---

Continuing Improvements to the OSS Supply Chain Ecosystem

I am emailing you to propose an article that has been co-authored by Keith Bergelt, CEO of Open Invention Network and Shane Coughlan, the General Manager of The Linux Foundation’s OpenChain Project.

Their article follows for your consideration:

Continuing Improvements To the OSS Supply Chain Ecosystem

At the beginning of the 20th century, for the most part, production was local in nature, as it had been for several millennia. By the latter half of the century, with improvements in shipping and telecommunications, companies turned to lean production models (e.g., the Toyota Production System). Telecommunications meant that it was possible to specify components to a third party which was not local. Containerization and transportation improvements meant that components could be transported cheaply and be delivered just-in-time from a supplier which was not local.

This allowed the production process to be modularized and contracted out, improving the efficiency of production. In today’s world, in which the internet has driven communication costs down, companies cannot expect that it is in their best interest to self-produce or locally source all components. Because of this, the world’s largest companies have built increasingly global and complicated supply chains. Benefitting from the computing and communications revolution that started in the 1990s and continues today, these companies are increasingly flexible in their choices for suppliers. The choices that they make about suppliers are not as rigid as they were when lean production was originally conceptualized.

Linux and other open source software (OSS) projects have driven the computing and communications revolution that has changed the world, including the nature of modern supply chains. Open source technologies are also increasingly being utilized in products themselves (e.g., Android in mobile, Automotive Grade Linux in the auto sector, etc.), as the world’s best-known brand names fully embrace OSS.

Open source technologies have been successful not only due to their technological innovation, but also because they come with a set of expectations about behavior. As the world’s top companies embrace OSS, it has become increasingly important that companies in a supply chain ecosystem adopt the norms of the major companies they support.

The royalty-free Open Invention Network license establishes an expectation for OSS-related behavior; specifically, patent non-aggression within core open source technologies. Key global suppliers such as Flex, Taiyo Yuden, Wistron, Hyundai Mobis, FIH-Foxconn, Kontron and semiconductor companies such as Broadcom and Cavium (acquired by Marvell) have recognized the need to demonstrate within their supply ecosystems that they understand this concept, and have signed the OIN license, joining more than 3,100 other organizations.

Open Source Software licensing and compliance in another critical issue that is being addressed within the supply chain ecosystem. Because the software global supply chain is extremely dynamic, with dozens of companies involved in even relatively straightforward technology products and solutions, OSS licensing and compliance errors introduced through this complexity consume time and resources to remediate. The consequences of compliance failures include reputational risk, product delays and liability costs. Addressing efficiency in this space, aligning process approaches, provides an ongoing method of optimizing investment in open source as a whole, up and down the supply chain.

The OpenChain Project, an initiative of The Linux Foundation, defines the key requirements of a quality open source compliance program. It identifies inflection points based on the experience of hundreds of user companies that are known to be essential for effective process management. The project’s industry standard for open source compliance is ultimately targeted at improving license compliance across the global supply chain. By empowering individual companies to establish quality open source compliance programs it inherently creates a situation where links in the supply chain can be trusted more easily. This simple approach has touched a nerve with companies in diverse sectors around the world and lead to active collaboration in global work groups, regional work groups and via multiple general and focused mailing lists.

The core of the Project is the specification, or industry standard, for quality open source compliance programs. All other activities work to support this based on community feedback, with a conceptual split between reference materials such as example process content or fully-formed training course, and tools or services to directly assist adoption.

Today, a successful supply chain acts as an ecosystem. When managed effectively, this ecosystem can be a key competitive advantage for a business. Ensuring that all participants in the ecosystem are aligned is critical. Given growing OSS adoption and the enthusiastic support of Linux by the world’s top companies, it should be expected that supply chain participants in all industries will increasingly look to join OIN to satisfy intellectual property issues and to take other steps, such as with the OpenChain Project, which establish norms for OSS governance and copyright compliance.