ECARX is a global automotive technology provider partnering with OEMs to accelerate the future of software-defined vehicles. As OEMs develop new vehicle platforms from the ground up, ECARX is developing a full-stack solutions to enhance the user experience, while reducing complexity and cost.
To date ECARX products have been integrated into more than 8.7 million cars worldwide. Founded in 2017, and listed on the Nasdaq in 2022, it has more than 1,800 team members across Europe, Asia and the Americas working towards one ambition: to redefine the driving experience by making it safer and more enjoyable for everyone.
We had the OpenChain Governing Board meeting last week, and our community-elected chairs for the OpenChain Specification, Education and Telco Work Groups were formally approved. Their terms begin today, July 1st 2025.
Please welcome:
– Specification: Chris Wood, Lockheed Martin (4th term)
– Education: Martin Yagi, First Light Fusion (1st term)
– Telco: Marc-Etienne Vargenau, Nokia (3rd term)
It is wonderful to have their help, contributions and experience applied to making a more trusted open source supply chain.
We are looking forward to the year ahead! There is a lot to do.
We are delighted to welcome Mercedes-Benz Research and Development India to the OpenChain community of conformance. This is another milestone in the adoption of OpenChain standards by the automotive supply chain, and serves as a reminder of the broad applicability for our solutions around the world.
About Mercedes-Benz Research and Development India:
Mercedes-Benz Research and Development India (MBRDI) is the largest research and development center for Mercedes-Benz Group AG outside of Germany. Started in 1996, the Bengaluru headquartered organisation plays a prominent role in the development of new technologies like connected, autonomous, and electric in the mobility world. MBRDI, known for its engineering innovations, has grown to a team of over 8,500 employees and is one of the earliest technology and innovation center of a global automotive company to set up a strong presence in India.
In line with the global ambitions of the Mercedes-Benz Group, MBRDI plays a prominent role in innovating and accelerating the future of sustainable mobility. Over the last 25 years of its presence in India, MBRDI has established itself as an innovation powerhouse. The engineers at MBRDI are committed to providing an unparalleled experience and comprehensive digital capabilities, with technology at the core. MBRDI harnesses the role of IT in accelerating the future of automotive technology in terms of engineering, digitalisation, testing and simulation, and data science.
MBRDI offices in Bengaluru specialise in end-to-end capabilities in product development and IT services. The satellite office in Pune focuses on interior component designs and IT engineering.
About the OpenChain Project:
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation:
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
S-core, Self-Certified for OpenChain ISO/IEC 18974 International Standard
S-core, an open source specialist with extensive experience in open source-based infrastructure development, has adopted OpenChain ISO/IEC 18974, an international standard for open source security assurance. This achievement builds upon the company’s existing OpenChain ISO/IEC 5230 certification for license compliance and extends their commitment to robust security across the open source supply chain.
With this certification, S-core has been able to strengthen open source security management and establish a more systematic approach and management system.
Sunghan Suh, Head of the Open Source Business Division at S-core, stated, said “ISO /IEC 18974 certification has established a systematic process and culture for open source management, enabling us to accelerate innovation and enhance quality and security.” With the OpenChain ISO/IEC 18974 certification, S-core has proven its leadership in open source utilization and consulting. We have been actively utilizing open source and contributing to the community for a long time, and we are leading the creation of value from open source by sharing and collaborating with various companies with our accumulated open source expertise.
About S-core:
S-core specializes in open source services with extensive experience across various technology fields. The company provides comprehensive solutions including open source adoption & migration, technical support and governance consulting, and governance consulting. Through these services, S-core enables customers to safely and efficiently utilize open source technologies within robust management frameworks.
About the OpenChain Project:
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation:
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
The OpenChain Project will host a mini-summit to explore how standards and process management are driving the next phase of sustainable, efficient open source use in organizations. We will discuss emerging trends or concerns in areas like AI and SBOM quality, and we will also discuss the future development of our existing standards (ISO/IEC 5230 for license compliance and ISO/IEC 18974 for security assurance). Attendees will come away with increased knowledge of OpenChain activities, more generally of open source business process management, and with the ability to apply that learning to their own companies and projects.
