Teoresi Group is now part of the OpenChain Community of Conformance, the international community of organizations that have adopted processes compliant with the ISO/IEC 5230 standard for open source license management.
The standard provides companies with a framework to manage open source software components in their projects in a structured way. It makes it possible to identify which components are used, which licenses apply, which obligations they entail, and how they must be tracked.
OpenChain is a project of the Linux Foundation ecosystem, a global reference point for the development and adoption of open source technologies. Our entry into the community follows a self-certification process and strengthens the work already started within the Group to make these principles part of the way we design and develop solutions.
Open source governance: what it is and why it matters
Behind many of the software tools we use every day, there is open source: code that can be accessed, used, modified, and distributed according to the conditions set by its license.
For those who develop technology solutions, open source is an important accelerator. It makes it possible to start from existing components, access advanced technologies, and use libraries, frameworks, and tools shared by communities, universities, and research centers.
This freedom requires method. Every component comes with specific rules: licenses to comply with, usage obligations, potential vulnerabilities to monitor, and information to track.
“Without structured governance, open source can expose organizations to legal risks, security issues, and compliance problems. What is not tracked is not less risky: it is simply harder to control.” – Alberto Bertone, FOSS Manager at Teoresi Group
This is exactly what open source governance is for: defining processes, responsibilities, and tools to understand what enters projects, under which conditions, and with what impact on quality, security, and compliance.
A framework to manage open source in projects
The ISO/IEC 5230 self-certification stems from an internal path that led us to define a dedicated policy and procedure for open source management, valid across all Group companies.
The framework covers the entire project lifecycle, from the pre-sales phase to development and delivery. During the first technical assessments, we analyze the usage context, license-related constraints, and any specific customer requirements.
During development, codebases, meaning the sets of source code that make up a software product, are analyzed to identify open source components, their licenses, and any known vulnerabilities.
The process also includes dedicated roles and responsibilities. The FOSS Manager coordinates the management of Free and Open Source Software, supports audit activities, and contributes to the continuous update of procedures and tools.
Learn more on the OpenChain blog
We shared our journey in an article published on the official OpenChain project blog.