So you set up an open source license compliance program in your company. You educate your employees and you make sure you know how they handle open source software. But what about the software, which is supplied to you? Do you know how your supplier handles open source software? Can you trust that they know what they are doing when it comes to open source license compliance?

Many companies have been wondering about how to build trust with open source license compliance. And many of them joined the OpenChain working group to work together on building said trust in supply chains.

The OpenChain working group began its work in the summer of 2014. Since then it has developed a working apecification draft that aims at identifying common best practices in companys’ open source compliance programs. A version one is planned to be published in April 2016.

JBB has been an active member of the OpenChain working group since its early days. At the same time, we have been working on an open source license compliance audit designed to enable companies to assess the compliance status of their software suppliers. The audit started out as a set of questions and was turned into a webbased version in the fall of 2015, when it was also shared with the OpenChain working group, whose members are now in the process of revising it and mapping the common best practices they identified with the topics/questions asked in the audit.

The audit, which is licensed under Creative Commons 1.0 Universal, can be accessed under www.audit.osadl.org. Username and password are required. They’ll be provided on request. Just send an email to ballhausen[at]jbb.de.