The Linux Foundation Drives Standardization of Open Source Software Supply Chain


October 4, 2016 – The Linux Foundation®, the nonprofit advancing professional open source management for mass collaboration, today announced that the OpenChain Project has established its first set of requirements and best practices for consistent free and open source software (FOSS) management processes in the open source software supply chain. The OpenChain Specification 1.0 aims to facilitate greater quality and consistency of open source compliance to help reduce duplication of effort caused by lack of standardization and transparency throughout professional open source organizations.

Open source is the new norm for software development, evidenced by nearly 70 percent of hiring managers looking to recruit and retain open source professionals within the next six months (see: 2016 Open Source Jobs Survey and Report). From society lifelines such as healthcare networks and financial institutions to in-car entertainment and movie production, open source has become a key software supply chain every major industry is dependent upon. Businesses ranging from startups to enterprises are looking to establish, build and sustain open source projects that support long-term innovation and reduce R&D costs. For open source software to continue to thrive, there must be a common set of requirements and best practices established to ensure consistency of use and quality of software. Individuals and organizations reliant on open source software must also have access to training resources and expertise such as licensing and compliance to uphold the integrity of code.

“Hundreds of thousands of people around the globe, including the world’s largest companies, leverage open source software, so we need to work together to support best practices for software license compliance throughout a supply chain,” said Jim Zemlin, executive director, The Linux Foundation. “Licensing, best practices, training, certification and other resources are needed to scale open source and protect the innovation built on top of it. The OpenChain Project is taking a major step forward by helping create software supply chains that are both efficient and compliant.”

The OpenChain Project is a community effort to establish common best practices for effective management of open source software and compliance with open source software licenses. The project aims to help reduce costs, duplication of effort, and ease friction points in the software supply. Today the OpenChain Project releases its first specification that defines a common set of requirements and best practices for open source organizations to follow in an attempt to encourage an ecosystem of transparent sharing and open source software compliance. The goals and requirements of the OpenChain Compliance Specification 1.0 include:

  • Document FOSS policy and training for software staff;
  • Assign responsibility for achieving compliance via designated FOSS-related roles;
  • Review and approval of FOSS content;
  • Deliver FOSS content documentation and artefacts such as copyright notices, licenses, source code, etc;
  • Understand FOSS community engagement including legal approval, business rationale, technical review of code, community interaction and contribution requirements; and
  • Adhere to OpenChain requirements for certification.

The OpenChain Project has also established three Work Teams to collaborate on future refinements of the OpenChain Specification, to develop training materials and create conformance criteria for organizations. The project will also begin the roll out of a self-conformance program this year.

Platinum Members of the OpenChain Project include Adobe, ARM, Cisco, Harman, Hewlett Packard Enterprise, Qualcomm, Siemens and Wind River.

+ posts

Meet Stella


Related articles

How to add AI to your cybersecurity toolkit 

A successful implementation of AI in cyber defense requires a solid data governance system, reimagined incident response frameworks, sufficient talent and expertise to manage the new system, and established documentation practices.

The Metaverse: Virtually a reality?

Metaverses have the potential to enable virtual worlds to expand beyond the gaming genre to encompass all manner of social and commercial activities.

Cybersecurity and Cloud: A Look Back at 2022 and What to Expect in 2023

Businesses are continuously reassessing their resources and options to fill their tech stack. In this competitive digital landscape, the innovative use of technology will be something that would generate a competitive advantage for organisations.

Shopping for Data: Ensuring a seamless user experience 

This combination can drive a business’s data culture and provide a structured approach for businesses to benefit from data intelligence across their operations, with only a few clicks.

Unveiling the Top 10 Cybersecurity Threats to Watch Out for in 2023

As technology advances, so do cybercriminals' methods to gain unauthorised access to sensitive information. With the increasing reliance on technology in both personal and professional settings, it is crucial to stay informed about the top cybersecurity threats to watch out for in 2023.

Subscribe to our Newsletter