just explaining what will happen so for instance let's say we're iso number x y z and then colon 2020 that's when it came out uh when there is an update to that standard it'll be iso x y z colon let's say 2023 and this will make it very clear that it's the same standard and it's the same process of iteration that we see in other standards whether it's iso 14001 or iso 26262 that's quality and functional safety you know so we're going to fit very neatly into the iso process but yeah communicate to people that what is there now open chain two and what will be there very shortly the iso standard which we're calling 2.1 they're functionally identical so anyone who's open chain conformant with open chain two or 2.1 will be iso conformant and these organizations can expect that conformance to be both valid and useful for years oh here's an interesting one this is songly how should the syntaxes compiler standards uh in the source code be expected to keep up while the industry is involved oh evolving um so i think i would separate very clearly here uh code development and something like open chain which is process the process for open source compliance is not something that iterates quickly the code going through the process might iterate quickly but that has no impact on open chain uh mark do you think that would be a good way to capture that yes i think you did you nailed that one in terms of program versus you know a discipline yeah instead of too long it's different you know open chain is the first standard from linux foundation the first formal standard iso standard in 14 years the last time we did one it was linux standard base which describes the base linux system and uh linux standard base had great utility in the early days for things like enterprise linux adoption but as songly pointed out code iterates pretty quickly so linux standard base set the baseline for linux scenarios like enterprise but of course linux itself evolved relatively rapidly uh past that and with something like that code you could end up iterating the standard quite frequently so you could end up iterating a code standard at a much more rapid pace than you would iterate a process standard but open chain is a process standard uh the code that's going through the process it doesn't matter and we say for instance know what your inbound code is and you can do that automated you can do it manually it doesn't matter so that means that as you iterate the technical process you're not changing the compliance process you're just enhancing those particular inflection points with the tools it has so our standard doesn't change with the code yeah I think the other thing to highlight there is um the the standard described a high-level overview of a set of requirements although your compliance program itself can evolve and still satisfy the obligations of the spec so um that doesn't mean your program will will stay stagnant either um for example I've seen places where people are constantly looking at how we can automate compliance right that's a common discussion I see that in the tools group and so you might still be building a bill of materials which is a requirement of the of the of the of the spec but how you build that bill of materials gets more effect or more efficient possibly through using new tools or new automation techniques so I think you need to we always have to separate out the spec in a high-level set of you know core requirements versus the ability for your program to evolve continuously that's a really good point as well because when it comes to something like a software bill of materials if people are using a standard like spdx which incidentally will be the next standard by linux foundation spdx is a software bill of materials um open chain is the first through jdf spdx will be the second so you can expect them later this year or early next year if you're using something like spdx that standard is designed to be human readable or machine readable so you can automate it you can automate it in multiple different ways it just doesn't matter the standard is still the standard so that's tomorrow's point we have a question from Fabian about compliance rate of adoption certain industries um are some industries more compliant uh because of let's say massive uh companies in the field um are people more quick to self-certify some industries or other industries in the dark uh yeah we'll leave you a tidal wave in automotive for vias um or do people already do this and it's just phrased differently it's an interesting question what do you think mark well um i definitely think there are certain kinds of industries that have embraced open source and also might have a slightly higher risk profile around the use of open source not that open source is more risky it's just that they're out there more in volume so for example um a lot of device vendors the internet of things world um they are putting out devices and they're putting them out in hundreds of thousands if not millions and if they ever end up with a problem with open source um then that's going to be multiplied by the number of devices they have in the world um so i do see um and by the way i think those are the kinds of companies especially the companies that do a lot of embedded software we're really got on um early to this process um and also with spdx i felt that that were the drivers also behind spdx when you have an industry that has a slightly different risk profile then yeah i think you're going to see um more um reluctance to come on or not as they won't be the early adopters um as far as automotive i'm not experienced with automotive industry i have more experience with aerospace and defense but um i think that my my take on the automotive industry is that it seems like open source is starting to take off especially in the last five years in terms of understanding it and i've seen them you know resourcing open source more than um they have done it you know anytime in the past and so i anticipate um the automotive industry is becoming more and more savvier or or understanding the the value proposition around open source um and as they understand that the great um benefit i do think you're going to see more but i think it'll probably be the tidal wave will come when clearly when the the the automotive manufacturers are requiring their suppliers or their top tier one suppliers require the top tier two suppliers however one thing i think they can do is not necessarily expect all the suppliers to move very quickly but to incrementally um put rules around incrementally um adopting open chain within their supply chain so for