Project to Reduce Duplication Caused by Lack of Standardization & Transparency Throughout Open Source Organisations
The Linux Foundation has announced that OpenChain, a project which was created to address the many FOSS friction points in today's software supply chain, has established its first set of requirements and best practises for consistent FOSS processes in the open source software supply chain.
In a statement released by The Linux Foundation (@LinuxFoundation) on October 4th , it states that the OpenChain Compliance Specification 1.0 ‘aims to facilitate greater quality and consistency of open source compliance to help reduce duplication of effort caused by lack of standardization and transparency throughout professional open source organizations.'
The OpenChain project was initially launched in LinuxCon 2015 in Dublin, Ireland.
Want to get immediate updates about Movidius articles? Sign up for IrishDev.com's free weekly newsletter.
GREEN BOX TOP RIGHT
According to the OpenChain Project's website, the OpenChain Compliance Specification 1.0 ‘defines a common set of requirements and best practice for open source organizations to follow in an attempt to encourage an ecosystem of open source software compliance.'
The announcement came following keynote speeches involving OpenChain from both Jim Zemlin, executive director of The Linux Foundation, and Jilayne Lovejoy, an open source attorney at ARM, at this year's LinuxCon Europe which is took place in Berlin, Germany.
According to Zemlin, large-scale co-operation is necessary in order to fully support best practises for software licence compliance throughout a supply chain. "Hundreds of thousands of people around the globe, including the world's largest companies, leverage open source software... Licensing, best practices, training, certification and other resources are needed to scale open source and protect the innovation built on top of it", said Zemlin.
Zemlin also went on to praise the OpenChain Project, stating that it "is taking a major step forward by helping create software supply chains that are both efficient and compliant."
Speaking to IrishDev.com on the topic of the future of open source security, Shane Coughlan, who is the VP for Global Business Development at Insignary (@Insignary), had only praise for the OpenChain Project.
"The Core Infrastructure Initiative that The Linux Foundation started was one step forward...but that's not a process. The future is to create processes. So, around areas like license compliance we have process management. A great example of this is OpenChain, which launched on the 4th of October here at Linuxcon Europe, and that's specification about how to do process management around compliance in the supply chain. It also includes training material and conformance material to help you meet the specification," said Coughlan.
Coughlan also added that, "What we have is a situation with a global supply chain with big players who know to do this stuff with the resources, but the vast majority of companies using open source are small companies without the resources or the knowledge to necessarily do everything correctly. And unless they have access to process material, they can't work it out on their own. So OpenChain is the first time that the companies with the resources have essentially documented, ‘This is how you do it!'. There's no charges or access fees. This is our type of quality standards and you can access this."
The OpenChain Project has already received wide support from companies such as Adobe, ARM, Cisco, Harman, Hewlett Packard Enterprise, Qualcomm, Siemens and Wind River who are all also platinum members of the project.
Who Is Shane Coughan
Related Open Source News
Next Story CoreOS Container Update to Quay
Previous Story Waratek Upgrades Java Protection
Visit OpenChain Project
Get Instant Irish Tech News Updates on our Social Channels....