“It is a pleasure to list HARMAN International in our community of conformance,” says Shane Coughlan, OpenChain General Manager. “Their alignment with ISO/IEC 5230, the international standard for open source license compliance, underscores their commitment to excellence in the use and deployment of open source software. We deeply appreciate their work, and listing them in the OpenChain Community of Conformance.”
About HARMAN
HARMAN (harman.com) designs and engineers connected products and solutions for automakers, consumers, and enterprises worldwide, including connected car systems, audio and visual products, enterprise automation solutions; and services supporting the Internet of Things. With leading brands including AKG®, Harman Kardon®, Infinity®, JBL®, Lexicon®, Mark Levinson® and Revel®, HARMAN is admired by audiophiles, musicians and the entertainment venues where they perform around the world. More than 50 million automobiles on the road today are equipped with HARMAN audio and connected car systems. Our software services power billions of mobile devices and systems that are connected, integrated and secure across all platforms, from work and home to car and mobile. HARMAN has a workforce of approximately 30,000 people across the Americas, Europe, and Asia. In March 2017, HARMAN became a wholly-owned subsidiary of Samsung Electronics Co., Ltd.
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Fujitsu, an OpenChain Platinum Member since 2019, and the first organization to publicly attain four OpenChain ISO/IEC 5230 or equivalent conformant programs, has announced an ISO/IEC 18974 conformant program. Adoption of ISO/IEC 18974, the international standard for open source security assurance, underlines their commitment to leadership in open source governance and management.
“Fujitsu has been a key long-term contributor to the OpenChain Project,” says Shane Coughlan, OpenChain General Manager. “Their adoption of ISO/IEC 18974 is an important milestone in the market adoption of the international standard for open source security assurance, and will have a positive impact across the open source supply chain in Asia and globally.”
About Fujitsu
Fujitsu’s purpose is to make the world more sustainable by building trust in society through innovation. As the digital transformation partner of choice for customers in over 100 countries, our 124,000 employees work to resolve some of the greatest challenges facing humanity. Our range of services and solutions draw on five key technologies: Computing, Networks, AI, Data & Security, and Converging Technologies, which we bring together to deliver sustainability transformation. Fujitsu Limited (TSE:6702) reported consolidated revenues of 3.7 trillion yen (US$26 billion) for the fiscal year ended March 31, 2024 and remains the top digital services company in Japan by market share. Find out more: www.fujitsu.com.
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Osaka, Japan, October 17, 2024 – Honda, a global leader in the manufacturing of automobiles, motorcycles, and power equipment, today announces an OpenChain ISO/IEC 18974 conformant program. By adopting the international standard for open source security assurance, Honda builds on their December 2023 adoption of OpenChain ISO/IEC 5230:2020, a previous milestone in the use of the international standard for open source license compliance. Honda continues to drive long-term, sustainable innovation around the next generation of technologies.
“Honda has a remarkable position as the world’s largest motorcycle manufacturer and the world’s largest manufacturer of internal combustion engines,” says Shane Coughlan, OpenChain General Manager. “By adoption of both ISO/IEC 5230 and ISO/IEC 18974 in the last twelve months, Honda has underlined its position as a thought leader in the domain of open source. A trusted supply chain is critical, and we are fortunate to have companies like Honda driving lasting change.”
About Honda
Honda is a mobility company powered by everyone’s dreams, creating mobility that helps and inspires people, in a wide range of fields such including motorcycles, automobiles, power products and aircraft.
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Osaka NDS, a company providing business integration, software and hardware research, development and manufacturing (and other services) has announced an OpenChain ISO/IEC 5230:2020 conformant program.
“A key aspect of the OpenChain mission is engagement and adoption of our ISO standards in the supply chain,” says Shane Coughlan, OpenChain General Manager. “Osaka NDS – as a leading company in the Japanese supply chain – is an excellent example of the type of care, leadership and sustainability towards practical open source deployment that can inspire others. We welcome their adoption of ISO/IEC 5230 and looking forward to working closely together in the future.”
