The OpenChain Community, with which NTT DATA has a partnership, has obtained the international standard ISO/IEC 5230:2020
The OpenChain Project, with which NTT DATA has a partnership from February 2020, goes from being the biggest and most authoritative Open Source Compliance community in the world and maintaining a de facto industry standard, into becoming the steward of the new International Standard ISO/IEC 5230:2020.
This standard specifies the key requirements of an Open Source compliance program and of its related licenses and is a reference point that creates trust between organizations exchanging solutions realized with Open Source software.
Reaching this important goal confirms and reinforces NTT DATA’s commitment to sustaining Open Source and its competencies regarding Open Source software compliance and governance, which are distinctive and unique traits of our offering.
Among non-legal Service Provider, NTT DATA is the first company in Italy to join the OpenChain Project.
SeQuenX BV, a company based in the Netherlands, is the latest vendor to join the OpenChain Project Partner program. Our collaboration will focus on ensuring that the Dutch companies have an option to consult and get support if required during ISO/IEC 5230 conformance activities. ISO/IEC 5230 is the International Standard for Open Source License Compliance.
“The Netherlands has an exceptional range of companies involved in technology and broader intellectual property management,” says Shane Coughlan, OpenChain General Manager. “We look forward to collaborating with SeQuenX in raising awareness and in providing support as these companies integrate ISO/IEC 5230 into their supply chains. We also invite user companies across the Netherlands to engage with the OpenChain Project directly via our regular calls, mailing list and events.”
“We are thrilled to be part of OpenChain and look forward to expanding the OpenChain ecosystem into the Dutch software industry,” says Shurjeel Tousif, SeQuenX CEO. “It is important to implement a proactive, comprehensive and an automated approach to third party IP compliance that integrates across the application development lifecycle. The new ISO standard benchmarks a high-quality software compliance program and we look forward in helping our customers evaluate and implement it. For more information, please visit our website.”
WhiteSource, a leader in open source security and license compliance management software, is the latest vendor to join the OpenChain Project partner program. Our collaboration will focus on ensuring user companies have freedom of choice when considering commercial automation solutions around ISO/IEC 5230 Conformance activities. ISO/IEC 5230 is the International Standard for open source license compliance.
“WhiteSource has a long history of supporting technology and broader market companies with automation around security and compliance,” says Shane Coughlan, OpenChain General Manager. “We look forward to collaborating with WhiteSource in raising awareness and in providing support as companies around the world integrate ISO/IEC 5230 into their supply chains. We also invite user companies across to engage with the OpenChain Project directly via our regular calls, mailing list and events.”
“We see many of our large customers looking to adopt license compliance standards and meet compliance standards such as ISO/IEC 5230. With the current software supply chain challenges, standardization is a key for proper communications between different teams and between vendors, especially when representing a bill of materials. We’re happy to join OpenChain, which is open and widely adopted by the industry.” Says David Habusha, VP Product at WhiteSource.
About WhiteSource
WhiteSource is the pioneer of open source security and license compliance management. Founded in 2011, its vision is to empower businesses to develop better software by harnessing the power of open source. WhiteSource is used by more than 800 customers worldwide, from all verticals and sizes, including 23% of Fortune 100 companies, as well as industry leaders such as Microsoft, IBM, Comcast, and many more. For more information, please visit www.WhiteSourceSoftware.com
About the OpenChain Project
OpenChain began when a group of open source compliance professionals met in a conference lounge and chatted about how so much duplicative, redundant open source license compliance work was being done inefficiently in the software supply chain simply. They realized that while each company did the same work behind the scenes in a different manner the output for downstream recipients could not realistically be relied on because there was no visibility into the process that generated the output.
The answer the early principles of this discussion arrived at was to standardize open source compliance, make it transparent and build trust across the ecosystem. The project began as outreach to the community with the idea of a new standard for open source license compliance with slides titled, “When Conformity is Innovative.” A growing community quickly recognized the value of this approach and contributed to the nascent collaboration soon named The OpenChain Project.
We have added French, Hebrew, Hindi, Italian, Russian and Spanish to our self-certification questionnaire. This means that anyone in the world can now self-certify to ISO/IEC 5230 (OpenChain 2.1) for free in:
- Chinese Simplified
- Chinese Traditional
- English
- French
- German
- Hebrew
- Hindi
- Italian
- Japanese
- Korean
- Russian
- Spanish
Get Started
Learn More About The Process
Ericsson (STO: ERIC-B) has become a Platinum Member of the OpenChain Project and will assume a governing board seat. OpenChain maintains ISO/IEC 5230, the International Standard for open source license compliance. This standard defines the key requirements of a quality open source compliance program, and helps to both reduce errors and increase efficiency across the global supply chain.
“Ericsson has an exceptional reputation in the space of intellectual property management and has been engaged with the OpenChain community for a considerable period,” says Shane Coughlan, OpenChain General Manager. “Their engagement and thought leadership will provide a significant advantage to the growth of our International Standard for open source compliance in the telecommunication space and beyond. We look forward to collaborating to connect companies with the information and support they need to get maximum advantage from adoption of open source technology.”
About Ericsson
Ericsson enables communications service providers to capture the full value of connectivity. The company’s portfolio spans Networks, Digital Services, Managed Services, and Emerging Business. It is designed to help our customers go digital, increase efficiency and find new revenue streams. Ericsson’s innovation investments have delivered the benefits of mobility and mobile broadband to billions of people around the world. Ericsson stock is listed on Nasdaq Stockholm and on Nasdaq New York. www.ericsson.com
About the OpenChain Project
OpenChain began when a group of open source compliance professionals met in a conference lounge and chatted about how so much duplicative, redundant open source license compliance work was being done inefficiently in the software supply chain simply. They realized that while each company did the same work behind the scenes in a different manner the output for downstream recipients could not realistically be relied on because there was no visibility into the process that generated the output.
The answer the early principles of this discussion arrived at was to standardize open source compliance, make it transparent and build trust across the ecosystem. The project began as outreach to the community with the idea of a new standard for open source license compliance with slides titled, “When Conformity is Innovative.” A growing community quickly recognized the value of this approach and contributed to the nascent collaboration soon named The OpenChain Project.
Cisco announces conformance to OpenChain 2.1 (ISO/IEC 5230), the International Standard for open source license compliance. This standard defines the key requirements of a quality open source compliance program, and helps to both reduce errors and increase efficiency across the global supply chain.
“Cisco is a founding member of the OpenChain Project and has been instrumental in establishing our specification as an International Standard,” says Shane Coughlan, OpenChain General Manager. “Their adoption of OpenChain 2.1 underlines their continued thought-leadership in this space, and provides a strong signal across the networking market segment on the optimal approach to open source license compliance. This standard is designed to support companies of any size in ensuring excellent around management of open source intellectual property.”
“Cisco is honored to be part of an incredible team with the OpenChain Project,” says Prasad Iyer Director, Engineering at Product Operations in Cisco. “The industry collaboration, synergies and continuous improvements for our open chain community are truly commendable. We are excited to announce our conformance to this latest industry standard, as it brings additional consistency to our internal teams by streamlining compliance and in building Trust. Having accomplished a smooth transition of all our internal policies, processes and automated tools to be in accordance with this latest specification, it really helps us drive the value-add that we realize in terms of enhanced Productivity and world class quality for all our Products. Further, this has paved the way for us to be also ISO compliant and helps instill confidence among Cisco’s customers and partners with our continued commitment to OpenSource compliance. We sincerely look forward to continue our partnership with OpenChain Project and our peers across the industry in the successful evolution of OpenSource and adoption of our compliance standard”
About Cisco
Cisco (NASDAQ: CSCO) is the worldwide leader in technology that powers the Internet. Cisco inspires new possibilities by reimagining your applications, securing your data, transforming your infrastructure, and empowering your teams for a global and inclusive future. Discover more on The Network and follow us on Twitter.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco’s trademarks can be found at www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
About the OpenChain Project
OpenChain began when a group of open source compliance professionals met in a conference lounge and chatted about how so much duplicative, redundant open source license compliance work was being done inefficiently in the software supply chain simply. They realized that while each company did the same work behind the scenes in a different manner the output for downstream recipients could not realistically be relied on because there was no visibility into the process that generated the output.
The answer the early principles of this discussion arrived at was to standardize open source compliance, make it transparent and build trust across the ecosystem. The project began as outreach to the community with the idea of a new standard for open source license compliance with slides titled, “When Conformity is Innovative.” A growing community quickly recognized the value of this approach and contributed to the nascent collaboration soon named The OpenChain Project.
Hitachi Solutions is the latest official partner of the OpenChain Project. OpenChain maintains ISO/IEC 5230, the International Standard for open source license compliance. This standard defines the key requirements of a quality open source compliance program, and helps to both reduce errors and increase efficiency across the global supply chain. Our partners, like Hitachi Solutions, help to support companies in adoption and use.
“Hitachi Solutions has been involved in the OpenChain community for a considerable period,” says Shane Coughlan, OpenChain General Manager. “Lead by Watanabe San, their contribution in supporting the standard prior to our ISO release has been exceptional. I am delighted to announce that they have become an official service provider partner of the project. Their customer support in Japan and elsewhere around ISO/IEC 5230 will be invaluable.”
“OSS compliance work is not so difficult, as long as you know how to do it,” says Ayumi Watanabe, Group Manager of OSS Management Consulting Group, Hitachi Solutions, Ltd. “Some companies consume much of their time and energy to create their own OSS management methods from scratch. It is because they don’t know how to adopt existing standards or best practices. We can help them. Hitachi Solutions has been working on corporate OSS compliance issues for a long time. Through our contribution to the OpenChain Project, we deeply understand the vision and goal behind companies OSS management. Today, we are excited and pleased to be an official partner of OpenChain. We are looking forward to helping companies by using our extensive knowledge and abundant experience.”
About Hitachi Solutions
Hitachi Solutions is a core IT company of the Hitachi Group, which employs some 400,000 people worldwide. Through systems integration, we provide ideal solutions and products for customers. Headquartered in Tokyo, Japan, Hitachi Solutions’ reach extends to group companies in Japan and abroad, working with a worldwide network of alliance partners. We bring solutions and products to diverse countries and regions including Asia, the United States and Europe. Learn more at https://www.hitachi-solutions.com/
About the OpenChain Project
OpenChain began when a group of open source compliance professionals met in a conference lounge and chatted about how so much duplicative, redundant open source license compliance work was being done inefficiently in the software supply chain simply. They realized that while each company did the same work behind the scenes in a different manner the output for downstream recipients could not realistically be relied on because there was no visibility into the process that generated the output.
The answer the early principles of this discussion arrived at was to standardize open source compliance, make it transparent and build trust across the ecosystem. The project began as outreach to the community with the idea of a new standard for open source license compliance with slides titled, “When Conformity is Innovative.” A growing community quickly recognized the value of this approach and contributed to the nascent collaboration soon named The OpenChain Project.
The Linux Foundation, Joint Development Foundation and the OpenChain Project are delighted to announce the publication of ISO/IEC 5230:2020 as an International Standard. Formally known as OpenChain 2.1, ISO/IEC 5230:2020 is a simple, clear and effective process management standard for open source license compliance. It allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program.
Companies around the world can learn more about ISO/IEC 5230:2020, methods of self-certification, independent assessment or third-party certification, as well as access a large library of reference material at: https://www.openchainproject.org
ISO/IEC 5230:2020 is an open standard and all parties are welcome to engage with our community, learn from their peers, share their knowledge, and to contribute to the future of our standard. There is no charge to access and use our reference material, self-certification or to engage with our numerous calls, webinars, mailing lists and meetings.
“ISO/IEC 5230:2020 will improve OSS compliance, enhance trust in the supply chain, and reduce friction in transactions. It has been deployed as a de facto standard for four years and fostered exceptional engagement from a diversity of companies across multiple sectors,” says Shane Coughlan, OpenChain General Manager. “Our transition to a formal International Standard as ISO/IEC 5230:2020 marks an important inflection point for OpenChain and open source as a whole. For the first time there is an International Standard that defines open source compliance and process management. We look forward to expanding our community from hundreds to thousands of companies in the coming months, and we look forward to supporting many of these companies access and apply best practice material developed in real world market conditions.”
Toyota is the first company to formally announce conformance to ISO/IEC 5230:2020. Additionally, companies that have an OpenChain 2.0 conformant program will automatically conform with the requirements of ISO/IEC 5230:2020. You can learn more about the Toyota announcement here:
https://www.openchainproject.org/featured/2020/12/15/toyota-iso-5230
Arm
“Arm joined the OpenChain Project as a founding member because building trust across the supply chain and ensuring IP rights are fully respected has long been one of the highest priorities for Arm,” says Sami Atabani, Director of Third Party IP Licensing at Arm. “Establishing OpenChain as a formal ISO/IEC International Standard is an important milestone for open source governance as a field, and we look forward to collaborating with our peers and the wider open source community in seeking excellence and efficiency in software delivery.”
BMW CarIT
“At BMW CarIT we continually work on improving the quality of our processes,” says Helio Chissini de Castro, Senior Software Engineer at BMW CarIT. “We welcome the approval of ISO/IEC 5230:2020 as the right path for the future of software compliance and how companies will perceive it. We are proud to be part of the OpenChain governing board and wider community that make this possible.”
Bosch
“Bosch and its affiliates have a firm commitment to quality in all aspects of creating, deploying and supporting solutions and products,” says Hans Malte Kern, Head of the Center of Competence Open Source, Robert Bosch GmbH. “Our engagement with the OpenChain industry standard for open source compliance is part of this larger vision, and we are delighted to see it graduate ISO as a formal International Standard. We now have a global, universal and easily understood mechanism to build increased clarity and trust across the supply chain.”
Cisco
“Cisco is honored to partner with an incredible team on the OpenChain project. Earlier this year (June 2020), our conformance with the OpenChain’s latest 2.0 specification for open source compliance has been the needle mover towards streamlining compliance as an indispensable entity across our organization, building Trust and improving overall productivity,” says Prasad Iyer Director, Product Operations at Cisco. “Now with ISO/IEC standardization of this latest OpenChain specification, it really solidifies Cisco’s commitment to excellence in Open source governance along with OpenChain which is well positioned at the top of the Compliance stack. We’re sincerely looking forward to our continued collaboration and partnership with all our OpenChain project peers across industry in the successful evolution of more such formal standards in the years ahead.”
Fujitsu
“Fujitsu has contributed to the development of OpenChain as an industry standard for several years,” says Yasuko Aoki, Manager of Open Source Software Technology Center, Fujitsu Limited. “Our engagement is part of our broader engagement throughout the supply chain to promote excellence in governance and sustainability in practical deployment. The publication of OpenChain as a formal ISO/IEC International Standard is a significant milestone in the evolution of open source. We are proud of the accomplishment of all the contributors involved, and we look forward to the next steps in ensuring simple, reliable open source license compliance across the world.”
“Google has been at the forefront of open source development and the use of open source in business since its inception,” says Max Sills, Lead Open Source Attorney at Google. “Our collaboration with the OpenChain Project has been an important part of supporting greater maturity and predictability in this space. The release of ISO/IEC 5230:2020 provides a clear path to future inter-company collaboration. Defining a standard for quality open source compliance lowers the cost of doing business, and makes it easier for the entire industry to comply with open source obligations.”
Microsoft
“OpenChain has played a leading role in building trust in the open source ecosystem,” said David Rudin, Microsoft Assistant General Counsel. “When you receive software that has been produced through an OpenChain conformant program, it’s a great indication that the open source compliance obligations were taken seriously. With Microsoft’s OpenChain conformant program, we are keeping the trust our customers have placed in us to make sure their software is compliant and reducing friction in software transactions. As OpenChain takes the next step of becoming an international standard, we’re looking forward to continuing to advance open source adoption and trust in the community.”
MOXA
“As the first Taiwanese company working with the OpenChain governing board, our work with the OpenChain Project is part of a larger vision for mature, sustainable open-source governance,” said David Chen, Engineering Director of the Technology & Research Corporate Division at Moxa. “Today’s announcement is a milestone in building efficiency and trust among companies using open source for innovative products and solutions. We look forward to working with our fellow board members in the deployment of OpenChain as an ISO/IEC International Standard to an audience of thousands of companies in the world.”
OPPO
“As a member of OpenChain, OPPO is very pleased to see OpenChain being accepted as an ISO/IEC International Standard,” says Andy Wu, Vice President of OPPO and President of Software Engineering. “We believe this will help to further promote open source compliance. OPPO very much hopes to promote OpenChain with its partners, so that open source compliance becomes more consistent and simple.”
Siemens
“Siemens is a founding member of the OpenChain Project and we have contributed to OpenChain since its beginning. Today we reached an outstanding milestone – the OpenChain specification is now an ISO/IEC International Standard,” says Oliver Fendt, Senior Manager Open Source. “Our engagement with OpenChain is based on a clear understanding that effective governance in open source must be practical, efficient, sustainable and affordable for everyone. With the ISO/IEC Standard we will enter a new stage in the evolution of our collective work, and we look forward to working with our peers in building further trust in the open source supply chain.”
Sony
“Sony has been part of the OpenChain industry standard and its related community for a substantial amount of time,” says Hisashi Tamai, SVP, Sony Corporation, representative of the Software Strategy Committee. “We have had the great pleasure to host the first meeting in Japan and support growth across this nation and abroad in the subsequent years. The publication of OpenChain by ISO as a formal International Standard is an important milestone in our shared mission to ensure excellence in open source. We look forward to working with our fellow board members, our diverse community and our colleagues at ISO in bringing this standard to thousands of new companies across the globe.”
Qualcomm
“This achievement by OpenChain brings into reality the effort that so many across the software ecosystem has recognized for years – that when you can build trust into the open source compliance ecosystem, you create a path towards consistent, efficient, and reliable license compliance,” says Dave Marr, Vice President, Qualcomm Technologies, Inc. “We applaud the many contributors to OpenChain for achieving this terrific milestone, and for collaboratively building the internationally recognized standard for open source license compliance.”
Uber
“Uber has supported the development and deployment of the OpenChain industry standard from its early stages to becoming today’s de facto standard,” says Matthew Kuipers, Senior Counsel, Intellectual Property at Uber Technologies. “Today’s publication as an ISO International Standard is a key milestone in bringing clear, practical and effective open source license compliance to thousands of companies across the supply chain. We look forward to collaborating with our peers in accomplishing this mission and supporting our growing international community.”
Western Digital
“Western Digital has been part of the development and deployment of the industry standard for open source compliance since its formative years,” says Alan Tse, Associate General Counsel at Western Digital. “Today’s announcement marks a significant milestone in the maturity of both this standard and the wider field of open source governance. We look forward to working with our fellow board members and the diverse community of community participants in the growing adoption of a single, simple way to identify quality open source compliance programs.”
Global Community Quotes
“Today is the historic day for the OpenChain project and The Linux Foundation that the open standard has become an ISO/IEC standard,” said Masato Endo, Chair of the OpenChain Automotive Work Group. “Open Source is becoming more and more important in the automotive industry as well. The automotive industry’s supply chain is large and every company in the supply chain needs to manage OSS properly. I believe the OpenChain Specification will be a strong support for companies to build their OSS governance structure. I’d like to thank David Rudin and members of the JDF community for their efforts in obtaining ISO/IEC. I want to express my gratitude to Mark Gisi, David Marr and all OpenChain community members for their significant contributions to the project. Finally, I congratulate our leader Shane Coughlan on this great achievement!”
About the OpenChain Project
OpenChain began when a group of open source compliance professionals met in a conference lounge and chatted about how so much duplicative, redundant open source license compliance work was being done inefficiently in the software supply chain simply. They realized that while each company did the same work behind the scenes in a different manner the output for downstream recipients could not realistically be relied on because there was no visibility into the process that generated the output.
The answer the early principles of this discussion arrived at was to standardize open source compliance, make it transparent and build trust across the ecosystem. The project began as outreach to the community with the idea of a new standard for open source license compliance with slides titled, “When Conformity is Innovative.” A growing community quickly recognized the value of this approach and contributed to the nascent collaboration soon named The OpenChain Project.
Toyota announces adoption of ISO/IEC 5230 in the IP Planning Group, a process led by Masato Endo and Miyu Tanaka. ISO/IEC 5230 is the International Standard for open source compliance.
ISO/IEC 5230 is maintained by the OpenChain Project as OpenChain 2.1 and edited for ISO via the Joint Development Foundation OpenChain Working Group. ISO/IEC 5230 is supported by Arm, BMW CarIT, Bosch, Cisco, Comcast, Facebook, Fujitsu, Google, Hitachi, Microsoft, MOXA, OPPO, Panasonic, Qualcomm, Siemens, Sony, Toshiba, Toyota, Uber and Western Digital as governing board members, and a wide community of companies across three continents.
“Toyota Motor Corporation has participated in and actively promoted the OpenChain Project since 2017,” says Yosuke Ida, General Manager of Toyota’s Intellectual Property Division. “We are proud to be the first company to announce the adoption of ISO/IEC 5230. The departments covered by the scope of this certification are the “Connected Advanced Development Division (Including the Automotive Grade Linux team)”, the “R-Frontier Division (including Partner Robot Technology)” and the “S-Frontier Division (including Innovative Infrastructure Technology).” These departments have a long history of approaching OSS management based on ISO requirements and the new developments in the OpenChain Project fit perfectly into this approach. Our company hopes that the OpenChain International Standard via ISO will be used as an opportunity to expand the acquisition of certification for companies in the supply chain of the automobile industry.”
“ISO/IEC 5230 is an International Standard focused on building trust in the supply chain. It does this by defining the key requirements of a quality open source compliance program and ensuring companies of all sizes and in all markets can adopt the standard,” says Shane Coughlan, OpenChain General Manager. “It has been developed with contributions from over 100 participants of the project and has been used in various market sectors since 2016. Our recent graduation from de-facto to formal International Standard provides a strong platform to scale from hundreds to thousands of companies, and to accelerate our mission to ensure minimal friction in the use and distribution of open source technology. Toyota’s adoption is a significant milestone in the growth and maturity of our standard, and underlines our strong commitment to pursuing excellence throughout the automotive supply chain.”
To learn more about ISO/IEC 5230 visit:
https://www.openchainproject.org
To adopt ISO/IEC 5230 via self-certification visit:
https://www.openchainproject.org/get-started
To get help with adoption of ISO/IEC 5230 visit:
https://www.openchainproject.org/reference-material
To discuss ISO/IEC 5230 usage, adoption and deployment visit:
https://www.openchainproject.org/contact
To get vendor support around ISO/IEC 5230 visit:
https://www.openchainproject.org/partners
