OpenChain Project

The Open Compliance Summit takes place this week in Tokyo. With key figures from past and present compliance matters around open source, this is an excellent opportunity for us to share knowledge and predict the year ahead. Learn more / join us: https://hubs.la/Q02VqMZM0

Your opinion is requested: OpenChain is running a 6 month Public Comment Period for proposed updates to ISO/IEC 5230:2020 (open source license compliance) and ISO/IEC 18974:2023 (open source security assurance). Starting 2024-06-19 ~ Ending 2024-12-19: https://hubs.ly/Q02Czt5W0

Ahead of the launch of OpenChain ISO/IEC 18974 for open source security assurance, Julian Schauder (now with Zentrum Digitale Souveränität) helped to explain what was coming. This type of advocacy and community support has been critical to our success. Thanks Julian! 🙏

The Open Compliance Summit takes place this week in Tokyo. As a key global event for discussion and networking around open source license, security and other compliance matters, it provides a great chance to define the year ahead. Learn more / join us: https://hubs.la/Q02VqDWx0

Discussion around how to use OpenChain ISO process standards for open source license compliance or security assurance is central to our global community. We demystify and improve access to quality compliance everywhere. You are welcome to be part of this: https://hubs.la/Q02VqQ290

Showcasing solutions and technologies has been important to the OpenChain Project since it was founded. While we make ISO standards for open source process management, we also follow developments across all aspects of a trusted supply chain. This solution from SK is one example.

Open source software (OSS) has been one of the most important developments in the technology space. It makes up a staggering proportion of the code base of software that everyone benefits from on a day to day basis. For example, did you know that Netflix, most of the major car companies and even the tech giants such as Microsoft are big users and contributors? However, OSS is not widely understood outside of the OSS community and we have seen first hand that this creates problems in M&A and in the software supply chain as the parties and their advisors try to work out who should bear the risks involved in its usage. From an IP perspective, if OSS use is not compliant with the many OSS licenses that may apply, it can theoretically create infringement risk and onerous disclosure obligations for non OSS code. In certain circumstances and jurisdictions OSS non-compliance can move outside the pure copyright realm and into the contractual and the ongoing case of SFC v Vizio looks to potentially push this door open further. In the M&A space, where a high proportion of deals are now insured, we often see OSS usage and non-compliance excluded, but this doesn’t need to be the case. By applying standards to judge how well managed the software development function of a business is combined with pragmatic technical and legal due diligence it is possible to identify specific risks and areas of improvement that can unlock insurance solutions. I was fortunate enough to be invited to the Linux Foundation Open Compliance Summit last year to begin a conversation with the OSS community on how the insurance sector can play its part in demystifying and transferring risk in a responsible manner. We have been working closely with key experts in the field since, notably Andrew Katz, Stephen Pollard  and more recently Keith Bergelt at Open Invention Network and we look forward to progressing the discussion with the OSS community next week in Tokyo. We have specifically been investigating how applying the open source ISO standards, maturity model frameworks and pushing for adoption of standardised warranty suites and Q&A can create a more transparent and pragmatic framework to assessing and improving risk thereby making an imperfect situation insurable. This year at the Open Compliance Summit we will be reporting back on some experiments that we have been undertaking in order to create an new type of DD based insurance solution to unlock pain points in M&A deals and software supply chain agreements. We also now have what we believe to be the first liability insurance policy to expressly and affirmatively cover OSS license non-compliance. Feel free to reach out of this is of interest. #opensource #oss #ip #intellectualproperty #mergersandacquisitions #copyright #software #insurance #ipinsurance

Sometimes sharing is socks. In this case, local socks from 香川四国日本 (Kagawa, Japan). A small treat for the OpenChain Project Korea Work Group, and sharing something that cannot be found elsewhere. A symbol of the value of sharing. Be part of our community: https://hubs.la/Q02VqC8G0

There have been many great speakers at OpenChain events across the world. meixia/Mary Wang, Director of Open Source Ecosystem at Volvo Cars, gave a great talk in Beijing last year. Sharing knowledge across geographies is key to a better supply chain. Be part of this: https://hubs.la/Q02VqDtW0

OpenChain has a long history in Germany (with board members like Siemens, Bosch, CARIAD and BMW Group) and we have hosted many meetings over the years. Here you can see Marcel Scholze from PwC Deutschland helping to drive conversation around future activities. All are welcome: https://hubs.la/Q02VqQ1G0