OpenChain Project: Best practices for an ecosystem of open source software compliance

Yesterday at LinuxCon in Berlin, The Linux Foundation announced that the OpenChain Project has established its first set of requirements and best practices for consistent free and open source software (FOSS) management processes in the open source software supply chain.

OpenChain

The OpenChain Specification 1.0 aims to facilitate greater quality and consistency of open source compliance to help reduce duplication of effort caused by lack of standardization and transparency throughout professional open source organizations.

Goals and requirements of the OpenChain Compliance Specification 1.0

  • Document FOSS policy and training for software staff
  • Assign responsibility for achieving compliance via designated FOSS-related roles
  • Review and approval of FOSS content
  • Deliver FOSS content documentation and artefacts such as copyright notices, licenses, source code, etc.
  • Understand FOSS community engagement including legal approval, business rationale, technical review of code, community interaction and contribution requirements
  • Adhere to OpenChain requirements for certification.

Open source and software development

Open source is the new norm for software development, evidenced by nearly 70 percent of hiring managers looking to recruit and retain open source professionals within the next six months. From society lifelines such as healthcare networks and financial institutions to in-car entertainment and movie production, open source has become a key software supply chain every major industry is dependent upon.

Businesses ranging from startups to enterprises are looking to establish, build and sustain open source projects that support long-term innovation and reduce R&D costs. For open source software to continue to thrive, there must be a common set of requirements and best practices established to ensure consistency of use and quality of software.

Individuals and organizations reliant on open source software must also have access to training resources and expertise such as licensing and compliance to uphold the integrity of code.

“Open source as a development philosophy is acknowledged to both increase innovation and drive adoption. Adobe is an active participant in open source efforts and supports open activities by contributing to existing projects, releasing code as open source, and providing open access and conversations. Starting with the contribution of Tamarin to the Mozilla Foundation in 2006, Adobe has released hundreds of pieces of technology under open source licenses, and knows first-hand the value of establishing known, trusted standards. At Adobe, the Web is not only about the technology and code but also about the content and its delivery, and we support OpenChain’s efforts to standardize and improve the quality and consistency of open source for everyone,” said James Oh, Vice President, Associate General Counsel, Adobe.

Members of the OpenChain Project include Adobe, ARM, Cisco, Harman, Hewlett Packard Enterprise, Qualcomm, Siemens and Wind River.

OPIS

Subscribe to the Help Net Security breaking news e-mail alerts:

OPIS

Don't miss