SlideShare a Scribd company logo
How do I trust my open source supply chain?
Context
2
1400+
Members From
41 Countries
80%
of Fortune 100
Tech & Telecom
35,000+
Developers
Contributing Code
170+
Open Source
Projects
$16B
Shared
Value
This is the Linux Foundation
Open Compliance Program Solutions
Processes
Bill of Materials
Tooling
https://compliance.linuxfoundation.org/
SPS
SPDX Tools
4
The OpenChain Project defines the key requirements of
a quality open source compliance program.
outbound
upstream downstream
inbound
Training
Policy
Process
OpenChain Defines Inflection Points
Result: Predictable B2B Compliance Activity
9
Example Conformant Organizations
• Main List (3,700+ participants)
• GitHub (105+ participants)
• Automotive (115+ participants)
• Reference Tooling (160+ participants)
• China (105+ participants)
• Japan (190+ participants)
• Korea (40+ participants)
• Taiwan (40+ participants)
• India (40+ participants)
• Germany (30+ participants)
Work Groups + Lists + GitHub
Our Online Self-Certification Questionnaire
12
Comprehensive Reference Material
13
14
Partner Program
15
Partner Program
16
Partner Program
17
Partner Program
18
Global Third-Party Certification
OpenChain in ISO – Formal Standardization
The OpenChain Project has submitted our specification to ISO via
Publicly Available Specification (PAS) in Joint Technical Committee 1
(JTC-1). The ISO submission is available at:
• https://wiki.linuxfoundation.org/_media/openchain/openchainsp
ec-2.1.draft.pdf
Working in partnership with in partnership with Joint Development
Foundation we expect to become a formal standard in Q3 2020.
The OpenChain standard can be met by:
Self-Certification
Independent Compliance Assessment
Third Party Certification
Freedom of Choice for Customers and Suppliers
Self-Certification is at the heart of the OpenChain
industry standard. Companies can access a series of
yes/no questions to determine if they have
implemented the key requirements of a quality open
source compliance program. These questions can be
found here:
https://certification.openchainproject.org
Self-Certification
Independent Compliance Assessment works in the
same was as the Independent Assessments in other
standards. An independent party such as a law firm,
consultancy or accounting firm reviews the product of
an OpenChain Self-Assessment and offers guidance on
whether they perceive it as complete.
Independent Compliance Assessment
Third-Party Certification is a process whereby a
certification authority guides a company through an
OpenChain Conformance Process. The certification
authority then issues a formal certification document.
This activity maps precisely to the forms of third-party
certification observed around automotive,
infrastructure and similar fields.
Third-Party Certification
The OpenChain industry standard has been carefully
designed by user companies to identify the inflection
points where a process, policy or training should be
implemented in an open source compliance program.
Our experience shows that self-certification is an
effective method of reducing risk and increasing
efficiency. That said, the choice of self-certification,
independent compliance assessment or third-party
certification depends on each business sector and
customer base. We seek to provide freedom of choice.
OpenChain is run by user companies for user
companies. This companies are collaborating to create
clear, shared and effective approaches to managing
open source code.
Be Part of This
Join the community:
https://www.openchainproject.org/community
Self-Certify or Health Check an organization:
https://certification.openchainproject.org
scoughlan@linuxfoundation.org
www.openchainproject.org

More Related Content

What's hot

Great Open Source Compliance for Everyone - Version 6
Great Open Source Compliance for Everyone - Version 6Great Open Source Compliance for Everyone - Version 6
Great Open Source Compliance for Everyone - Version 6
Shane Coughlan
 
Shift-left Testing for Continuous Delivery of Quality and Value at Speed
Shift-left Testing for Continuous Delivery of Quality and Value at SpeedShift-left Testing for Continuous Delivery of Quality and Value at Speed
Shift-left Testing for Continuous Delivery of Quality and Value at Speed
Cigniti Technologies Ltd
 
World quality report 2018 19
World quality report 2018 19World quality report 2018 19
World quality report 2018 19
Enov8
 
