Abstract

If you're not already aware of it, OpenChain ISO/IEC 5230:2020 is the International Standard for open-source license compliance and is designed to build trust in the supply chain. The standard allows companies of all sizes and in all sectors to adopt the key requirements of a quality open-source compliance program. This is an open standard, and all parties are welcome to engage with the community to share their knowledge and contribute to the future of the standard. BlackBerry recently became the first company based in North America to adopt and conform to OpenChain across its entire product portfolio. The company saw the need to lead in this space and joined other technology leading companies to adopt a higher standard for its software supply chain. BlackBerry's conformance is the first in North America in collaboration with an official OpenChain partner company, OSS Consultants. In addition, the announcement also marked the first whole-entity conformance undertaken anywhere globally with an official OpenChain partner. OpenChain encourages self-certification, independent assessment and third-party certification as options for entities seeking to address the risk profile of their supply chain.