A Recap of the OpenChain Project

The OpenChain Project is an initiative from the Linux Foundation to define the key requirements of a quality open source compliance program. It identifies inflection points based on the experience of hundreds of user companies that are known to be essential for effective process management. The project is a pragmatic initiative that seeks to ensure a reasonable balance between fidelity and real world applicability across multiple industry segments and across companies of dissimilar size. The outcome, based on four years of intense collaboration, is an industry standard that is short (12 pages), simple (everyday language) and non-prescriptive (it identifies where a process should exist rather than prescribing the content of that process).

The OpenChain industry standard for open source compliance is ultimately targeted at improving license compliance across the global supply chain. By empowering individual companies to establish quality open source compliance programs it inherently creates a situation where links in the supply chain can be trusted more easily. This simply approach has touched a nerve with companies in diverse sectors around the world and lead to active collaboration in global work groups, regional work groups and via multiple general and focused mailing lists.

As an international project fostering an international standard, OpenChain has an intuitive approach to fostering local engagement while ensuring global knowledge-sharing. Each country work group, some consisting of 100 or more companies, operates in its own language and at a meeting schedule of its own choosing — whether that is monthly, bi-monthly or quarterly. The outcomes of each significant work group event or activity is then shared to the global groups via email or bi-weekly calls. The dissemination of effective reference and guidance material based on this approach has been exceptional. While initially primarily English to other languages, these days knowledge artifacts are shared outwards from origins in Japanese, Chinese, German, Vietnamese and many more languages.

The core of the OpenChain Project is the specification, or industry standard, for quality open source compliance programs. All other activities work to support this based on community feedback, with a conceptual split between reference materials such as example process content or fully-formed training course, and tools or services to directly assist adoption. The most frequently used service is our web and print material to enable self-certification to the industry standard. These take the form of yes or no questions that quickly identify if the appropriate processes, policies or training are in place at critical inflection points. Beyond pure self-certification these services also help companies quickly identify where resources can be most usefully and effectively applied in their program.

As a mature industry standard there is also support for independent compliance assessments or third party certification from official partners such as CMS and GTC law firms, PwC and TUV Sud auditors, and many more. The goal of this activity, as with all other aspects of the OpenChain Project, is to provide greater efficiency and effectiveness for open source user companies with respect to licensing.

Learn more: https://www.openchainproject.org/