All Posts By

OpenChain Project

OpenChain Project Adds Fujitsu as Platinum Member

By | News

Leading Japanese information and communication technology company to support industry’s only open source compliance standard for collaboration across supply chains

SAN FRANCISCO & HALF MOON BAY, Calif. – OPEN SOURCE LEADERSHIP SUMMIT –  March 13, 2019 — The OpenChain Project, which builds trust in open source by making open source license compliance simpler and more consistent, announced today at Linux Foundation’s Open Source Leadership Summit (OSLS), that Fujitsu has joined as a Platinum member.

Fujitsu joins other recent Platinum member additions including Bosch, Microsoft, Uber, Google and Facebook. OpenChain provides a specification as well as overarching processes, policies and training that companies need to be successful in managing open source license compliance so that it becomes more efficient, understandable and predictable for participants of the software supply chain.

As code flows between companies that consume billions of lines of open source software through their supply chains to build new products and services, a key challenge is ensuring the relevant license requirements are met in a timely and effective manner. The OpenChain Project provides a consistent way to address that and other challenges. Conformance with the OpenChain Specification shows that an organization follows the key requirements of a quality open source compliance program, and builds trust between organizations in the supply chain. It makes procurement easier for purchasers and preferred status easier for suppliers.

“Fujitsu has been a long supporter of open source communities and the Linux Foundation;  we believe open source compliance is crucial factor for open source collaborations,” said Kaneshige Kenji Vice President, and Head of the Linux Development Division, Platform Software Business unit of Fujitsu. “We’re excited to join the OpenChain project to foster trust in open source supply chain and encourage greater compliance for open source software rapidly increasing in our society.”

“We are delighted to have Fujitsu join the OpenChain Project as a platinum member,” said Shane Coughlan,  General Manager, OpenChain. “Their expertise and support will be crucial as we continue to build our industry standard for open source compliance in the supply chain. I am particularly excited to gain access to the substantial knowledge Fujitsu possesses in areas like IoT and cloud technology.”

As a Platinum member, a representative from Fujitsu will join the OpenChain Governing Board. Other Platinum members of the OpenChain project include Adobe, Arm Holdings, Bosch, Cisco, Comcast, Facebook, Google, Harman International, Hitachi, Microsoft, Qualcomm, Siemens, Sony, Toshiba, Toyota, Uber, and Western Digital.

Additional Resources

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.

About The Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Contact

Jill Lovato

The Linux Foundation

jlovato@linuxfoundation.org

OpenChain Project Announces Bosch as Platinum Member

By | News

Bosch to  leverage industry’s only open source compliance standard to provide common approaches and understanding for collaboration across automotive & IoT supply chains

SAN FRANCISCO –  February 28, 2019 — The OpenChain Project, which builds trust in open source by making open source license compliance simpler and more consistent, announced today that Bosch has joined as a platinum member. Membership momentum continues to grow for the project, as Microsoft joined just a few weeks ago as well as other large companies including Uber, Google and Facebook in December. OpenChain provides a specification as well as overarching processes, policies and training that companies need to be successful in managing open source license compliance so that it becomes more efficient, understandable and predictable for participants of the software supply chain.

As code flows between companies that consume billions of lines of open source software through their supply chains to build new products and services, a key challenge is ensuring the relevant license requirements are met in a timely and effective manner. The OpenChain Project provides a consistent way to address that and other challenges. Conformance with the OpenChain Specification shows that an organization follows the key requirements of a quality open source compliance program, and builds trust between organizations in the supply chain. It makes procurement easier for purchasers and preferred status easier for suppliers.

Over the last 15 years, Bosch has embraced open source software starting with consuming open source tooling in automotive using the Eclipse IDE, embedding Linux into Bosch products, and co-innovation of software in public funded projects. Bosch is now leading more than a dozen open source projects and actively driving its open platform strategy for the Bosch IoT Suite at Eclipse IoT with over 1.5 million contributed lines of code. Therefore, it has a special interest in increasing the number of collaborating companies using mature open source management processes. Bosch believes OpenChain is a great platform to share good practices and improve the open source management systems and processes, so other companies can join open source communities.

The OpenChain Specification is the only standard for open source compliance in the supply chain and has major interest from automotive companies. Toyota is currently a platinum member and Scania recently became OpenChain conformant. Also, companies like Panasonic and Renesas are active in the community work groups.

“An open source management system standard will be key for successful collaboration on open source management infrastructure and services,” said Hans Malte Kern, Head of the Center of Competence Open Source, Bosch. “We’re excited to join the OpenChain project, as it reflects the importance of compliant open source usage, distribution, and contribution. Instead of negotiating the open source requirements with all our partners and suppliers, Bosch will leverage OpenChain as an open standard that provides common approaches and understanding for open source collaborations – not only in the automotive industry but also the connected world of IoT. We are convinced the OpenChain standard will replace bilateral negotiations, educations, and open source risk mitigation discussions.”

“It is terrific to have Bosch join other automotive companies such as Toyota as a platinum Member,” said Shane Coughlan, OpenChain General Manager. “Bosch is no stranger to the OpenChain Project and has a long history of contributing  to open source compliance activities. We are thrilled to have them participate in the Governing Board, Steering and Outreach Committees, as well as the work team calls and meetings to help drive this community forward.”

As a platinum member, a representative from Bosch will join the OpenChain Governing Board. Other platinum members of the OpenChain project include Adobe, ARM Holdings, Cisco, Comcast, Facebook, Google, Harman International, Hitachi, Microsoft, Qualcomm, Siemens, Sony, Toshiba, Toyota, Uber and Western Digital.

Additional Resources

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.

About The Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Contact

Jessica Rampen
OpenChain Project/Linux Foundation
jrampen@linuxfoundation.org
650-787-3548

Microsoft joins the OpenChain community to help drive open source compliance

By | News

A lot goes into making open source great – from licenses to code to community. A key part of doing open source right is being able to trust that the code you receive complies with its open source licenses. It’s a deceptively hard problem and one that Microsoft is working with the community to address.

The OpenChain Project plays an important role in increasing confidence around the open source code you receive. It does so by creating standards and training materials focused on how to run a quality open source compliance program, which in turn builds trust and removes friction in the ecosystem and supply chain.

View the entire post on Microsoft’s Open Source blog.

OpenChain Project Adds Microsoft as Platinum Member

By | News

OpenChain Project Adds Microsoft as Platinum Member

Global technology leader supports standardization in open source compliance to improve predictability and efficiency across supply chains

SAN FRANCISCO –  February 6, 2019 — The OpenChain Project, which builds trust in open source by making open source license compliance simpler and more consistent, announced today that Microsoft has joined as a platinum member. This comes on the heels of several other large companies joining OpenChain last month including Uber, Google and Facebook. The only standard for open source compliance in the supply chain, OpenChain provides a specification as well as overarching processes, policies and training that companies need to be successful in managing open source license compliance so that it becomes more efficient, understandable and predictable for participants of the software supply chain.

Companies consume billions of lines of open source software through their supply chains as they build new products and services. One key challenge as code flows between companies is ensuring the relevant license requirements are met in a timely and effective manner. The OpenChain Project provides companies with a consistent way to address these challenges. It’s hard to overstate the importance of this work given open source is a critical input at every step in the supply chain, both in hardware and software.

By joining OpenChain, Microsoft will help create best practices and define standards for open source software compliance, so that its customers have even greater choice and opportunity to bridge Microsoft and other technologies together in heterogeneous environments. Conformance with the OpenChain Specification shows that an organization follows the key requirements of a quality open source compliance program, and builds trust between organizations in the supply chain. It makes procurement easier for purchasers and preferred status easier for suppliers.

“Trust is key to open source, and compliance with open source licenses is an important part of building that trust,” said David Rudin, Assistant General Counsel, Microsoft. “By joining the OpenChain Project, we look forward to working alongside the community to define compliance standards that help build confidence in the open source ecosystem and supply chain.”

“We’re thrilled that Microsoft has joined the project and welcome their expertise,” said Shane Coughlan, OpenChain General Manager. “Microsoft is a strong addition not only in terms of open source but also in standardization. Their membership provides great balance to our community of enterprise, cloud, automotive and silicon companies, allowing us to ensure the standard is suitable for any size company across any industry.”

As a platinum member, a representative from Microsoft will join the OpenChain Governing Board. Other platinum members of the OpenChain project include Adobe, ARM Holdings, Cisco, Comcast, Facebook, GitHub, Google, Harman International, Hitachi, Qualcomm, Siemens, Sony, Toshiba, Toyota, Uber and Western Digital.

Additional Resources

About the OpenChain Project
The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.

About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

Contact
Jessica Rampen
OpenChain Project/Linux Foundation
jrampen@linuxfoundation.org
650-787-3548

The Linux Foundation Drives Standardization of Open Source Software Supply Chain

By | News

OpenChain™ Project Releases First Specification to Establish Best Practices for Open Source Software Supply Chain

BERLIN, GERMANY– (LinuxCon and ContainerCon Europe) –The Linux Foundation®, the nonprofit advancing professional open source management for mass collaboration, today announced that the OpenChain Project has established its first set of requirements and best practices for consistent free and open source software (FOSS) management processes in the open source software supply chain. The OpenChain Specification 1.0 aims to facilitate greater quality and consistency of open source compliance to help reduce duplication of effort caused by lack of standardization and transparency throughout professional open source organizations.

Open source is the new norm for software development, evidenced by nearly 70 percent of hiring managers looking to recruit and retain open source professionals within the next six months (see: 2016 Open Source Jobs Survey and Report). From society lifelines such as healthcare networks and financial institutions to in-car entertainment and movie production, open source has become a key software supply chain every major industry is dependent upon. Businesses ranging from startups to enterprises are looking to establish, build and sustain open source projects that support long-term innovation and reduce R&D costs. For open source software to continue to thrive, there must be a common set of requirements and best practices established to ensure consistency of use and quality of software. Individuals and organizations reliant on open source software must also have access to training resources and expertise such as licensing and compliance to uphold the integrity of code.

“Hundreds of thousands of people around the globe, including the world’s largest companies, leverage open source software, so we need to work together to support best practices for software license compliance throughout a supply chain,” said Jim Zemlin, executive director, The Linux Foundation. “Licensing, best practices, training, certification and other resources are needed to scale open source and protect the innovation built on top of it. The OpenChain Project is taking a major step forward by helping create software supply chains that are both efficient and compliant.”

The OpenChain Project is a community effort to establish common best practices for effective management of open source software and compliance with open source software licenses. The project aims to help reduce costs, duplication of effort, and ease friction points in the software supply. Today the OpenChain Project releases its first specification that defines a common set of requirements and best practices for open source organizations to follow in an attempt to encourage an ecosystem of transparent sharing and open source software compliance. The goals and requirements of the OpenChain Compliance Specification 1.0 include:

  • Document FOSS policy and training for software staff;
  • Assign responsibility for achieving compliance via designated FOSS-related roles;
  • Review and approval of FOSS content;
  • Deliver FOSS content documentation and artefacts such as copyright notices, licenses, source code, etc;
  • Understand FOSS community engagement including legal approval, business rationale, technical review of code, community interaction and contribution requirements; and
  • Adhere to OpenChain requirements for certification.

The OpenChain Project has also established three Work Teams to collaborate on future refinements of the OpenChain Specification, to develop training materials and create conformance criteria for organizations. The project will also begin the roll out of a self-conformance program this year.

Platinum Members of the OpenChain Project include Adobe, ARM, Cisco, Harman, Hewlett Packard Enterprise, Qualcomm, Siemens and Wind River.

Supporting Comments

Adobe
“Open source as a development philosophy is acknowledged to both increase innovation and drive adoption. Adobe is an active participant in open source efforts and supports open activities by contributing to existing projects, releasing code as open source, and providing open access and conversations. Starting with the contribution of Tamarin to the Mozilla Foundation in 2006, Adobe has released hundreds of pieces of technology under open source licenses, and knows first-hand the value of establishing known, trusted standards. At Adobe, the Web is not only about the technology and code but also about the content and its delivery, and we support OpenChain’s efforts to standardize and improve the quality and consistency of open source for everyone.”
James Oh, Vice President, Associate General Counsel, Adobe

ARM
“A large number of global businesses rely on open source software so it must be delivered with trusted and consistent compliance information. The OpenChain Project will help to meet this objective by providing a collaborative framework for companies to effectively manage open source software, promote best practices and build confidence among ecosystem partners. ARM, as a founder member, supports the initiative as it will improve efficiency and trust across the supply chain.”
Hobson Bullman, general manager, Technology Services Group, ARM

Harman
“The OpenChain Project is helping define best practices and establish consistency throughout the open source software supply chain. This effort is critical to ensuring greater quality of code and help limit duplication of effort so that development efforts remain focused and innovative.”
Alyssa Harvey Dawson, Vice President, Global Intellectual Property, Harman

Qualcomm
“We all know that the open source ecosystem today is a huge driver of growth for our industry, yet in the area of open source compliance we are all still plagued by uncertainty over code pedigree, redundant work being performed at each tier in the distribution chain, and persistent inefficiency — all perpetuated by the lack of confidence in the compliance work done by each other. OpenChain creates a foundation for that confidence. The adoption of OpenChain by our industry will improve compliance while at the same time increasing efficiency and lowering costs.”
Roger Martin, Senior Vice President, Chief IP Strategist, Qualcomm

Siemens
“OpenChain is addressing one of the biggest challenges the software industry is facing — ensuring transparency and license compliance through the software supply chain. OpenChain will help to achieve license compliance through the entire supply chain by additionally lowering the costs. Thus, the OpenChain Project is of great importance for the entire software ecosystem.”
Oliver Fendt, R&D Strategy Team Leader Open Source Governance, Siemens AG

Wind River
“As the importance of open source in modern day software solutions continues to grow, the OpenChain standard can help establish the required trust among software supply chain participants. OpenChain is a logical step to foster greater license compliance, reduced cost and even greater success through the creation and use of open source software. We look forward to advancing this initiative through our continued, active participation in the open source community.”
Dinyar Dastoor, General Manager, Operating Systems at Wind River

To learn more about the OpenChain Project and to participate in early discussions, please visit: http://openchain.lfprojects.linuxfoundation.org.

About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux®is a registered trademark of Linus Torvalds.

Media Contact
Whitney True
The Linux Foundation
PR@linuxfoundation.org