Today, the OpenChain Project announced Microsoft’s conformance to OpenChain 2.1 (ISO/IEC 5230), the International Standard for open source license compliance. This standard defines the key requirements of a quality open source compliance program, and helps to both reduce errors and increase efficiency across the global supply chain.
“Microsoft has been intimately involved in guided ISO/IEC 5230 from de facto industry standard to formal International Standard,” says Shane Coughlan, OpenChain General Manager. “Their adoption of OpenChain 2.1 underscores their continued commitment to excellence not only in software but also its management throughout the supply chain. We look forward to collaborating with Microsoft partners and customers in their own journeys to conformance in the coming weeks and months.”
“Microsoft sees ISO/IEC 5230 as a critical part of the management of open source in commercial relationships,” says David Rudin, Assistant General Counsel, Microsoft. “The OpenChain standard provides a clear, effective and universally suitable framework for open source license compliance. The use of this standard both simplifies and improves any transaction between two parties regarding open source software.”
About the OpenChain Project
OpenChain began when a group of open source compliance professionals met in a conference lounge and chatted about how so much duplicative, redundant open source license compliance work was being done inefficiently in the software supply chain simply. They realized that while each company did the same work behind the scenes in a different manner the output for downstream recipients could not realistically be relied on because there was no visibility into the process that generated the output.
The answer the early principles of this discussion arrived at was to standardize open source compliance, make it transparent and build trust across the ecosystem. The project began as outreach to the community with the idea of a new standard for open source license compliance with slides titled, “When Conformity is Innovative.” A growing community quickly recognized the value of this approach and contributed to the nascent collaboration soon named The OpenChain Project.
