The Linux Foundation Projects
Skip to main content
Category

Monthly Newsletter

OpenChain Newsletter #82

By Monthly Newsletter, News

Newsletter – Issue 82 – September 2025

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

Key Announcements and Updates

  • Seven Services Announces OpenChain ISO/IEC 5230 Conformant Program: Seven Services has announced a new program to help organizations conform to the OpenChain ISO/IEC 5230 standard for open source license compliance. You can learn more about this announcement here.
  • OpenChain ISO/IEC 18974 and the Cyber Resilience Act (CRA): The OpenChain security standard, ISO/IEC 18974, has been referenced in the EU Cyber Resilience Act (CRA) harmonized standards discussion. This is a significant development for the project and its role in the future of cybersecurity. Read the full update here.
  • Introducing the OpenChain Ambassador Program: A new Ambassador Program has been launched to recognize and support community members who are actively promoting OpenChain. Learn more about the program and how to get involved here.
  • SBOM Study Group Becomes a Work Group: The successful SBOM Study Group has now transitioned into a formal SBOM Work Group. This change reflects the group’s focus on producing tangible outputs, starting with a new guide to SBOM quality. You can find more information here.
  • Developing a New Guide to SBOM Quality: The SBOM Work Group is developing a new, cross-industry guide to SBOM quality. You can review the draft and contribute your feedback here.

Community Insights

  • OpenChain at Open Source Summit North America: A presentation at OSS NA by representatives from Sony Group Corporation highlighted the challenges and importance of managing a global community, with a focus on language and cognitive load. This is a must-read for anyone involved in international open source projects. You can find the details here.

Recent Meeting Recordings

For those who missed recent meetings, recordings are available:

  • OpenChain Monthly Specification and Education Call (Europe / Asia) – 2025-09-17: Recording
  • OpenChain Monthly Specification and Education Call (North America – Europe) – 2025-09-10: Recording
  • OpenChain SBOM Work Group – Monthly Meeting – 2025-09-24: Recording
  • OpenChain AI Work Group – Asia Sync – 2025-09-11: Recording
  • OpenChain Telco Work Group – September – 2025-09-04: Recording
  • OpenChain AI Work Group – Monthly Workshop for North America and Europe – 2025-09-02: Recording

Recent Webinars

  • Webinar: Introduction to the Cyber Resilience Act (CRA): An overview of the new EU law covering “products with digital elements.” You can watch the webinar here.
  • Webinar: Compliant containers with the OSADL Base Image: Learn how to manage FOSS license obligations for containers using the OSADL Base Image. The webinar recording is available here.

Potential Further Actions

  • Get Involved with the SBOM Work Group: With the SBOM Study Group now a Work Group, this is an excellent opportunity to contribute to the development of a crucial industry guide.
  • Attend Future Meetings: The best way to stay informed and contribute is to attend the various work group and specification calls. The schedule and connection details for all meetings can be found on the OpenChain participation page.
  • Watch Past Recordings: If you are new to a topic or a working group, watching the past recordings is a great way to get up to speed.

To participate further in the OpenChain Project, including joining mailing lists and attending meetings, please visit: https://openchainproject.org/participate

Note: This newsletter usually only contains primary meetings. Some community meetings are not recorded or are released through other channels.

Read Previous Newsletters:

AI Usage:

This newsletter is created by using a template, curating links from a month of OpenChain news posted on the blog and using these prompts on Google Gemini to fill out the central news:

  • “Summarize the following newsletter for folks interested in the open source compliance to learn the latest changes in the space and find possible items that can act on. Include the links in this newsletter. Add notes on potential further actions by readers, particularly around attending future meetings. Direct people to this link to participate further: https://openchainproject.org/participate”

The newsletter is then subject to an edit cycle. If you spot any errors we missed, please contact us.

