OPENCHAIN CASE STUDY

Interneuron

Interneuron’s Approach to Open Source Compliance Management in Health Tech

Interneuron is a Community Interest Company (CIC) in the U.K. focused on building, developing, and deploying software specifically for the healthcare IT industry. The company’s singular focus is creating high-value software applications that serve the best interest of patients in need of health and social care services

ORGANIZATIONS:

  • Community Interest Company (CIC) – a Not for profit
  • focused on building, developing, and deploying software specifically for the healthcare IT industry
  • Everything developed by Interneuron will be open source and is specified in their articles of association

CHALLENGES:

  • Overcoming perception that traditional proprietary software is the least risky option
  • Enable 100% transparency of the use of third party open source
  • Decrease the knowledge gap around measuring open source quality and effectiveness including IP and security vulnerability management in a clinical environment

SOLUTION:

  • Building oversight and governance by design
  • Empowering and motivating developers to be responsible for complying with company guidelines
  • Education – Company wide knowledge sharing of controlled used of open source
    • Ensure license obligations are met
    • IP is respected
    • Secure by design
  • Underpinned by a managed service from OpenChain Partner Source Code Control

BENEFITS:

  • Transparent demonstration of quality assurance; unachievable by proprietary solutions
  • Automated tracking third party open source software components for both licensing and security vulnerabilities
  • Decreased patent and licensing risks
  • Remove barriers from purchasing decisions, creating competitive advantage and differentiation
  • Secure and compliant by design

“The most exciting thing about the OpenChain Standard is how it helps companies of all sizes to contextualize and improve open source compliance,” says Shane Coughlan, OpenChain General Manager. “One of our key goals is to ensure not only that doing so is fast and efficient, but that it also furthers the business goals of every organization. We are delighted with Interneuron’s engagement with the OpenChain community and we are grateful to our partners at Source Code Control for fostering this valuable relationship.”

ORGANIZATION
Founded in 2017, Interneuron is a different kind of health+care IT organisation. What makes Interneuron different is their purpose: unlike typical Limited Companies (Ltd), Interneuron is a Community Interest Company (CIC) that exists primarily for the benefit of those in need of health and social care services and not for the profit of any shareholders. The decision to open source all of their developments was taken during the formation of the company and is a key part of their Articles of Association.

CHALLENGES
From the outset, one of the biggest challenges for Interneuron was convincing organizations to adopt their solutions and build trust in the Open Source Software supply chain. The lack of understanding of Open Source software solutions and the incorrect assumption that closed source solutions are more secure is driven by both technical and procurement stakeholders. The challenge for Interneuron was how to transparently display the benefits and prove that our solutions are controlled and managed and therefore the risk is minimised.

Interneuron turned to Source Code Control for guidance — a company that specializes in creating the right processes for organizations looking to manage open source throughout the software supply chain. Source Code Control recommended Interneuron become OpenChain Conformant through the Linux Foundation. As an OpenChain Conformant company, Interneuron demonstrates to customers and prospects:

SOLUTION
Interneuron had limited experience and knowledge about how to manage open source software and demonstrate to prospective customers, prospects and partners they their Quality Assurance include management of open source licensing obligations and tracking for security vulnerabilities in third party open source components, libraries and dependencies their developers leverage to build solutions.

Interneuron turned to solution provider Source Code Control Limited for advice and guidance. They then embarked on a journey leading to OpenChain conformance.

This journey started with education. Every employee attending Source Code Control’s “Get it Right With Open Source Software” course which is based on the OpenChain Curriculum. This provided a consistent knowledge across the organisation of the importance of managing their open source software supply chain and how this will be achieved.

Now Interneuron are able to transparently demonstrate to their customers they are controlling their software supply chain and are complying with the obligations of third party open source software licenses in line with the overall licensing model of the software and services they are delivering.

“OpenChain conformance benefits our whole organization – from developers onboarding and releasing their first FOSS products, through to the implementation team building trust and confidence with our customers,” says Matt Conway, CTO of Interneuron. “OpenChain conformance demonstrates to all Interneuron’s commitment to delivering enterprise level open source solutions with quality management and security at the heart of our development processes.”

BENEFITS
Quality, consistent open source compliance and risk management.
Through automated tracking and management of copyrights, license compliance, policy management, reporting, and security vulnerability management, Interneuron provides complete transparency to its Open Source Software use for customers and prospective clients

Accountability for security and compliance
OpenChain Partner support from Source Code Control Limited provides ongoing training and support for both existing and new software developers. Issues and problems in the development lifecycle are quickly identified and covered in training, enhancing the accountability for who is executing and deploying a build, as well as the overall level of compliance and security output.

OpenChain Conformance
Managed Services from Source Code Control Limited give Interneuron the needed rigor and control of their Open Source Software use, meeting all the requirements for OpenChain Conformance.

Higher quality code and more robust solutions
Interneuron has the confidence and ability to focus on developing quality by creating and inclusive environment for developers to self manage combined with support from Source Code Control Ltd ensure developers and engineers focus on high value tasks leading to higher quality applications.

FURTHER INFORMATION
https://interneuron.org
https://sourcecodecontrol.co

LINUX IS A REGISTERED TRADEMARK OF LINUS TORVALDS