Home News The Linux Foundation Drives Standardization of Open Source Software Supply Chain

The Linux Foundation Drives Standardization of Open Source Software Supply Chain

 

October 4, 2016 – The Linux Foundation®, the nonprofit advancing professional open source management for mass collaboration, today announced that the OpenChain Project has established its first set of requirements and best practices for consistent free and open source software (FOSS) management processes in the open source software supply chain. The OpenChain Specification 1.0 aims to facilitate greater quality and consistency of open source compliance to help reduce duplication of effort caused by lack of standardization and transparency throughout professional open source organizations.

Open source is the new norm for software development, evidenced by nearly 70 percent of hiring managers looking to recruit and retain open source professionals within the next six months (see: 2016 Open Source Jobs Survey and Report). From society lifelines such as healthcare networks and financial institutions to in-car entertainment and movie production, open source has become a key software supply chain every major industry is dependent upon. Businesses ranging from startups to enterprises are looking to establish, build and sustain open source projects that support long-term innovation and reduce R&D costs. For open source software to continue to thrive, there must be a common set of requirements and best practices established to ensure consistency of use and quality of software. Individuals and organizations reliant on open source software must also have access to training resources and expertise such as licensing and compliance to uphold the integrity of code.

“Hundreds of thousands of people around the globe, including the world’s largest companies, leverage open source software, so we need to work together to support best practices for software license compliance throughout a supply chain,” said Jim Zemlin, executive director, The Linux Foundation. “Licensing, best practices, training, certification and other resources are needed to scale open source and protect the innovation built on top of it. The OpenChain Project is taking a major step forward by helping create software supply chains that are both efficient and compliant.”

The OpenChain Project is a community effort to establish common best practices for effective management of open source software and compliance with open source software licenses. The project aims to help reduce costs, duplication of effort, and ease friction points in the software supply. Today the OpenChain Project releases its first specification that defines a common set of requirements and best practices for open source organizations to follow in an attempt to encourage an ecosystem of transparent sharing and open source software compliance. The goals and requirements of the OpenChain Compliance Specification 1.0 include:

  • Document FOSS policy and training for software staff;
  • Assign responsibility for achieving compliance via designated FOSS-related roles;
  • Review and approval of FOSS content;
  • Deliver FOSS content documentation and artefacts such as copyright notices, licenses, source code, etc;
  • Understand FOSS community engagement including legal approval, business rationale, technical review of code, community interaction and contribution requirements; and
  • Adhere to OpenChain requirements for certification.

The OpenChain Project has also established three Work Teams to collaborate on future refinements of the OpenChain Specification, to develop training materials and create conformance criteria for organizations. The project will also begin the roll out of a self-conformance program this year.

Platinum Members of the OpenChain Project include Adobe, ARM, Cisco, Harman, Hewlett Packard Enterprise, Qualcomm, Siemens and Wind River.