example they can say to a supplier all right i know that you don't have it today but tell me where you are we'll accept that and show me your you know get well planned in the next two years to get to the compliance or conformance and i think that's more likely to happen in the automotive industry i mean i guess the industry is where we saw the most interest initially definitely embedded uh lower out huge and we've seen significant interest from companies optimizing their supply chain in places like cloud but i would highlight automotive is an area where the interest has been exceptionally high and in the next few months um there will be some announcements and developments in automotive which will very much underline this so i mean if i was to pick industries that are super super engaged for the open chain i'd say embedded mobile automotive these are the people shipping product right now that need this harmonization as quickly as possible and then i'd add on that cloud companies uh microsoft are very involved as well uh because of course they're very aware that underpinnings a lot of their industry is open source but yeah automotive is definitely engaged and can't talk about details but there will be announcements regarding major automotive components that will have a huge effect on the automotive supply chain so it's definitely one to watch in that industry um i'd also just highlight that there's no industry where people are like yeah we don't care there's no industry where that's the situation it's just that the the largest priorities are people in areas like embedded mobile automotive getting those physical products to market um these people are distributing a lot of open source uh we have a question from govota sat he would like to confirm that open chain 2.0 2.1 will match the iso standard uh answer is yes open chain 2.0 our current standard is functionally identical to what will be the iso standard open chain 2.1 is just open chain 2 formatted for iso so anyone who's open chain 2.0 conformant will be conformant with the iso standard and you can check that on our website using our online self-certification web app it's free and that will allow you to essentially become iso conformant so you can actually become conformant with open chain today and as soon as we have the iso number published you'll know that you're conformant with that iso number that's one reason that a lot of companies that are in our community that are open chain 2.0 conformant they're a little bit ahead of the game because on day one that the iso standard is out they're iso conformant so yeah uh govota sat if someone adopts open chain 2.0 or 2.1 that is the iso standard and they will be iso conformant uh the question about iso certification you can self-conform to an iso standard uh you can choose somebody to do an independent compliance assessment or you can choose third party certification these are three options and it's entirely dependent on your industry so in areas like let's say mobile most people are self-certifying in areas like automotive at this junction most people are self-certifying but a lot of people are interested in independent compliance assessment having a third party check what's going on and some entities are interested in full third party certification where an organization like twosood or pwc actually certifies you these are all options uh but yeah you can certify you can self-certify to open chain today open chain 2.0 and that will make you iso uh conformant so it's a good time to do it so you know being very explicit about this sysco announced open chain 2.0 conformance about two weeks ago and as soon as the iso standard is out they're conformant with that iso standard so it's a it's a nice marked position anyone who adopts open chain in the next few months will essentially be in a great position for both marketing and practical deployment in september mark i think wind river is the only company maybe that has self-certified to every version of the open chain standard recall correctly um we are with all the other um versions um not sure who else is but yeah we definitely are and it's actually been a um a big plus for like as i discussed earlier for the several different reasons that um we see value in open chain it's uh it is interesting how the open chain conformance is useful for companies uh in sales negotiations i mean it's useful for procurement because you can make sure your suppliers are doing the right thing but in sales negotiations you can say hey look we're we're using an industry standard this is clearly unambiguously how you do open source compliance and uh we have a i don't know how i've even had people yeah go for it i'm sorry i was just gonna say that we've had um dialogues with customers and i've talked to them about how we're open chain conforming kind of educated them a little bit and they turned around and they put the that terms in our contract that we will you know maintain open chain conformance so that's pretty good so i mean um yeah yeah so it's been very practical for you in the customer sense and it makes the dialogue very simple and straightforward um because a lot of times there's a lot of fuzziness sometimes around compliance i can tell you when people will talk about like all right what are you going to give us in terms of the compliance artifacts right and they sometimes want to list those out in the contract um and i can't have every single different customer come to me and say well i want it this way and another customer negotiates a different way and and so forth it's too costly and too complex so um we standardize on two things open chain as a you know our program and also spdx data delivery whenever they come to us and they want to say hey look um we want this um compliance information well we say we're going to give it to you in spdx format and we're going to follow the open chain standard and that saves a lot of cost for us when we're dealing with many different customers i'm doing a super quick screen share here uh just to show on the open chain website you should be able to see this on the screen share there are conformance logos so it shows which version of open chain you conform with and if you're wind river you've got all of these logos in your literature this is a really quick shortcut for people to know what their supplier company is up to or it's a really quick shortcut for a purchasing company to become conformant and set that expectation for their supply chain so you know hypothetically if an automotive maker says i'm open chain 2.0 conformant the suppliers know that that's what this company wants and that's