About Osaka NDS
・Company name: Osaka NDS Co., Ltd. ・Head office location: Sumitomo Life OBP Plaza Building 8F, 1-4-70 Shiromi, Chuo-ku, Osaka City, Osaka Prefecture 540-0001 ・President: Takeshi Hirayama ・Establed: July 1993 ・Capital: 30 million yen ・Contact: TEL .06-6945-6800 FAX .06-6945-6801 ・Business contents: Integration business, software and hardware-related research and development, manufacturing, sales, development commissioning and dispatch of engineers for computer and peripheral equipment
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Korea Telecom (KT), South Korea’s largest telecommunications operator, has announced an OpenChain ISO/IEC 18974 Conformant Program. With 50,000 employees group-wide, KT has a long history in open source engagement, and has operated a dedicated team for its management since 2012.
KT’s decision to adopt OpenChain ISO/IEC 18974 continues their strategic interest in aligning with international standards for managing the supply chain, and builds on their previous adoption of OpenChain ISO/IEC 5230 for open source license compliance. [See note 1 below]
The adoption of OpenChain ISO/IEC 18974 further enhances KT’s contribution to open source security and enable them to take a more proactive and systematic approach to open source security activities.
“Today’s announcement is another milestone for both KT and the OpenChain Project,” says Shane Coughlan, OpenChain General Manager. “KT has demonstrated continued leadership in open source best practices with certification to OpenChain ISO/IEC 18974, and their activity coincides with deeper telecommunication adoption of OpenChain standards in recent months. Great credit is due to the open source and the management team of KT for driving this forward, and for the inspiration it provides to many other companies in the ecosystem.”
About KT Corporation (KRX: 030200; NYSE: KT)
KT Corp., Korea’s largest telecommunications service provider, is leading the new era of innovations in one of the world’s most connected countries with 5G, Big Data, Cloud, IoT, Blockchain and other transformative technologies. KT launched the world’s first nationwide commercial 5G network in April 2019, after showcasing the first trial 5G services at the PyeongChang Winter Olympic Games in February 2018. To help cope with COVID-19, KT is staging a social campaign, dubbed “Ma-Eum:TACT (Heart to Heart),” providing technology supports for people and businesses in need. KT will deliver most essential and innovative services and solutions to its customers around the world as the first frontier in the next technology revolution and number one Global ICT Company.
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
This OpenChain webinar focused on the current legal landscape of AI, covering four main topics: (1) open source and AI, (2) current litigation around AI, (3) an overview of current and forthcoming laws and regulations pertaining to AI, and (4) privacy and data protection and AI, including a case study on scraping biometric data for a facial recognition AI system. It is recommended for all legal, business executive and project management personnel with a remit to engage with open source and/or AI projects and products.
Watch the Webinar
Review the Slides
Learn More About Our Speakers
Anthony Decicco
Tony is a member in GTC’s IP Strategy, Mergers & Acquisitions, and Business & Technology Transactions groups. He focuses on mergers and acquisitions, strategic development of patent portfolios, valuing and commercializing intellectual property assets, and licensing and other technology-related transactions. In addition, Tony founded and oversees the firm’s Open Source Compliance and Due Diligence practice and has extensive experience advising clients regarding the use of open source software. He has reviewed the results of literally thousands of code scans.
Tony is also the Co-Lead of GTC’s Artificial Intelligence practice and has counseled clients regarding traditional AI/ML (i.e. algorithmic/rules-based) for many years and has more recently focused on generative AI. He specializes in data set licensing and strategies for acquiring and collecting data, developing patent portfolios focused on AI inventions and applications of AI technologies, developing AI-related contract terms, risk assessment and mitigation, and related policies and guidelines, in respect of using AI to generate and test software code and the intersections between open source software and AI. Tony is the co-chair of the AI & Cloud Computing sector of the Licensing Executives Society.
Tony’s clients range from individual inventors to Fortune 100 companies. Given his extensive experience on both the buy and sell sides of mergers and acquisitions, patent purchases/sales and IP/technology licensing transactions, he is a trusted advisor to clients on all sides of the table. For acquirers, a key strength is his ability to leverage this experience to quickly identify and assess IP-related risks. On the sell side, this experience translates to grooming clients and positioning IP assets to maximize value and minimize issues during rigorous due diligence.
Prior to joining GTC, Tony was a member of the IP & Technology, Internet & E-Commerce and M&A practice groups at Skadden, Arps, Slate, Meagher & Flom. He has research and professional experience in a diverse range of fields, including patent valuation, law and economics, molecular evolution, apoptosis, and lipid biochemistry. Tony holds an Honors B.Sc. in Biochemistry from McMaster University, an M.A. in Economics and a J.D., both from the University of Toronto, where he was a law review editor. He is admitted to practice in Massachusetts, New York, Ontario, and before the United States Patent and Trademark Office (with Limited Recognition).
Shea Leitch
Shea Leitch is a member of GTC’s growing Data Privacy group with over 10 years at the forefront of privacy and data protection law. Shea has served as a trusted advisor to multinational companies in an array of industries who rely on her to provide timely, strategic and practical advice as they build and adapt their global privacy and security programs.
Shea provides strategic guidance to clients regarding a wide array of data protection concerns from the ground-up development of enterprise-wide privacy and security compliance programs and cybersecurity assessments, to targeted guidance on discrete privacy and security issues. With CIPP/US and CIPP/E certifications from the International Association of Privacy Professionals, Shea provides tailored guidance on privacy and cybersecurity issues, including regulatory compliance and risk management, security assessments and remediation, security incident preparation and response, and enforcement matters.
Shea also provides targeted guidance on privacy compliance for clients using emerging technologies, including biometrics, artificial intelligence and AdTech. As a strategic advisor, Shea helps clients bring products to market by identifying practical solutions that facilitate business growth and innovation, while mitigating legal and regulatory risk.
Prior to joining GTC, Shea was Counsel at Squire Patton Boggs, LLP. She holds a B.A. in Political Science and Government from The Ohio State University, and a J.D. from The Ohio State University Moritz College of Law.
Stanislav Zakharenko
Stas Zakharenko practices in GTC’s thriving Technology Transactions and Artificial Intelligence groups and has over 18 years of experience at the forefront of intellectual property, technology and digital media law, including as the General Counsel of Audible, Senior Counsel at Amazon and Director of Product and Tech Legal at Netflix. Stas brings a rare blend of deep legal expertise, demonstrated business experience and executive-level leadership to his clients. Stas’ experience spans providing product development legal counseling, negotiating complex technology and content agreements as well as providing strategic legal and business leadership to clients ranging from startups through Fortune 50 companies.
In his most recent role as the Director of Product and Tech Legal at Netflix, Stas advised engineers and data scientists in navigating the rapidly evolving machine learning landscape and growing artificial intelligence wave. Stas’ demonstrated record of deeply understanding the technical intricacies of emerging technologies, in combination with his legal expertise, allows him to deliver practical, forward-looking legal solutions that support and drive innovation.
In addition to holding a J.D. from Boston University, Stas holds a B.A. in Music from Stony Brook University and is an avid musician in community jazz and classical groups.
Wael Nackasha
Wael Louis Nackasha focuses on M&A due diligence and technology-related transactional matters. Wael specializes in open source and commercial software licensing, agreements for the sharing of strategic and commercially sensitive technology, and IP strategy advice, as well as artificial intelligence and generative artificial intelligence related matters, including risk management, policies, and assessment of training datasets.
Wael drafts and prosecutes patent applications covering a wide range of technologies, including machine learning, blockchain, electrical, telecommunications, and computer-related technology. Before joining GTC, Wael was an Associate at Ridout and Maybee LLP where he practiced before both the USPTO and CIPO.
