
Newsletter – Issue 82 – September 2025
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.
Key Announcements and Updates
- Seven Services Announces OpenChain ISO/IEC 5230 Conformant Program: Seven Services has announced a new program to help organizations conform to the OpenChain ISO/IEC 5230 standard for open source license compliance. You can learn more about this announcement here.
- OpenChain ISO/IEC 18974 and the Cyber Resilience Act (CRA): The OpenChain security standard, ISO/IEC 18974, has been referenced in the EU Cyber Resilience Act (CRA) harmonized standards discussion. This is a significant development for the project and its role in the future of cybersecurity. Read the full update here.
- Introducing the OpenChain Ambassador Program: A new Ambassador Program has been launched to recognize and support community members who are actively promoting OpenChain. Learn more about the program and how to get involved here.
- SBOM Study Group Becomes a Work Group: The successful SBOM Study Group has now transitioned into a formal SBOM Work Group. This change reflects the group’s focus on producing tangible outputs, starting with a new guide to SBOM quality. You can find more information here.
- Developing a New Guide to SBOM Quality: The SBOM Work Group is developing a new, cross-industry guide to SBOM quality. You can review the draft and contribute your feedback here.
Community Insights
- OpenChain at Open Source Summit North America: A presentation at OSS NA by representatives from Sony Group Corporation highlighted the challenges and importance of managing a global community, with a focus on language and cognitive load. This is a must-read for anyone involved in international open source projects. You can find the details here.
Recent Meeting Recordings
For those who missed recent meetings, recordings are available:
- OpenChain Monthly Specification and Education Call (Europe / Asia) – 2025-09-17: Recording
- OpenChain Monthly Specification and Education Call (North America – Europe) – 2025-09-10: Recording
- OpenChain SBOM Work Group – Monthly Meeting – 2025-09-24: Recording
- OpenChain AI Work Group – Asia Sync – 2025-09-11: Recording
- OpenChain Telco Work Group – September – 2025-09-04: Recording
- OpenChain AI Work Group – Monthly Workshop for North America and Europe – 2025-09-02: Recording
Recent Webinars
- Webinar: Introduction to the Cyber Resilience Act (CRA): An overview of the new EU law covering “products with digital elements.” You can watch the webinar here.
- Webinar: Compliant containers with the OSADL Base Image: Learn how to manage FOSS license obligations for containers using the OSADL Base Image. The webinar recording is available here.
Potential Further Actions
- Get Involved with the SBOM Work Group: With the SBOM Study Group now a Work Group, this is an excellent opportunity to contribute to the development of a crucial industry guide.
- Attend Future Meetings: The best way to stay informed and contribute is to attend the various work group and specification calls. The schedule and connection details for all meetings can be found on the OpenChain participation page.
- Watch Past Recordings: If you are new to a topic or a working group, watching the past recordings is a great way to get up to speed.
To participate further in the OpenChain Project, including joining mailing lists and attending meetings, please visit: https://openchainproject.org/participate
Note: This newsletter usually only contains primary meetings. Some community meetings are not recorded or are released through other channels.
Read Previous Newsletters:
AI Usage:
This newsletter is created by using a template, curating links from a month of OpenChain news posted on the blog and using these prompts on Google Gemini to fill out the central news:
- “Summarize the following newsletter for folks interested in the open source compliance to learn the latest changes in the space and find possible items that can act on. Include the links in this newsletter. Add notes on potential further actions by readers, particularly around attending future meetings. Direct people to this link to participate further: https://openchainproject.org/participate”
The newsletter is then subject to an edit cycle. If you spot any errors we missed, please contact us.