If you’re not already aware of it, OpenChain ISO/IEC 5230:2020 is the International Standard for open-source license compliance and is designed to build trust in the supply chain. The standard allows companies of all sizes and in all sectors to adopt the key requirements of a quality open-source compliance program. This is an open standard, and all parties are welcome to engage with the community to share their knowledge and contribute to the future of the standard. BlackBerry recently became the first company based in North America to adopt and conform to OpenChain across its entire product portfolio. The company saw the need to lead in this space and joined other technology-leading companies to adopt a higher standard for its software supply chain.
BlackBerry’s conformance is the first in North America in collaboration with an official OpenChain partner company, OSS Consultants. In addition, the announcement also marked the first whole-entity conformance undertaken anywhere globally with an official OpenChain partner. OpenChain encourages self-certification, independent assessment and third-party certification as options for entities seeking to address the risk profile of their supply chain. The choice of independent assessment in this case underlines how this flexibility allows entities to choose the solution that best fits their size, situation and market.
It is hard to overstate the importance of the action reflected in this announcement. BlackBerry has one of the deepest industry pedigrees in bringing increased peace of mind to enterprise and governmental organizations. The extension of this approach into the heart of their open-source software utilization both underlines their commitment to excellence and serves as a beacon for other companies to follow.
The recent exploits and their associated elements touted in the Lapsus$ attacks highlight the importance of third-party partners and insider threat security and the way in which those associated risks can come together in a way that threatens the confidence we can wield at any moment in our supply chain — as if, in that regard, the lingering effects of SolarWinds weren’t enough. OpenChain ISO/IEC 5230:2020 conformance reflects steps in the right direction in reclaiming that confidence. To that end, we welcome the opportunity to “lock shields” with you in the protection of our collective interests.