Featured

Background

The OpenChain Project frequently talks about how open source is more professionally managed, and how this helps make using open source quicker, more efficient and more effective across the supply chain.

What is Happening?

Today we take a huge step forward in supporting this evolution of maturity by releasing capability modeling as CC-0 (effectively public domain) to help companies around the world do open source license compliance and other types of compliance using the same approaches as the world’s best and most funded companies.

This model was developed by Orcro, DeLoitte and the rest of the community of contributors who make up the OpenChain Education Work Group.

Why?

Capacity or maturity modeling in Software Asset Management (SAM) plays a vital role in understanding an organization’s current state regarding SAM practices. Here’s a structured overview of its importance:

1. Assessment of Current Practices: It evaluates the organization’s existing SAM processes, identifying strengths and gaps that need attention.
2. Improved Decision-Making: By highlighting gaps, it enables informed decisions on software investments, tool acquisitions, and optimization strategies, enhancing efficiency and compliance.
3. Enhanced Efficiency and Compliance: A mature SAM practice can reduce redundant purchases, minimize license overuse, and mitigate audit risks, ensuring better management of assets.
4. Support for Open Source Management: It aids in managing open-source usage, ensuring compliance to avoid licensing issues, thereby facilitating innovation by allowing proper use and adaptation of open-source tools.
5. Facilitation of Open Innovation: In collaborative environments, it helps track external code usage, ensuring compliance and fostering better collaboration without legal risks.

In summary, capacity modeling is essential for establishing a robust SAM framework, enhancing operational efficiency, and supporting both open source management and open innovation, thereby driving organizational success.

Get the Model

We host the model in our Reference Library in GitHub. You can find it in a dedicated directory called “Capability-Maturity-Model” and you will find latest releases sorted by date.

Access and download it here:
https://github.com/OpenChain-Project/Reference-Material

You can also open GitHub issues with ideas, suggestions and bug-fixes:
https://github.com/OpenChain-Project/Reference-Material/issues

Contribute to Further Development

The Capability model was developed by the OpenChain Education Work Group after initial work through the OpenChain UK Work Group. You can participate in further development by joining the Education Work Group mailing list:
https://lists.openchainproject.org/g/education

You can also join our monthly call by checking out the calendar on our participation page:
https://openchainproject.org/participate

Please Note

This is reference material to help inspire individual organizations in their own development and use of models. It is not designed to be (a) legal advice, (b) assured to work in your context or (c) replace internal or third-party professional support and advice.

Korea Financial Telecommunications & Clearings Institute (KFTC), has announced an OpenChain ISO/IEC 5230 Conformant program. KFTC is a leading financial institution that provides essential infrastructure and services for the Korean financial industry.

To meet the requirements of the OpenChain ISO/IEC 5230:2020 standard, KFTC has implemented a comprehensive open source program within the organization. This includes establishing an Open Source Program Office (OSPO), enacting guidelines for open source utilization, and developing an in-house open source management platform. The platform automatically identifies open source components and licenses used in the software development lifecycle, providing guidance to employees.

“In today’s rapidly evolving IT landscape, characterized by AI, big data, and cloud computing technologies, leveraging open source software is not just beneficial—it’s essential,” said Lee Songwon, CIO of KFTC. “Based on our capabilities in open source utilization and management, KFTC will continue to foster a robust open source ecosystem through collaboration with other financial and public sector organizations across Korea.”

About KFTC (Korea Financial Telecommunications & Clearings Institute):

Korea Financial Telecommunications and Clearings Institute (KFTC), jointly founded by the Bank of Korea and commercial banks in 1986, has been a leading institution in developing and operating Korea’s national payment and settlement infrastructure. Over the years, KFTC has introduced various advanced payment systems, including the CD/ATM network and the Real-time Fund Transfer network. In the digital era, KFTC launched the Payment Gateway for e-commerce, Point of Sales (POS) networks for payment card transactions, and mobile payment networks. As the country transitioned to Open Finance, KFTC played a pivotal role in developing Korea’s Open Banking platform, enabling seamless and secure data sharing between financial institutions and fintech companies.

Learn more at https://eng.kftc.or.kr

About the OpenChain Project:

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation:

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

AVL List GmbH has announced an ISO/IEC 5230 conformant program.

About AVL

AVL is a world-leading technology company specialising in development, simulation and testing in the automotive industry and other sectors such as rail, marine and energy. Through extensive research, AVL delivers concepts, technology solutions, methodologies and development tools for sustainable, safe and advanced mobility and beyond.

AVL supports international partners and customers in sustainable and digital transformation, with a focus on electrification, software, AI and automation. AVL also supports companies in energy-intensive sectors on their way to green and efficient energy generation and supply.

For more information: www.avl.com

About the OpenChain Project

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Electronics and Telecommunications Research Institute of South Korea (ETRI) has announced recertification of their ISO/IEC 5230 conformant program. Learn about their original ISO/IEC 5230 conformance on our previous blog post.

ETRI is a global information and communication technology (ICT) research institute under the Ministry of Science and ICT. It has led the growth of the information and communication industry in Korea for 45 years. The research institute is working to realize the concept of ‘Korea, an AI powerhouse’ with a vision of “a national intelligence research institute that creates a future society.” ETRI has been conducting open source verification as a software quality management since 2008, and established the Open Source Center as an enterprise-wide organization to support open source R&D activities, governance and compliance in 2017.

“We are delighted to have ETRI underscore their commitment to our standardization approach and the development of a more trusted open source supply chain,” says Shane Coughlan, OpenChain General Manager. “We will continue to work together in Korea and beyond to help educate, inform and inspire others in our field.”

About the OpenChain Project

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Honda is the latest company to join the OpenChain Project as a Platinum Member and to take a seat at the Governing Board and Steering Committee. This builds on their engagement with the OpenChain Project in adopting ISO/IEC 5230 and ISO/IEC 18974.

“Joining the OpenChain Project board is an example of how Honda takes a leadership position in managing open source,” says Yuichi Kusakabe, IVI software PF and OSPO Tech Lead at Honda. 

“Honda is an exceptional company in the management of large, complex supply chains,” says Shane Coughlan, OpenChain General Manager. “Today’s announcement underlines their commitment to developing excellence in open source, and in building trusted supply chains. The OpenChain Project Governing Board is delighted to formally welcome them, and looks forward to doing great things together in 2025.”

About Honda

Honda is a mobility company powered by everyone’s dreams, creating mobility that helps and inspires people, in a wide range of fields such including motorcycles, automobiles, power products and aircraft.

About the OpenChain Project

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

UnionTech Software – known for Deepin Linux – has announced an ISO/IEC 18974 conformant program.

About UnionTech Software

UnionTech Software is a research and development leader in the operating system
industry in China, ranking among the top tier in terms of market share and
ecological maturity. It has a focus on technical accumulation in research and development,
internationalization, industry customization, migration and adaptation, and
interactive design. UnionTech Software has established a diverse range of operating system product lines, including desktops, servers, intelligent terminals, and more. Over 6 million installations of UOS operating systems have been deployed in key sectors across 40,000 customers.

Learn More About UnionTech Software

• https://uos.uniontech.com/About.html

HLB Surlatina Chile, a firm established in 1971 and with 50 years of experience in the Chilean market, has announced an OpenChain ISO/IEC 5230 conformant program.

About HLB Surlatina Chile:

HLB Surlatina Chile is part of HLB International, a global audit and advisory organization headquartered in London, and has a long-standing history of advising clients and priding itself on being an organization based on values, committed to delivering the highest quality standards. HLB International employees over 30 thousand professionals in 160 countries from across the world to help clients grow across borders.

Visit Their Website:

• https://surlatinati.cl

“It is a pleasure to list HARMAN International in our community of conformance,” says Shane Coughlan, OpenChain General Manager. “Their alignment with ISO/IEC 5230, the international standard for open source license compliance, underscores their commitment to excellence in the use and deployment of open source software. We deeply appreciate their work, and listing them in the OpenChain Community of Conformance.”

About HARMAN

HARMAN (harman.com) designs and engineers connected products and solutions for automakers, consumers, and enterprises worldwide, including connected car systems, audio and visual products, enterprise automation solutions; and services supporting the Internet of Things. With leading brands including AKG®, Harman Kardon®, Infinity®, JBL®, Lexicon®, Mark Levinson® and Revel®, HARMAN is admired by audiophiles, musicians and the entertainment venues where they perform around the world. More than 50 million automobiles on the road today are equipped with HARMAN audio and connected car systems. Our software services power billions of mobile devices and systems that are connected, integrated and secure across all platforms, from work and home to car and mobile. HARMAN has a workforce of approximately 30,000 people across the Americas, Europe, and Asia. In March 2017, HARMAN became a wholly-owned subsidiary of Samsung Electronics Co., Ltd.

About the OpenChain Project

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Fujitsu, an OpenChain Platinum Member since 2019, and the first organization to publicly attain four OpenChain ISO/IEC 5230 or equivalent conformant programs, has announced an ISO/IEC 18974 conformant program. Adoption of ISO/IEC 18974, the international standard for open source security assurance, underlines their commitment to leadership in open source governance and management.

“Fujitsu has been a key long-term contributor to the OpenChain Project,” says Shane Coughlan, OpenChain General Manager. “Their adoption of ISO/IEC 18974 is an important milestone in the market adoption of the international standard for open source security assurance, and will have a positive impact across the open source supply chain in Asia and globally.”

About Fujitsu

Fujitsu’s purpose is to make the world more sustainable by building trust in society through innovation. As the digital transformation partner of choice for customers in over 100 countries, our 124,000 employees work to resolve some of the greatest challenges facing humanity. Our range of services and solutions draw on five key technologies: Computing, Networks, AI, Data & Security, and Converging Technologies, which we bring together to deliver sustainability transformation. Fujitsu Limited (TSE:6702) reported consolidated revenues of 3.7 trillion yen (US$26 billion) for the fiscal year ended March 31, 2024 and remains the top digital services company in Japan by market share. Find out more: www.fujitsu.com.

About the OpenChain Project

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Osaka, Japan, October 17, 2024 – Honda, a global leader in the manufacturing of automobiles, motorcycles, and power equipment, today announces an OpenChain ISO/IEC 18974 conformant program. By adopting the international standard for open source security assurance, Honda builds on their December 2023 adoption of OpenChain ISO/IEC 5230:2020, a previous milestone in the use of the international standard for open source license compliance. Honda continues to drive long-term, sustainable innovation around the next generation of technologies.

“Honda has a remarkable position as the world’s largest motorcycle manufacturer and the world’s largest manufacturer of internal combustion engines,” says Shane Coughlan, OpenChain General Manager. “By adoption of both ISO/IEC 5230 and ISO/IEC 18974 in the last twelve months, Honda has underlined its position as a thought leader in the domain of open source. A trusted supply chain is critical, and we are fortunate to have companies like Honda driving lasting change.”

About Honda

Honda is a mobility company powered by everyone’s dreams, creating mobility that helps and inspires people, in a wide range of fields such including motorcycles, automobiles, power products and aircraft.

About the OpenChain Project

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.