Softcrylic_CIO_Review
Softcrylic_CIO_ReviewSoftcrylic_CIO_Review
Softcrylic_CIO_Review
Sundar Sritharan
 
Code4Health, pop up uni, 2pm, 2 september 2015
Code4Health, pop up uni, 2pm, 2 september 2015Code4Health, pop up uni, 2pm, 2 september 2015
Code4Health, pop up uni, 2pm, 2 september 2015
NHS England
 
COSMIC Annual Report 2014
COSMIC Annual Report 2014COSMIC Annual Report 2014

What's hot (6)

Great Open Source Compliance for Everyone - Version 6
Great Open Source Compliance for Everyone - Version 6Great Open Source Compliance for Everyone - Version 6
Great Open Source Compliance for Everyone - Version 6
 
Shift-left Testing for Continuous Delivery of Quality and Value at Speed
Shift-left Testing for Continuous Delivery of Quality and Value at SpeedShift-left Testing for Continuous Delivery of Quality and Value at Speed
Shift-left Testing for Continuous Delivery of Quality and Value at Speed
 
World quality report 2018 19
World quality report 2018 19World quality report 2018 19
World quality report 2018 19
 
Softcrylic_CIO_Review
Softcrylic_CIO_ReviewSoftcrylic_CIO_Review
Softcrylic_CIO_Review
 
Code4Health, pop up uni, 2pm, 2 september 2015
Code4Health, pop up uni, 2pm, 2 september 2015Code4Health, pop up uni, 2pm, 2 september 2015
Code4Health, pop up uni, 2pm, 2 september 2015
 
COSMIC Annual Report 2014
COSMIC Annual Report 2014COSMIC Annual Report 2014
COSMIC Annual Report 2014
 

Similar to A Brief Introduction to OpenChain - May 2020

Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply Chain
Shane Coughlan
 
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...Open Source in ISO Building the First LF Standard in Fourteen Years and What ...
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...
Shane Coughlan
 
A Brief Introduction to OpenChain - February 2020
A Brief Introduction to OpenChain - February 2020A Brief Introduction to OpenChain - February 2020
A Brief Introduction to OpenChain - February 2020
Shane Coughlan
 
OpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case StudiesOpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case Studies
Shane Coughlan
 
OpenAthens Conference 2018 - Don Thibeau - OpenID Connect
OpenAthens Conference 2018 - Don Thibeau - OpenID ConnectOpenAthens Conference 2018 - Don Thibeau - OpenID Connect
OpenAthens Conference 2018 - Don Thibeau - OpenID Connect
OpenAthens
 
Business Process Analysis and Insights COPIS
Business Process Analysis and Insights COPISBusiness Process Analysis and Insights COPIS
Business Process Analysis and Insights COPIS
Arthur L. Burris, Jr, MBA, BB
 
OpenChain 2.0 specification in a nutshell
OpenChain 2.0 specification in a nutshellOpenChain 2.0 specification in a nutshell
OpenChain 2.0 specification in a nutshell
SZ Lin
 
Whitepaper For Open Gp
Whitepaper For Open GpWhitepaper For Open Gp
Whitepaper For Open Gp
hansfrisvold
 
451 Sugarcrm Aslett
451 Sugarcrm Aslett451 Sugarcrm Aslett
451 Sugarcrm Aslett
Matthew Aslett
 
Colombia The Open Group
Colombia   The Open GroupColombia   The Open Group
Colombia The Open Group
Leonardo Octavio Ramirez Gonzalez
 
Top Software panies to Outsource.pdfTesting Com
Top Software panies to Outsource.pdfTesting ComTop Software panies to Outsource.pdfTesting Com
Top Software panies to Outsource.pdfTesting Com
Mindfire LLC
 
OpenChain Germany Work Group Meeting 1
OpenChain Germany Work Group Meeting 1OpenChain Germany Work Group Meeting 1
OpenChain Germany Work Group Meeting 1
Shane Coughlan
 
