OpenChain Compliance Project by Shane Coughlan

tl;dr

OpenChain aims to increase open source compliance in the supply chain. This issue, which many initially dismiss as a legal concern or as low priority, is inherently tied to ensuring that open source is as useful as possible with as little friction as possible. In a nutshell, because open source is about the use of third party code, compliance is the nexus of where equality of access, safety of use and reduction of risk can be found. OpenChain is built to increase trust between organisations to accomplish this.

Let’s talk about Practical Compliance 

Today many companies understand open source and act as major supporters of open source development. However, addressing license compliance in a systematic, industry-wide manner has proven to be a somewhat elusive challenge. The global IT market has not yet seen a significant reduction in the number of open source compliance issues discoverable in areas like consumer electronics over the last decade.

This supply chain challenge is not due to open source being inherently complex but rather due to the varying degree of exposure and domain knowledge that companies possess. By way of example, a company developing a small component that requires a device driver may have staff entirely unfamiliar with open source. One mistake, one misunderstanding, and one component deployed in dozens of devices can present an issue. Most compliance challenges arise from mistakes. Few, if any, originate with intent.

No single company makes a finished device and no single company can solve compliance challenges, and the supply chain requires a chain of interconnected solutions. To address this the OpenChain Project is building and disseminating an industry standard for license compliance. Engagement and adoption is simple, free and supported by a vibrant community backed by leading multinationals across multiple sectors.

There are three interconnected parts to the OpenChain Project. A Specification that defines the core requirements of a quality compliance program. A Conformance method that helps organisations display adherence to these requirements. A Reference Library to provide basic open source processes and best practices.

OpenChain is designed to be a compelling approach consistence and effectiveness across multiple market segments. At its core the project is about providing a simple, clear method of building trust between organisations that rely on each other to share code and create products. Any organisation that is OpenChain conformant is aligning behind key requirements that their peers agree are required in a quality compliance program. This is about confirming overarching processes and policies, while allowing the specifics of each process and policy to be crafted by each organisation to suit its specific needs.

The OpenChain Specification is ready for adoption by any organisation that creates, uses or distributes free and open source code. The online conformance is free of charge, the mailing list and Work Team calls are open to everyone. Arguably, this is the first time a single, unifying approach to addressing the challenge of open source compliance in the supply chain exists.

Learn more: www.openchainproject.org