The OpenChain Project is a Linux Foundation initative with the objective of building trust in Open Source Software by making Open Source License compliance simpler and more consistent.
The core of the OpenChain Project is the OpenChain Specification which defines a set of requirements every quality compliance program must satisfy. There is a training curriculum which provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the specification. Source Code Control have created a bespoke training program based on this curriculum.
Conformance allows organisations to display and promoted their adherence to these requirements. The result is that Open Source Software license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.
A conformant organisation can advertise this fact on their website and promotional material, helping to ensure that potential suppliers and customers understand and can trust their approach to Open Source Software compliance.
OpenChain Conformance Review
Source Code Control have created a project management plan to assses an organisations maturity level in managing Open Source Software in line with the conformance requirments of the OpenChain specification. We work with organisations to guide them through the assessment.
At the end of the process there will be a fully documented overview of an organisations management of Open Source Software. Not only will there be a rating for each process we are able to associate any relevant artifacts as proof of adherence to the OpenChain specification such as Bill of Materials, Open Source Policies
Once the maturity level of an organisation is understood then a project plan can be put in place outlining the key processes in the OpenChain specification requirements. We can then start the process of conformance and target areas or weakness and start implementing the processes required to achieve conformance.