The OpenChain Project has been working on an open source policy template to help organizations of all sizes meet the requirements of the OpenChain Specification. This template can also help companies frame their engagement with open source outside of OpenChain Conformance. This is your chance to comment. We would like feedback by close of business Pacific time on the 14th of January.
The American Bar Association Committee on Open Source Software will host an OpenChain talk by David Marr, Vice President, Legal Counsel, Qualcomm Technologies to open the year. This call will be held on January 17, 2019 at 12PM – 1PM EST. Interested parties are invited to reach out to the ABA for more details. This call is open to new participants.
Conference Bridge Information:
- Dial in: 1-800-925-7671
- Passcode: 4576326
The American Bar Association Committee on Open Source Software will host an OpenChain talk by David Marr, Vice President, Legal Counsel, Qualcomm Technologies to open the year. This call will be held on January 17, 2019 at 12PM – 1PM EST. Interested parties are invited to reach out to the ABA for more details.
Today the OpenChain Project is releasing the results of our Q4 Survey, a wide-ranging exploration of how the project is being used, how our reference and conformance material is perceived, and how the support structures around the project are working out for real-world users.
Visitors are satisfied with the discoverability and context of our overview material. However, ease of engagement with our community returned mixed results.
It is regarded as relatively simple to find out about the specification and conformance, and people are generally very satisfied with access to our educational material.
Finding our translations was regarded as a mix bag (some easy, some hard). Hopefully our revised website will help with that. Recognizing business value, on the other hard, was very easy. It was also quite easy to get help.
53.3% of people visiting the site did not use our online conformance web app. 13.3% used it for conformance-related activities. 20% used it for private “health checks” for their organization.
For those seeking to conform to the OpenChain Specification it was generally regarded as a very accessible process.
46.2% of respondents want to be listed as having an OpenChain Conformance compliance program. 38.5% are seeking a private “health check” of their current processes. 15.4% are engaging with the project for another reason.
Of the 15.4% are engaging with the project for another reason the disclosed activities are consultancy around OpenChain and seeking concrete (reference) solutions for some issues.
Interestingly, 66.7% of people said getting help with the online conformance web app was not applicable to their use case. The remaining 33.3% confirmed that it was easy to get the help they wanted.
53.5% of people found it easy to get help with general conformance questions. 46.7% of people said this was not applicable to their use-case.
A significant 53.5% of people said they would like an offline printable conformance handbook with a checklist for private “health-checks.” 40% said they would like this for OpenChain Conformance. Only 6.7% said this was not applicable to them.
26.7% of people said they are interested in getting help to conformance with the OpenChain Specification. 53.5% said they may be interested in the future. 20% are not interested.
66.7% of people are interested in getting OpenChain certification help in the future. 20% are interested today. 13.3% are not interested in services in this area.
66.7% of people are aware of the OpenChain partners and the services they provide. 33.3% are not aware of these services.
We had some great written feedback as well.
We received one comment we want to immediately address.
“Please don’t turn this into a sales funnel for feeding your ‘partners’. I’m actually pretty put off by the fact that this survey asked if we knew what partners were and whether we needed help. If you’re creating a standard and a process that is so difficult that it can only be done with external consultants then it’s pointless, and mere devs and engineering groups will not be able to implement it.”
Self-certification is at the heart of OpenChain. It always has been and always will be. OpenChain is explicitly a user driven project and standard (check out our platinum members, all user organizations rather than vendors).
The first path to conformance offered is to our self-certification web app. The next path is to our community for help if required. This will never change.
If someone wants commercial assistance they have to explicitly search for the pilot partner program. The existence of this program is to provide conformance support to entities that explicitly ask for this type of support.
To prevent any confusion or impression that a partner’s services are required to conform, one of the requirements for any entity applying to be part of that program is that they “may not represent to any clients that [their] service is necessary to comply with OpenChain Project and that [they] must make the interested client aware of the option of the education materials and the self-certification process.”
We also received some great usability suggestions.
And finally we had some useful suggestions for improvement in the future.
The OpenChain Project is owned by and made better each day by its community. We would like to express our thanks to everyone who took the time to fill out this survey and to provide some insight into where we should focus resources in 2019.
The OpenChain Project has a set of introduction slides to help people understand and support our activities. The latest version – with renewed membership overview and easier narrative slow – is now available in PDF, PPTX and ODP formats.
The OpenChain Project is delighted to announce that TÜV SÜD has joined the OpenChain Partner Program, and is the first certification authority to do so. TÜV SÜD has been in communication with the OpenChain Project and our Platinum Members for several months, and today announced that they have formally completed OpenChain Conformant third-party certification for Hitachi.
TPS Standard PPP 15001A has been created by TÜV SÜD for OpenChain Conformant third-party certification. Certification services for this standard are being offered globally by TÜV SÜD. Interested parties should contact Andreas Bärwald, Head of Software Solutions at TÜV SÜD Product Service GmbH. Interested parties in Japan can contact TÜV SÜD Japan.
Please note that OpenChain Conformance is not tied to third-party certification. This is a service optionally available to companies who wish to seek it. We are glad to work closely with TÜV SÜD on this service and look forward to collaborating with other certification authorities as we continue to expand globally.
Today Hitachi announced that they are OpenChain Specification 1.2 Conformant and had their conformance certified by a third-party, TÜV SÜD. Hitachi is the first company in Japan to become OpenChain Conformant and the first company in the world to undergo third-party certification.
日立製作所、FOSS(フリーオープンソースソフトウェア)のライセンス管理プロセスを構築し適切に運用するための認証「オープンソース ライセンス ガバナンス プロセス認証」をテュフズードジャパンより取得
Learn More (Japanese)
- Contact Shane Coughlan, OpenChain General Manager, at firstname.lastname@example.org
Malcolm Bain presented OpenChain at the ‘European Open Source and free software Law Event’ (EOLE) on 5th December in Paris. EOLE is an annual open source law event for general public and legal /technical professionals, this year focussing on compliance. Malcolm presented the background, process, requirements for certification and future plans of OpenChain.
- The event website: https://www.eolevent.eu
EOLE is held adjacent to the Paris Open Source summit.
OpenChain Project Japan Work Group has begun an exciting project to create ‘Reference Business Workflows for open source compliance.’ Your comments are welcome as we prepare a formal 2019 release.
“Business workflows for software development are critical for organizations seeking to improve open source compliance processes. In this context “business workflow” means how software and relevant license information is received from a supplier, how it is transferred and processed internally, and finally how it is released to customers. Inside an organization several team (functional blocks) may cooperate with each other to achieve overall open source compliance.
To contribute to this discussion the OpenChain Japan Work Group has prepared examples of roles in business workflows. These examples are intended to help frame the discussion and to acknowledge that multiple roles exist in multiple business workflows across different companies and markets.”
Comment and Contribute
The OpenChain Project proudly announces that Interneuron has an OpenChain Conformant compliance program. Interneuron is a British Community Interest Company (CIC) that exists primarily for the benefit of those in need of health and social care services company, rather than for shareholders. It provides numerous services to different parts of the British National Health Service.
“OpenChain conformance benefits our whole organization – from developers onboarding and releasing their first FOSS products, through to the implementation team building trust and confidence with our customers,” says Matt Conway, CTO of Interneuron. “OpenChain conformance demonstrates to all Interneuron’s commitment to delivering enterprise level open source solutions with quality management and security at the heart of our development processes.”
“Interneuron were invited to attend our OpenChain curriculum based training course “Get it Right with Open Source Software” by NHS Digital’s Code4Health team,” says Martin Callinan, CEO of Source Code Control. “The training helped them understand the value of managing their open source software supply chain. We supported Interneuron through the conformance process and will continue to support them in maintaining conformance. OpenChain is now part of their business as usual software development.”
“The most exciting thing about the OpenChain Standard is how it helps companies of all sizes to contextualize and improve open source compliance,” says Shane Coughlan, OpenChain General Manager. “One of our key goals is to ensure not only that doing so is fast and efficient, but that it also furthers the business goals of every organization. We are delighted with Interneuron’s engagement with the OpenChain community and we are grateful to our partners at Source Code Control for fostering this valuable relationship.”