Category

News

OpenChain Open Source Policy Template Now Available

By | News

The OpenChain Project is delighted to announce the release of an Open Source Policy Template for organizations seeking to conform to the OpenChain Specification. This template has been contributed from Moorcrofts Law Firm and Orcro Compliance in the UK and has been extensively reviewed by the OpenChain Project community.

The focus of this template is to help apply the key requirements for a quality open source compliance program. It provides sample policy text that helps organizations select, classify, incorporate and publish open source code with a focus on legal compliance of open source. Companies may need to consider others matters related to business requirements, engineering requirements and inter-organization / inter-project relationships when completing their own open source policy. You can obtain broader reference policy material from the TODO Group, a sister project to OpenChain at the Linux Foundation.

Get The OpenChain Policy Template

Get Broader Reference Material:

Contact The Original Authors

OpenChain M&A Checklist – Out Now

By | News

The OpenChain Project is delighted to announce that the OpenChain Project Merger and Acquisition Checklist is now available in PDF, DOCX and ODT formats. It is intended to help companies addressing open source discovery and compliance with respect to integration of external legal entities.

This checklist comes from KPMG, an organization that has built a proactive relationship with the OpenChain Project via Indira Bhatt, our elected community representative. The checklist was collaborative refined with contributions from the broader OpenChain community.

“Establishing trust between the target and acquirer around Open Source license compliance is one of the key factors for a successful and timely deal close,” says Indira Bhatt, Manager, Open Source Software Security and Compliance, Tech M&A at KPMG. “I am happy to bring my experience with licensing and compliance processes to help create the OpenChain M&A checklist.”

“OpenChain Conformance is most frequently applied to purchasing in the global supply chain,” says Shane Coughlan, OpenChain General Manager. “However, the OpenChain Specification and its identification of key requirements for quality open source compliance programs is equally valuable for Mergers and Acquisitions. Today marks the beginning of reference material to cover this use-case and we are fortunate to have this contribution guided by a representative of one of the world’s foremost authorities in M&A.”

PDF:
https://github.com/OpenChain-Project/curriculum/raw/master/checklists/m%26a-checklists/introductory-m%26a-checklist.pdf

DOCX:
https://github.com/OpenChain-Project/curriculum/raw/master/checklists/m%26a-checklists/introductory-m%26a-checklist.docx

ODT:
https://github.com/OpenChain-Project/curriculum/raw/master/checklists/m%26a-checklists/introductory-m%26a-checklist.odt

Knowledge Sharing: Reference guideline for exchanging license information in the supply chain

By | News

The OpenChain Project Japan Work Group is creating a reference guideline for exchanging license information in the supply chain. The basic concept is that all the entities, suppliers, integrators and OSS communities exchange license information by SPDX (Software Package Data Exchange), an open standard for communicating software bill of material information.

Learn More:

Knowledge Sharing: How to use SPDX and FOSSology from the OpenChain Japan Work Group

By | News

One of the great things about the OpenChain Project is the endless collaboration between people addressing all aspects of open source license compliance. Here is a great example text about SPDX and FOSSology in Japanese that was translated by the OpenChain Japan Work Group. More knowledge, more sharing, a better result.

Learn More

Request for Comments: OpenChain FAQ 2.0

By | News

The OpenChain Project will shortly refresh our Frequently Asked Questions. This is a major update with consolidation, rewording and restructuring to assist with easier understanding and internationalization. We are soliciting comments on the release candidate of this material until January 15th.

Review and Comment (or Expand)

Request for Comments: OpenChain Open Source Policy Template

By | News

The OpenChain Project has been working on an open source policy template to help organizations of all sizes meet the requirements of the OpenChain Specification. This template can also help companies frame their engagement with open source outside of OpenChain Conformance. This is your chance to comment. We would like feedback by close of business Pacific time on the 14th of January.

Review and Comment

Reminder: ABA Committee on Open Source Software – OpenChain – January 17th 2019

By | News

The American Bar Association Committee on Open Source Software will host an OpenChain talk by David Marr, Vice President, Legal Counsel, Qualcomm Technologies to open the year. This call will be held on January 17, 2019 at 12PM – 1PM EST. Interested parties are invited to reach out to the ABA for more details. This call is open to new participants.

Conference Bridge Information:

  • Dial in: 1-800-925-7671
  • Passcode: 4576326

Learn More

ABA Committee on Open Source Software & OpenChain – January 17th 2019

By | News

The American Bar Association Committee on Open Source Software will host an OpenChain talk by David Marr, Vice President, Legal Counsel, Qualcomm Technologies to open the year. This call will be held on January 17, 2019 at 12PM – 1PM EST. Interested parties are invited to reach out to the ABA for more details.

Learn More

OpenChain Q4 Survey – The Results

By | News

Today the OpenChain Project is releasing the results of our Q4 Survey, a wide-ranging exploration of how the project is being used, how our reference and conformance material is perceived, and how the support structures around the project are working out for real-world users.

Key Results

Visitors are satisfied with the discoverability and context of our overview material. However, ease of engagement with our community returned mixed results.

It is regarded as relatively simple to find out about the specification and conformance, and people are generally very satisfied with access to our educational material.

Finding our translations was regarded as a mix bag (some easy, some hard). Hopefully our revised website will help with that. Recognizing business value, on the other hard, was very easy. It was also quite easy to get help.

53.3% of people visiting the site did not use our online conformance web app. 13.3% used it for conformance-related activities. 20% used it for private “health checks” for their organization.

For those seeking to conform to the OpenChain Specification it was generally regarded as a very accessible process.

46.2% of respondents want to be listed as having an OpenChain Conformance compliance program. 38.5% are seeking a private “health check” of their current processes. 15.4% are engaging with the project for another reason.

Of the 15.4% are engaging with the project for another reason the disclosed activities are consultancy around OpenChain and seeking concrete (reference) solutions for some issues.

Interestingly, 66.7% of people said getting help with the online conformance web app was not applicable to their use case. The remaining 33.3% confirmed that it was easy to get the help they wanted.

53.5% of people found it easy to get help with general conformance questions. 46.7% of people said this was not applicable to their use-case.

A significant 53.5% of people said they would like an offline printable conformance handbook with a checklist for private “health-checks.” 40% said they would like this for OpenChain Conformance. Only 6.7% said this was not applicable to them.

26.7% of people said they are interested in getting help to conformance with the OpenChain Specification. 53.5% said they may be interested in the future. 20% are not interested.

66.7% of people are interested in getting OpenChain certification help in the future. 20% are interested today. 13.3% are not interested in services in this area.

66.7% of people are aware of the OpenChain partners and the services they provide. 33.3% are not aware of these services.

We had some great written feedback as well.

We received one comment we want to immediately address.

“Please don’t turn this into a sales funnel for feeding your ‘partners’. I’m actually pretty put off by the fact that this survey asked if we knew what partners were and whether we needed help. If you’re creating a standard and a process that is so difficult that it can only be done with external consultants then it’s pointless, and mere devs and engineering groups will not be able to implement it.”

Self-certification is at the heart of OpenChain. It always has been and always will be. OpenChain is explicitly a user driven project and standard (check out our platinum members, all user organizations rather than vendors).

The first path to conformance offered is to our self-certification web app. The next path is to our community for help if required. This will never change.

If someone wants commercial assistance they have to explicitly search for the pilot partner program. The existence of this program is to provide conformance support to entities that explicitly ask for this type of support.

To prevent any confusion or impression that a partner’s services are required to conform, one of the requirements for any entity applying to be part of that program is that they “may not represent to any clients that [their] service is necessary to comply with OpenChain Project and that [they] must make the interested client aware of the option of the education materials and the self-certification process.”

We also received some great usability suggestions.

And finally we had some useful suggestions for improvement in the future.

The OpenChain Project is owned by and made better each day by its community. We would like to express our thanks to everyone who took the time to fill out this survey and to provide some insight into where we should focus resources in 2019.

OpenChain Introduction Slides Updated

By | News

The OpenChain Project has a set of introduction slides to help people understand and support our activities. The latest version – with renewed membership overview and easier narrative slow – is now available in PDF, PPTX and ODP formats.

Learn More