Skip to main content
Category

Featured

Implementing Open Source License Compliance Management (LFC194) – Training Course Now Available

By Featured, News

The OpenChain Project is committed to helping companies around the world experience a trusted supply chain. As part of this, our community develops and releases a ton of reference material to provide context, examples and training.

In our latest training course you can learn how open source compliance management systems should be structured and implemented to be most effective. Take the course for free over at LF Training and get a badge to mark your completion.

Did You Know?

This is our second training course. You can obtain more foundational knowledge for free right here:

OpenChain IP Summit Survey Results

By Featured, News

Ahead of the results of the main OpenChain Industry Survey 2022, we wanted to share the results of an earlier survey we held at the OpenChain IP Summit. We have twelve responses (around 22% of the audience).

These results include some interesting insights into company focus and evolution SBOM, OSPO/SCA collaboration, and the use of tooling.

Check the results out below.

Main interest:
33% Copyright
0% Patents
67% Copyright and Patents

Was this event directly relevant to your work?
100% Yes

Is tooling (automaton) something critical to your work?
92% Yes
8% No

Is the use of SBOM a reality for your supply chain today?
67% Yes
17% No
17% Partially

Does your OSPO collaborate closely with your SCA team?
67% Yes
0% No
25% Not Applicable

Do you collaborate with other companies to share SCA, SBOM or tooling approaches?
25% Yes
33% No
42% To a limited extent

SECTREND is the Latest OpenChain Partner

By Featured, News

SECTREND, a Chinese company providing SCA services, is the latest company to join the OpenChain Partner community. As a leading vendor inside the Chinese market, their engagement marks another important step in ensuring freedom of choice around tooling for license compliance, security and other matters.

“We are thrilled to join the OpenChain with other participating members around the globe in the open source landscape,” says Alex Xue, Founder & CEO, SECTREND. “Since 2016, OpenChain has been innate to provide companies of all sizes in all markets a trusted and consistently compliant open source supply chain. SECTREND, together with OpenChain, will provide the open source community with plethora of contributions pertaining to tooling, training, research, best practices and consulting. The collaborative DNA of open source community and the OpenChain project will enable us to leverage the best-in-class resources from peers in all industries. We believe that such engagement and involvement will make the software supply chain more secure and reliable.”

“China is the largest single market in the world in terms of population, and the single most important part of the global supply chain,” says Shane Coughlan, OpenChain General Manager. “SECTREND represents the evolution of local leadership around open source. Adjacent to shipping products there is the need to continually refine processes in their support. SCA has been an essential part of this at the opening of our decade and it will remain pivotal in the years ahead.”

Learn More About SECTREND

External: CAICT Releases Open Source Compliance Guidelines (中文 / Chinese)

By Featured, News

Sometimes people worry that open source compliance is going to be difficult or expensive. This is a valid concern but it is also one we can quickly address. Open source has been used commercially for decades. All the expensive learning has been completed around licensing, and it is being shared by organizations around the world. After all, our goal is contribution, and cheap, effective compliance is part of that.

This guide from CAICT contains some open source compliance guidelines to help you get started. Think of it as a lighthouse to help guide your journey. The experience contained here will save you time and money. Most importantly, it will open more doors (and more code) to accelerate your products and your innovation.

— Shane Coughlan, OpenChain General Manager

Learn More and Get the Guide:

ZTE Announces OpenChain ISO/IEC 5230 Conformant Program

By Featured, News

ZTE, a global leader in telecommunications and information technology, has obtained OpenChain ISO/IEC 5230 conformance with the assistance of CAICT. This third-party certification is a landmark in expressing both dedication to excellent in process management and leadership in open source by a Chinese multi-national company.

“ZTE operates in over 160 countries and serves one fourth of the world’s population with current and next-generation technology solutions,” says Xiang Shuming, Director of Compliance and Security Governance, ZTE. “Open source is a pivotal part of our ability to innovate, and we are committed to being at the forefront of management as well as development in this field. We are proud to announce our OpenChain ISO/IEC 5230 certification and we look forward to continuing to work with CAICT and the OpenChain Project in the years ahead.”

“CAICT began our OpenChain third-party certification project in Q1 2022 as an official partner of the OpenChain Project,” says Guo Xue, Deputy director , CAICT. “ZTE is the fourth company – and the largest so far – that we have collaborated with in certification. We are deeply appreciative both of their commitment to excellence in open source, and with the spirit of community that ZTE and other recent Chinese conformant organizations have expressed. Chinese companies have always been significantly engaged with open source, and we are entering a new era of global leadership.”

“It has been an exceptional year for the OpenChain Project in China. We have strong leadership from OpenChain board member companies like OPPO, Huawei and HONOR, and a fantastic community with 220 participants,” says Shane Coughlan, OpenChain General Manager. “Working with CAICT and with all types of other contributor in our China Work Group has been both productive and rewarding. Today’s announcement regarding ZTE conformance is part of this story, and it is a lighthouse to help inspire companies inside China and far beyond its borders. We are grateful for all the work that has been done, and we look forward to all the work we will do together in the years ahead.”

About the OpenChain Project 

The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

OpenChain Webinar #42 – Quantifying Open Source Risk in M&A – 2022-05-30

By Featured, News

The OpenChain Project will hold its 42nd webinar on the 30th of May at 14:00 UTC. Our special guest will be Phil Odence from Synopsys with a deep dive into Quantifying Open Source Risk in M&A.

This event will be held in the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

Compare timezones:
https://www.worldtimebuddy.com

Join via one tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number:
https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

LF Blog: More Time on Innovating, Less Time on Compliance

By Featured, News

What better way to celebrate our 1,000 news post on the OpenChain website than to see what other people are saying about us? Check out this post by Dan Whiting over on the official LF blog:

[There] are also challenges in this space, with a good example being the question of how to address licensing. There are A LOT of types of licenses that can apply to a piece of software/code. Each license needs to be understood and tracked with each piece of software it is included in for an organization to ensure nothing is missed. This can quickly multiply into a significant catalog that requires lots of manual work. On top of that, you also need to provide that license information to each of your customers, and they will have their own system and/or processes for providing that information to them and making sure it is up-to-date with each new version of the software. 

You can see where this can quickly consume valuable staff resources and open doors to mistakes. Imagine the possibility of a standard way to track and report the licenses so your teams don’t need to worry about all of the digital paperwork and can instead focus on innovation and adding value to you and your customers.

This is exactly the problem a team of lawyers and governance experts sought to fix back in 2016 and created the OpenChain Project to do just that. They asked, what are the key things for open source compliance that everyone needs, and how do we unify the systems and processes. They envisioned an internationally accepted standard to track and report all of the licenses applicable to a software project. The end result is a more trustable supply chain where organizations don’t need to spend tons of time checking compliance again and again and then remediating. 

Read More: