Re: Proposal - OpenChain Quality of Conformance Assessment Levels (including a sub-proposal for tooling quality assessment levels)
All, context slides at link:toggle quoted messageShow quoted text
During our last call we had some strong push-back in terms of the project itself defining levels of competence. However, we may have an elegant way forward.
If the project defines the context (continual improvement), we can leave the specific implementation to the market with a natural dynamic addressing the “are people just making stuff up?”
For fields like defense, automotive and aerospace, some companies are likely to prefer third-party certification rather than self-certification in the context of procurement. This creates a market opportunity for companies like PwC or Hitachi Solutions to consider the product they offer. Currently it runs along the lines of “OpenChain certified and occasionally audited as per the standard”, but with our signaling for evolution, it makes sense for PwC and Hitachi Solutions to diversify and offered stepped products. This is to their benefit (more product) and to the community benefit (third-party grading if desired).
While not being intrusive, the project and broader community can signal through official examples and case studies that provide a mental model for where grading may land. For example, this is slide 10 of the current deck:
The most important feedback we received is that no one should feel undervalued for having reached OpenChain ISO 5230 conformance. Adoption of the standard itself is transformative for the ecosystem, and we do not want to dilute that. That said, it is useful to offer inspiration when the question of “what next?” is raised.
On Aug 26, 2021, at 0:52, Jacob Wilson via lists.openchainproject.org <Jacob.Wilson=synopsys.com@...> wrote: