As recently noted by Jonas Oberg, Open Source Officer at Scania, OpenChain ISO 5230 and SPDX have been explicitly included in Scania Corporate Standard 4589 (STD 4589). This defines the expectations Scania has towards suppliers when they deliver a solution containing open source software.
Scania has three key considerations defined in STD 4589:
- Suppliers should conform to OpenChain ISO 5230.
- Suppliers should ideally contribute modifications to open source components to the originating open source project.
- Suppliers should provide a software bill of materials in SPDX format and any applicable source code when the software license requires it.
