Standards Used In Compliance
OpenChain is the ISO/IEC International Standard for Open Source Compliance. It allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.Find out more on the OpenChain homepage.
SPDX, the Software Package Data Exchange project, is developing ways for humans and machines to communicate software composition information, including security vulnerabilities, licenses, copyrights and more. Check out and join us in developing: