Shane Coughlan, profile picture
Uploaded byShane Coughlan
PPTX, PDF316 views

A Brief Introduction to OpenChain - May 2020

The document discusses how to trust one's open source supply chain through the OpenChain Project. OpenChain defines the key requirements of a quality open source compliance program and provides several options for conforming to its industry standard, including self-certification, independent compliance assessment, and third-party certification. It aims to provide freedom of choice for customers and suppliers while reducing risk and increasing efficiency through clear, shared approaches to managing open source code.

Software
Related topics:
Supply Chain Insights

Embed presentation

Download to read offline
How do I trust my open source supply chain?
Context 2 1400+ Members From 41 Countries 80% of Fortune 100 Tech & Telecom 35,000+ Developers Contributing Code 170+ Open Source Projects $16B Shared Value This is the Linux Foundation
Open Compliance Program Solutions Processes Bill of Materials Tooling https://compliance.linuxfoundation.org/ SPS SPDX Tools
4
The OpenChain Project defines the key requirements of a quality open source compliance program.
outbound upstream downstream inbound Training Policy Process OpenChain Defines Inflection Points
Result: Predictable B2B Compliance Activity
9 Example Conformant Organizations
• Main List (3,700+ participants) • GitHub (105+ participants) • Automotive (115+ participants) • Reference Tooling (160+ participants) • China (105+ participants) • Japan (190+ participants) • Korea (40+ participants) • Taiwan (40+ participants) • India (40+ participants) • Germany (30+ participants) Work Groups + Lists + GitHub
Our Online Self-Certification Questionnaire
12 Comprehensive Reference Material
13
14
Partner Program 15
Partner Program 16
Partner Program 17
Partner Program 18
Global Third-Party Certification
OpenChain in ISO – Formal Standardization The OpenChain Project has submitted our specification to ISO via Publicly Available Specification (PAS) in Joint Technical Committee 1 (JTC-1). The ISO submission is available at: • https://wiki.linuxfoundation.org/_media/openchain/openchainsp ec-2.1.draft.pdf Working in partnership with in partnership with Joint Development Foundation we expect to become a formal standard in Q3 2020.
The OpenChain standard can be met by: Self-Certification Independent Compliance Assessment Third Party Certification Freedom of Choice for Customers and Suppliers
Self-Certification is at the heart of the OpenChain industry standard. Companies can access a series of yes/no questions to determine if they have implemented the key requirements of a quality open source compliance program. These questions can be found here: https://certification.openchainproject.org Self-Certification
Independent Compliance Assessment works in the same was as the Independent Assessments in other standards. An independent party such as a law firm, consultancy or accounting firm reviews the product of an OpenChain Self-Assessment and offers guidance on whether they perceive it as complete. Independent Compliance Assessment
Third-Party Certification is a process whereby a certification authority guides a company through an OpenChain Conformance Process. The certification authority then issues a formal certification document. This activity maps precisely to the forms of third-party certification observed around automotive, infrastructure and similar fields. Third-Party Certification
The OpenChain industry standard has been carefully designed by user companies to identify the inflection points where a process, policy or training should be implemented in an open source compliance program. Our experience shows that self-certification is an effective method of reducing risk and increasing efficiency. That said, the choice of self-certification, independent compliance assessment or third-party certification depends on each business sector and customer base. We seek to provide freedom of choice.
OpenChain is run by user companies for user companies. This companies are collaborating to create clear, shared and effective approaches to managing open source code.
Be Part of This Join the community: https://www.openchainproject.org/community Self-Certify or Health Check an organization: https://certification.openchainproject.org
scoughlan@linuxfoundation.org www.openchainproject.org

More Related Content

PPTX
A Brief Introduction to OpenChain - May 2020 - Update1
byShane Coughlan
 
PPTX
A Brief Introduction to OpenChain - June 2020
byShane Coughlan
 
PPTX
OpenChain at ISO WG21 2020 Plenary - 9th June
byShane Coughlan
 
PPTX
A Brief Introduction to OpenChain - July 2020
byShane Coughlan
 
PPTX
OpenChain as a Standard
byShane Coughlan
 
PPTX
Great Open Source Compliance For Everyone - Version 11
byShane Coughlan
 
PPTX
OpenChain: Great Open Source Compliance for Everyone (Version 7)
byShane Coughlan
 
