OpenChain Automotive Work Group Workshop – 2025-11-14

The OpenChain Automotive Work Group is holding a special workshop on the 14th of November at 09:00 ~ 12:00 CET Brussels/Europe.

Dial into the event at https://zoom-lfx.platform.linuxfoundation.org/meeting/93221191904?password=fc945fdc-322f-4272-9b0b-7c1a92fb4a9e.

The meeting invite has also been shared in the Open Chain Automotive workgroup mailing list: https://lists.openchainproject.org/g/automotive-wg

Please note: as with everything in the OpenChain Project, this event belongs to the community. Our schedule is created in collaboration with the people who will attend, and therefore you should feel free to make suggestions.

This is a meeting of the OpenChain Automotive Work Group. This meeting is open to everyone, and will feature talks and discussion around tooling, the supply chain, compliance and regulatory matters. No registration required.

• 09:00: Opening and introductions

  • 09:00: ‘Opening Greeting and Review of Core Topic’ – ‘ISO/IEC 5230, ISO/IEC 18974 and ISO/IEC 5962 – How updates to international standards for open source license compliance, security assurance and SBOM impact the automotive supply chain’
    • by Shane Coughlan, OpenChain
    • by Masato Endo, Toyota

• ~09:10 TOP1 SBOM activities and Cybersecurity regulations

  • 09:10: ”SBOM Implementation – status of SBOM Quality Guide and Automotive SBOM’
    • by Norio Kobota, Sony/OpenChain SBOM Work Group
    • by Ayumi Watanabe, Hitachi-Solutions
  • 09:30: ‘Catena-X Expert Group Software and how the new Car SBOM Standard is intended to be used in the context of new Cybersecurity regulations’ Catena-X / Eclipse Tractus-X
    • by Marvin Hubl, Catena-X Expert Group Software Lead
  • 09:45: ‘SPDX Version 3.x – overview, differences to 2.x and benefits for the supply chain of switching to the new version + outlook on upcoming Version 3.1 with new profiles’
    • by Alexios Zavras, Intel/SPDX Project
  • 10:00: ‘CycloneDX Version 1.7 – overview, differences to 1.6 and benefits for the supply chain of switching to the new version’
    • by Jan Kowalleck, OWASP/CycloneDX
  • 10:15: ‘SBOMs quo vadis? – CycloneDX, SPDX, Catena-X, Sepia – panel discussion on the current landscape’
    • moderated by Chloe Zhong

• ~10:35: TOP2 SBOM, Security and Open Source Management Tooling

  • 10:35: ‘A publicly available supply-chain simulation based on Open Source tools – status and outlook’
    • by Marcel Kurzmann, Bosch/OpenChain Tooling Group/Eclipse Apoapsis
  • FLASHLIGHTS on relevant Project Updates (5 min max.)
  • 10:45: ‘Cybersecurity tools for automotive and beyond – status and outlook’
    • by Dirk Targoni, ASRG.io – Chapter Stuttgart
  • 10:50: ‘OCCTET project – status and outlook’
    • by xxx, xxx
  • 10:55: ‘SEPIA project – status and outlook’
    • by Rakesh Prabhakaran, Bosch Global Software Technologies
  • 11:00: ‘Eclipse Disuko – SBOM-portal – status and outlook’
    • by David Schumm, Mercedes Benz
    • by Christian Wege, Mercedes Benz

• ~11:10: TOP3 Safety Software Supply Chain

  • 11:10: Functional safety in the context of an Open Source based eco-system
    • by Daniel Krippner, ETAS
    • by Kaspar Matas, Codethink
  • 11:20: Linux ELISA / SPDX Safety Profile – ‘Update on the progress’
    • by Nicole Pappler, AlektoMetis

• ~11:30: TOP4 Challenges of Automotive Open Source Program Offices and Business

  • 11:30: TODO Group Open Source Business Guide – how we collaborate on win over and educate business managers / C-level
    • by Sven Erik Jeroschewski, Bosch
  • 11:35: AGL OSPO Expert Group – Status and next steps
    • by xxx, xxx
  • 11:40: Discussion on good practices for provision of Open Source Disclosure documents along the whole supply chain down to the consumer in line with the ISO5230
    • moderated by Sarah Moser, ZF

• ~11:50: TOP5 Open discussion, future planning and closing

  • 11:50: Outlook on the 2026 Open Source Events with Automotive relevance
    • by Marcel Kurzmann, Bosch/OpenChain

• 11:55: Close and Goodbye