View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
May 13, 2020

OpenChain ISO/IEC Submission Signals Fresh OSS Compliance Drive

Linux Foundation's JDF pushes for better open source compliance

By CBR Staff Writer

The Linux Foundation’s “Joint Development Foundation” (JDF) has won formal approval to submit open source software (OSS) projects for recognition as international standards, in a landmark move — with an open source compliance project first to be submitted for approval.

The move comes as the Linux Foundation continues a push to boost the transparency, security and credibility of OSS across the business community, amid concerns about a lack of standardisation, sub-par maintenance of many widely used OSS components, and security fears.

Its new approval is for ISO/IEC JTC standards submissions. (The two are co-creators of ISO/IEC JTC 1, which sets IT standards.)

First Submission: OpenChain

This week the JDF made its submission — for OpenChain, a specification that identifies the key requirements of an open source compliance programme,  designed to build trust between companies in the supply chain.

(OpenChain participants need to provide source code, build scripts, license copies, attribution notices, modification notices, SPDX data etc. Its charter’s  vision is to be “a software supply chain where free/open source software is delivered with trusted and consistent compliance information”.)

“Open source is now a mainstream means of building infrastructure and providing a platform for innovation, said Seth Newberry, executive director at Joint Development Foundation.

See also: Choosing an Open Source Stack

He added: ” While open source development models focus on lowering the barriers to innovate and change, there comes a time when industries decide the next step is to agree on one approach to an issue and work together on that solution.” (The JDF has more than 250 companies participating).

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Of the world’s top 10 most-used open source packages, seven are hosted on individual developer accounts, the Linux Foundation’s Core Infrastructure Initiative warned earlier this year, saying this could pose a security risk to code at the heart of the global economy. Hundreds of thousands of open source software packages are in production applications throughout the supply chain; many only sporadically updated or maintained.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.