Agenda:
Current Compliance
OpenChain Standards for Process Management and Risk Reduction
Industry Specific and Cross-Industry SBOM Quality Management
Understand Automation – Open Source Tools for Open Source Compliance
Future Compliance
AI BOM Compliance in the Supply Chain
Mitigating Risk for Securing Information in a Post Quantum Computing (PQC) World
Famisanar EPS was formed as a strategic alliance between Cafam and Colsubsidio to contribute to improving the health of Colombians in 1995. They currently have 2,277 collaborators and are present in 139 municipalities of 16 departments. They have a total of 58 Administrative and User Service Offices nationwide.
“The OpenChain Project, and the standards we maintain, are a contribution to the health and trustability of the software supply chain,” says Shane Coughlan, OpenChain General Manager. “We are delighted to see that our work is supporting the medical industry in Colombia, and we hope their activity in this space inspires others. The OpenChain community is always ready to help organizations from any geography, and in any industry, make use of our standards and guides to improve open source process management.”
OpenAnolis announced that it has met the OpenChain ISO/IEC 5230 standard. The OpenAnolis community is a non-profit open source community formed by enterprises, institutions, universities, scientific research institutions, non-profit organizations, individuals, etc. on the basis of voluntariness, equality, openness, and collaboration.
The OpenAnolis community has always attached great importance to the construction of security and compliance capabilities. In terms of infrastructure, R&D processes and tools, the community has made comprehensive and in-depth investments, including the construction of software supply chain security infrastructure, support for SBOM lists, and the construction of license compliance systems. These capabilities provide solid security guarantees for the community’s open source activities, ensuring that they are carried out smoothly in a safe and compliant environment.
Ma Tao, Chairman of OpenAnolis, said: “We are pleased to announce the OpenChain ISO/IEC 5230 certification. Open source has always been the source of innovation for the OpenAnolis Community. The OpenAnolis Community will firmly embrace open source, contribute to open source, and contribute to the field of operating systems in the AI era. This certification is a very important milestone in the construction of OpenAnolis’s open source compliance capabilities, and it is also a new starting point. The OpenAnolis Community will continue to invest and improve in the direction of security compliance to ensure the community’s security compliance level.”
Liu Dapeng, head of the OpenAnolis Community Standardization SIG, said that the OpenAnolis Community’s OpenChain ISO/IEC 5230 certification is of great significance to the development of the community. Standards and community open source complement each other, promote and enhance each other, and play an important role in building an open, interoperable, prosperous and innovative technology ecosystem. In the future, the Standardization SIG will continue to work with community ecosystem partners to jointly formulate the engineering standards of the OpenAnolis Community and ensure that community products meet relevant standard requirements.
About OpenAnolis
Founded in September 2020, OpenAnolis is an international open-source community and innovation platform for operating systems. It is committed to building a Linux open-source distribution and open-source innovation technology through open community cooperation. Its goal is to promote the prosperity and development of software, hardware, and application ecology, and jointly create new sources and infrastructure for digital development.
The community council consists of 24 leading enterprises from around the world, including Alibaba Cloud, Uniontech, Loongson, Arm, Intel, and more. Nearly 600 partners have participated in ecological co-construction, achieving full coverage of mainstream chip collaborative research and development mechanisms, mainstream middleware/databases, and mainstream OEM manufacturers. Over 100 products have successfully adopted the OpenAnolis operating system (Anolis OS). Currently, OpenAnolis has served over 800,000 users.
OpenAnolis has established about 60 SIG working groups, with an average monthly contribution of 5,000 PR. It has achieved technological innovation in core areas such as chips, kernel, compiler, security, virtualization, and cloud-native, consistently ranking at the top of the Linux community rankings. The community has released several community versions, including Anolis LoongArch GA, Anolis OS 7.9, 8.4, 8.6, and more.
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Socionext, a semiconductor and System on a Chip (SOC) company based in Japan, has completed recertification of OpenChain ISO/IEC 5230. This is an important part of the 18 month review cycle required by the specification to ensure processes are current.
“ISO standard periodic recertification is a critical building block in creating trust,” says Shane Coughlan, OpenChain General Manager. “As companies evolve and markets change, it is important to use clear, unambiguous processes like those outlined in OpenChain ISO/IEC 5230, the International Standard for open source license compliance. This is key to managing the open source software supply chain, and Socionext has long been a leader in this area.”
About Socionext Inc.
Socionext Inc., a leading global System-on-Chip (SoC) supplier, is a pioneer of the ‘Solution SoC’ business model. This innovative approach encompasses Socionext’s ‘Entire Design’ capabilities and offering of ‘Complete Service’. As a trusted silicon partner, Socionext fuels global innovation, providing superior features, performance, and quality that set its customers’ products and services apart in diverse domains ranging from automotive and data centers to networking, smart devices, and industrial equipment.
