This webinar explored how ISO 5230, the International Standard for open source license compliance, is being used by Venture Capital firms to assess the quality of corporate governance they encounter.
Check Out The Rest Of Our Webinars
This is OpenChain Webinar #23, released on 2021-05-21.
It is time to explore the results of our Q1 survey! At the bottom of this post you can download the full document. Let’s check out the highlights:
- Engagement and satisfaction is rated as very good or (more frequently) excellent across the board. The vast majority of respondents believe that we are “Very Good” or “Excellent” in putting forward what we are doing and sharing our information – either the business value, conformance, reference materials, and our website. Most importantly, people see us as a community that is easy to engage with and easy to get help from.
- Our conformance response revealed something interesting. About half of our respondents are primarily interested in something other than a private health of their compliance program or being listed publicly as having an OpenChain conformant program.This is worth digging into more (and we will), but some preliminary notes are:
- Feedback indicates that a relatively small percentage are seeking public announcements regarding conformance at this juncture, regardless of internal compliance activities. Their focus is instead on internal (or inter-supply chain) improvements and conformance.
- We additionally have a number of companies engaging with OpenChain ISO 5230 with applications outside of our core scope of conformance for the purpose of license compliance. These include entities engaging for activities related to security, mergers and acquisitions, and other business processes. We knew this from participants on our calls and so on, but it’s interesting how many of our community participants appear to fit into this demographic.
- About a third of respondents have used our online conformance web app, and those that have found it excellent in its ease of use, while about a third of respondents are not interested in getting more help conforming with OpenChain ISO 5230:2020 in the future. From other sources we have indications that this is due to two factors:
- People are using the specification directly for conformance or using our downloadable questionnaire.
- People are getting assistance from third parties such as participants in our partner program.
- We asked broader questions in the survey than those related only to OpenChain. For example, we asked about tooling, software bill of materials and interoperability. The interoperability questions were framed around determining what is important to the community in the context of open source license compliance and interoperability around Software Bill of Materials and/or automation. Respondents overwhelmingly expressed interest in greater interoperability for all tools and automation. This means supporting ingest and export of SPDX. It means greater interoperability between open source tooling as well as between open source and proprietary tooling.
Now we know what people want, it is time to make it happen.
You can expect the project as a whole to lean into supporting to diverse use-cases for OpenChain ISO 5230. You can expect the tooling group to lean into the interoperability question.
And…you are the community. Let’s get started!
Want To Check Out The Full Survey Results?
As recently noted by Jonas Oberg, Open Source Officer at Scania, OpenChain ISO 5230 and SPDX have been explicitly included in Scania Corporate Standard 4589 (STD 4589). This defines the expectations Scania has towards suppliers when they deliver a solution containing open source software.
Scania has three key considerations defined in STD 4589:
- Suppliers should conform to OpenChain ISO 5230.
- Suppliers should ideally contribute modifications to open source components to the originating open source project.
- Suppliers should provide a software bill of materials in SPDX format and any applicable source code when the software license requires it.
Join the conversation by joining our Telco Work Group:
Linux Foundation Editorial Director Jason Perlow had a chance to speak with Masato Endo, OpenChain Project Automotive Chair and Leader of the OpenChain Project Japan Work Group Promotion Sub Group, about the Japan Ministry of Economy, Trade and Industry’s (METI) recent study on open source software management.
This webinar unpacked the complexity and solutions for addressing licensing across a large code-base like the Linux Kernel, and it explained how ISO 5230 has been applied to the security domain by some parties in the supply chain.
Check Out The Rest Of Our Webinars
This is OpenChain Webinar #22, released on 2021-04-21.
This webinar explored how the OpenChain Project has fostered an inclusive community, and what that means for the development of local and global work groups.
Check Out The Rest Of Our Webinars
This is OpenChain Webinar #21, released on 2021-04-14.
We have created a single, simple supplier education pack for open source license compliance. Get it from our website and enjoy a “one email” solution to aligning your supply chain around ISO 5230, the International Standard for compliance:
https://www.openchainproject.org/
Computermind has announced an OpenChain ISO 5230 conformant program. Computermind supports the development of control systems, business department solutions and advanced technology. Their primary use of open source is focused on AI development.
“We are delighted to welcome Computermind to the OpenChain community of conformance,” says Shane Coughlan, General Manager. “It is especially exciting to note that they are based in Japan and working on one of the hottest topics around technology today: artificial intelligence. We look forward to collaborating with the team in the months and years ahead.”
