THE LINUX FOUNDATION PROJECTS
Category

News

Dec 22

Panasonic Automotive Systems Announces OpenChain ISO/IEC 5230 Conformance

By Featured, News

Today Panasonic Automotive Systems has announced an OpenChain ISO/IEC 5230 conferment program. As a leading Tier 1 automotive supplier, Panasonic Automotive Systems is at the forefront of both using and effectively managing open source technology.

“During the certification process, we worked to improve the reliability of our OSS usage and products by structuring OSS utilization processes and building a highly secure management system.” said Masashige Mizuyama, Executive Vice President and Chief Technology Officer at Panasonic Automotive Systems. “We have actively contributed to the industry by promoting the standardization and open-sourcing of VirtIO, an open-source virtualization technology. Taking this certification as an opportunity, we will continue to provide high-quality and highly reliable solutions leveraging OSS, and contribute to the expansion and sustainable growth of the open source ecosystem in the in-vehicle device industry.”

“We are delighted to welcome Panasonic Automotive Systems into our community of conformance,” says Shane Coughlan, OpenChain General Manager. “Adoption of OpenChain ISO/IEC 5230 has been exceptional across the automotive supply chain, and the influence and inspiration provided by Tier 1 adoption cannot be overstated. We look forward to working with the Panasonic Automotive Systems team in the months and years ahead.”

About Panasonic Automotive Systems Co., Ltd.:

Panasonic Automotive Systems Co., Ltd., (PAS) was launched on April 1, 2022 as an operating company responsible for the automotive systems business in line with the start of the Panasonic Group’s operating company system, and on December 2, 2024 the company moved to a management structure in which 80% of its shares are held by the funds managed by an affiliate of Apollo Global Management, Inc. and 20% by Panasonic Holdings Corporation.

Headquartered in Japan, PAS is a global company with subsidiaries in eight other countries and, as a Tier 1 company, it provides advanced proprietary technologies such as infotainment systems to automakers in Japan and overseas, helping to create comfortable, safe, and secure automobiles. PAS is committed to meeting the expectations of its customers around the world with technologies that stand by people in pursuit of its corporate vision of becoming the “Joy in Motion” design company. To learn more about our company, please visit https://automotive.panasonic.com/en

About the OpenChain Project:

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation:

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Check Out The Publicly Announced Community of Conformance:
https://openchainproject.org/community-of-conformance

Dec 18

Save the date for our next OpenChain and Friends event in 2026!

By News

After a successful first #openchainandfriends – event this year, we plan to have our next event for 2026.

So mark the 24th , 25th and 26th of march 2026 in your calendars and prepare to join us in Stuttgart and talk about “Supply Chain (Chances and) Risk Management and beyond!”

We enhance our open source process management and automation topics with a dedicated stream for Open Source education and will have additional topic streams about Artificial Intelligence, CyberSecurity and Digital Sovereignty. We will explore Automotive / SDV and Embedded and OpenHW topics and discuss potential Open Source business opportunities for small- and medium-sized enterprises.

The program is collaboratively developed by the contributing communities so please regularly visit our event website to monitor the progress or even get involved yourself!:

https://openchainproject.org/news/2025/12/09/openchain-and-friends-2026

Big thanks to our friends at The FOSS-LÄND Community (https://github.com/the-foss-laend) for helping to make this happen and also supporting us again in the next year.

Registration will open in early January – Stay tuned!

We wish everyone a great holiday season and hope to see you in our event in 2026!

Dec 17

RECORDING: OpenChain Monthly Specification and Education Call (North America – Europe) – 2025-12-10

By News

We Discussed:

Lead by Chris Wood (Chair, Specification Work Group) and Martin Yagi (Chair Education Work Group), the call covered the following topics:

Survey results around the OpenChain ISO standards, the final draft of the new online training course material, and next steps to encourage community feedback.

Watch the Recording:

Coming Next:

  • A ton of work pending on education, and a survey to be released for the spec. Expect a strong focus on looking at what we have accomplished, looking at feedback, and making it better.

Join Our Work:

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate

Dec 17

RECORDING: OpenChain AI Work Group – Monthly Workshop for Europe and Asia – 2025-12-10

By News

Our regular OpenChain AI Work Group Asia Sync took place with participants from Europe and Asia, and with a focus on discussing next steps with the AI System Bill of Materials Compliance Guide. We are encouraging more market feedback to inform future development.

