We are best known for building the ISO standard for open source license compliance and the (forthcoming) ISO standard for open source security assurance. Below we provide a snapshot of companies that let us know they are using one or both of our standards.
Of course, because standards – especially ISO standards – are used around the world, we can only provide limited insight into total market adoption. However, partners like PwC have conducted surveys indicating 20% adoption by companies with over 2,000 employees in Germany. We believe many thousands more are using our standards around the world.
Organizations with ISO/IEC 5230 Conformant Programs
Organizations with ISO/IEC DIS 18974 Conformant Programs
What Does This Mean?
Having an OpenChain conformant program for ISO/IEC 5230 or ISO/IEC DIS 18974 (or both) means that an organization has a program that uses our process standards for addressing open source license compliance or security assurance.
You need to check with the organization about how their program is scoped (does it cover one project, one product or the whole legal entity?) and you need to ensure – if you are doing business with that organization – that what they consider solid process management matches your own requirements.
The good news is that any OpenChain conformant organization should be providing external contact points for open source license compliance or security assurance matters. It is part of the requirements listed in the standards themselves.