The OpenChain Meridian 22 Work Group met on February 2, 2026. Meeting assets are below…
We will arrange future meetings and hold online discussions via the official mailing list, and everyone is invited to join: https://lists.openchainproject.org/g/meridian22-wg.
All work group meetings can be found on the calendar at https://zoom-lfx.platform.linuxfoundation.org/meetings/openchain?view=list&committee=8c4466bd-c9f1-40d7-8d08-f87eb488791d.
OpenAnolis officially announced that it has met the OpenChain ISO/IEC 18974 standard, becoming one of the few open-source operating system communities worldwide to receive this authoritative security accreditation. As an open-source community jointly built by enterprises, academic institutions, research organizations and individual developers, OpenAnolis has long been committed to creating a secure, reliable, and compliant digital infrastructure foundation. This certification marks a significant milestone in the community’s progress in open-source security governance.
ISO/IEC 18974, initiated by the OpenChain Project, defines the core requirements for open-source software security assurance programs, focusing on an organization’s ability to identify, respond to, and manage known security vulnerabilities such as CVEs and dependency issues. By establishing a comprehensive lifecycle security governance framework, OpenAnolis has implemented standardized processes for vulnerability monitoring, incident response, code security auditing, and software supply chain protection, ensuring trustworthiness in critical scenarios such as cloud-native environments and AI computing. The community has also developed SBOM (Software Bill of Materials) capabilities to enable transparent dependency management. With automated toolchains and AI Agents, OpenAnolis continuously performs intelligent vulnerability detection and remediation, providing strong security assurance for downstream OS distributions and industry users.
Long Qin, Chairman of the OpenAnolis Security Alliance, said: “The OpenAnolis Community’s Openchain ISO/IEC 18974 certification is of great significance to the development of the community’s security capability. In the era of integration between AI and cloud-native technologies, the security boundaries of operating systems have evolved beyond traditional patching to a holistic and proactive defense system that addresses heterogeneous computing, complex software supply-chain dependencies, and emerging threats caused by intelligent technologies. OpenAnolis will continue to invest in security innovation and work with global developers to build a trustworthy open-source ecosystem that supports the intelligent computing era.”
Liu Dapeng, Head of the OpenAnolis Standardization SIG, said: “OpenChain ISO/IEC 18974 provides open source communities with an authoritative guideline for software supply chain security governance and compliance management, laying a solid foundation for OpenAnolis to enhance collaboration efficiency and build ecosystem-wide trust. Looking ahead, the OpenAnolis Standardization SIG will continue to actively engage in OpenChain standard development under the Linux Foundation, striving to contribute OpenAnolis’ practical experience to international standards and working hand-in-hand with partners to co-create a secure, transparent, trustworthy, and thriving open source operating system ecosystem.”
About OpenAnolis
Founded in 2020, OpenAnolis is an international open-source root community for Linux server operating systems, focusing on cloud computing, edge computing, and AI computing scenarios. The community has brought together more than 1,000 ecosystem partners and released core distributions such as Anolis OS 23, providing full support for x86, ARM, and RISC‑V architectures. OpenAnolis technologies are widely deployed across cloud-native and intelligent computing fields.
About the OpenChain Project
Led by the Linux Foundation, the OpenChain Project promotes open-source license compliance (ISO/IEC 5230) and security assurance standards (ISO/IEC 18974), helping organizations establish efficient open-source compliance and security management systems. With over 1,000 global enterprise participants, OpenChain is a key international force in securing and standardizing the open-source supply chain.
About the Linux Foundation
The Linux Foundation is the world’s largest open-source collaboration platform, supporting critical infrastructure projects such as Linux, Kubernetes, and Node.js. Through standardization, community operations, and industry collaboration, it drives sustainable development of open-source technologies across software, hardware, and data domains.
CJ Olive Young (hereinafter “Olive Young”) announced on the 9th that it has declared the open source international standard ‘ISO/IEC 5230:2020’ certification, marking a first in the domestic health and beauty (H&B) industry.
‘ISO/IEC 5230:2020’ is the sole international standard that evaluates a company’s open source license compliance system and management capabilities. Open source refers to publicly available source code that anyone can use freely. While it offers the advantage of reducing development costs and time, its transparent nature can also expose security vulnerabilities, making it crucial to strictly adhere to relevant license regulations. Accordingly, the certification is awarded only to companies that meet the criteria through a comprehensive evaluation of their compliance capabilities, including open source software policies and processes, the expertise of dedicated organizations and personnel, and relevant training.
This certification is highly significant as it officially recognizes that the security and transparency of Olive Young’s open source management system—as the company leaps forward as a ‘global beauty-tech platform’—fully meet international standards. As Olive Young accelerates its global expansion, including the opening of its first offline store in the U.S. this coming May, this achievement is expected to serve as a pivotal momentum in enhancing the stability and reliability of its services overseas.
Olive Young has been meeting the criteria for this international standard by establishing a robust open source management system since 2023. The company designated a dedicated organization and personnel for open source verification and management, and formed an ‘Open Source Council’ to establish a systematic approach for identifying and managing potential risk factors. Furthermore, it implemented internal open source management regulations and a strict process that mandates open source verification during system development. It also currently operates an automated system for verifying open source licenses and inspecting security vulnerabilities.
An official from Olive Young stated, “This certification is an acknowledgment of Olive Young’s proactive efforts, including the nurturing of IT talent and the establishment of an internal management system.” The official added, “As the representative platform for K-beauty, we will continue to advance our open source management system in strict alignment with global standards.”
© 2026 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