'Using OpenChain as a framework for M&A transactions'
'Using OpenChain as a framework for M&A transactions''Using OpenChain as a framework for M&A transactions'
'Using OpenChain as a framework for M&A transactions'
Shane Coughlan
 
Future audit analytics
Future audit analyticsFuture audit analytics
Future audit analytics
Jim Kaplan CIA CFE
 
OpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
OpenID Foundation Workshop at EIC 2018 - OpenID Certification UpdateOpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
OpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
MikeLeszcz
 
APP Academy: Distribute Your App Through Automation (October 13, 2014)
APP Academy: Distribute Your App Through Automation (October 13, 2014)APP Academy: Distribute Your App Through Automation (October 13, 2014)
APP Academy: Distribute Your App Through Automation (October 13, 2014)
Salesforce Partners
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
Paris Open Source Summit
 
OpenChain @ OSPOlogy.live Sweden 2022
OpenChain @ OSPOlogy.live Sweden 2022OpenChain @ OSPOlogy.live Sweden 2022
OpenChain @ OSPOlogy.live Sweden 2022
Shane Coughlan
 
Agile Practices for Transitioning to SAP S/4HANA®
Agile Practices for Transitioning to SAP S/4HANA® Agile Practices for Transitioning to SAP S/4HANA®
Agile Practices for Transitioning to SAP S/4HANA®
panayaofficial
 
ISO 27001:2013 IS audit plan - by software outsourcing company in india
 ISO 27001:2013  IS audit plan - by software outsourcing company in india ISO 27001:2013  IS audit plan - by software outsourcing company in india
ISO 27001:2013 IS audit plan - by software outsourcing company in india
iFour Consultancy
 

Similar to A Brief Introduction to OpenChain - May 2020 (20)

Free and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply Chain
 
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...Open Source in ISO Building the First LF Standard in Fourteen Years and What ...
Open Source in ISO Building the First LF Standard in Fourteen Years and What ...
 
A Brief Introduction to OpenChain - February 2020
A Brief Introduction to OpenChain - February 2020A Brief Introduction to OpenChain - February 2020
A Brief Introduction to OpenChain - February 2020
 
OpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case StudiesOpenChain Continual Improvement Case Studies
OpenChain Continual Improvement Case Studies
 
OpenAthens Conference 2018 - Don Thibeau - OpenID Connect
OpenAthens Conference 2018 - Don Thibeau - OpenID ConnectOpenAthens Conference 2018 - Don Thibeau - OpenID Connect
OpenAthens Conference 2018 - Don Thibeau - OpenID Connect
 
Business Process Analysis and Insights COPIS
Business Process Analysis and Insights COPISBusiness Process Analysis and Insights COPIS
Business Process Analysis and Insights COPIS
 
OpenChain 2.0 specification in a nutshell
OpenChain 2.0 specification in a nutshellOpenChain 2.0 specification in a nutshell
OpenChain 2.0 specification in a nutshell
 
Whitepaper For Open Gp
Whitepaper For Open GpWhitepaper For Open Gp
Whitepaper For Open Gp
 
451 Sugarcrm Aslett
451 Sugarcrm Aslett451 Sugarcrm Aslett
451 Sugarcrm Aslett
 
Colombia The Open Group
Colombia   The Open GroupColombia   The Open Group
Colombia The Open Group
 
Top Software panies to Outsource.pdfTesting Com
Top Software panies to Outsource.pdfTesting ComTop Software panies to Outsource.pdfTesting Com
Top Software panies to Outsource.pdfTesting Com
 
OpenChain Germany Work Group Meeting 1
OpenChain Germany Work Group Meeting 1OpenChain Germany Work Group Meeting 1
OpenChain Germany Work Group Meeting 1
 
'Using OpenChain as a framework for M&A transactions'
'Using OpenChain as a framework for M&A transactions''Using OpenChain as a framework for M&A transactions'
'Using OpenChain as a framework for M&A transactions'
 
Future audit analytics
Future audit analyticsFuture audit analytics
Future audit analytics
 
OpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
OpenID Foundation Workshop at EIC 2018 - OpenID Certification UpdateOpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
OpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
 
APP Academy: Distribute Your App Through Automation (October 13, 2014)
APP Academy: Distribute Your App Through Automation (October 13, 2014)APP Academy: Distribute Your App Through Automation (October 13, 2014)
APP Academy: Distribute Your App Through Automation (October 13, 2014)
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
 
OpenChain @ OSPOlogy.live Sweden 2022
OpenChain @ OSPOlogy.live Sweden 2022OpenChain @ OSPOlogy.live Sweden 2022
OpenChain @ OSPOlogy.live Sweden 2022
 
Agile Practices for Transitioning to SAP S/4HANA®
Agile Practices for Transitioning to SAP S/4HANA® Agile Practices for Transitioning to SAP S/4HANA®
Agile Practices for Transitioning to SAP S/4HANA®
 
ISO 27001:2013 IS audit plan - by software outsourcing company in india
 ISO 27001:2013  IS audit plan - by software outsourcing company in india ISO 27001:2013  IS audit plan - by software outsourcing company in india
ISO 27001:2013 IS audit plan - by software outsourcing company in india
 

More from Shane Coughlan

openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024
Shane Coughlan
 
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
Shane Coughlan
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
Shane Coughlan
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
Shane Coughlan
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
Shane Coughlan
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19
Shane Coughlan
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
Shane Coughlan
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
Shane Coughlan
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
Shane Coughlan
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06
Shane Coughlan
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06
Shane Coughlan
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09
Shane Coughlan
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group -  2024-01-17OpenChain Legal Work Group -  2024-01-17
OpenChain Legal Work Group - 2024-01-17
Shane Coughlan
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptx
Shane Coughlan
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
Shane Coughlan
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
Shane Coughlan
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics Slides
Shane Coughlan
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
Shane Coughlan
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
Shane Coughlan
 

More from Shane Coughlan (20)

openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024
 
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 
OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19OpenChain Monthly Meeting North America and Asia - 2024-03-19
OpenChain Monthly Meeting North America and Asia - 2024-03-19
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
 
AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06AI Study Group North America - Europe 2024-02-06
AI Study Group North America - Europe 2024-02-06
 
OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06OpenChain Monthly North America / Europe Call - 2024-02-06
OpenChain Monthly North America / Europe Call - 2024-02-06
 
OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09OpenChain Export Control Work Group 2024-01-09
OpenChain Export Control Work Group 2024-01-09
 
OpenChain Legal Work Group - 2024-01-17
OpenChain Legal Work Group -  2024-01-17OpenChain Legal Work Group -  2024-01-17
OpenChain Legal Work Group - 2024-01-17
 
Openchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptxOpenchain AI Study Group 2024-01-23.pptx
Openchain AI Study Group 2024-01-23.pptx
 
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...
 
Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023Maturity Models - Open Compliance Summit 2023
Maturity Models - Open Compliance Summit 2023
 
OpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics SlidesOpenChain Annual Report 2023 - Key Metrics Slides
OpenChain Annual Report 2023 - Key Metrics Slides
 
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
 
FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
 

Recently uploaded

How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
ToXSL Technologies
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
Alberto Brandolini
 
YAML crash COURSE how to write yaml file for adding configuring details
YAML crash COURSE how to write yaml file for adding configuring detailsYAML crash COURSE how to write yaml file for adding configuring details
YAML crash COURSE how to write yaml file for adding configuring details
NishanthaBulumulla1
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
dakas1
 
Preparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging  a  Tech AgencyPreparing Non - Technical Founders for Engaging  a  Tech Agency
Preparing Non - Technical Founders for Engaging a Tech Agency
ISH Technologies
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
Green Software Development
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
kalichargn70th171
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
Grant Fritchey
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
Rakesh Kumar R
 
zOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL DifferenceszOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL Differences
YousufSait3
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
ShulagnaSarkar2
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
Project Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdfProject Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdf
Karya Keeper
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User ValidationCode KataHand Rolled Applicative User ValidationCode Kata
Hand Rolled Applicative User Validation Code Kata
Philip Schwarz
 
Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !
Marcin Chrost
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
XfilesPro
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
sjcobrien
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
Patrick Weigel
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Peter Muessig
 
All you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVMAll you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVM
Alina Yurenko
 

Recently uploaded (20)

How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
 
YAML crash COURSE how to write yaml file for adding configuring details
YAML crash COURSE how to write yaml file for adding configuring detailsYAML crash COURSE how to write yaml file for adding configuring details
YAML crash COURSE how to write yaml file for adding configuring details
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
 
Preparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging  a  Tech AgencyPreparing Non - Technical Founders for Engaging  a  Tech Agency
Preparing Non - Technical Founders for Engaging a Tech Agency
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
 
zOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL DifferenceszOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL Differences
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
Project Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdfProject Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdf
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User ValidationCode KataHand Rolled Applicative User ValidationCode Kata
Hand Rolled Applicative User Validation Code Kata
 
Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
 
All you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVMAll you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVM
 

A Brief Introduction to OpenChain - May 2020

  • 1. How do I trust my open source supply chain?
  • 2. Context 2 1400+ Members From 41 Countries 80% of Fortune 100 Tech & Telecom 35,000+ Developers Contributing Code 170+ Open Source Projects $16B Shared Value This is the Linux Foundation
  • 3. Open Compliance Program Solutions Processes Bill of Materials Tooling https://compliance.linuxfoundation.org/ SPS SPDX Tools
  • 4. 4
  • 5. The OpenChain Project defines the key requirements of a quality open source compliance program.
  • 7. Result: Predictable B2B Compliance Activity
  • 8.
  • 10. • Main List (3,700+ participants) • GitHub (105+ participants) • Automotive (115+ participants) • Reference Tooling (160+ participants) • China (105+ participants) • Japan (190+ participants) • Korea (40+ participants) • Taiwan (40+ participants) • India (40+ participants) • Germany (30+ participants) Work Groups + Lists + GitHub
  • 13. 13
  • 14. 14
  • 20. OpenChain in ISO – Formal Standardization The OpenChain Project has submitted our specification to ISO via Publicly Available Specification (PAS) in Joint Technical Committee 1 (JTC-1). The ISO submission is available at: • https://wiki.linuxfoundation.org/_media/openchain/openchainsp ec-2.1.draft.pdf Working in partnership with in partnership with Joint Development Foundation we expect to become a formal standard in Q3 2020.
  • 21. The OpenChain standard can be met by: Self-Certification Independent Compliance Assessment Third Party Certification Freedom of Choice for Customers and Suppliers
  • 22. Self-Certification is at the heart of the OpenChain industry standard. Companies can access a series of yes/no questions to determine if they have implemented the key requirements of a quality open source compliance program. These questions can be found here: https://certification.openchainproject.org Self-Certification
  • 23. Independent Compliance Assessment works in the same was as the Independent Assessments in other standards. An independent party such as a law firm, consultancy or accounting firm reviews the product of an OpenChain Self-Assessment and offers guidance on whether they perceive it as complete. Independent Compliance Assessment
  • 24. Third-Party Certification is a process whereby a certification authority guides a company through an OpenChain Conformance Process. The certification authority then issues a formal certification document. This activity maps precisely to the forms of third-party certification observed around automotive, infrastructure and similar fields. Third-Party Certification
  • 25. The OpenChain industry standard has been carefully designed by user companies to identify the inflection points where a process, policy or training should be implemented in an open source compliance program. Our experience shows that self-certification is an effective method of reducing risk and increasing efficiency. That said, the choice of self-certification, independent compliance assessment or third-party certification depends on each business sector and customer base. We seek to provide freedom of choice.
  • 26. OpenChain is run by user companies for user companies. This companies are collaborating to create clear, shared and effective approaches to managing open source code.
  • 27. Be Part of This Join the community: https://www.openchainproject.org/community Self-Certify or Health Check an organization: https://certification.openchainproject.org