Posts

openchain

OpenChain makes open source compliance more predictable, understandable, and efficient for all participants in the software supply chain.

Communities form in open source all the time to address challenges. The majority of these communities are based around code, but others cover topics as diverse as design or governance. The OpenChain Project is a great example of the latter. What began three years ago as a conversation about reducing overlap, confusion, and wasted resources with respect to open source compliance is now poised to become an industry standard.

The idea to develop an overarching standard to describe what organizations could and should do to address open source compliance efficiently gained momentum until the formal project was born. The basic idea was simple: identify key recommended processes for effective open source management. The goal was equally clear: reduce bottlenecks and risk when using third-party code to make open source license compliance simple and consistent across the supply chain. The key was to pull things together in a manner that balanced comprehensiveness, broad applicability, and real-world usability.

Main Pillars of the Project

The OpenChain Project has three pillars supported by dedicated work teams. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. OpenChain Conformance allows organizations to display their adherence to these requirements. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, while meeting a key requirement of the OpenChain Specification. The result is that open source license compliance becomes more predictable, understandable, and efficient for all participants in the software supply chain.

Reasons to Engage

The OpenChain Project is designed to be useful and adoptable for all types of entities in the supply chain. As such, it is important to distill its value proposition for various potential partners. Our volunteer community created a list of five practical reasons to engage:

  1. OpenChain makes free and open source software (FOSS) more accessible to your developers. OpenChain provides a framework for shared, compliant use of FOSS. Conforming companies create an environment that supports use of FOSS internally and sharing of FOSS with partners.
  2. OpenChain reduces overall compliance effort, saving time and legal and engineering resources. OpenChain allows companies in a supply chain to work together toward FOSS compliance and provides a consistent standard to which all must perform. By contrast, in a typical supply chain, each member of the chain has to perform FOSS compliance for software of others in the chain, wasting time and resources in a duplication of effort.
  3. OpenChain may be adapted to your existing systems. OpenChain allows you to choose your own processes to meet its requirements. OpenChain provides resources that help you design new processes from the ground up, or you may choose to use the systems you have in place.
  4. OpenChain helps your business teams work together toward a common goal. OpenChain provides a blueprint for your legal, engineering, and business teams to work together toward FOSS compliance.
  5. OpenChain allows you to conform to a stable, community-backed specification. When you adopt OpenChain, you conform to a stable specification that is widely backed by industry and community participants. OpenChain was developed in an open, collaborative process, with contributors from a wide range of industries across Asia, Europe and North America. OpenChain is being formally adopted by a growing number of both small and larger companies.

Today, the OpenChain Project is addressing its goals and moving towards wider market adoption with the support of 14 Platinum members: Adobe, Arm, Cisco, Comcast, GitHub, Harman, Hitachi, HPE, Qualcomm, Siemens, Sony, Toyota, Western Digital, and Wind River. The project also has a broad community of volunteers helping to make open source compliance easier for a multitude of market segments. As we move into 2018, the OpenChain Project is well positioned for adoption by Tier 1, Tier 2, and Tier 3 suppliers in multiple sectors, ranging from embedded to mobile to automotive to enterprise to infrastructure.

Entities of all sizes are welcome to participate in the OpenChain Project. Everyone is welcome and encouraged to join our mailing list at:

https://lists.linuxfoundation.org/mailman/listinfo/openchain

You can also send private email to the Project Director, Shane Coughlan, at coughlan@linux.com.

We are thrilled to announce that Hitachi has become the latest Linux Foundation Platinum member, joining existing Platinum members Cisco, Fujitsu, Huawei, IBM, Intel, Microsoft, NEC, Oracle, Qualcomm and Samsung. Hitachi has been a supporter of The Linux Foundation and Linux since 2000, and was previously a Linux Foundation Gold member. The company decided to upgrade its membership to Platinum in order to further support The Linux Foundation’s work, and open source development in general.

Hitachi is already a member of numerous Linux Foundation projects, such as Automotive Grade Linux, Civil Infrastructure Platform, Cloud Foundry Foundation, Core Infrastructure Initiative, Hyperledger and OpenDaylight. Platinum membership will enable Hitachi to help contribute further to these and other important open source projects.

Linux Foundation Platinum members have demonstrated a sincere dedication to open source by joining at the highest level. As a Platinum member, Hitachi will pay a $500,000 annual membership fee to support The Linux Foundation’s open source projects and initiatives. The company will also now occupy one of 14 seats on the Linux Foundation Board of Directors that are reserved for Platinum members.