跳到主要內容

How OpenChain can transform the supply chain


The OpenChain Project's open source compliance standards aim to make supply chains simpler, faster, safer, and more efficient.

OpenChain is all about increasing open source compliance in the supply chain. This issue, which many people initially dismiss as a legal concern or a low priority, is actually tied to making sure that open source is as useful and frictionless as possible. In a nutshell, because open source is about the use of third-party code, compliance is the nexus where equality of access, safety of use, and reduction of risk can be found. OpenChain accomplishes this by building trust between organizations.

Many companies today understand open source and act as major supporters of open source development; however, addressing open source license compliance in a systematic, industry-wide manner has proven to be a somewhat elusive challenge. The global IT market has not seen a significant reduction in the number of open source compliance issues in areas such as consumer electronics over the past decade.

The majority of compliance issues originate in the midst of sharing multiple hardware and software components across numerous entities. The global supply chain is long and the participants are simultaneously intertwined and disparate. It is possible to have companies making hardware, companies making software, and companies doing both, all collaborating around a relatively small component. The products that result are often outstanding, but the challenge of keeping track of everything is substantial.

Complexities of supply change compliance

Open source presents a specific challenge in the global supply chain. This is not because open source is inherently complex, but because of companies' varying degrees of exposure and domain knowledge. By way of example, the staff of a company developing a small component that requires a device driver may be entirely unfamiliar with open source. One mistake, one misunderstanding, and one component deployed in dozens of devices can present problems. Most compliance challenges arise from mistakes. Few, if any, originate with intent.

Ultimately, solving open source compliance challenges involves solving open source compliance in the supply chain. This is no small task: There are thousands of companies in play across dozens of national borders using numerous languages. Because no single company makes a finished device, no single company can solve the compliance challenges. Therefore, the global supply chain must align behind certain shared approaches.

Compliance is not a device or code issue. It is a process challenge that spans multiple organizations.Awareness of this fact and the provision of a practical solution are two different matters. It takes time for ideas and suggested approaches to percolate and mature. It takes input from lawyers and managers and developers and political scientists. It takes, in short, a while for a community to bounce ideas back and forth until a simple, clear approach can be found. This is how the OpenChain Project came to be.
The OpenChain Project

The OpenChain Project, hosted by The Linux Foundation, is intended to make open source license compliance more predictable, understandable, and efficient for the software supply chain. Formally launched in October 2016, the OpenChain Project started three years earlier with discussions that continued at an increasing pace until a formal project was born. The basic idea was simple: Identify recommended processes for effective open source management. The goal was equally clear: Reduce bottlenecks and risk when using third-party code to make open source license compliance simple and consistent across the supply chain. The key was to pull things together in a manner that balanced comprehensiveness, broad applicability, and real-world usability.

OpenChain conformance

There are three interconnected part to the OpenChain Project:

        • a Specification that defines the core requirements of a quality compliance program,
        • a Conformance method that helps organizations display adherence to these requirements, and
        • a Curriculum to provide basic open source processes and best practices.
The core of the project is the Specification. This identifies a series of processes that help ensure organizations of any size can effectively address open source compliance issues. The main goal of organizations using the OpenChain Specification is to become conformant; that is, to meet the requirements of a certain version of the OpenChain Specification. A conformant organization can advertise this fact on its website and promotional material, which enables potential suppliers and customers to understand and trust its approach to open source compliance.

OpenChain Conformance can be easily checked via a free, online self-certification questionnaire. This is the quickest, easiest, and most effective way to check and confirm adherence to the OpenChain Specification. There is also a manual conformance document available for organizations whose process requires a paper review or disallows web-based submissions. Either online or manual conformance can be completed at a pace decided by the conforming organization, and both methods remain private until a submission is completed.

The OpenChain Curriculum helps organizations meet the training and process requirements of the OpenChain Specification. It provides a generic, refined, and clear example of an open source compliance training program that can either be used directly or incorporated into existing training programs. It can also be applied to various processes for managing open source inside an organization. The OpenChain Curriculum is available with very few restrictions to ensure organizations can use it in as many ways as possible. It is licensed as CC-0, effectively public domain, so it can be remixed or shared freely for any purpose.

A strong backing community

The OpenChain Project provides a compelling approach to making open source compliance more consistent and more effective across multiple market segments. However, good ideas need implementation, and in open source this inevitably hinges on a supporting community. Fourteen Platinum Members currently support the OpenChain Project's development and adoption: Adobe, ARM, Cisco, Comcast, GitHub, Harman, Hitachi, HPE, Qualcomm, Siemens, Sony, Toyota, Western Digital, and Wind River. There is also a wide community of almost 200 participants on the main mailing list that listen, share, and remix ideas.

At its core, the OpenChain Project is about providing a simple, clear method of building trust between organizations that rely on each other to share code and create products. Any organization that is OpenChain Conformant is aligning behind key requirements that its peers agree are required in a quality compliance program. It is about confirming overarching processes and policies, while allowing the specifics of each process and policy to be crafted by each organization to suit its specific needs.

The OpenChain Specification is at version 1.2 and is ready for adoption by any organization that creates, uses, or distributes open source code. The online conformance is free of charge, and the mailing list and work team calls are open to everyone. This is the first time there has been a single, unifying approach to addressing the challenge of open source compliance in the supply chain, and it has the potential to be truly transformative for the industry.

https://www.openchainproject.org

留言

這個網誌中的熱門文章

【攤位大地遊戲(開源巔峰挑戰賽)】Booth Reward Activity! 2024

/English Below/ 來啊,造訪攤位掃 QRCode,集點數換 2024 年限定贈品啊! 一年只有這一檔,錯過要再等一年! 在找工作嗎?想認識不同的社群嗎?想獲得 COSCUP 2024 專屬的限量贈品嗎? 利用空餘時間去各個攤位聊聊天、看一看,就可以參與大地遊戲拿獎品喲! 大地遊戲怎麼玩:​​ (歡迎順路參與 參與者大調查),填寫表單取得 OPass 票券,並下載與登入 OPass App: 取得 OPass 票券 。 前往 TR 309、312、409-1、515、516 逛各攤位。 在攤位前打開 OPass 的「我的票卷」,秀出 Opass QRcode 讓攤位人員掃描取得點數。 到 TR309 的「大會攤位」兌換贈品,數量有限! 造訪每個攤位掃描後,可獲得 5 點,今年有 28 攤 完成一日志工任務後,可獲得 50 點,至多可解 4 次 擔任講者,可享福利 400 點(請以收到的登入連結進入,每名講者限領取乙次) 今年的紀念品除了可以現金購買,也可以用點數兌換呦! ≡≡≡≡ 集點方法 ≡≡≡≡ 上方每ㄧ個方框,都是ㄧ個攤位或者ㄧ個小任務,每當你造訪完成任務後,即可打開「我的票券」中顯示你的 QRcode 給關主獲取點數,您可以在上方看到您的戰果點數。當您心滿意足準備離開大惠會場前,記得到下述地方將您的點數兌換成滿滿的回憶! ≡≡≡ 點數兌換處 ≡≡≡ 【TR309 外:大會攤位】 1 點即是 1 元,您可以在大會攤位上購置各種精美紀念品,包含滑鼠墊、鍵帽、透卡與紀念 T 恤!。 ≡≡≡ 點數兌換規則 ≡≡≡ 您可以於【紀念品攤位】旁的點數兌換區把點數兌換

COSCUP 2024 徵稿辦法 / COSCUP 2024 Call for Proposals

COSCUP 2024 Call for Proposals: Until 9th, May Submit Your Proposals HERE! 今年 COSCUP 一如往常,徵求各式各樣不同的 Open Source 相關稿件。請於 05 月 09 日(AoE) 前投稿,徵稿主題可參考本頁下方各議程軌資訊。 請注意,每場議程長度預設為 30 分鐘 ,惟部分議程軌開放其他議程長度,會在報名表單第二頁選填。 為了增添 COSCUP 的國際能見度,今年所有入選稿件希望都可以提供中英文版雙語資訊。徵稿階段,您可先以自己偏好的語言準備演講或撰寫 CfP 稿件。 提醒您,COSCUP 是一個倡導開放的研討會,所有演講將錄影並以創用 YouTube CC 姓名標示-相同方式分享 4.0 釋出。如果您的演講有任何不能錄影或不願以此條款釋出的狀況,請務必於投稿表單上註明。 We are looking for talks in several open-source related areas, please submit your proposal before May 09th, 2024 (AoE, Anywhere on Earth) . The theme for submissions can be referenced from the information on various tracks at the bottom of this page. Please note that the length of each agenda is preset to 30 minutes, only the specific tracks are open to other agenda lengths for selection, which will be filled in on the second page of the registration form. To make it more accessible for international audiences, we kindly request CFP information to be provided in both Chinese and

COSCUP 2020 行前通知 / Are you ready ~~

(English below / 下半部有英文版) COSCUP 2020 即將開始了,我們幫你設計了一個簡單的引導手冊,讓你不錯過 COSCUP 每個小細節。 主要資訊 大會活動時間為 2020-08-01 - 2020-08-02 地點在 台灣科技大學 (台北市大安區基隆路四段43號) 活動前 申請通過 OSCVPass 享有氮氣咖啡與 VIP 室的使用 個人贊助方案 :集合您力量達成一個黃金等級 前夜派對 :自由入場、喝一杯、聊開源 議程表 :排出最想聽的議程的最佳解 填寫「 健康聲明 」、閱讀「 防疫守則 」:我 OK、大家也 OK 預先 登記參加 BoF 小聚,讓志同道合的朋友可以找到您 身為家長,歡迎預約 遊樂園 🎠服務 出發前 查詢前往會場 台科大 的最佳路徑 查看 會場地圖 ,會議廳、教室不迷路! 抵達會場 確認「 健康聲明 」是否填寫了! 是否詳細閱讀「 防疫守則 」! 請全程配戴口罩! 😷 TR、RB 都有設置報到處與自由索取的小貓袋! 我們有提供「紅色頸繩」,給不方便被拍照、攝影的您。如有需求,請在報到處拿取,並全程佩戴在明顯之處供相關人員識別。 如果... 我是講者,我應該直接前往所屬的社群議程教室。 我是會眾,可以先看看行程上第一個議程教室在哪。 我有帶小朋友,可以前往 TR515 遊樂園🎠 我有厚重行李,可以到 TR517 使用寄放行李服務。 大會期間 逛逛贊助商攤位 (TR 2F) 、社群攤位 (TR 3F) 、使用 OPass app,秀出 QRcode 讓攤位人員掃描取得點數,並到大會攤位 (TR 3F) 兌換贈品,數量有限! 逛逛 志工任務 、蒐集獎勵,或到志工服務台 (TR 2F) 報名 COSCUP 2021 的志工! 到 BoF 會議室 (TR 4F) 門口尋找屬於您的聚會,與同好暢談彼此在相同主題上的新發現 TR 1F 有小餐車,也可以來這裡點杯氮氣咖啡配上老闆私房料理的牛肋排。 我迷路了 以下為會場與商店的座標位置,透過地圖軟體可以方便指