Watch the Recording:

Get Involved:

Everyone is welcome to be part of this activity! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list for the AI Work Group: https://lists.openchainproject.org/g/ai

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here: https://www.openchainproject.org/participate

Dec 17

OpenChain Newsletter #84

By Monthly Newsletter, News

Newsletter – Issue 84 – November 2025

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

This month’s update highlights significant momentum in global adoption, particularly in the semiconductor and logistics sectors, alongside a wealth of educational resources regarding AI, SBOMs, and container compliance.

Strategic Updates

The Governing Board has released a special message regarding the project’s direction. Additionally, for those who missed it, the full recording of the OpenChain Mini-Summit from OSS Europe is now available.

New Adopters (ISO/IEC 5230)

The ecosystem continues to expand with major industry players announcing conformance. This is a strong signal for supply chain managers to review their own vendor requirements.

Knowledge Base & Webinars

Three critical topics were covered this month: Software identification, patent non-aggression (OIN), and container compliance.

Work Group Recordings & Deep Dives

If you are actively building compliance programs, these recordings provide insight into current best practices for AI, Telco, and SBOMs.

Community & Ecosystem News

  • New Partner: Sun Square is now an official OpenChain Partner. Read More

  • Survey Data: OpenChain featured in the Deloitte Global ITAM Survey 2025. Read More

  • Event Recaps:

Actionable Items for Readers

  1. Assess Your Container Strategy: With the new webinar on “Containers and Compliance,” now is a good time to review how your organization handles license compliance within containerized environments.

  2. Review AI Governance: The AI Work Group is highly active. If your organization is integrating AI, reviewing the “Asia Sync” or “NA/Europe Workshop” recordings is recommended to stay ahead of upcoming specification adjustments.

  3. Benchmarking: Review the Deloitte Global ITAM Survey to see how your asset management and compliance practices compare to global standards.

Get Involved: Future Meetings

The recordings listed above represent recurring monthly work groups. To influence the direction of OpenChain standards (particularly in AI and SBOMs), you are encouraged to attend the next live sessions.

  • For Automotive: Look for the next Automotive WG Workshop to discuss supply chain specifics.

  • For AI Policy: Join the next monthly workshop (split by region) to contribute to the AI compliance roadmap.

  • For General Education: The Monthly Specification and Education calls are the best entry point for newcomers.

To find the schedule for the next meetings and join the mailing lists, please visit: https://openchainproject.org/participate

Note: This newsletter usually only contains primary meetings. Some community meetings are not recorded or are released through other channels.

Read Previous Newsletters:

AI Usage:

This newsletter is created by using a template, curating links from a month of OpenChain news posted on the blog and using these prompts on Google Gemini to fill out the central news:

  • “Summarize the following newsletter for folks interested in the open source compliance to learn the latest changes in the space and find possible items that can act on. Include the links in this newsletter. Add notes on potential further actions by readers, particularly around attending future meetings. Direct people to this link to participate further: https://openchainproject.org/participate”

The newsletter is then subject to an edit cycle. If you spot any errors we missed, please contact us.

Dec 16

Analog Devices, Inc. has announced OpenChain ISO/IEC 5230:2020 conformance

By Featured, News

Analog Devices, Inc. (ADI) has announced an OpenChain ISO/IEC 5230:2020 conformant program, making another important step forward for open source governance and management in the global silicon supply chain.

“Achieving OpenChain conformance underscores our belief that open source stewardship is foundational to engineering excellence,” said Rob Oshana, Senior Vice President, Software & Digital Platforms at ADI. “It reinforces our commitment to transparent processes, clear compliance standards and continuous improvement across the software lifecycle.”

“ADI is an excellent steward of open source,” says Shane Coughlan, OpenChain General Manager. “Their contributions to the open source community have been notable too, not least their direct engagement with the OpenChain Project as we have developed and deployed standards and reference material related to open source compliance. It is a genuine pleasure to welcome them to our community of conformance, and we look forward to continued collaboration in the future.”

About ADI

ADI is a global semiconductor leader that bridges the physical and digital worlds to enable breakthroughs at the Intelligent Edge. ADI combines analog, digital, AI, and software technologies into solutions that help drive advancements in automation and robotics, mobility, energy and data centers, and healthcare, combat climate change, and reliably connect humans and the world. With revenue of more than $11 billion in FY25, ADI ensures today’s innovators stay Ahead of What’s Possible. Learn more at www.analog.com and on LinkedIn and X (formerly Twitter).

About the OpenChain Project:

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation:

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Dec 15

Open Compliance Summit 2025 – Review and Photos

By Featured, News

The Open Compliance Summit 2025 was a tremendous success, with strong representation from China, Japan, Korea, Germany, Sweden, the United States, the United Kingdom, India and more. Over a packed schedule on the 11th and 12th December, attendees shared knowledge, networked and provided an exceptionally strong analysis of what is coming for licensing, security and regulatory compliance in 2026.

This event provided a substantial amount of analysis around OpenChain Project-related activities, ranging from the ISO standards to capability modeling, SBOM quality and AI System Bill of Material management.

The Open Compliance Summit is expected be held again in December 2026, and talk submissions are welcome. Learn more about the event on the official LF website around April 2026: https://events.linuxfoundation.org

OCS_Japan_251211_001
OCS_Japan_251211_001
OCS_Japan_251211_002
OCS_Japan_251211_002
OCS_Japan_251211_003
OCS_Japan_251211_003
OCS_Japan_251211_004
OCS_Japan_251211_004
OCS_Japan_251211_005
OCS_Japan_251211_005
OCS_Japan_251211_006
OCS_Japan_251211_006
OCS_Japan_251211_007
OCS_Japan_251211_007
OCS_Japan_251211_008
OCS_Japan_251211_008
OCS_Japan_251211_009
OCS_Japan_251211_009
OCS_Japan_251211_010
OCS_Japan_251211_010
OCS_Japan_251211_011
OCS_Japan_251211_011
OCS_Japan_251211_012
OCS_Japan_251211_012
OCS_Japan_251211_013
OCS_Japan_251211_013
OCS_Japan_251211_014
OCS_Japan_251211_014
OCS_Japan_251211_015
OCS_Japan_251211_015
OCS_Japan_251211_016
OCS_Japan_251211_016
OCS_Japan_251211_017
OCS_Japan_251211_017
OCS_Japan_251211_018
OCS_Japan_251211_018
OCS_Japan_251211_019
OCS_Japan_251211_019
OCS_Japan_251211_020
OCS_Japan_251211_020
OCS_Japan_251211_021
OCS_Japan_251211_021
OCS_Japan_251211_022
OCS_Japan_251211_022
OCS_Japan_251211_023
OCS_Japan_251211_023
OCS_Japan_251211_024
OCS_Japan_251211_024
OCS_Japan_251211_025
OCS_Japan_251211_025
OCS_Japan_251211_026
OCS_Japan_251211_026
OCS_Japan_251211_027
OCS_Japan_251211_027
OCS_Japan_251211_028
OCS_Japan_251211_028
OCS_Japan_251211_029
OCS_Japan_251211_029
OCS_Japan_251211_030
OCS_Japan_251211_030
OCS_Japan_251211_031
OCS_Japan_251211_031
OCS_Japan_251211_032
OCS_Japan_251211_032
OCS_Japan_251211_033
OCS_Japan_251211_033
OCS_Japan_251211_034
OCS_Japan_251211_034
OCS_Japan_251211_035
OCS_Japan_251211_035
OCS_Japan_251211_036
OCS_Japan_251211_036
OCS_Japan_251211_037
OCS_Japan_251211_037
OCS_Japan_251211_038
OCS_Japan_251211_038
OCS_Japan_251211_039
OCS_Japan_251211_039
OCS_Japan_251211_040
OCS_Japan_251211_040
OCS_Japan_251211_041
OCS_Japan_251211_041
OCS_Japan_251211_042
OCS_Japan_251211_042
OCS_Japan_251211_043
OCS_Japan_251211_043
OCS_Japan_251211_044
OCS_Japan_251211_044
OCS_Japan_251211_045
OCS_Japan_251211_045
OCS_Japan_251211_046
OCS_Japan_251211_046
OCS_Japan_251211_047
OCS_Japan_251211_047
OCS_Japan_251211_048
OCS_Japan_251211_048
OCS_Japan_251211_049
OCS_Japan_251211_049
OCS_Japan_251211_050
OCS_Japan_251211_050
OCS_Japan_251211_051
OCS_Japan_251211_051
OCS_Japan_251211_052
OCS_Japan_251211_052
OCS_Japan_251211_053
OCS_Japan_251211_053
OCS_Japan_251211_054
OCS_Japan_251211_054
OCS_Japan_251211_055
OCS_Japan_251211_055
OCS_Japan_251211_056
OCS_Japan_251211_056
OCS_Japan_251211_057
OCS_Japan_251211_057
OCS_Japan_251211_058
OCS_Japan_251211_058
OCS_Japan_251211_059
OCS_Japan_251211_059
OCS_Japan_251211_060
OCS_Japan_251211_060
OCS_Japan_251211_061
OCS_Japan_251211_061
OCS_Japan_251211_062
OCS_Japan_251211_062
OCS_Japan_251211_063
OCS_Japan_251211_063
OCS_Japan_251211_064
OCS_Japan_251211_064
OCS_Japan_251211_065
OCS_Japan_251211_065
OCS_Japan_251211_066
OCS_Japan_251211_066
OCS_Japan_251211_067
OCS_Japan_251211_067
OCS_Japan_251211_068
OCS_Japan_251211_068
OCS_Japan_251211_069
OCS_Japan_251211_069
OCS_Japan_251211_070
OCS_Japan_251211_070
OCS_Japan_251211_071
OCS_Japan_251211_071
OCS_Japan_251211_072
OCS_Japan_251211_072
OCS_Japan_251211_073
OCS_Japan_251211_073
OCS_Japan_251211_074
OCS_Japan_251211_074
OCS_Japan_251211_075
OCS_Japan_251211_075
OCS_Japan_251211_076
OCS_Japan_251211_076
OCS_Japan_251211_077
OCS_Japan_251211_077
OCS_Japan_251211_078
OCS_Japan_251211_078
OCS_Japan_251211_079
OCS_Japan_251211_079
OCS_Japan_251211_080
OCS_Japan_251211_080
OCS_Japan_251211_081
OCS_Japan_251211_081
OCS_Japan_251211_082
OCS_Japan_251211_082
OCS_Japan_251211_083
OCS_Japan_251211_083
OCS_Japan_251211_084
OCS_Japan_251211_084
OCS_Japan_251211_085
OCS_Japan_251211_085
OCS_Japan_251211_086
OCS_Japan_251211_086
OCS_Japan_251211_087
OCS_Japan_251211_087
OCS_Japan_251211_088
OCS_Japan_251211_088
OCS_Japan_251211_089
OCS_Japan_251211_089
OCS_Japan_251211_090
OCS_Japan_251211_090
OCS_Japan_251211_091
OCS_Japan_251211_091
OCS_Japan_251211_092
OCS_Japan_251211_092
OCS_Japan_251211_093
OCS_Japan_251211_093
OCS_Japan_251211_094
OCS_Japan_251211_094
OCS_Japan_251211_095
OCS_Japan_251211_095
OCS_Japan_251211_096
OCS_Japan_251211_096
OCS_Japan_251211_097
OCS_Japan_251211_097
OCS_Japan_251211_098
OCS_Japan_251211_098
OCS_Japan_251211_099
OCS_Japan_251211_099
OCS_Japan_251211_100
OCS_Japan_251211_100
OCS_Japan_251211_101
OCS_Japan_251211_101
OCS_Japan_251211_102
OCS_Japan_251211_102
OCS_Japan_251211_103
OCS_Japan_251211_103
OCS_Japan_251211_104
OCS_Japan_251211_104
OCS_Japan_251211_105
OCS_Japan_251211_105
OCS_Japan_251211_106
OCS_Japan_251211_106
OCS_Japan_251211_107
OCS_Japan_251211_107
OCS_Japan_251211_108
OCS_Japan_251211_108
OCS_Japan_251211_109
OCS_Japan_251211_109
OCS_Japan_251211_110
OCS_Japan_251211_110
OCS_Japan_251211_111
OCS_Japan_251211_111
OCS_Japan_251211_112
OCS_Japan_251211_112
OCS_Japan_251211_113
OCS_Japan_251211_113
OCS_Japan_251211_114
OCS_Japan_251211_114
OCS_Japan_251211_115
OCS_Japan_251211_115
OCS_Japan_251211_116
OCS_Japan_251211_116
OCS_Japan_251211_117
OCS_Japan_251211_117
OCS_Japan_251211_118
OCS_Japan_251211_118
OCS_Japan_251211_119
OCS_Japan_251211_119
OCS_Japan_251211_120
OCS_Japan_251211_120
OCS_Japan_251211_121
OCS_Japan_251211_121
OCS_Japan_251211_122
OCS_Japan_251211_122
OCS_Japan_251211_123
OCS_Japan_251211_123
OCS_Japan_251211_124
OCS_Japan_251211_124
OCS_Japan_251211_125
OCS_Japan_251211_125
OCS_Japan_251211_126
OCS_Japan_251211_126
OCS_Japan_251211_127
OCS_Japan_251211_127
OCS_Japan_251211_128
OCS_Japan_251211_128
OCS_Japan_251211_129
OCS_Japan_251211_129
OCS_Japan_251211_130
OCS_Japan_251211_130
OCS_Japan_251211_131
OCS_Japan_251211_131
OCS_Japan_251211_132
OCS_Japan_251211_132
OCS_Japan_251211_133
OCS_Japan_251211_133
