THE LINUX FOUNDATION PROJECTS

This page describes the OpenChain standards and provides guidance on how to adopt them in companies with all sizes and sectors.

You can download the standards directly from OpenChain Github (free version). see below:

You can also download the standards directly from the ISO website (paid version).

ISO/IEC 5230

OpenChain ISO/IEC 5230 is the International Standard for open source license compliance. ISO/IEC 5230 helps organizations manage open source licensing requirements for past, current and future products or services.

ISO/IEC 5230 identifies:

  • The key places to have license compliance processes
  • How to assign roles and responsibilities
  • And how to ensure sustainability of the processes

ISO/IEC 5230 is lightweight, easy to read and is supported by our global community with free reference material and conformance resources.

ISO/IEC 18974

ISO/IEC 18974 is the International Standard for open source security assurance. ISO/IEC 18974 helps organizations check open source for known security vulnerability issues like CVEs, GitHub dependency alerts or package manager alerts.ISO/IEC 18974 is lightweight, easy to read and is supported by our global community with free reference material and conformance resources.

ISO/IEC 18974 identifies:

  • The key places to have security processes
  • How to assign roles and responsibilities
  • And how to ensure sustainability of the processes

How to Adopt These Standards

You can choose between self-certification (see the checklist below), independent assessment or third-party certification for either standard. Our recommendation is to start with self-certification and a narrowly-scoped program. We provide free short, simple checklists or questionnaires to do this with “yes” or “no” questions. If you can answer yes to everything in the forms below it means you are self-certified. If you answer no to a few questions, it means you can focus resources on key areas of process improvement.

Self Certification Checklist:

Third-Party Certification

Certification partner information: https://openchainproject.org/partners

How to Apply for OpenChain Conformance

If you would like to add your company to our list of conformant organisations, Please complete the online application form. 

Which companies have already adopted OpenChain Standards?

Till today, over 100+ companies have adopted OpenChain Standards, for more information, see here.

Q&A

If you have any questions, please contact support@openchainproject.org.

see our FQA page

 

 

 

 

 

 

 

 

 

 

 

 

 

OpenChain ISO/IEC 5230 is the International Standard for open source license compliance. ISO/IEC 18974 is the International Standard for open source security assurance. They are both suitable for companies of all sizes and in all sectors.

What is Open Source License Compliance? 

ISO/IEC 5230 helps organizations manage open source licensing requirements for past, current and future products or services.

ISO/IEC 5230 identifies:

  • The key places to have license compliance processes
  • How to assign roles and responsibilities
  • And how to ensure sustainability of the processes

ISO/IEC 5230 is lightweight, easy to read and is supported by our global community with free reference material and conformance resources.

See  ISO/IEC5230:2020

Open Source License Compliance Program 2.1

https://github.com/OpenChain-Project/License-Compliance-Specification/blob/968092c97da81a750f03c7b1becbd25bd088b2cb/Official/en/2.1/openchainspec-2.1.pdf 

What is Open Source Security Assurance?

ISO/IEC 18974 helps organizations check open source for known security vulnerability issues like CVEs, GitHub dependency alerts or package manager alerts.

ISO/IEC 18974 is lightweight, easy to read and is supported by our global community with free reference material and conformance resources.

ISO/IEC 18974 identifies:

  • The key places to have security processes
  • How to assign roles and responsibilities
  • And how to ensure sustainability of the processes

For detail, See ISO/IEC DIS 18974

Open Source Security Assurance Program 1.1 

https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/5bb0a024ce967720301bfa0e1d4d9e834690066d/Security-Assurance-Specification/ISO-18974/en/ISO-18974.md 

Also, you can get from Open Source Security Assurance from ISO organization as well, see https://www.iso.org/standard/86450.html

Note: the OpenChain version and the ISO version are functionally identical.
Conformance to one is the same as conformance to the other.

ISO/IEC DIS 18974 Checklist : https://github.com/OpenChain-Project/Reference-Material/blob/53c2d2122f3cede7668917e65ff194db77c26a0c/OpenChain-Standards-Self-Certification/Checklist/ISO-IEC-18974/en/iso-18974-2023-Self-Certification-Checklist.md 

ISO/IEC5230:2020 Checklist ISO/IEC 5230: 

https://github.com/OpenChain-Project/Reference-Material/blob/53c2d2122f3cede7668917e65ff194db77c26a0c/OpenChain-Standards-Self-Certification/Checklist/ISO-IEC-5230/en/iso-5230-2020-Self-Certification-Checklist.md  

Adopt ISO/IEC 5230:

 

The International Standard for Open Source License Compliance

 

Open Source License Compliance Specification ISO-5230-2020.md 

Get Independent Assessment or Third-Party Certification From Official Partners

This page provides an introduction to OpenChain’s ISO standards and guidance on how to adopt them.

ISO/IEC 5230:2020

Short Description:
[Add short description here]

Specification Link:
[Add link here]

ISO/IEC 18974

Short Description:
[Add short description here]

Specification Link:
[Add link here]

How to Adopt These Standards

If you can answer yes to everything in the forms below it means you are self-certified. If you answer no to a few questions, it means you can focus resources on key areas of process improvement.

You can choose between self-certification, independent assessment or third-party certification for either standard. Our recommendation is to start with self-certification and a narrowly-scoped program. We provide free short, simple checklists or questionnaires to do this with “yes” or “no” questions.

 

Self-Certification

ISO/IEC DIS 18974 Checklist : https://github.com/OpenChain-Project/Reference-Material/blob/53c2d2122f3cede7668917e65ff194db77c26a0c/OpenChain-Standards-Self-Certification/Checklist/ISO-IEC-18974/en/iso-18974-2023-Self-Certification-Checklist.md 

ISO/IEC5230:2020 Checklist ISO/IEC 5230: 

https://github.com/OpenChain-Project/Reference-Material/blob/53c2d2122f3cede7668917e65ff194db77c26a0c/OpenChain-Standards-Self-Certification/Checklist/ISO-IEC-5230/en/iso-5230-2020-Self-Certification-Checklist.md  

Third-Party Certification

How to Apply for OpenChain Conformance

Please complete the online application form here:
The OpenChain Conformance Program Application can be found here.

https://form.asana.com/?k=4iN0MB11kbcaG5HLW4D_Ow&d=9283783873717

Add your company to our list of conformant organizations 

https://www.openchainproject.org/conformance-submission 

Compliance Support

If you have any compliance-related questions, please feel free to contact Mary Wang, Executive Director of the OpenChain Project, at:
mwang@linuxfoundation.org with Title ‘Questions for Adopting OpenChain ISO Standards’

More than 100 companies have adopted OpenChain ISO standards.
For more information, please visit:
[Add link here]

Improving ISO/IEC 5230

ISO/IEC 5230, the International Standard for open source license compliance, is available for everyone to review, adopt and to submit suggestions for improvement. We collect these comments on the ISO/IEC 5230 GitHub Repository. You can add your comments in the “Issues” section.

You can also send questions and feedback to to the OpenChain Project administration team if you prefer to remain anonymous.