Complex Made Simple: The State of Governance in Open Source

Clear governance, a shared understanding of process and rules, is key to the success of open source adoption at scale. Our global community represents many perspectives, many cultures, and many jurisdictions. To address these we have seen the emergence of overarching principles, practical guides and effective tools that support the necessary balance of flexibility and shared trust. This talk will focus on the key open source solutions that address real-world challenges. It will highlight a stack of solutions that includes OpenChain, SPDX, Reuse.Software, FOSSology, ScanCode, sw360, ClearlyDefined and QuarterMaster and explain how they work together at a high level (e.g OpenChain standard) to practical tooling (e.g QuarterMaster CI/CD).

1. Complex Made Simple

2.“How do I trust my open source supply chain?” 2

3.There are three parts to OpenChain Project: 1. Specification 2. Conformance 3. Curriculum 3

4.The OpenChain Specification defines the requirements for a quality compliance program. 4

5. Training Inbound Policy Outbound Process 5

6. The OpenChain Specification confirms a company has open source processes, policies and training. Companies have the flexibility to decide each specific process, policies and training. 6

7.Common requirements for suppliers and customers makes everything simpler. Learn more here: 7

8.OpenChain Conformance allows organizations to show they meet these requirements. 8


10.If a company can answer Yes to each question they are OpenChain Conformant. Learn more here: 10

11.The OpenChain Curriculum provides reference open source processes and solutions. Learn more here: 11




15.The OpenChain Curriculum can be used for any open source training program. Learn more here: 15

16.The goal is to build trust by having organizations conformant with the OpenChain Specification. 16

17.Companies supporting OpenChain: • Adobe • HPE • ARM Holdings • Qualcomm • Cisco • Siemens • Comcast • Sony • GitHub • Toyota • Harman International • Western Digital • Hitachi • Wind River 2017 17

18.Work Teams supporting OpenChain: 1. Specification - Chaired by Mark Gisi (Wind River) 2. Conformance - Chaired by Miriam Ballhausen (SCA) 3. Curriculum - Chaired by Alexios Zavros (Intel) 4. Onboarding - Chaired by Nathan Kumagai (Qualcomm) 18

19.Coming in 2018: Supply chain adoption 19

20.Coming in 2018: New reference material 20

21.Coming in 2018: A specification review process 21

22.Be part of this Join the community: Self-certify your organization: 22

23. Questions? OpenChain Project - The Linux Foundation 2017 23