OpenChain builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. OpenChain Conformance allows organizations to display their adherence to these requirements. The OpenChain Curriculum supports this process by providing extensive reference material for effective open source training and management. The result is that open source license compliance becomes more predictable, understandable and efficient for all participants in the software supply chain. Find out more on the OpenChain homepage.
SPDX, the Software Package Data Exchange project, is developing ways for humans and machines to communicate software composition information, including security vulnerabilities, licenses, copyrights and more. Check out and join us in developing: