OpenChain was created to address FOSS-related friction points in the software supply chain. The focus of OpenChain today is helping to prevent companies redundantly recreating compliance work that upstream companies have already done or should have done.
- The vision for the project is to enable a software supply chain where free/open source software (FOSS) is delivered with trusted and consistent compliance information.
- The mission is to establish requirements to achieve effective management of free/open source software (FOSS) for software supply chain participants, such that the requirements and associated collateral are developed collaboratively and openly by representatives from the software supply chain, open source community, and academia.
The OpenChain Compliance Specification 1.0 defines a common set of requirements and best practice for open source organizations to follow in an attempt to encourage an ecosystem of open source software compliance.
Supporting organizations include: Adobe, ARM, Cisco, Harman, Hewlett Packard Enterprise, Qualcomm, Siemens and Wind River.
This project would not have been possible without the valuable sharing of expertise and knowledge by our many community members. In particular, the contributions of Gary O’Neall (Source Auditor), Miriam Ballhausen (Lumesse), Shane Coughlan (Opendawn) and Catharina Maracke, are much appreciated.