Posts

In the last few years we have witnessed the unprecedented growth of open source in all industriesfrom the increased adoption of open source software in products and services, to the extensive growth in open source contributions and the releasing of proprietary technologies under an open source license. It has been an incredible experience to be a part of.

As many have stated, Open Source is the New Normal, Open Source is Eating the World, Open Source is Eating Software, etc. all of which are true statements. To that extent, I’d like to add one more maxim: Open Source is Eating the Startup Ecosystem. It is almost impossible to find a technology startup today that does not rely in one shape or form on open source software to boot up its operation and develop its product offering. As a result, we are operating in a space where open source due diligence is now a mandatory exercise in every M&A transaction. These exercises evaluate the open source practices of an organization and scope out all open source software used in product(s)/service(s) and how it interacts with proprietary components—all of which is necessary to assess the value creation of the company in relation to open source software.

Being intimately involved in this space has allowed me observe, learn, and apply many open source best practices. I decided to chronicle these learnings in an ebook as contribution to the OpenChain project: Assessment of Open Source Practices as part of Due Diligence in Merger and Acquisition Transactions. This ebook addresses the basic question of: How does one evaluate open source practices in a given organization that is an acquisition target? We address this question by offering a path to evaluate these practices along with appropriate checklists for reference. Essentially, it explains how the aquirerer and the target company can prepare for this due diligence, offers an explanation of the audit process, and provides general recommended practices for ensuring open source compliance.

If is important to note that not every organization will see a need to implement every practice we recommend. Some organizations will find alternative practices or implementation approaches to achieve the same results. Appropriately, an organization will adapt its open source approach based upon the nature and amount of the open source it uses, the licenses that apply to open source it uses, the kinds of products it distributes or services it offers, and the design of the products or services themselves

If you are involved in assessing the open source and compliance practices of organizations, or involved in an M&A transaction focusing on open source due diligence, or simply want to have a deeper level of understanding of defining, implementing, and improving open source compliance programs within your organizationsthis ebook is a must read. Download the Brief.

Open Source Compliance at NHSOne of the powerful things about open source is the way it allows various organizations and stakeholders come together to achieve common objectives. Open source projects play a critical role by providing a common platform that can integrate with new and existing systems. This is even more apparent when discussing open source compliance and aligning the various stakeholders in an open source supply chain.

A great example of this is a recent NHS case study published on openchainproject.org. NHS England is the public health services provider in England that treats more than 1.4 million patients every 24 hours. The organization needed a way to manage and leverage their open source assets across the organization without vendor lock in. Our partners at Source Code Control proposed the OpenChain Specification and brought us in to work with the Apperta Foundation, Code4Health initiative, OpenEyes, and AB EHR Digital for a training and pilot program.

The result enabled the project participants to meet open source industry best practices. It also helped NHS take the first step in a broader deployment plan across multiple projects and providers in the coming months and years. Thank you to all of our partners and we look forward to future collaboration in healthcare, automotive, and many more industries as they increasingly adopt open source. Read the NHS case study.

Open Source Compliance

This fully updated ebook provides detailed information on issues related to the licensing, development, and reuse of open source software.The Linux Foundation has released the second edition of Open Source Compliance in the Enterprise by Ibrahim Haddad, which offers organizations a practical guide to using open source code and participating in open source communities while complying with both the spirit and the letter of open source licensing.

This fully updated ebook — with new contributions from Shane Coughlan and Kate Stewart — provides detailed information on issues related to the licensing, development, and reuse of open source software. The new edition also includes all new chapters on OpenChain, which focuses on increasing open source compliance in the supply chain, and SPDX, which is a set of standard formats for communicating the components, licenses, and copyrights of software packages.

“Open source compliance is the process by which users, integrators, and developers of open source observe copyright notices and satisfy license obligations for their open source software components,” Haddad states in the book.

This 200+ page book encompasses the entire process of open source compliance, including an introduction on how to establish an open source management program, a description of relevant roles and responsibilities, an overview of common compliance tools and processes, and all new material to help navigate mergers and acquisitions. It offers proven best practices as well as practical checklists to help those responsible for compliance activities create their own processes and policies.

Essential topics covered in this updated ebook include:

  • An introduction to open source compliance
  • Compliance roles and responsibilities
  • Building a compliance program
  • Best practices in compliance management
  • Source code scanning tools

To learn more about the benefits of open source compliance and how to achieve it, download the free ebook today!

openchain

OpenChain makes open source compliance more predictable, understandable, and efficient for all participants in the software supply chain.

Communities form in open source all the time to address challenges. The majority of these communities are based around code, but others cover topics as diverse as design or governance. The OpenChain Project is a great example of the latter. What began three years ago as a conversation about reducing overlap, confusion, and wasted resources with respect to open source compliance is now poised to become an industry standard.

The idea to develop an overarching standard to describe what organizations could and should do to address open source compliance efficiently gained momentum until the formal project was born. The basic idea was simple: identify key recommended processes for effective open source management. The goal was equally clear: reduce bottlenecks and risk when using third-party code to make open source license compliance simple and consistent across the supply chain. The key was to pull things together in a manner that balanced comprehensiveness, broad applicability, and real-world usability.

Main Pillars of the Project

The OpenChain Project has three pillars supported by dedicated work teams. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. OpenChain Conformance allows organizations to display their adherence to these requirements. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, while meeting a key requirement of the OpenChain Specification. The result is that open source license compliance becomes more predictable, understandable, and efficient for all participants in the software supply chain.

