We are best known for maintaining ISO/IEC 5230:2020 and ISO/IEC 18974:2023, the international standards for open source license compliance and security assurance. Below we provide a snapshot of companies that have informed us they are using one or both of our standards.
Of course, because standards – especially ISO standards – are used around the world, we can only provide limited insight into total market adoption. However, partners like PwC have conducted surveys indicating 20% adoption by companies with over 2,000 employees in Germany. We believe many thousands more are using our standards around the world.
Already Conformant? Let Us Know About Your Adoption:
Organizations with ISO/IEC 5230 Conformant Programs:
Organizations with ISO/IEC DIS 18974 Conformant Programs:
What Does This Mean?
Having an OpenChain conformant program for ISO/IEC 5230 or ISO/IEC DIS 18974 (or both) means that an organization has a program that uses our process standards for addressing open source license compliance or security assurance.
You need to check with the organization about how their program is scoped (does it cover one project, one product or the whole legal entity?) and you need to ensure – if you are doing business with that organization – that what they consider solid process management matches your own requirements.
The good news is that any OpenChain conformant organization should be providing external contact points for open source license compliance or security assurance matters. It is part of the requirements listed in the standards themselves.
