OpenChain, I would argue, is the most important open-source project you've never heard of before. This Linux Foundation consortium provides an industry standard for open-source supply chain license compliance. And now, Microsoft has joined the the OpenChain Project.
Also: What makes Microsoft tick?
OpenChain's important because the open-source software supply chain goes from companies that are little more than a single developer in his home office to multi-billion dollar businesses. Within it, there are tens of thousands of programs with a wide variety of open-source software licenses. So, how can companies trust and manage all the code's legal requirements? The answer is with OpenChain.
As the OpenChain project manager Shane Coughlan explained, "The basic idea was simple: Identify key recommended processes for effective open source management. The goal was equally clear: Reduce bottlenecks and risk when using third-party code to make open-source license compliance simple and consistent across the supply chain. The key was to pull things together in a manner that balanced comprehensiveness, broad applicability, and real-world usability."
Microsoft, which has just become a platinum OpenChain member, clearly believes OpenChain is doing just that. This is yet another major step forward in Microsoft working and playing well -- not just with open-source code, but with its underlying legal and business foundation. It's a natural move forward from Microsoft's recent decision to join the Open Invention Network (OIN), thus making its entire patent portfolio available to this vital Linux and open-source patent consortium's members.
Microsoft isn't the only major company to have realized how OpenChain can help companies use open-source code safely and legally. Facebook, Google, and Uber all joined in January 2018.
David Rudin, a Microsoft assistant general counsel, explained why Microsoft joined in a blog post. OpenChain "plays an important role in increasing confidence around the open source code you receive. It does so by creating standards and training materials focused on how to run a quality open source compliance program, which in turn builds trust and removes friction in the ecosystem and supply chain," Rudin said. "Trust is key to open source, and compliance with open source licenses is an important part of building that trust."
"We're thrilled that Microsoft has joined the project and welcome their expertise," commented Coughlan. "Their membership provides great balance to our community of enterprise, cloud, automotive, and silicon companies, allowing us to ensure the standard is suitable for any size company across any industry."
In addition to working with OpenChain, Microsoft will work with ClearlyDefined, which seeks to bring clarity to open-source component license terms and with the TODO Group, which develops and shares best practices for running corporate open-source projects.