Supply Chain Security: OpenChain Project Adds Microsoft as Platinum Member

The OpenChain Project, which is designed to build trust in open source by making open source license compliance simpler and more consistent, has announced that Microsoft has joined as a platinum member.

This comes on the heels of several other large companies joining OpenChain last month including Uber, Google and Facebook.

A leading standard for open source compliance in the supply chain, OpenChain is meant to provide a specification as well as overarching processes, policies and training that companies need to be successful in managing open source license compliance so that it becomes more efficient, understandable and predictable for participants of the software supply chain.

Companies consume billions of lines of open source software through their supply chains as they build new products and services. One key challenge as code flows between companies is ensuring the relevant license requirements are met in a timely and effective manner. The OpenChain Project provides companies with a consistent way to address these challenges. It's hard to overstate the importance of this work given open source is a critical input at every step in the supply chain, both in hardware and software.

By joining OpenChain, Microsoft hopes to help create best practices and define standards for open source software compliance, so that shippers have even greater choice and opportunity to bridge Microsoft and other technologies together in heterogeneous environments.

According to spokesmen, conformance with the OpenChain Specification shows that an organization follows the key requirements of a quality open source compliance program, and builds trust between organizations in the supply chain. It makes procurement easier for purchasers and preferred status easier for suppliers.

“Trust is key to open source, and compliance with open source licenses is an important part of building that trust,” said David Rudin, Assistant General Counsel, Microsoft. “By joining the OpenChain Project, we look forward to working alongside the community to define compliance standards that help build confidence in the open source ecosystem and supply chain.”

Shane Coughlan, OpenChain General Manager, told SCMR in an interview explained how the deal came together, noting that Microsoft has been an active participant on the OpenChain Project community calls and mailing list for a considerable period.

“OpenChain has acted as a meeting place for companies of all sizes to share knowledge and experience around open source compliance since inception,” he adds. “The majority of our existing community comes from Linux Foundation Member companies, a natural evolution given how Linux Foundation projects cross-pollinate, and of course Microsoft is a contributor in a great many of these projects.”

Video from OpenChain “OpenChain - Great Open Source Compliance For Everyone”

SC
MR