PDF
Processes Missing from OpenChain
byShane Coughlan
 
A Brief Introduction to OpenChain - May 2020 - Update1
byShane Coughlan
 
A Brief Introduction to OpenChain - June 2020
byShane Coughlan
 
OpenChain at ISO WG21 2020 Plenary - 9th June
byShane Coughlan
 
A Brief Introduction to OpenChain - July 2020
byShane Coughlan
 
OpenChain as a Standard
byShane Coughlan
 
Great Open Source Compliance For Everyone - Version 11
byShane Coughlan
 
OpenChain: Great Open Source Compliance for Everyone (Version 7)
byShane Coughlan
 
Processes Missing from OpenChain
byShane Coughlan
 

What's hot

PPTX
Great Open Source Compliance for Everyone - Version 6
byShane Coughlan
 
PPTX
Shift-left Testing for Continuous Delivery of Quality and Value at Speed
byCigniti Technologies Ltd
 
PDF
World quality report 2018 19
byEnov8
 
PDF
Softcrylic_CIO_Review
bySundar Sritharan
 
PDF
Code4Health, pop up uni, 2pm, 2 september 2015
byNHS England
 
PDF
COSMIC Annual Report 2014
byCOSMIC - Common Software Measurement International Consortium
 
Great Open Source Compliance for Everyone - Version 6
byShane Coughlan
 
Shift-left Testing for Continuous Delivery of Quality and Value at Speed
byCigniti Technologies Ltd
 
World quality report 2018 19
byEnov8
 
Softcrylic_CIO_Review
bySundar Sritharan
 
Code4Health, pop up uni, 2pm, 2 september 2015
byNHS England
 
COSMIC Annual Report 2014
byCOSMIC - Common Software Measurement International Consortium
 

Similar to A Brief Introduction to OpenChain - May 2020

PPTX
Free and Open Source Software - Challenges for the Automotive Supply Chain
byShane Coughlan
 
PPTX
A Brief Introduction to OpenChain - February 2020
byShane Coughlan
 
PPTX
Great Open Source Compliance For Everyone - Version 9
byShane Coughlan
 
PPTX
Great Open Source Compliance For Everyone - Version 8
byShane Coughlan
 
PDF
OpenChain @ OSPOlogy.live Sweden 2022
byShane Coughlan
 
PPTX
Introduction to OpenChain and the Role of Compliance in a Strong Governance P...
byShane Coughlan
 
PDF
OpenChain: Giving everyone access to open source best practices - version 3
byShane Coughlan
 
PPTX
Great Open Source Compliance For Everyone - Version 5
byShane Coughlan
 
PDF
OpenChain Global Update @ Open Source Tech Day 2025
byShane Coughlan
 
PPTX
OpenChain Japan Work Group Meeting #28 - 2023-07-11
byShane Coughlan
 
PPTX
Great Open Source Compliance For Everyone (Version 3)
byShane Coughlan
 
PPTX
OpenChain Taiwan Meeting #2: A Brief Introduction to OpenChain
byShane Coughlan
 
PDF
OpenChain at EOLE 2017
byShane Coughlan
 
PPTX
OpenChain Germany Work Group Meeting 1
byShane Coughlan
 
PPTX
OpenChain @ InnerSource Summit 2024 - 2024-11-20
byShane Coughlan
 
PDF
Update on OpenChain: now we really begin
byShane Coughlan
 
PDF
OpenChain: Effective Business Leadership Using Open Source Software
byShane Coughlan
 
PDF
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
byFINOS
 
PPTX
Standardization of open-source software ISO/IEC 5230:2020 and ISO/IEC 18974:2...
byShane Coughlan
 
PPTX
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
byShane Coughlan
 
Free and Open Source Software - Challenges for the Automotive Supply Chain
byShane Coughlan
 
