FOSSA is proud to announce that we’ve joined forces with OpenChain to help organizations achieve Conformance with ISO/IEC 5230:2020 — the OpenChain Specification.

The OpenChain Specification is an international standard that outlines elements of a successful open source software license compliance program. It includes requirements such as:

  • Documenting policies that govern the use of OSS
  • Assigning clear roles and responsibilities to individuals involved in open source management
  • Implementing a defined review process to ensure the organization is fulfilling the obligations that come with open source licenses.

As an OpenChain Partner, FOSSA will support our users on their journey to becoming OpenChain Conformant.

“A core part of FOSSA’s mission is supporting the open source community and promoting compliance with OSS licensing requirements,” says Kevin Wang, FOSSA CEO. “The OpenChain Specification is an important resource for organizations seeking to build trust around the use of open source in software development. We’re extremely excited to partner with OpenChain to increase adoption of the OpenChain Specification and help organizations become OpenChain Conformant.”

Added Shane Coughlan, OpenChain General Manager. “Automation is key to building the most effective open source compliance programs and to ensuring supplier relationships are as efficient as possible. Our relationship with FOSSA underlines the evolution of the field and points towards a key goal for user companies of open source. The next generation of management will see automation and software bill of materials coalesce into transparent, interoperable tooling, and the ability of companies of all sizes in the supply chain to adhere to international standards in this space."

How FOSSA Helps with OpenChain Conformance

Organizations that work with FOSSA to adopt OpenChain standards in their organizations will benefit from extensive support and resources in areas like:

  • Developing and implementing an open source policy model
  • Determining the scope of your open source compliance program
  • Generating verification materials such as a software bill of materials, roles and assignments documentation, open source policy materials, and more

For more information on using FOSSA’s technology solutions to help with OpenChain Conformance activities, please visit our partnership page.

“Our team is beyond excited to help our customers with OpenChain Conformance,” says Carlos Cheung, FOSSA’s VP of Partner Engineering. “We see this as a core pillar in building a successful open source program office.”

Benefits of OpenChain Conformance

The OpenChain Specification was created to increase trust in the safe and responsible use of open source software. This takes on several forms as it relates to the benefits of Conformance.

One is improved trust between organizations. Vendors can cite OpenChain Conformance as evidence of their commitment to OSS license compliance if and when the matter surfaces during procurement.

Another is reduced legal exposure. Failure to comply with open source licensing requirements can lead to litigation, and proven license compliance processes can go a long way toward minimizing risk.

Finally, particularly for organizations with less mature compliance teams, the OpenChain Specification offers a proven, widely adopted roadmap to successful open source management. It takes a lot of the guesswork out of building an open source compliance program.