ISO/IEC 5230 Compliance
Ensuring Compliance with Open Source Standards
ISO5230 Open-Source Licensing Compliance The OpenChain Project
Open source code and software has grown from an idealistic movement led by individuals around software and intellectual property to an integral resource used by government, enterprise companies, start-ups and universities. Â These organisations have recognized that open source is a key part of their IT strategy and want to take part in its development.
Legacy technology companies also paying attention to open-source software and making it a priority in using open-source software for strategic development within their companies.
The Linux Foundation initiated the OpenChain Project to define an effective specification for open-source license compliance throughout the software supply chain.
Why is compliance important?
According to David Rudin, the Assistant General Counsel at Microsoft:
‘When companies, especially large enterprises, purchase software, they need to know what open source is included in the product so they can be sure to meet their compliance obligations. As supply chains grow, each link in the chain must meet its open-source obligations – a weak link means you can’t trust the code… and if you can’t trust the code… you can’t easily use it.’
The advantage of a supply chain where the members are OpenChain compliant, the use of open-source software becomes much simpler. Companies can freely use open-source software and be assured that the developer has quality governance in place to ensure the software is compliant.
Many companies such as Microsoft, Facebook, Toyota, Uber, Cisco, Siemens and Hitachi have publicly announced OpenChain conformant programs.
Introducing ISO/IEC 5230
In December 2020, the OpenChain specification was published as an industry standard by the International Organization for Standardization .
The ISO 5230 standard defines the key requirements of a robust open-source licensing compliance system, which builds trust between companies exchanging and adopting software that includes the use of open-source software.
Certification with ISO 5230
Self-certification provides an inexpensive and speedy route to compliance with ISO/IEC 5230:2020. Through our partnership with Source Code Control, a Linux Foundation partner, we can guide companies through the ISO 5230 compliance certification process which will include an external and independent certification of compliance.
Looking to implement a secure software escrow solution?
- Automate deposits directly from Git such as GitHub, Bitbucket etc
- Expert in Saas Continuity within AWS, Azure and GCP
- Global footprint with offices in London (HQ) UK, Atlanta, USA, and Sydney, Australia.
Leading Companies Trust Escrow London
YES! I want a free quote
If you have any questions about our services or would like to receive a free quote, simply fill in your details and we will be in touch with you.