Reasons to Engage

The OpenChain Project is designed to be useful and adoptable for all types of entities in the supply chain. As such, it is important to distill its value proposition for various potential partners. Our volunteer community created a list of five practical reasons to engage:

  1. OpenChain makes free and open source software (FOSS) more accessible to your developers. OpenChain provides a framework for shared, compliant use of FOSS. Conforming companies create an environment that supports use of FOSS internally and sharing of FOSS with partners.
  2. OpenChain reduces overall compliance effort, saving time and legal and engineering resources. OpenChain allows companies in a supply chain to work together toward FOSS compliance and provides a consistent standard to which all must perform. By contrast, in a typical supply chain, each member of the chain has to perform FOSS compliance for software of others in the chain, wasting time and resources in a duplication of effort.
  3. OpenChain may be adapted to your existing systems. OpenChain allows you to choose your own processes to meet its requirements. OpenChain provides resources that help you design new processes from the ground up, or you may choose to use the systems you have in place.
  4. OpenChain helps your business teams work together toward a common goal. OpenChain provides a blueprint for your legal, engineering, and business teams to work together toward FOSS compliance.
  5. OpenChain allows you to conform to a stable, community-backed specification. When you adopt OpenChain, you conform to a stable specification that is widely backed by industry and community participants. OpenChain was developed in an open, collaborative process, with contributors from a wide range of industries across Asia, Europe and North America. OpenChain is being formally adopted by a growing number of both small and larger companies.

Today, the OpenChain Project is addressing its goals and moving towards wider market adoption with the support of 14 Platinum members: Adobe, Arm, Cisco, Comcast, GitHub, Harman, Hitachi, HPE, Qualcomm, Siemens, Sony, Toyota, Western Digital, and Wind River. The project also has a broad community of volunteers helping to make open source compliance easier for a multitude of market segments. As we move into 2018, the OpenChain Project is well positioned for adoption by Tier 1, Tier 2, and Tier 3 suppliers in multiple sectors, ranging from embedded to mobile to automotive to enterprise to infrastructure.

Entities of all sizes are welcome to participate in the OpenChain Project. Everyone is welcome and encouraged to join our mailing list at:

https://lists.linuxfoundation.org/mailman/listinfo/openchain

You can also send private email to the Project Director, Shane Coughlan, at coughlan@linux.com.

SAN FRANCISCO, October 24, 2017 — The OpenChain Project is delighted to announce that Comcast has become a Platinum Member and will take a seat on the Governing Board. OpenChain has been growing rapidly in recently months and now has a Governing Board of 14 members that support and inspire a community of almost 200 to address the key requirements for open source compliance in the supply chain.

“The OpenChain Project is centered around a specification that outlines an approach for open source compliance in all types of organization,” says Shane Coughlan, OpenChain Project Director. “Today, as we welcome Comcast to our Governing Board, we benefit from a wealth of knowledge and experience provided by a diverse group of stakeholders. Together our member companies and our broader community will collaborate to build a better, more efficient supply chain and will help to ensure that all parties benefit from effective use of open source technology.”

“OpenChain provides a powerful platform to accelerate open source adoption and engagement through shared best practices in compliance,” Nithya Ruff, Senior Director of Open Source Practice at Comcast Cable, said. “We’re excited to learn from our peers and share our experiences as we engage in this important and valuable project.”

The OpenChain Project identifies key recommended processes for effective open source management. The project builds trust in open source by making open source license compliance simpler and more consistent.

The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements.

The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.

Organizations of all sizes are invited to review the OpenChain Project, to complete our free Online Self-Certification Questionnaire, and to join our community of trust.

Additional Resources

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

# # #

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

LOS ANGELES – OPEN SOURCE SUMMIT NORTH AMERICA – September 11, 2017 — The OpenChain Project is proud to welcome Hitachi as a Platinum Member. Hitachi joins eleven other companies to take a leadership role in our industry standard for open source compliance in the supply chain.

“The inclusion of Hitachi in our community is pivotal,” says Shane Coughlan, OpenChain Program Manager. “As a leader in numerous technology areas, and as a long-term contributor to the open source community, Hitachi is perfectly positioned to help us take the OpenChain Project to the next level. We look forward to working closely together to build out adoption of the OpenChain Specification in the supply chain.”

“We are delighted to join the OpenChain Project as a Platinum Member,” says Teruhisa Ishikawa, Director of OSS Solution Center, Systems & Services Business Division, Hitachi, Ltd. “Open source delivers value to multiple market segments and underpins many mission critical technologies. Good governance and clear standards are vital for effective, sustainable use. OpenChain helps empower companies of all sizes to benefit from the knowledge and experience of the community as a whole. We look forward to encouraging greater adoption.”

About The OpenChain Project

The OpenChain Project identifies key recommended processes for effective open source management. The project builds trust in open source by making open source license compliance simpler and more consistent.

The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain. Organizations of all sizes are invited to review the OpenChain Project, to complete our free Online Self-Certification Questionnaire, and to join our community of trust.

The OpenChain Project has twelve Platinum Members that support its work: Adobe, Arm, Cisco, Harmen, Hitachi, HPE, GitHub, Qualcomm, Siemens, Toyota, Wind River and Western Digital.

Additional Resources

The OpenChain Conformance page

The list of OpenChain Conformant organizations

About Hitachi, Ltd.

Hitachi, Ltd. (TSE: 6501), headquartered in Tokyo, Japan, delivers innovations that answer society’s challenges. The company’s consolidated revenues for fiscal 2016 (ended March 31, 2017) totaled 9,162.2 billion yen ($81.8 billion). The Hitachi Group is a global leader in the Social Innovation Business, and it has approximately 304,000 employees worldwide. Through collaborative creation, Hitachi is providing solutions to customers in a broad range of sectors, including Power / Energy, Industry / Distribution / Water, Urban Development, and Finance / Government & Public / Healthcare. For more information on Hitachi, please visit the company’s website at http://www.hitachi.com.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

# # #

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact:

 

pr@linuxfoundation.org