SECTREND, a Chinese company providing SCA services, is the latest company to join the OpenChain Partner community. As a leading vendor inside the Chinese market, their engagement marks another important step in ensuring freedom of choice around tooling for license compliance, security and other matters.
“We are thrilled to join the OpenChain with other participating members around the globe in the open source landscape,” says Alex Xue, Founder & CEO, SECTREND. “Since 2016, OpenChain has been innate to provide companies of all sizes in all markets a trusted and consistently compliant open source supply chain. SECTREND, together with OpenChain, will provide the open source community with plethora of contributions pertaining to tooling, training, research, best practices and consulting. The collaborative DNA of open source community and the OpenChain project will enable us to leverage the best-in-class resources from peers in all industries. We believe that such engagement and involvement will make the software supply chain more secure and reliable.”
“China is the largest single market in the world in terms of population, and the single most important part of the global supply chain,” says Shane Coughlan, OpenChain General Manager. “SECTREND represents the evolution of local leadership around open source. Adjacent to shipping products there is the need to continually refine processes in their support. SCA has been an essential part of this at the opening of our decade and it will remain pivotal in the years ahead.”
Learn More About SECTREND
Sometimes people worry that open source compliance is going to be difficult or expensive. This is a valid concern but it is also one we can quickly address. Open source has been used commercially for decades. All the expensive learning has been completed around licensing, and it is being shared by organizations around the world. After all, our goal is contribution, and cheap, effective compliance is part of that.
This guide from CAICT contains some open source compliance guidelines to help you get started. Think of it as a lighthouse to help guide your journey. The experience contained here will save you time and money. Most importantly, it will open more doors (and more code) to accelerate your products and your innovation.
— Shane Coughlan, OpenChain General Manager
Learn More and Get the Guide:
ZTE, a global leader in telecommunications and information technology, has obtained OpenChain ISO/IEC 5230 conformance with the assistance of CAICT. This third-party certification is a landmark in expressing both dedication to excellent in process management and leadership in open source by a Chinese multi-national company.
“ZTE operates in over 160 countries and serves one fourth of the world’s population with current and next-generation technology solutions,” says Xiang Shuming, Director of Compliance and Security Governance, ZTE. “Open source is a pivotal part of our ability to innovate, and we are committed to being at the forefront of management as well as development in this field. We are proud to announce our OpenChain ISO/IEC 5230 certification and we look forward to continuing to work with CAICT and the OpenChain Project in the years ahead.”
“CAICT began our OpenChain third-party certification project in Q1 2022 as an official partner of the OpenChain Project,” says Guo Xue, Deputy director , CAICT. “ZTE is the fourth company – and the largest so far – that we have collaborated with in certification. We are deeply appreciative both of their commitment to excellence in open source, and with the spirit of community that ZTE and other recent Chinese conformant organizations have expressed. Chinese companies have always been significantly engaged with open source, and we are entering a new era of global leadership.”
“It has been an exceptional year for the OpenChain Project in China. We have strong leadership from OpenChain board member companies like OPPO, Huawei and HONOR, and a fantastic community with 220 participants,” says Shane Coughlan, OpenChain General Manager. “Working with CAICT and with all types of other contributor in our China Work Group has been both productive and rewarding. Today’s announcement regarding ZTE conformance is part of this story, and it is a lighthouse to help inspire companies inside China and far beyond its borders. We are grateful for all the work that has been done, and we look forward to all the work we will do together in the years ahead.”
About the OpenChain Project
The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.
About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.
Linux is a registered trademark of Linus Torvalds.
The OpenChain Project will hold its 42nd webinar on the 30th of May at 14:00 UTC. Our special guest will be Phil Odence from Synopsys with a deep dive into Quantifying Open Source Risk in M&A.
This event will be held in the OpenChain Project Zoom room:
https://zoom.us/j/4377592799
Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00
Compare timezones:
https://www.worldtimebuddy.com
Join via one tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA
Find your local country number:
https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799
The OpenChain India Work Group has scheduled its next meeting for 17:30 on the 30th of May. This meeting will provide an excellent opportunity not only for the India community to re-connect, but also for representatives from companies around the world to learn more about the (extremely large) local market situation.
As always, this meeting will be accessible via Zoom.
This webinar covers the OSPO MindMap being created by the TODO Group community, and explains how it can help companies managing their open source use.
Check Out The Rest Of Our Webinars
This is OpenChain Webinar #41, released on 2022-05-15.
Ulrike Fempel from SAP has a few thoughts to share.
What is the OpenChain Project, and how has SAP adopted the corresponding standard? In my current role in the SAP Open Source Program Office, I was involved in several activities around SAP’s OpenChain certification and would like to share some insights in this blog post.
With numerous open-source licenses available (more than a hundred licenses approved by the OSI) and new ones emerging constantly, it is important for companies that manage open-source software to fulfill all legal requirements and obligations. The OpenChain Project, launched in 2016 under the umbrella of the Linux Foundation, aims to support companies with their license compliance across the open-source software supply chain and has been adopted by a wide range of companies and a broad community. The mission of OpenChain is “a supply chain where open source is delivered with trusted and consistent compliance information” (more). In 2020 it had matured enough to be accepted as an ISO standard, which runs under the name of ISO/IEC 5230 and is considered the International Standard for open-source license compliance. Global and local working groups address the needs of different industries and regional adopters and help to improve and enhance the project continuously. Anybody is invited to freely use the existing OpenChain content, whether training material, policy templates, or developer guidelines. There are more than 1000 reference documents, such as how-to guides available on GitHub including reference guides for software supply chain security.
In March 2022, SAP finished its certification for ISO/IEC 5230 conformance. As mentioned in the related press release this was “the first time an enterprise application software company has undergone whole entity conformance” meaning that SAP as an entire company was certified. What was SAP’s experience with the OpenChain certification? What were the prerequisites and how much effort did it take?
