The Linux Foundation Projects
Skip to main content
Category

News

ECARX Announces An OpenChain ISO/IEC 5230 Conformant Program

By Featured, News

ECARX is a global automotive technology provider partnering with OEMs to accelerate the future of software-defined vehicles. As OEMs develop new vehicle platforms from the ground up, ECARX is developing a full-stack solutions to enhance the user experience, while reducing complexity and cost.

To date ECARX products have been integrated into more than 8.7 million cars worldwide. Founded in 2017, and listed on the Nasdaq in 2022, it has more than 1,800 team members across Europe, Asia and the Americas working towards one ambition: to redefine the driving experience by making it safer and more enjoyable for everyone.

Webinar – Project OCCTET.eu – The Why, What and How

By automation, community, legal, licensing, News, security, Webinar

This webinar covered an interesting new EU-funded project that brings together various open source tooling for open source security and compliance like Open Source Review Toolkit (ORT) and AboutCode, and other experts in the domain of open source compliance, security and automation. This is an “outcome” webinar from the OpenChain and Friends event in Stuttgart, Germany during April 2025. This event saw speakers from Germany and beyond come together to share best practices around open source process management, compliance and automation. It featured Andreas Kotulla (Bitsea) and Martin von Willebrand (DoubleOpen), and had lively interaction from our audience.

Watch the Webinar:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2025-07-01.

Please welcome our duly elected 2025/2026 chairs for the OpenChain Specification, Education and Telco Work Groups

By Featured, News

We had the OpenChain Governing Board meeting last week, and our community-elected chairs for the OpenChain Specification, Education and Telco Work Groups were formally approved. Their terms begin today, July 1st 2025.

Please welcome:
– Specification: Chris Wood, Lockheed Martin (4th term)
– Education: Martin Yagi, First Light Fusion (1st term)
– Telco: Marc-Etienne Vargenau, Nokia (3rd term)

It is wonderful to have their help, contributions and experience applied to making a more trusted open source supply chain.

We are looking forward to the year ahead! There is a lot to do.

Want to be part of this? Check out our participation page. Everyone is welcome.

RECORDING: OpenChain Monthly Specification and Education Call (Europe- Asia) – 2025-06-18

By News

We Discussed:

New Conformance Announcements

We reviewed the public announcements of adoption around ISO/IEC 5230 and ISO/IEC 18974 through 1H 2025.

New Reference Material

We had a look at the new and improve reference material through 1H 2025.

The Forthcoming Steering Committee Meeting

We discussed the vote in the forthcoming Steering Committee meeting to decide whether or not to accept community suggestions for edits to ISO/IEC 5230 and ISO/IEC 18974.

Check out the Meeting Slides:

Watch the Recording:

Coming Next:

The monthly calls for the OpenChain Specification and Education Work Groups will have a different format in July. Updates to follow on specifics.

Join Our Work:

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate

External: Operationalizing Software Trust: Why OpenChain Matters!

By News

Strengthening Trust, Transparency, and Compliance in the Software Supply Chain

Ibrahim Haddad has written a great article discussing the OpenChain Project, our standards, and why our work has impact over on LinkedIn. We encourage everyone to take a moment and read his overview. Short preview below:

Over the past decade, the software supply chain has moved from a technical implementation concern to a strategic enterprise risk. Software has become central to every product and service, raising the responsibility bar for organizations to ensure that the software they ship is secure, compliant, and transparently governed.

This is where the OpenChain Project, hosted by the Linux Foundation, enters the picture.

For those unfamiliar, OpenChain defines industry standards for managing open source license compliance and security assurance across complex software supply chains. It provides a shared language for companies to communicate expectations and verify open source due diligence internally and with partners.

Yet, many organizations are still sitting on the sidelines.

After helping build and advise dozens of OSPOs over the past 15 years, from startups to multinationals, I can say this with confidence:

If your organization consumes or distributes open source software (hint: you do), OpenChain is not optional. It’s inevitable.

> Read the full article on LinkedIn.

Webinar – AboutCode – Practical Compliance in One Stack – Licensing, Vulnerabilities, and More

By ai, automation, licensing, News, security

This is an “outcome” webinar from the OpenChain and Friends event in Stuttgart, Germany, in April 2025. Our focus was on recent advances in the open source and open data AboutCode stack for licensing and security compliance. Our speaker was a good friend of the OpenChain Project, and the founder of AboutCode, Philippe Ombredanne.

Watch the Webinar:

Review the Slides:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2025-06-10.

Reflection on yesterday – OpenChain Korea Meeting, a community of professionals (and friends)

By News

After our meeting at Samsung yesterday (thank you Samsung team!), I wanted to add a short essay about what we have done and why it has helped people. Sometimes a history lesson helps us realize how far we have come, and how much we have accomplished.

When OpenChain started in 2016 there was a lot of uncertainty around open source compliance. We knew there were licenses, and we all had various ways to interpret them and make decisions around them, but apart from sharing notes there was no unified approach.

The OpenChain Project set out to change that, and it was designed to be open, collaborative and useful from the beginning. The founding members and the founding community felt strongly about a few things:
– Everything we build should be open and freely accessible
– The community – even the smallest company – should have a voice
– We would contribute “holistically” to making the supply chain more trusted

In other words, we would be open, we would have a problem to solve, but we would not become trapped in one topic or one period of the market. We were here to increase trust in the supply chain around compliance (starting with license compliance, but also including security and other compliance in the future).

As a side effect of what we were doing, we also wanted to help individuals. We wanted the professionals working in our field to get new skills and to have new long-term opportunities in their companies. A few years ago, one of the OpenChain community asked me “what career opportunities does someone working in open source compliance have?”

I said “it is important to remember that what we are doing is not making one implementation of one solution. For example, many people accomplish using our standards in an Open Source Program Office (OSPO), but OpenChain is not focused on OSPO, or SBOM formats, or metrics, or other things our sister projects do. Our work is complimentary but different. OpenChain is focused on business process management for supply chains, and the use of international standards. When someone works around OpenChain, they are not only being an open source expert, but also:
– Building proven experience in change management
– Building proven experience in using standards
– Building proven experience in adoption and applying business process management best practices
– And developing skills for cross-team collaboration inside and outside the company”

This is not by accident. We wanted to help the existing and the next generation of people in open source go further and have more opportunities. Our community would build new networks, and our activity would build new opportunities.

To date we have done a lot:
– Built ISO/IEC 5230 and ISO/IEC 18974 as international standards for open source business process management
– Guides around other areas of business process management (SBOM Quality, AI Compliance in the Supply Chain)
– We have introduced the first freely accessible maturity modeling for open source
– We have created the process to build totally open standards and to maintain them
– We have created the world’s largest library of business tools to help
– Policy
– Training
– Checklists
– Supplier education
– and so much more
– And our community has brought new people in contact with their future peers again and again in Korea, in Japan, in China and elsewhere.

In other words, thanks to you, we have completely transformed open source business management in the supply chain. And we have transformed how professional our field is. Open source is no longer a unique corner in a company. It is the same type of Software Asset Management as everything else, and that secures its future.

In Korea, we owe so much to so many people. I want to give special thanks to Haksung Jang, who has been at the center of the Korean Work Group from the beginning. Haksung has done more than organize the community. He has inspired it, and he has given it a blueprint for how to interact and share. The laughter, the open discussion, and the welcoming atmosphere was inspired by him. Haksung is a unique leader, and a precious part of the global open source community.

Many other people deserve praise too. For example, Soim for her playful but sincere help with community images, Seoyeon for her contributions to organizing and encouraging, and… you deserve praise too. If you have come to a meeting, or helped organize a meeting, or shared one of the many excellent presentations, to have helped build a true open source community.

It is very rare to see these things emerge. Most communities are frozen in one moment on one implementation. Very few communities transform a market, and still grown in new ways. We have never put barriers up (everything is free), we have never looked at commercial growth (we have a limit of 25 board members), and instead we have focused entirely on you – on what you, and I and our colleagues can do together.

Thank you so much for being part of that, and for reminding ourselves of how pure, useful and special freely sharing knowledge can be. True open community is kindness, and walking together to make everything better for all our benefit.

Regards
Shane Coughlan
General Manager, OpenChain

Mercedes-Benz Research and Development India Announces An ISO/IEC 5230 Conformant Program

By Featured, News

We are delighted to welcome Mercedes-Benz Research and Development India to the OpenChain community of conformance. This is another milestone in the adoption of OpenChain standards by the automotive supply chain, and serves as a reminder of the broad applicability for our solutions around the world.

About Mercedes-Benz Research and Development India:

Mercedes-Benz Research and Development India (MBRDI) is the largest research and development center for Mercedes-Benz Group AG outside of Germany. Started in 1996, the Bengaluru headquartered organisation plays a prominent role in the development of new technologies like connected, autonomous, and electric in the mobility world. MBRDI, known for its engineering innovations, has grown to a team of over 8,500 employees and is one of the earliest technology and innovation center of a global automotive company to set up a strong presence in India.

In line with the global ambitions of the Mercedes-Benz Group, MBRDI plays a prominent role in innovating and accelerating the future of sustainable mobility. Over the last 25 years of its presence in India, MBRDI has established itself as an innovation powerhouse. The engineers at MBRDI are committed to providing an unparalleled experience and comprehensive digital capabilities, with technology at the core. MBRDI harnesses the role of IT in accelerating the future of automotive technology in terms of engineering, digitalisation, testing and simulation, and data science.

MBRDI offices in Bengaluru specialise in end-to-end capabilities in product development and IT services. The satellite office in Pune focuses on interior component designs and IT engineering.

About the OpenChain Project:

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation:

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

OpenChain Newsletter #78

By Monthly Newsletter, News
logo

​ Newsletter – Issue 78 – May 2025

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

Headline News

    Outreach

    Webinars

    Our community released the following meeting recordings via our main channel:

    Note: Some community meetings are not recorded or are released through other channels

    Check Out All Our Previous Newsletters:

    Open Source Policy Template Updated

    By News
    The OpenChain Project publishes a policy template to help any organization (company or non-profit) quickly explore options for their own policy creation. This has now been updated with an “Example Policy Text” tab that shows options to inspire teams as they iterate.

    Download It Now:

    https://github.com/OpenChain-Project/Reference-Material/tree/master/Open-Source-Policy-Templates/ISO-IEC-5230-(OpenChain%202.1)/en

    You can also find all the previous versions of the policy template in the sub-folder marked “old” at the link above.

    Credit:

    Huge thanks to Martin Yagi for driving this improvement.

    Help Make This Better:

    Remember, this is a living document, so your own suggestions, improvements or corrections are most welcome! We coordinate our editing through our Education Work Group mailing list: