News

S-core, Self-Certified for OpenChain ISO/IEC 5230 International Standard

S-core has officially obtained the OpenChain ISO/IEC 5230 certification, a globally recognised standard for open source compliance. This certification acknowledges the reliability and transparency of S-Core’s open source management system on an international scale.

OpenChain ISO/IEC 5230 is an open source compliance management standard created by The Linux Foundation’s OpenChain Project and published by the International Organization for Standardization (ISO). It provides guidelines to help companies effectively manage open source and mitigate legal risks.

Open Source Specialist S-core’s Journey

S-core is a company that specializes in open source services, leveraging its extensive experience in open source-based infrastructure development.

This company offers full-care service for open source use, from open source adoption, migration, technical support, to governance consulting in order to help customers establish management systems for safe and strategic use of open source.

It has recently strengthened its capability of open source compliance to deliver more reliable and secure services to customers by aligning its open source management system with OpenChain ISO/IEC 5230.

Internally, a dedicated team continuously reviews licenses, assesses risks and operates in-house training programmes to ensure developers use open source correctly. Additionally, S-core has implemented a structured system using open source management tools to proactively identify and mitigate potential risks throughout the development process.

Sunghan Suh, Head of the Open Source Business Division at S-core, stated, “Open source has already become fundamental components in software development and operation across all industries.” He added, “With the acquisition of the OpenChain certification, we will take the lead in the development of the open source ecosystem to enable companies and developers to use open source more safely and efficiently by sharing our extensive expertise accumulated from adoption, development, operation, management to technical support.”

S-core’s Future Efforts

S-core plans to obtain ISO/IEC 18974 certification to further enhance open source security management, reinforcing its ability to address open source vulnerabilities. Looking ahead, the company aims to commit to the growth and development of the open source ecosystem with continued innovation and progress.

Netcore Cloud is the latest company to announce adoption of OpenChain ISO/IEC 18974, the international standard for open source security assurance.

“We are pleased to see a diversity of companies adopting ISO/IEC 18974,” says Shane Coughlan, OpenChain General Manager. “Our goal was always to create and support improved trust across the supply chain regardless of industry, and Netcore Cloud is an example of this in action. We look forward to next steps together in helping even more of the supply chain understand the need for and benefit of process standards for managing open source technology.”

About Netcore Cloud

Netcore Cloud is a global MarTech product company that helps B2C brands create amazing digital experiences with a range of products that help in acquisition, engagement, and retention. The first and leading AI/ML-powered marketing automation and customer engagement platform, Netcore Cloud was established in 1997 by Rajesh Jain, an internet pioneer. Today Netcore Cloud is revolutionizing the way marketing & product teams engage with the consumers.

Learn more at: https://netcorecloud.com/about-us/

About the OpenChain Project:

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation:

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Erlang Ecosystem Foundation has set goals for 2025 of raising the community infrastructure, processes and tooling profile to accommodate the latest industry standards for supply chain and cybersecurity. The Erlang/OTP team is thrilled to announce that the Erlang/OTP project now are conformant to OpenChain ISO/IEC 5230, the international standard for open source license compliance. The team would like to extend their thanks to EEF staff and community, the OpenChain community, and Ericssons Open Source Program Office for their support in getting to this point.

Erlang/OTP is an open source programming language made for programming concurrent, distributed, and fault-tolerant systems. The language is more than 30 years old, and has had 1,000s of contributions. By being OpenChain ISO/IEC 5230 conformant, we can build confidence among our ecosystem that Erlang/OTP manages licensing effectively, and has processes in place to do this in a sustainable way.

About Erlang:

Erlang is a programming language originally developed at the Ericsson Computer Science Laboratory. OTP (Open Telecom Platform) is a collection of middleware and libraries in Erlang. Erlang/OTP has been battle tested in a number of Ericsson products for building robust fault-tolerant distributed applications, for example AXD301 (ATM switch). Main developer and maintainer is the Erlang/OTP unit at Ericsson.

erlang.org

The source code for this webpage is available on GitHub. It is built using Erlang, Jekyll, Bootstrap 5 and Node.js.

License

Since OTP 18.0, Erlang/OTP is released under Apache License 2.0. The older releases were released under Erlang Public License (EPL), a derivative work of the Mozilla Public License (MPL).

About the OpenChain Project:

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation:

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Background

The OpenChain Project frequently talks about how open source is more professionally managed, and how this helps make using open source quicker, more efficient and more effective across the supply chain.

What is Happening?

Today we take a huge step forward in supporting this evolution of maturity by releasing capability modeling as CC-0 (effectively public domain) to help companies around the world do open source license compliance and other types of compliance using the same approaches as the world’s best and most funded companies.

This model was developed by Orcro, DeLoitte and the rest of the community of contributors who make up the OpenChain Education Work Group.

Why?

Capacity or maturity modeling in Software Asset Management (SAM) plays a vital role in understanding an organization’s current state regarding SAM practices. Here’s a structured overview of its importance:

1. Assessment of Current Practices: It evaluates the organization’s existing SAM processes, identifying strengths and gaps that need attention.
2. Improved Decision-Making: By highlighting gaps, it enables informed decisions on software investments, tool acquisitions, and optimization strategies, enhancing efficiency and compliance.
3. Enhanced Efficiency and Compliance: A mature SAM practice can reduce redundant purchases, minimize license overuse, and mitigate audit risks, ensuring better management of assets.
4. Support for Open Source Management: It aids in managing open-source usage, ensuring compliance to avoid licensing issues, thereby facilitating innovation by allowing proper use and adaptation of open-source tools.
5. Facilitation of Open Innovation: In collaborative environments, it helps track external code usage, ensuring compliance and fostering better collaboration without legal risks.

In summary, capacity modeling is essential for establishing a robust SAM framework, enhancing operational efficiency, and supporting both open source management and open innovation, thereby driving organizational success.

Get the Model

We host the model in our Reference Library in GitHub. You can find it in a dedicated directory called “Capability-Maturity-Model” and you will find latest releases sorted by date.

Access and download it here:
https://github.com/OpenChain-Project/Reference-Material

You can also open GitHub issues with ideas, suggestions and bug-fixes:
https://github.com/OpenChain-Project/Reference-Material/issues

Contribute to Further Development

The Capability model was developed by the OpenChain Education Work Group after initial work through the OpenChain UK Work Group. You can participate in further development by joining the Education Work Group mailing list:
https://lists.openchainproject.org/g/education

You can also join our monthly call by checking out the calendar on our participation page:
https://openchainproject.org/participate

Please Note

This is reference material to help inspire individual organizations in their own development and use of models. It is not designed to be (a) legal advice, (b) assured to work in your context or (c) replace internal or third-party professional support and advice.