Socionext Inc., based in Yokohama, operates offices across Japan, Asia, the United States, and Europe for development and sales. For more information, visit https://www.socionext.com/en/.
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
The OpenChain Project maintains a reference library of over 1,000 documents. This library has been built over eight years from our original, first release of a set of a training slides for open source license compliance. The library has now been comprehensively updated to make it easier to find, use and share resources.
To ensure easer of navigation and our ability to adjust and improve the library structure over time, you will find that navigation is primarily guided by the README file, which acts as the starting point for all navigation. You can also get a full preview of the structure of the library later in this post.
The intention is that:
You will enter this library at the top level of the archive
You will use this README file as your index
We will update the README as the library evolves
The library contains:
Adoption Guidance
AI Compliance Guidance
Case Studies
Compliance Training Slides
Explainers for Internal Teams
Maturity Models
Policy Templates
SBOM Quality Guidance
Source Material for Online Training Courses
Self-Certification Material
Supplier Education Material
Templates and Overview Material for OpenChain Project
+ Much, much more.
Licensing:
Most of the material in this repository is available under CC-0 licensing (effectively public domain). You will notice some exceptions with Guides (like the Telco SBOM Guide) and with case studies. These documents are not designed to be freely altered because they provide either guidance developed to consensus in our work groups, or the specific experience of companies in addressing compliance matters.
Navigating the Library:
As of 2025-05-08, the library is structured in the following folders alphabetically:
AI-SBOM-Compliance
Open-Source-Compliance-Support-Material
Open-Source-Policy-Templates
OpenChain-Adoption-Guides
OpenChain-Case-Studies
OpenChain-Explainers-For-Internal-Teams
OpenChain-FAQ
OpenChain-For-Mergers-and-Acquisitions
OpenChain-Maturity-Models
OpenChain-Promotion-Material
OpenChain-Standards-Self-Certification
OpenChain-Supplier-Education
OpenChain-Templates
OpenChain-Training
SBOM-Quality-Management
AI-Compliance
OpenChain has an AI Work Group. This is where you will find our work on AI compliance topics. The current focus is on AI SBOM management in the supply chain, and what type of program process points are required to manage this effectively.
This folder contains compliance-related material non-specific to OpenChain. You may find these community contributions useful in your work.
Open-Source-Policy-Templates
Having an open source policy is a requirement in our standards. This folder contains some template material to get you started or to help you refine existing policies.
OpenChain-Adoption-Guides
This folder contains guides to adopting the OpenChain standards.
OpenChain-Case-Studies
This folder contains case studies from companies that have adopted OpenChain standards.
OpenChain-Explainers-For-Internal-Teams
Explaining the value of OpenChain approaches to compliance process management is critical to ensure buy-in and support across an organization. We have created a series of quick explainer documents to support this.
OpenChain-FAQ
This folder contains the official OpenChain Project Frequently Asked Questions. These are mirrored on our website.
OpenChain-For-Mergers-and-Acquisitions
This folder contains some material relevant to understanding OpenChain standards in the context of Mergers and Acquisitions.
OpenChain-Maturity-Models
Once an organization has begun to adopt OpenChain standards, the question arises of how to iterate and improve their compliance program. Maturity models or capability models are a tool to assist with this. We have one to share with you as a reference guide.
OpenChain-Promotion-Material
This folder contains infographics, one-pagers and introductory presentations to help organizations understand the OpenChain Project, its standards, its reference material, and the global community supporting its work.
OpenChain-Standards-Self-Certification
This folder contains self-certification checklists and questionnaires to help companies easily adopt our standards. This material can also be used as a “health check” for organizations not currently using our standards.
OpenChain-Supplier-Education
This folder contains a leaflet designed to give suppliers a single file that takes them from “what is open source” through to the importance of license compliance, and the use of OpenChain standards.
OpenChain-Templates
This folder contains templates so that the community can develop new presentations or documents with the OpenChain trademarks, mascots and other images.
OpenChain-Training
This folder contains our reference training slides and also the source code for our online training courses.
SBOM-Quality-Management
OpenChain has an SBOM Study Group. This is where you will find our work on SBOM-related topics. The current focus is on SBOM Quality in the supply chain, and what type of approach is required to manage this effectively.
-1.png)
