PALO ALTO, Calif. – March 6, 2018 — Today the Open Source Initiative® (OSI) announced its Incubator Project, ClearlyDefined, a crowdsourced project aimed at boosting the success of FOSS projects by clearly defining their status. Absences or ambiguities around licensing or known security vulnerabilities can erode confidence and limit project success. Project teams often are not aware of these concerns or do not know how to address them. ClearlyDefined identifies the gaps and works with project teams to fill them.
“This is an important project to amplify the success of FOSS projects through wider adoption and confidence. It aligns closely with OSI’s mission to educate and advocate for open source,” said Simon Phipps, President of the board of directors of the OSI, curator of the world’s open source licenses.
While the project scope includes licensing, security, accessibility and other essential information, the initial focus is on factual licensing data such as licenses, copyright holders, and source code location. These are the key elements in understanding and meeting the license obligations related to consuming FOSS. Through a series of automated tools and human curation, the ClearlyDefined community has already curated licensing data for 1,000 of the most popular projects on GitHub and in key package management ecosystems.
“ClearlyDefined applies open source hallmarks—collaboration and openness—to the problem of curating FOSS itself. Contributing licensing and vulnerability data to the originating projects improves life for everyone. Project teams get updated information and guidance on enabling their community, and consumers gain the confidence they need to move fast and engage even more.” — Jeff McAffer of the ClearlyDefined project team.
In addition to curating and contributing required data, ClearlyDefined provides a clearing house service, a one-stop shop, where consumers can get the data they need in canonical, machine-readable form. This enables unprecedented automation and rigor.
Today the Eclipse Foundation also announces that it will donate curated data to ClearlyDefined to assist in seeding information about projects within the Java ecosystem.
“ClearlyDefined is important to the Eclipse Foundation because as a large-scale producer of open source we want our projects to be more clearly defined, both for ourselves and our downstream consumers. We are excited to donate some of the curated data we have generated over the past decade about the FOSS we consume to help kick start ClearlyDefined’s crowdsourcing effort,” — Mike Milinkovich, Executive Director of the Eclipse Foundation.
“Complying with license terms is a critical part of our open source engagement. It is not unusual for a single product to use 1000s of FOSS components. Companies cumulatively spend millions of dollars a year discovering license terms and the information needed to comply. That work is duplicated many times over and takes away from deeper engagement and innovation. Being able to get and contribute the data we need through ClearlyDefined allows us to go faster and engage more.” — Rashmi Chitrakar, Qualcomm Technologies, Inc.
As an incubator project of the OSI, ClearlyDefined is a vendor-neutral open source project with an open governance model. Standardized harvesting tools are run by community members and the resultant data contributed. Like any open source project, contributions are vetted and accepted by committers (called curators here), and pushed up to the original projects. Getting many eyes on the data enhances its quality and pushing the data upstream benefits everyone.
“Having a trusted source of curated upstream project metadata will help the entire ecosystem. The Linux Foundation’s Open Compliance Projects–SPDX, FOSSology, and OpenChain–look forward to working with ClearlyDefined to create data that can be exchanged in a vendor-neutral manner.” — Kate Stewart, Senior Director of Strategic Programs, The Linux Foundation.
ClearlyDefined is also important to the community as a whole and is an important initiative to capture data about FOSS that may be lost over time. The project is collaborating with Software Heritage to store the data in long term
“Software Heritage’s mission is to collect, preserve and share all the software source code of the world. We are delighted to see ClearlyDefined taking up the important task of curating the metadata about software projects, and we are very pleased to work with them to preserve this precious information that would otherwise be lost as technology and developers move on.” — Roberto Di Cosmo, CEO of Software Heritage, an initiative started by Inria, in collaboration with UNESCO.
ClearlyDefined (https://clearlydefined.io) is a working group of the Open Source Initiative, the stewards of open source licensing. Individuals from Microsoft, Qualcomm Technologies, Inc., HERE Technologies, Amazon, nexB, the Eclipse Foundation, and Software Heritage are collaborating to ensure the success of the initiative and welcome additional participation from the open source community.
About The Open Source Initiative
Founded in 1998, the Open Source Initiative (OSI) protects and promotes open source software, development and communities, championing software freedom in society through education, collaboration, and infrastructure, stewarding the Open Source Definition, and preventing abuse of the ideals and ethos inherent to the open source movement. The OSI is a California public benefit corporation, with 501(c)(3) tax-exempt status. For more information about the OSI, see https://opensource.org.