The Linux Foundation Projects
Skip to main content
search
Category

News

Jul 07

Webinar – How we are doing compliance at CARIAD with ORT

By automation, legal, licensing, News, security, Webinar

This webinar covered how the team in VW Group are doing compliance at CARIAD with ORT. Helio Chissini de Castro lead the discussion, and we had some interesting Q&A.

This is an outcome webinar from the OpenChain and Friends event in Stuttgart, Germany during April 2025. This event saw speakers from Germany and beyond come together to share best practices around open source process management, compliance and automation.

Watch the Webinar:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2025-07-03.

Jul 07

Public Comment Period Announced: Artificial Intelligence System Bill of Materials – Compliance Management Guide for the Supply Chain

By Featured, News
The OpenChain AI Work Group has been considering how to manage AI compliance in the supply chain for over a year. During this time the community has collaboratively produced a draft guide to identify key process points for a quality AI compliance program:

Next Steps:

With approval from the OpenChain Governing Board, the draft ‘The Artificial Intelligence System Bill of Materials: Compliance Management Guide for the Supply Chain’ is now entering a Public Comment Period.

Participate:

This Public Comment period will follow the OpenChain Project process outlined on our website:

YOU CAN SUBMIT A COMMENT BY:

  1. Opening an issue on the OpenChain Project Reference Library GitHub Repository:
    https://github.com/OpenChain-Project/Reference-Material/issues
  2. Emailing the OpenChain AI Work Group mailing list:
    https://lists.openchainproject.org/g/ai
The Public Comment Period will run for six weeks.

THE DEADLINE FOR SUBMISSION OF PUBLIC COMMENTS IS 2025-08-18 AT 04:00 PDT / 11:00 UTC / 13:00 CEST / 20:00 JST.

Please note: THE DRAFT GUIDE IS NOT A PRODUCTION RELEASE OR OFFICIAL RELEASE DOCUMENT FROM THE OPENCHAIN PROJECT. AT THIS JUNCTURE, IT IS WORKING DOCUMENT DESIGNED TO ALLOW INTERESTED PARTIES TO SHARE IDEAS.
Jul 04

ECARX Announces An OpenChain ISO/IEC 5230 Conformant Program

By Featured, News

ECARX is a global automotive technology provider partnering with OEMs to accelerate the future of software-defined vehicles. As OEMs develop new vehicle platforms from the ground up, ECARX is developing a full-stack solutions to enhance the user experience, while reducing complexity and cost.

To date ECARX products have been integrated into more than 8.7 million cars worldwide. Founded in 2017, and listed on the Nasdaq in 2022, it has more than 1,800 team members across Europe, Asia and the Americas working towards one ambition: to redefine the driving experience by making it safer and more enjoyable for everyone.

Jul 02

Webinar – Project OCCTET.eu – The Why, What and How

By automation, community, legal, licensing, News, security, Webinar

This webinar covered an interesting new EU-funded project that brings together various open source tooling for open source security and compliance like Open Source Review Toolkit (ORT) and AboutCode, and other experts in the domain of open source compliance, security and automation. It featured Andreas Kotulla (Bitsea) and Martin von Willebrand (DoubleOpen), and had lively interaction from our audience.

This is an outcome webinar from the OpenChain and Friends event in Stuttgart, Germany during April 2025. This event saw speakers from Germany and beyond come together to share best practices around open source process management, compliance and automation.

Watch the Webinar:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2025-07-01.

Jul 01

Please welcome our duly elected 2025/2026 chairs for the OpenChain Specification, Education and Telco Work Groups

By Featured, News

We had the OpenChain Governing Board meeting last week, and our community-elected chairs for the OpenChain Specification, Education and Telco Work Groups were formally approved. Their terms begin today, July 1st 2025.

Please welcome:
– Specification: Chris Wood, Lockheed Martin (4th term)
– Education: Martin Yagi, First Light Fusion (1st term)
– Telco: Marc-Etienne Vargenau, Nokia (3rd term)

It is wonderful to have their help, contributions and experience applied to making a more trusted open source supply chain.

We are looking forward to the year ahead! There is a lot to do.

Want to be part of this? Check out our participation page. Everyone is welcome.

Jun 30

RECORDING: OpenChain Q2 2025 Steering Committee Meeting – 2025-06-25

By News

The OpenChain Steering Committee held its Q2 2025 meeting on the 25th of June 2025 to discuss two items:

  1. An ISO periodic review to confirm that ISO/IEC 5230 is relevant, used and will continue to be used. The conformation had previously been agreed by email, and was formally motioned and passed at this meeting.
  2. Community proposals for future updates to ISO/IEC 5230 and ISO/IEC 18974.

The Outcomes

As noted above, there was an administrative matter related to ISO periodic review of ISO/IEC 5230, and this matter was submit to a formal motion and approval as per this meeting.
The second matter tabled consumed the majority of the meeting, and it is outlined in detail below.
The OpenChain Specification Work Group, chaired by Chris Wood and Helio Chissini de Castro (year 1), and then Chris Wood (to-date) underwent a two year and nine month process to (a) gather suggestions from inside and outside the OpenChain Project about potential improvements to ISO/IEC 5230 (license compliance) and ISO/IEC 18974 (security assurance), (b) run a six month public comment period and (c) run a three month freeze period.
These proposed updates went before the OpenChain Steering Committee on the 25th of June 2025 as per our formal processes, and were duly approved. The updates will be released sometime in 2026, with the exact date to be determined.
Provisionally, it is likely to be in Q2 2026, because we (i) need to complete a separate ISO periodic review of ISO/IEC 5230 in 2025, and (ii) we want to ensure plenty of time to formulate and spread a clear message about what to expect in the community updates a little later.
A quick overview is that:
  • (1) The primary change in the updates is adjusting the confirmation of conformance from 18 months to 12 months
  • (2) Alongside language improvements and citation or reference improvements
and
When ISO/IEC 5230 and ISO/IEC 18974 are sent into the update cycle in ISO a few things will happen.
  • (3) There will be a ballot to confirm the adjusted standards
  • (4) The new versions of the standards will get new ISO numbers
It is important to remember that while ISO/IEC 5230 and ISO/IEC 18974 will be superseded by the new versions, the existing ISO/IEC 5230 and ISO/IEC 18974 standards will still be a useful and available option for the supply chain. This will be a key part of our messaging ahead of finalizing a date for release in 2026. It is very important that companies understand that their current procurement cycle can continue, and no quick changes are needed.
Our duty, and our challenge, will be to ensure these expectations are set, communicated and supported by our work in 2H 2025.

The Recording of the Meeting:

The Slides We Used:

Jun 25

OpenChain @ OSS NA – Expanding the OpenChain Standards Portfolio – More Sister Standards? – 2025-06-25

By News

The OpenChain Project had a substantial presence at Open Source Summit North America 2025. We are posting some of our key talks to here to help with community education and discussion.

Expanding the OpenChain Standards Portfolio – More Sister Standards?:

A discussion has opened inside the OpenChain community regarding what future standards may join the existing portfolio of ISO/IEC 5230 for license compliance and ISO/IEC 18974 for security assurance.

The focus of the OpenChain Project is on building trust in the supply chain, and on doing this from the perspective of compliance matters. In the last year, the project has begun to prepare guides for SBOM Quality Management and AI Bill of Material Compliance in the Supply Chain. Both of these read against the project charter and mission.

This talk will explore how these two guides could potentially grown into future ISO standards via the existing practices of the OpenChain Project and lessons learned in making ISO/IEC 18974 in the 2023/2024 period. Rather than announcing new standards, the talk is sharing the processes involved in consideration, to illustrated how open projects address ideas and proposals from all parties in a genuinely inclusive manner.

Slides:

Speakers:

  • Shane Coughlan, General Manager of the OpenChain Project
Jun 25

OpenChain @ OSS NA – In From the Cold: Open Source as Part of Mainstream Software Asset Management – 2025-06-25

By News

The OpenChain Project had a substantial presence at Open Source Summit North America 2025. We are posting some of our key talks to here to help with community education and discussion.

In From the Cold: Open Source as Part of Mainstream Software Asset Management:

Software Asset Management (SAM) provides a way to manage software across small, medium and large entities. It is often seen as a way of addressing licensing or for making sure company staff are using permitted software applications and versions.

Open source has traditionally been divorced from SAM, which was focused on proprietary software solutions. Partly this was due to practical matters like different licensing schemes, and partly it was an artifact of separate paths of evolution.

However, in recent years open source has increasingly adopted approaches to licensing, security and other challenges that mirror SAM. Examples include the use of standards like ISO/IEC 5230 for licensing and ISO/IEC 18974 for security, of implementation standards like ISO/IEC 5962 for Software Bill of Materials.

As a consequence, open source is now more closely aligned with SAM. This talk will examine what that means for open source management overhead today, and where it will take us in the future. This talk is intended to equip people in open source strategy, legal and team leadership to navigate changes as smoothly as possible.

Slides:

Speakers:

  • Shane Coughlan, General Manager of the OpenChain Project
Jun 24

OpenChain @ OSS NA – Empowering Asian Contributions: The Rise of Regional User Groups in Open Source Communities – 2025-06-24

By News

The OpenChain Project had a substantial presence at Open Source Summit North America 2025. We are posting some of our key talks to here to help with community education and discussion.

Empowering Asian Contributions: The Rise of Regional User Groups in Open Source Communities:

In the vast landscape of the global Open Source community, Asia, despite its significant population, has historically seen limited contributions. This session will delve into the recent surge in the establishment of regional user group in Japan and their ripple effects across Asia. We will explore the inception and growth of the OpenChain Project’s Japan Chapter since 2017, which has catalyzed the expansion of regional communities in China, Korea, and beyond. We will discuss the motivations driving individuals in these regional communities and highlight the unique characteristics of the OpenChain Japan community. Furthermore, we will examine the collaborative efforts between the Japanese community and other open source communities like the TODO Group, showcasing how these partnerships have amplified their impact. Through our experiences, we will share insights on the essential elements for fostering successful regional communities in Japan. Additionally, we will introduce messages from the managers of OpenChain and the TODO Group, emphasizing the importance of integrating regional activities with the global open source ecosystem.

Slides:

Speakers:

  • Norio Kobota, Sony
  • Naomichi Shima, Sony
Jun 20

RECORDING: OpenChain Monthly Specification and Education Call (Europe- Asia) – 2025-06-18

By News

We Discussed:

New Conformance Announcements

We reviewed the public announcements of adoption around ISO/IEC 5230 and ISO/IEC 18974 through 1H 2025.

New Reference Material

We had a look at the new and improve reference material through 1H 2025.

The Forthcoming Steering Committee Meeting

We discussed the vote in the forthcoming Steering Committee meeting to decide whether or not to accept community suggestions for edits to ISO/IEC 5230 and ISO/IEC 18974.

Check out the Meeting Slides:

Watch the Recording:

Coming Next:

The monthly calls for the OpenChain Specification and Education Work Groups will have a different format in July. Updates to follow on specifics.

Join Our Work:

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate