WhiteSource, a leader in open source security and license compliance management software, is the latest vendor to join the OpenChain Project partner program. Our collaboration will focus on ensuring user companies have freedom of choice when considering commercial automation solutions around ISO/IEC 5230 Conformance activities. ISO/IEC 5230 is the International Standard for open source license compliance.
“WhiteSource has a long history of supporting technology and broader market companies with automation around security and compliance,” says Shane Coughlan, OpenChain General Manager. “We look forward to collaborating with WhiteSource in raising awareness and in providing support as companies around the world integrate ISO/IEC 5230 into their supply chains. We also invite user companies across to engage with the OpenChain Project directly via our regular calls, mailing list and events.”
“We see many of our large customers looking to adopt license compliance standards and meet compliance standards such as ISO/IEC 5230. With the current software supply chain challenges, standardization is a key for proper communications between different teams and between vendors, especially when representing a bill of materials. We’re happy to join OpenChain, which is open and widely adopted by the industry.” Says David Habusha, VP Product at WhiteSource.
WhiteSource is the pioneer of open source security and license compliance management. Founded in 2011, its vision is to empower businesses to develop better software by harnessing the power of open source. WhiteSource is used by more than 800 customers worldwide, from all verticals and sizes, including 23% of Fortune 100 companies, as well as industry leaders such as Microsoft, IBM, Comcast, and many more. For more information, please visit www.WhiteSourceSoftware.com
About the OpenChain Project
OpenChain began when a group of open source compliance professionals met in a conference lounge and chatted about how so much duplicative, redundant open source license compliance work was being done inefficiently in the software supply chain simply. They realized that while each company did the same work behind the scenes in a different manner the output for downstream recipients could not realistically be relied on because there was no visibility into the process that generated the output.
The answer the early principles of this discussion arrived at was to standardize open source compliance, make it transparent and build trust across the ecosystem. The project began as outreach to the community with the idea of a new standard for open source license compliance with slides titled, “When Conformity is Innovative.” A growing community quickly recognized the value of this approach and contributed to the nascent collaboration soon named The OpenChain Project.