Hello everyone and happy new (Western) year!

Short question please: Does anyone see a connection between compliance/conformance assessments for OpenChain and Automotive SPICE? I.e. some way how OpenChain compliant open source program should fit into ASPICE compliant processes and procedures?

Thanks! Dirk

--
Confused about open source?
Get clarity through https://bayave.com/training
--
Website: http://dirkriehle.com - Twitter: @dirkriehle
Ph (DE): +49-157-8153-4150 - Ph (US): +1-650-450-8550

I do see a strong connection between ASPICE and Open Chain.  ASPICE does not go into the topic of Open Source, and that is where Open Chain fills in.  In fact, we are using our ASPICE assessors to help us with Open Chain compliance.  We will need to educate our other assessors on Open Chain. 

Would I like to see Open Chain integrated into ASPICE?  Not at this time.  Even in my company, there are many groups restricting the use of Open Source, so integrating Open Chain into ASPICE in a manner that works for groups using lots of Open Source and groups using none would make it too general.  Open Chain is specifically addressed to the unique topics of Open Source.  I can see that as a future development, however.  

Mary: Thanks for the answer!

I agree that an integration of OpenChain and ASPICE on a specification level makes no sense. They are two different topics and there are other domains than automotive obviously.

But, assuming world dominance of OpenChain ;-), some/most automotive suppliers may want to pass both OpenChain and ASPICE conformance assessments. Then the implementing processes overlap and you need to think about integration *at the specific company* (even if there is variation at the specific company).

So I was wondering about experiences with that integration. Without laying open specific processes, we can only talk about it on the spec level.

Here is an illustration of what I'm trying to say:

One might easily say that process Automotive SPICE ACQ.15 supplier qualification requires the supplier is OpenChain compliant.

Or that that process ASPICE SYS.1 requirements elicitation identifies (non-functional) open source requirements of the customer/market and that those match roles and competencies defined in OpenChain (OpenChain 2.1 3.1.2.1 + 2), the use cases (3.1.5.1), and so forth.

I was wondering whether anyone has spent cycles on this is and whether it is publicly accessible.

It might also be interesting to look at related domains.

Thanks! --Dirk

--
Confused about open source?
Get clarity through https://bayave.com/training
--
Website: http://dirkriehle.com - Twitter: @dirkriehle
Ph (DE): +49-157-8153-4150 - Ph (US): +1-650-450-8550

I understand.  My company has not gotten to the point of integrating OC with our ASPICE process yet. Our FOSS actions are integrated and we have a robust FOSS activity, but not fully OC compliant yet.  I would not expect formally integrating OC with our ASPICE process to happen this year.