The Linux Foundation Projects
Skip to main content

Our vision is a supply chain where open source is delivered with trusted and
consistent process management information.

Our mission is to make that happen.

  1. We maintain the ISO/IEC standards for open source license compliance and security assurance;
  2. We provide reference material for these standards and broader open source management;
  3. And we have a support network to help organizations manage open source more effectively.

OpenChain has an extensive global community of over 1,000 companies collaborating to make the supply chain more trusted, more effective and more efficient. Everyone is invited to be part of what we do. There are no restrictions to join our mailing lists, our calls and most of our events.

OpenChain is also a gateway into the larger governance and management ecosystem for open source. We work with our sister projects at The Linux Foundation like SPDX (SBOM), OpenSSF (Security), TODO Group (OSPO) and CHAOSS (Metrics) to improve business management of open source. Examples include collaboration with OpenSSF on the Global Cyber Policy Working Group and integration with the Open Source Project Security Baseline (OSPS Baseline), or with TODO Group for OSPOlogy Live events.

You can learn more n our Frequent Questions page.

We Maintain Standards:

OpenChain ISO/IEC 5230

The international standard for open source license compliance programs

OpenChain ISO/IEC 18974

The industry standard for open source security assurance programs

Example Organizations Using Our Standards:

Did you know…
31% of large German companies already use or plan to adopt OpenChain ISO/IEC 5230

Source: PwC

We Help With Adoption:

Whether you want to adopt the industry standard processes for open source license compliance or open source security assurance, we are here to help. The OpenChain Project provides free, simple checklists to help you self-certify for ISO/IEC 5230 (license compliance) or ISO/IEC 18974 (security assurance). These are suitable for organizations or projects of all sizes in any industrial sector.

We Also Develop Best Practices:

We understand that implementation can be a challenge for any process. While our standards do not dictate that you follow one implementation path, we have worked with our community for many years to provide you with plenty of examples. These are designed to help support and inspire your journey to more effective open source management.

We have an extensive library covering everything from making an open source policy to training staff…and even around advanced topics like maturity modeling. It’s all free.