Prior to becoming an attorney, Wael spent several years as a research scientist and software developer. He has published scientific papers in conferences and journals on machine learning, biometrics, computer vision, signal and image processing, and statistical signal processing. Wael holds a J.D. from Osgoode Hall Law School, a Ph.D. and a Master of Applied Science in Electrical and Computer Engineering from the University of Toronto with dissertations focused on artificial intelligence, and a Bachelor of Engineering in Electrical Engineering from Ryerson University (renamed as Toronto Metropolitan University).
In his Ph.D. dissertation titled “Online and Continuous Electrocardiogram (ECG) Biometric System” (2017), Wael proposed a biometric system for continuously monitoring the identity of subjects using their electrocardiogram signals. The dissertation includes proposing novel feature extraction and detecting and removing abnormal electrocardiogram signals using statistical models.
In his Master of Applied Science dissertation titled “Weakly Trained Parallel Classifier and CoLBP Features for Frontal Face Detection in Surveillance Applications” (2010), Wael developed a computer vision system for face detection using novel discriminative features.
Check Out Our Previous Generative AI Webinar From GTC Law:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
The OpenChain Project is delighted to announce that the OpenHarmony Project, hosted by OpenAtom Foundation in China, has adopted ISO/IEC 5230, the international standard for open source license compliance. OpenHarmony has adopted ISO/IEC 5230 via third-party certification provided by CESI, an official partner of the OpenChain Project.
“This certification is an important building block in OpenHarmony’s compliance management system,” says Xiaojian Liu, Executive Director of OpenHarmony, “Achieving ISO 5230 certification is a significant milestone for the professionalization of open source software management in OpenHarmony. We chose third-party certification via CESI to ensure our adoption had assessment from independent, accredited experts, and to support the highest possible quality in our process management.”
“OpenHarmony represents another excellent example of the OpenChain standards for open source license compliance or security assurance being used by projects to manage upstream processes.” says Shane Coughlan, OpenChain General Manager. “Building on the momentum we have seen with Eclipse Foundation and openEuler, our announcement today with OpenHarmony is another landmark in the maturity of the open source ecosystem. Indeed, OpenHarmony deserves special note as a third-party certification by CESI, underlining their productive engagement with OpenHarmony and OpenAtom Foundation.”
About the OpenHarmony Project
OpenHarmony is an open-source project incubated and operated by the OpenAtom Foundation. It aims to build an open-source framework and platform for the operating system of smart devices in an all-scenario, all-connected, and all-intelligent era, promoting the prosperity of industry for full connection.
About the OpenAtom Foundation
The OpenAtom Foundation is a non-profit organization dedicated to promoting the development of the global open source community. It was founded in Beijing in June 2020.
The OpenAtom Foundation is committed to being a developer-oriented open source project incubation platform as well as a technology public welfare service organization. It follows the principles of co-construction, co-governance, and sharing, systematically builds an open and collaborative framework, establishes an international open source community, facilitates industry collaboration, and empowers various industries.
About CESI
Founded in July 1963, CESI is a nonprofit institution directly under the MII that is engaged in standardization, conformity assessment and measurement activities in the field of electronic information technologies. Authorized by government competent departments, CESI organizes the development of national and industry standards and participation in the international standardization activities in electronic information technologies. CESI provides product certification, quality system certification, experiments and tests, measurement and calibration as well as training for the public. The objective of CESI is to become a world-renowned, domestically authoritative institution for standardization and conformity assessment in the field of electronic information technologies.
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Nokia announces conformance with OpenChain ISO/IEC 5230:2020 to manage open source license compliance management in its supply chain. Nokia has been using and contributing to open source initiatives for decades as an active member of the open source community. Nokia implemented an open source compliance program as far back as 2004 and has had a multi-disciplined Open Source Program Office (OSPO) since 2014.
Nokia leads the Telco Working Group in the OpenChain community.
“Nokia is excited to publicly announce our conformance with OpenChain”, says Jonne Soininen, Head of Open Source Initiatives. “Nokia’s mature open source processes and tools fit well within the OpenChain requirements. We believe it is important to have industry-wide recognized standards to provide predictability to various parties in the industry and across the supply chain.”
“The adoption of ISO 5230 by Nokia is a significant step forward for the telecommunications supply chain with respect to open source,” says Shane Coughlan, OpenChain General Manager. “Firstly, it shows how one of the most experienced companies in the world in the sphere is taking a leadership position in managing open source risk and efficiency. Secondly, it is a clear signal to the broader supply chain regarding how other companies can optimize their approach as well. We welcome this development and look forward to working closely with the Nokia OSPO in the years ahead.”
About Nokia
At Nokia, we create technology that helps the world act together.
As a B2B technology innovation leader, we are pioneering networks that sense, think and act by leveraging our work across mobile, fixed and cloud networks. In addition, we create value with intellectual property and long-term research, led by the award-winning Nokia Bell Labs.
With truly open architectures that seamlessly integrate into any ecosystem, our high-performance networks create new opportunities for monetization and scale. Service providers, enterprises and partners worldwide trust Nokia to deliver secure, reliable and sustainable networks today – and work with us to create the digital services and applications of the future.
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
As part of their engagement with the OpenChain Project, the Nokia Open Source team have contributed the ‘openchain-telco-sbom-validator’, a script to validate SBOMs against the OpenChain Telco SBOM Guide. This reference tool is available to everyone under the Apache 2.0 license. Marc-Etienne Vargenau of Nokia, chair of the OpenChain Telco Work Group, Gergely Csatari and their colleagues have been instrumental in helping to ensure the determination of SBOM quality is easier, faster and more effective.
Check out the Telco SBOM Guide (Written Document):
usage: python3 openchain-telco-sbom-validator.py [options] input
positional arguments:
input The input SPDX file.
options:
-h, --help Shows this help message and exits.
--debug Prints debug logs.
--nr-of-errors NR_OF_ERRORS
Sets a limit on the number of errors displayed.
--strict-purl-check Runs a strict check on the given purls. The default behaviour is to run a non strict purl check what means that it is not checked if the purl is translating to a downloadable URL.
--strict-url-check Runs a strict check on the URLs of the PackageHomepages. Strict check means that the validator checks also if the given URL can be accessed. The default behaviour is to run a non strict URL check what means that it is not checked if the URL points to a valid page. Strict URL check requires access to the internet and takes some time.')
Installation of prerequisites
This script is written in python and uses a requirements.txt to list its dependencies. To install python on an Ubuntu environment run sudo apt install python3-pip.
It is usually a good practice to install Python dependencies to a Python virtual environment. To be able to manage virtual environments you need to install venv with sudo apt install python3-venv.
If you do not have a virtual environment yet cretate it with python3 -m venv .env and install the dependencies with pip3 install -r requirements.txt, if you already have a virtual environment start it with . .env/bin/activate.
License
This software is Copyright Nokia and is licensed under the Apache 2.0 license.
Issues and contributions
In case of any issues please create a GitHub issue, while also any contributions are warmly welcome in the form of GitHub merge requests.
14:55: ‘The supply chain, tool updates and the need for standardized interfaces’
by Marcel Kurzmann, Bosch
15:15: Catena-X / Eclipse Tractus-X – ‘Are there potential synergies with the OpenChain community and is there a supply chain for data?’
by Lars Geyer-Blaumeiser, Cofinity-X
15:35: Linux ELISA / SPDX Safety Profile – ‘How can the safety requirements be covered along the automotive software supply chain?’
by Nicole Pappler, AlektoMetis
15:55: Pause for coffee and networking
16:25: Software Defined Vehicle
16:25: Automotive Grade Linux and Software Defined Vehicle – Status and next steps
by Dan Cauchy, AGL
by Jan-Simon Moller, AGL
16:45: Eclipse Kuksa and Software Defined Vehicle – Status and next steps
by Sebastian Schildt, ETAS
17:15: Review of Core Topic
17:15: ‘ISO/IEC 5230, ISO/IEC 18974 and ISO/IEC 5962 – How updates to international standards for open source license compliance, security assurance and SBOM impact the automotive supply chain’