OpenChain Newsletter #81

By Monthly Newsletter, News

Newsletter – Issue 81 – August 2025

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

Key Updates and Announcements

  • AI System Bill of Materials Guide: The public comment period for the “Artificial Intelligence System Bill of Materials – Compliance Management Guide for the Supply Chain” has now closed. The AI Work Group, Governing Board, and Steering Committee are reviewing the feedback received. You can follow the progress and view the draft guide here.
  • OpenChain at Open Source Summit Europe: The OpenChain Project had a strong presence at the recent Open Source Summit Europe, with talks and panels from board members and work group chairs. A mini-summit was also held to share knowledge on license, security, and regulatory compliance. You can learn more about the event here.
  • Call for Translation Collaboration: The OpenChain Project is seeking community assistance in translating the self-certification materials for ISO/IEC 5230 (Open Source License Compliance) and ISO/IEC 18974 (Open Source Security Assurance) into German, Japanese, Korean, and Chinese (Simplified and Traditional). If you are fluent in these languages, you can contribute to this important effort. Draft machine translations are available on GitHub to get you started. Find out more here.
  • Improved Self-Certification: The online self-certification process for both OpenChain ISO/IEC 5230 and OpenChain ISO/IEC 18974 has been updated and improved, making it easier for organizations to assess and declare their conformance. Check out the updates here.
  • OpenChain in China: A successful mini-summit on “Open Source Software Supply Chain Security Compliance in the AI Era” was held at the 2025CCF China Open Source Conference in Shanghai. The event was led by the OpenChain China Work Group and covered both legal and technical aspects of compliance. Read more about it here.
  • Understanding the CHAOSS Project: A recent webinar explored the CHAOSS (Community Health Analytics for Open Source Software) project, a Linux Foundation initiative focused on developing metrics and software to better understand the health of open source communities. You can find more information about this informative session here.

Recent Meeting Recordings

For those who missed them, recordings of recent OpenChain meetings are now available:

  • Monthly Specification and Education Call (North America – Europe) – August 13, 2025: This call covered the latest project news, a call for papers for the Open Compliance Summit, and updates from the Specification and Education Work Groups. You can watch the recording here.
  • OpenChain Japan Community Day #34 at Mitsubishi Electric: Recordings from this two-day event, featuring discussions on OSPO activities, preventing common licensing mistakes, and an introduction to OSS compliance for beginners, are now online. Access the recordings here.

Potential Further Actions for Readers

  • Attend Future Meetings: The best way to stay informed and contribute is to participate in the various OpenChain work group calls. The monthly Specification and Education calls, along with other topical and regional meetings, are open to everyone. You can find the full schedule of upcoming meetings and information on how to join on the OpenChain participation page.
  • Contribute to Translations: If you have language skills, your contribution to the translation of self-certification materials would be highly valuable. This is a practical way to help the global community adopt OpenChain standards.
  • Engage with Work Groups: Consider joining the mailing lists of the work groups that align with your interests, such as the AI Work Group, Specification Work Group, or Education Work Group. This will allow you to follow discussions and contribute your expertise.

To get more involved in any of these activities and to help build a more trusted open source supply chain, please visit: https://openchainproject.org/participate

Note: This newsletter usually only contains primary meetings. Some community meetings are not recorded or are released through other channels.

Read Previous Newsletters:

AI Usage:

This newsletter is created by using a template, curating links from a month of OpenChain news posted on the blog and using these prompts on Google Gemini to fill out the central news:

  • “Summarize the following newsletter for folks interested in the open source compliance to learn the latest changes in the space and find possible items that can act on. Include the links in this newsletter. Add notes on potential further actions by readers, particularly around attending future meetings. Direct people to this link to participate further: https://openchainproject.org/participate”

The newsletter is then subject to an edit cycle. If you spot any errors we missed, please contact us.

OpenChain Newsletter #80

By Monthly Newsletter, News

Newsletter – Issue 80 – July 2025

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

Key Announcements & Action Items:

  • Public Comment Period for AI Bill of Materials: The OpenChain Project has announced a public comment period for its “Artificial Intelligence System Bill of Materials – Compliance Management Guide for the Supply Chain.” This is a key opportunity for professionals to provide feedback and shape this important guidance.
  • New Leadership: The 2025/2026 chairs for the OpenChain Specification, Education, and Telco Work Groups have been elected.
    • Action: Meet the new chairs and consider reaching out to them with your ideas and offers of support.

Conformance & Community Growth:

Several companies have announced their conformance with OpenChain ISO/IEC 5230, demonstrating the standard’s growing adoption across various industries.

