More than 1 year has passed since last update.

OpenChain 認証企業 ふえてます / The number of openchain certified companies is increasing.

Last updated at Posted at 2021-12-02

*You can access the English summary in the lower part of the page.


"OpenChain" とは

OpenChainは、Linux Foundation公式プロジェクトのひとつで、「OSSが信頼性と一貫性のあるコンプライアンス情報とともに提供される、ソフトウェアサプライチェーンを実現すること」をビジョンとし、組織がOSSのライセンスコンプライアンスプログラムを構築するための指針を整備し提供しているプロジェクトです。

1. 仕様(Specification) : 組織内に確立するべきコンプライアンスプログラムの要件を定義したもの
2. 適合(Conformance) : 組織が仕様を満たしていることを認証する仕組み
3. 教育(Curriculum) : 仕様の要求事項のひとつである教育プログラムに活用できる資料

"OpenChain 認証" とは

組織が、前項の "1.仕様" に準じた仕組みを構築し、 "2.適合" できたということを確認することで、その認証を取得すること、あるいは取得したことを言います。


OpenChain 認証には、自己申告に基づいて取得する 自己認証 と、外部認証機関を通して取得する 第三者認証 の2通りがあります。

OpenChain 認証企業 ふえてます

OpenChainの "1.仕様" は、昨年のアドベントカレンダーで大崎さんにご説明いただいたとおり、昨年12月に ISO/IEC 5230:2020 としてめでたく国際標準化されました。

国際標準化される以前からOpenChain 認証を取得する企業・団体はもちろんあったのですが、国際標準化以降その勢いは増しており、ここ1年で急激に増加しています。以下はその一覧です。

OpenChain JWG紹介-202110_rev2_12.png


OpenChain JWG紹介-202110_rev2_13.png

私が所属している組織(の親会社)も、下(子会社)から尻を蹴り上げ続けること苦節3年...w ようやく名を連ねることができました!

取得にあたっては、すでにOpenChain認証取得されている組織の方含め、OpenChain Japan WGのメンバーの方々からの支援・アドバイス等をいただくことができて非常に助かりました。
これからOpenChain取得を考えている組織の方はぜひ、OpenChain Japan WGに参加されることをお勧めします。

What is "OpenChain" ?

OpenChain is one of the official projects of the Linux Foundation. With the vision of "realizing a software supply chain where OSS is provided with reliable and consistent compliance information", OpenChain develops and provides guidelines for organizations to build OSS license compliance programs.

OpenChain is engaged in various activities based on the following three pillars.
1. Specification: A definition of the requirements for a compliance program to be established within an organization.
2. Conformance: A mechanism to certify that an organization meets the specifications.
3. Curriculum: A document that can be used for educational programs, which is one of the requirements of the specification.

What is "OpenChain Certification" ?

OpenChain certification means that an organization has established a system that conforms to the specifications described in the previous section, and has obtained or has obtained the certification by confirming that the system is compliant.

Self-Certification and Third Party Certification

There are two types of OpenChain certification: self-certification, which is based on self-assessment, and third-party certification, which is obtained through an external certification body.
Although it may seem intuitively that third-party certification is more effective, OpenChain uses the same questions for both self-certification and third-party certification, so the certification to be obtained will be the same, and self-certification is rather recommended.

More and more companies are becoming OpenChain certified.

As explained by Mr. Osaki in last year's advent calendar, the "1. specification" of OpenChain was certified as ISO/IEC 5230:2020 in December last year. as ISO/IEC 5230:2020.

Of course, there were companies and organizations that obtained OpenChain certification before the international standardization, but since the international standardization, the number of companies and organizations that have obtained OpenChain certification has been increasing, and the number has been increasing rapidly in the past year.The following is a list.

OpenChain JWG紹介-202110_rev2_12.png

As of October 2021, the following companies have been announced as certified.
However, there are some companies that do not disclose that they have obtained certification, so the actual number of companies that have obtained certification is much higher.

OpenChain JWG紹介-202110_rev2_13.png

The parent company of my organization has been rushed by its subsidiaries for three years.... Our organization finally got its name on the list!

In the process of obtaining OpenChain certification, we were very fortunate to have the support and advice of the members of the OpenChain Japan WG, including those who have already obtained OpenChain certification.
If you are thinking of getting OpenChain certification, we highly recommend you to join the OpenChain Japan WG.

Translated with www.DeepL.com/Translator (free version)


Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up