A Brief Introduction to OpenChain - February 2020
byShane Coughlan
 
Great Open Source Compliance For Everyone - Version 9
byShane Coughlan
 
Great Open Source Compliance For Everyone - Version 8
byShane Coughlan
 
OpenChain @ OSPOlogy.live Sweden 2022
byShane Coughlan
 
Introduction to OpenChain and the Role of Compliance in a Strong Governance P...
byShane Coughlan
 
OpenChain: Giving everyone access to open source best practices - version 3
byShane Coughlan
 
Great Open Source Compliance For Everyone - Version 5
byShane Coughlan
 
OpenChain Global Update @ Open Source Tech Day 2025
byShane Coughlan
 
OpenChain Japan Work Group Meeting #28 - 2023-07-11
byShane Coughlan
 
Great Open Source Compliance For Everyone (Version 3)
byShane Coughlan
 
OpenChain Taiwan Meeting #2: A Brief Introduction to OpenChain
byShane Coughlan
 
OpenChain at EOLE 2017
byShane Coughlan
 
OpenChain Germany Work Group Meeting 1
byShane Coughlan
 
OpenChain @ InnerSource Summit 2024 - 2024-11-20
byShane Coughlan
 
Update on OpenChain: now we really begin
byShane Coughlan
 
OpenChain: Effective Business Leadership Using Open Source Software
byShane Coughlan
 
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
byFINOS
 
Standardization of open-source software ISO/IEC 5230:2020 and ISO/IEC 18974:2...
byShane Coughlan
 
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
byShane Coughlan
 

More from Shane Coughlan

PPTX
OpenChain presentation at LF Legal Summit 2025
byShane Coughlan
 
PPTX
OpenChain at Okinawa Event on the 4th of December 2025
byShane Coughlan
 
PPTX
The OpenChain China Mini-Summit at COSCON 2025
byShane Coughlan
 
PPTX
A Panel on Containers and Compliance Hosted by Chris Wood, OpenChain Specifi...
byShane Coughlan
 
PDF
EU Regulation and the FOSS Ecosystem - Ciarán OʼRiordan
byShane Coughlan
 
PDF
Introduction to the European Union Cyber Resilience Act (CRA)
byShane Coughlan
 
PDF
SBOM Document Quality Guide - OpenChain SBOM Study Group
byShane Coughlan
 
PPTX
Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...
byShane Coughlan
 
PPTX
Operations Profile SPDX_Update_20250711_Example_05_03.pptx
byShane Coughlan
 
PDF
The 3rd OSPO Summit - China (Beijing - 2025-06-12)
byShane Coughlan
 
PPTX
OpenChain Korea Work Group Meeting - 2025-06-16
byShane Coughlan
 
PPTX
OpenChain Tooling Work Group - 2025-07-02
byShane Coughlan
 
PPTX
OpenChain @ OSS NA - In From the Cold: Open Source as Part of Mainstream Soft...
byShane Coughlan
 
PPTX
In From the Cold: Open Source as Part of Mainstream Software Asset Management
byShane Coughlan
 
PPTX
Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...
byShane Coughlan
 
PDF
Open Chain Q2 Steering Committee Meeting - 2025-06-25
byShane Coughlan
 
PDF
OpenChain Webinar - AboutCode - Practical Compliance in One Stack – Licensing...
byShane Coughlan
 
PPTX
OpenChain China Work Group – Regular Meeting 3 – 2024-11-29 @ 14:00 to 17:30
byShane Coughlan
 
PPTX
OpenChain Korea Work Group Meeting #24 - 2024-11-26
byShane Coughlan
 
PDF
Compliance and Integrity in the Software Supply Chain with Software Heritage:...
byShane Coughlan
 
OpenChain presentation at LF Legal Summit 2025
byShane Coughlan
 
OpenChain at Okinawa Event on the 4th of December 2025
byShane Coughlan
 
The OpenChain China Mini-Summit at COSCON 2025
byShane Coughlan
 
A Panel on Containers and Compliance Hosted by Chris Wood, OpenChain Specifi...
byShane Coughlan
 
EU Regulation and the FOSS Ecosystem - Ciarán OʼRiordan
byShane Coughlan
 
Introduction to the European Union Cyber Resilience Act (CRA)
byShane Coughlan
 
SBOM Document Quality Guide - OpenChain SBOM Study Group
byShane Coughlan
 
Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...
byShane Coughlan
 
Operations Profile SPDX_Update_20250711_Example_05_03.pptx
byShane Coughlan
 
The 3rd OSPO Summit - China (Beijing - 2025-06-12)
byShane Coughlan
 
OpenChain Korea Work Group Meeting - 2025-06-16
byShane Coughlan
 
OpenChain Tooling Work Group - 2025-07-02
byShane Coughlan
 
OpenChain @ OSS NA - In From the Cold: Open Source as Part of Mainstream Soft...
byShane Coughlan
 
In From the Cold: Open Source as Part of Mainstream Software Asset Management
byShane Coughlan
 
Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...
byShane Coughlan
 
Open Chain Q2 Steering Committee Meeting - 2025-06-25
byShane Coughlan
 
OpenChain Webinar - AboutCode - Practical Compliance in One Stack – Licensing...
byShane Coughlan
 
OpenChain China Work Group – Regular Meeting 3 – 2024-11-29 @ 14:00 to 17:30
byShane Coughlan
 
OpenChain Korea Work Group Meeting #24 - 2024-11-26
byShane Coughlan
 
Compliance and Integrity in the Software Supply Chain with Software Heritage:...
byShane Coughlan
 

Recently uploaded

PDF
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
PDF
Transforming Compliance Through Policy & Procedure Management
byInsurance Tech Services
 
PDF
First Semester BCA Fundamentals of Computers – Solved Question Paper (Kuvempu...
byKuvempu University
 
PDF
Ch2 -ENG.pdf COMPUTER ARCHITECTURE L2 INFO
byrogase8895
 
PPTX
Binance Smart Chain Development Guide.pptx
bylakshubadai
 
PDF
Licensing for Software-as-a-Service (SaaS)
byteam-WIBU
 
PPTX
Modern Claims Automation Solutions for Operational Agility
byInsurance Tech Services
 
PDF
PeopleSoft Lift and Shift to Oracle Cloud Infrastructure.pdf
byAstuteBusiness
 
PDF
Blueprint to build quality before the code exists - StackConnect Milan 2025
byLudovicoBesana1
 
PDF
How Does AI Improve Location-Based Mobile App Development for Businesses.pdf
byNet-Craft.com
 
PDF
From Boroughs to Browsers: Naresh Ramaiya’s Digital Journey
bynareshramaiyaus
 
PDF
Integrating Risk Buffers Into Your Critical Path When & How
byOrangescrum
 
PDF
Influence Without Power - Why Empathy is Your Best Friend.pdf
bySuzanne Lagerweij
 
PDF
Anchore Enterprise Q4 2025 Release Webinar
byAnchore
 
PPTX
SAP SOD Management for Secure & Compliant Access | s4access
bydigitalbacklinks123
 
PPTX
Reimagining Service with AI Voice Agents | Webinar
byCEPTES Software
 
PPTX
AI Clinic Management Software for Otolaryngology Clinics Bringing Precision, ...
byEasy Clinic
 
PPTX
Magnet-AXIOM_overview_tool_cyber_tool.pptx
byashishtjoseph
 
PDF
Code, Coins and Collaboration: How Open Source Shapes Modern Finance.
byDavid Okononfua
 
PPTX
Why Your Business Needs Snowflake Consulting_ From Data Silos to AI-Ready Cloud
byChetu
 
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
Transforming Compliance Through Policy & Procedure Management
byInsurance Tech Services
 
First Semester BCA Fundamentals of Computers – Solved Question Paper (Kuvempu...
byKuvempu University
 
Ch2 -ENG.pdf COMPUTER ARCHITECTURE L2 INFO
byrogase8895
 
Binance Smart Chain Development Guide.pptx
bylakshubadai
 
Licensing for Software-as-a-Service (SaaS)
byteam-WIBU
 
Modern Claims Automation Solutions for Operational Agility
byInsurance Tech Services
 
PeopleSoft Lift and Shift to Oracle Cloud Infrastructure.pdf
byAstuteBusiness
 
Blueprint to build quality before the code exists - StackConnect Milan 2025
byLudovicoBesana1
 
How Does AI Improve Location-Based Mobile App Development for Businesses.pdf
byNet-Craft.com
 
From Boroughs to Browsers: Naresh Ramaiya’s Digital Journey
bynareshramaiyaus
 
Integrating Risk Buffers Into Your Critical Path When & How
byOrangescrum
 
Influence Without Power - Why Empathy is Your Best Friend.pdf
bySuzanne Lagerweij
 
Anchore Enterprise Q4 2025 Release Webinar
byAnchore
 
SAP SOD Management for Secure & Compliant Access | s4access
bydigitalbacklinks123
 
Reimagining Service with AI Voice Agents | Webinar
byCEPTES Software
 
AI Clinic Management Software for Otolaryngology Clinics Bringing Precision, ...
byEasy Clinic
 
Magnet-AXIOM_overview_tool_cyber_tool.pptx
byashishtjoseph
 
Code, Coins and Collaboration: How Open Source Shapes Modern Finance.
byDavid Okononfua
 
Why Your Business Needs Snowflake Consulting_ From Data Silos to AI-Ready Cloud
byChetu
 

A Brief Introduction to OpenChain - May 2020

  • 1.
    How do Itrust my open source supply chain?
  • 2.
    Context 2 1400+ Members From 41 Countries 80% ofFortune 100 Tech & Telecom 35,000+ Developers Contributing Code 170+ Open Source Projects $16B Shared Value This is the Linux Foundation
  • 3.
    Open Compliance ProgramSolutions Processes Bill of Materials Tooling https://compliance.linuxfoundation.org/ SPS SPDX Tools
  • 4.
  • 5.
    The OpenChain Projectdefines the key requirements of a quality open source compliance program.
  • 6.
  • 7.
    Result: Predictable B2BCompliance Activity
  • 9.
  • 10.
    • Main List(3,700+ participants) • GitHub (105+ participants) • Automotive (115+ participants) • Reference Tooling (160+ participants) • China (105+ participants) • Japan (190+ participants) • Korea (40+ participants) • Taiwan (40+ participants) • India (40+ participants) • Germany (30+ participants) Work Groups + Lists + GitHub
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
    OpenChain in ISO– Formal Standardization The OpenChain Project has submitted our specification to ISO via Publicly Available Specification (PAS) in Joint Technical Committee 1 (JTC-1). The ISO submission is available at: • https://wiki.linuxfoundation.org/_media/openchain/openchainsp ec-2.1.draft.pdf Working in partnership with in partnership with Joint Development Foundation we expect to become a formal standard in Q3 2020.
  • 21.
    The OpenChain standardcan be met by: Self-Certification Independent Compliance Assessment Third Party Certification Freedom of Choice for Customers and Suppliers
  • 22.
    Self-Certification is atthe heart of the OpenChain industry standard. Companies can access a series of yes/no questions to determine if they have implemented the key requirements of a quality open source compliance program. These questions can be found here: https://certification.openchainproject.org Self-Certification
  • 23.
    Independent Compliance Assessmentworks in the same was as the Independent Assessments in other standards. An independent party such as a law firm, consultancy or accounting firm reviews the product of an OpenChain Self-Assessment and offers guidance on whether they perceive it as complete. Independent Compliance Assessment
  • 24.
    Third-Party Certification isa process whereby a certification authority guides a company through an OpenChain Conformance Process. The certification authority then issues a formal certification document. This activity maps precisely to the forms of third-party certification observed around automotive, infrastructure and similar fields. Third-Party Certification
  • 25.
    The OpenChain industrystandard has been carefully designed by user companies to identify the inflection points where a process, policy or training should be implemented in an open source compliance program. Our experience shows that self-certification is an effective method of reducing risk and increasing efficiency. That said, the choice of self-certification, independent compliance assessment or third-party certification depends on each business sector and customer base. We seek to provide freedom of choice.
  • 26.
    OpenChain is runby user companies for user companies. This companies are collaborating to create clear, shared and effective approaches to managing open source code.
  • 27.
    Be Part ofThis Join the community: https://www.openchainproject.org/community Self-Certify or Health Check an organization: https://certification.openchainproject.org
  • 28.