the particular version we should work on and i'll just see if i can uh bring it up there's an online certification and self-certification web app not sure if i can sign in oh and maybe i can oh password does not work so this particular web app allows you to certify with the open chain standard it's a series of yes no questions that you can utilize to check if the company has the right requirements and if you answer a question with a no you can very quickly uh understand oh that's where i need to put resources on my open source compliance program so we tried really hard to make sure that the basic material was in place for open source uh a compliance via open chain to be very simple and easy to understand uh mark if i recall correctly you had pretty deep involvement in setting this up as well um yeah we were one of the first ones to go forward with it and i think that is also very helpful because it guides you through the um ensure that you're covering everything and along the way you're gathering up the data to satisfy the different questions and and then you're storing that data and so what we are actually audited by our our customer um we can easily pull out the data that we you know gathered up to satisfy each of the questions and so it was very helpful um even after yeah i mean just that point the spec the current spec is split into six parts and here under part four the second yes no question is do you archive copies of the compliance artifacts of the supplied software so yeah you either archive a copy of that uh compliance artifact whatever is necessary for compliance or you don't um and if you don't you now know that that's something you should do and what's interesting here is that in open chain the final questions essentially say do you have the documentation confirming that your program meets these requirements so do you have documentation showing how you did it and do you have documentation confirming that the program was reviewed in the last 18 months to make sure that you know something didn't end up dead so in this sense if you go through the spec the first five sections are about answering questions about doing the right stuff do i have this do i do that and then the last section is conform confirming that you have a record of doing that stuff uh which is useful for you but it's also used for your for your customers because they can say um let me see the record let me see if i'm happy with how you did this and then they can go back and say i'm happy with everything you did except this process point which i would like improved and i think that allows open chain to be police or economics it allows your own supply chain to determine what's appropriate uh your customers to decide what's appropriate with the companies that's how i describe it you think that's accurate yeah and and this is also yes i do and i also found it very useful when we were acquiring a company recently and we were sitting down doing the due diligence and i've always brought in to help out with the open source um due diligence part of the of the transaction and i did what i did was i took this list of questions and i i walked through with the with the target company and got them to answer it i understood that they would not be open chain conforming but i understood where the gaps were when i was done and this was a great guide for that so that when we did bring them on board we knew where we can actually work you know fill in the gaps and so it also if someone's got a lot of messes in what they're doing during an m&a discussion no doubt you can push down the price too it's a win yeah so i mean it's it's actually surprising our offline self-certification questionnaire all of its private uncle you fill it all out and you choose to submit it for conformance but you don't have to you can just sign in use the questionnaire save your answers um and that's it you can use it entirely privately and we found out that 50 of the companies using this are using it for conformance activities so they're thinking about we'll conform with the open chain standard but 50 percent of companies using this are utilizing it for health checks and internal resource allocation so in other words they're finding out how is our compliance program looking and where do we need to invest so those companies are not precluded and that's they will never conform but they're utilizing this online resource to refine what they do to save time to save money and personally i think that's a sign of success i mean mark it means that not only are people at checking boxes to get a standard they're um they're using what we have to be more effective in their company to use less resources and to have less risk in an easier way definitely and i think what it does is and this is a very important point a lot of times i see companies come and they say i don't know where to start right um we we want to do this compliance thing but where do we start and i think this focuses everybody it makes it a much more efficient task um by following this checklist um and giving clear guidance um so yeah i think it does help with efficiency just on that aspect alone i suppose one final note is that every version of the open chain standard is a great starting point so it's not a case of open chain two is miles better than open chain one it's just we have iterated we can prove the translation of language and so on so let's say hypothetically your customer company is open chain 1.1 conformant and you're a supplier and they're they say well i want you to be open chain 1.1 conformant that's no problem you just log into the web app just choose your version and you have the questions appropriate to that version of the standard so we've made sure that this whole thing can work across multiple years of procurement multiple different decisions by suppliers and customers we've we've built this as flexible as possible to solve the real world problem we're out of time so if anyone has one last question you're welcome to type it in otherwise we're going to wrap it up here mark i gotta say thank you for making time to walk through uh where we are we are at with the standard uh if it's okay with you i have a recording of your section with the slides and i'd like to you know include that if possible in a recording but it depends whether it's okay with you mm-hmm i hope the slides are great yeah of course okay everyone it's the slides i use with my customers they're awesome they're really nice okay thank you everyone thanks mark have a great day oh you know one last thing bye everyone don't forget to join our community openchainproject.org take care all