New Resources & Materials:

  • Updated Overview Slides: The OpenChain overview slides have been updated for July 2025, providing fresh material to explain the path to a more trusted supply chain.
    • Action: Get the slides to use in your own presentations and to advocate for open source compliance within your organization.
  • Telco Industry Handbook & Translation: A new handbook for software supply chain security in the Telco industry has been released, along with a Korean translation of the OpenChain Telco SBOM Guide.

Webinars & Recordings:

A wealth of knowledge has been shared through recent webinars and community calls. These recordings are a great way to catch up on the latest discussions and best practices.

Other Community Updates:

  • Japan Work Group Community Day: Notes and pictures from the 34th Community Day in Yokohama. View Here
  • Tooling Work Group Slides: Slides from the July 2nd meeting are available. View Here

To get more involved in the OpenChain Project, including joining mailing lists, attending meetings, and contributing to the work, please visit: https://openchainproject.org/participate

Note: This newsletter usually only contains primary meetings. Some community meetings are not recorded or are released through other channels.

Read Previous Newsletters:

AI Usage:

This newsletter is created by using a template, curating links from a month of OpenChain news posted on the blog and using these prompts on Google Gemini to fill out the central news:

  • “Summarize the following newsletter for folks interested in the open source compliance to learn the latest changes in the space and find possible items that can act on. Include the links in this newsletter. Add notes on potential further actions by readers, particularly around attending future meetings. Direct people to this link to participate further: https://openchainproject.org/participate”

The newsletter is then subject to an edit cycle. If you spot any errors we missed, please contact us.

OpenChain Newsletter #79

By Monthly Newsletter, News

Newsletter – Issue 79 – June 2025

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

News:

Note: This newsletter usually only contains primary meetings. Some community meetings are not recorded or are released through other channels.

Read Previous Newsletters:

AI Usage:

This newsletter is created by using a template, curating links from a month of OpenChain news posted on the blog and using these prompts on Google Gemini (free version) to fill out the central news:
  • “summarize the following newsletter for folks interested in the open source compliance to learn the latest changes in the space and find possible items that can act on.”
and
  • “include the links in this newsletter”
The newsletter is then subject to an edit cycle. If you spot any errors we missed, please contact us.

OpenChain Newsletter #78

By Monthly Newsletter, News
logo

​ Newsletter – Issue 78 – May 2025

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

Headline News

    Outreach

    Webinars

    Our community released the following meeting recordings via our main channel:

    Note: Some community meetings are not recorded or are released through other channels

    Check Out All Our Previous Newsletters:

    OpenChain Newsletter #77

    By Monthly Newsletter, News
    logo

    ​ Newsletter – Issue 77 – April 2025

    The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

    Headline News

      Webinars

      Meetings

      Our community released the following meeting recordings via our main channel: Note: Some community meetings are not recorded or are released through other channels

      Check Out All Our Previous Newsletters:

      OpenChain Newsletter #76

      By Monthly Newsletter, News
      logo

      ​ Newsletter – Issue 76 – March 2025

      The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

      Headline News

      Outreach

        Webinars

        Meetings

        Our community released the following meeting recordings via our main channel:

        Note: Some community meetings are not recorded or are released through other channels

        Check Out All Our Previous Newsletters:

        OpenChain Newsletter #75

        By Monthly Newsletter, News
        logo

        ​ Newsletter – Issue 75 – February 2025

        The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

        Headline News

        Outreach

          Webinars

          Meetings

          Our community released the following meeting recordings via our main channel:

          Note: Some community meetings are not recorded or are released through other channels

          Check Out All Our Previous Newsletters:

          OpenChain Newsletter #74

          By Monthly Newsletter, News
          logo

          ​ Newsletter – Issue 74 – January 2025

          The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

          Headline News

            Webinars

            Meetings

            Our community released the following meeting recordings via our main channel:

            Note: Some community meetings are not recorded or are released through other channels

            Check Out All Our Previous Newsletters:

            OpenChain Newsletter #73

            By Monthly Newsletter, News
            logo

            ​ Newsletter – Issue 73 – December 2024

            The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

            Headline News

              Outreach

              Webinars

              Our community released the following meeting recordings via our main channel:

              Note: Some community meetings are not recorded or are released through other channels

              Check Out All Our Previous Newsletters: