Cybellum, a leader in embedded product security and license compliance management for mission critical industries, is the latest vendor to join the OpenChain Project partner program.
Their engagement will focus on raising awareness among user companies regarding open-source license compliance and security, while ensuring they have freedom of choice when considering commercial automation solutions around ISO/IEC 5230 conformance activities. ISO/IEC 5230 is the International Standard for open-source license compliance.
“Cybellum has been actively supporting automotive, medical-device and industrial IoT manufacturers with automation around security and compliance of their products,” says Shane Coughlan, OpenChain General Manager. “We look forward to collaborating with Cybellum in raising awareness and in providing support as companies around the world integrate ISO/IEC 5230 into their supply chains. We also invite companies to engage with the OpenChain Project directly via our regular calls, mailing list and events.”
“With the current software supply chain security challenges, organizations like OpenChain are a key for proper collaboration across the value chain, especially when representing a software bill of materials. We’re thrilled to join OpenChain, which is widely adopted by the industry and will be the driving force for creating a quality open-source compliance program within organizations” says Slava Bronfman, CEO of Cybellum.
Cybellum empowers connected device manufacturers and their suppliers to identify and remediate security risks at scale, throughout the entire product life cycle. Our agentless solution scans embedded software components without needing access to their source code, exposing all cyber vulnerabilities. Manufacturers can then take immediate actions and eliminate any cyber risk in the development and production process, before any harm is done, while continuously monitoring for emerging threats impacting product in operational use. Read more at www.cybellum.com
About the OpenChain Project
OpenChain began when a group of open-source compliance professionals met in a conference lounge and chatted about how so much duplicative, redundant open-source license compliance work was being done inefficiently in the software supply chain simply. They realized that while each company did the same work behind the scenes in a different manner the output for downstream recipients could not realistically be relied on because there was no visibility into the process that generated the output.
The answer the early principles of this discussion arrived at was to standardize open-source compliance, make it transparent and build trust across the ecosystem. The project began as outreach to the community with the idea of a new standard for open-source license compliance with slides titled, “When Conformity is Innovative.” A growing community quickly recognized the value of this approach and contributed to the nascent collaboration soon named The OpenChain Project.