OCS_Japan_251211_134
OCS_Japan_251211_134
OCS_Japan_251211_135
OCS_Japan_251211_135
OCS_Japan_251211_136
OCS_Japan_251211_136
OCS_Japan_251211_137
OCS_Japan_251211_137
OCS_Japan_251211_138
OCS_Japan_251211_138
OCS_Japan_251211_139
OCS_Japan_251211_139
OCS_Japan_251211_140
OCS_Japan_251211_140
OCS_Japan_251211_141
OCS_Japan_251211_141
OCS_Japan_251211_142
OCS_Japan_251211_142
OCS_Japan_251211_143
OCS_Japan_251211_143
OCS_Japan_251211_144
OCS_Japan_251211_144
OCS_Japan_251211_145
OCS_Japan_251211_145
OCS_Japan_251211_146
OCS_Japan_251211_146
OCS_Japan_251211_147
OCS_Japan_251211_147
OCS_Japan_251211_148
OCS_Japan_251211_148
OCS_Japan_251211_149
OCS_Japan_251211_149
OCS_Japan_251211_150
OCS_Japan_251211_150
OCS_Japan_251211_151
OCS_Japan_251211_151
OCS_Japan_251211_152
OCS_Japan_251211_152
OCS_Japan_251211_153
OCS_Japan_251211_153
OCS_Japan_251211_154
OCS_Japan_251211_154
OCS_Japan_251211_155
OCS_Japan_251211_155
OCS_Japan_251211_156
OCS_Japan_251211_156
OCS_Japan_251211_157
OCS_Japan_251211_157
OCS_Japan_251212_001
OCS_Japan_251212_001
OCS_Japan_251212_002
OCS_Japan_251212_002
OCS_Japan_251212_003
OCS_Japan_251212_003
OCS_Japan_251212_004
OCS_Japan_251212_004
OCS_Japan_251212_005
OCS_Japan_251212_005
OCS_Japan_251212_006
OCS_Japan_251212_006
OCS_Japan_251212_007
OCS_Japan_251212_007
OCS_Japan_251212_008
OCS_Japan_251212_008
OCS_Japan_251212_009
OCS_Japan_251212_009
OCS_Japan_251212_010
OCS_Japan_251212_010
OCS_Japan_251212_011
OCS_Japan_251212_011
OCS_Japan_251212_012
OCS_Japan_251212_012
OCS_Japan_251212_013
OCS_Japan_251212_013
OCS_Japan_251212_014
OCS_Japan_251212_014
OCS_Japan_251212_015
OCS_Japan_251212_015
OCS_Japan_251212_016
OCS_Japan_251212_016
OCS_Japan_251212_017
OCS_Japan_251212_017
OCS_Japan_251212_018
OCS_Japan_251212_018
OCS_Japan_251212_019
OCS_Japan_251212_019
OCS_Japan_251212_020
OCS_Japan_251212_020
OCS_Japan_251212_021
OCS_Japan_251212_021
OCS_Japan_251212_022
OCS_Japan_251212_022
OCS_Japan_251212_023
OCS_Japan_251212_023
OCS_Japan_251212_024
OCS_Japan_251212_024
OCS_Japan_251212_025
OCS_Japan_251212_025
OCS_Japan_251212_026
OCS_Japan_251212_026
OCS_Japan_251212_027
OCS_Japan_251212_027
OCS_Japan_251212_028
OCS_Japan_251212_028
OCS_Japan_251212_029
OCS_Japan_251212_029
OCS_Japan_251212_030
OCS_Japan_251212_030
OCS_Japan_251212_031
OCS_Japan_251212_031
OCS_Japan_251212_032
OCS_Japan_251212_032
OCS_Japan_251212_033
OCS_Japan_251212_033
OCS_Japan_251212_034
OCS_Japan_251212_034
OCS_Japan_251212_035
OCS_Japan_251212_035
OCS_Japan_251212_036
OCS_Japan_251212_036
OCS_Japan_251212_037
OCS_Japan_251212_037
OCS_Japan_251212_038
OCS_Japan_251212_038
OCS_Japan_251212_039
OCS_Japan_251212_039
OCS_Japan_251212_040
OCS_Japan_251212_040
OCS_Japan_251212_041
OCS_Japan_251212_041
OCS_Japan_251212_042
OCS_Japan_251212_042
OCS_Japan_251212_043
OCS_Japan_251212_043
OCS_Japan_251212_044
OCS_Japan_251212_044
OCS_Japan_251212_045
OCS_Japan_251212_045
OCS_Japan_251212_046
OCS_Japan_251212_046
OCS_Japan_251212_047
OCS_Japan_251212_047
OCS_Japan_251212_001
OCS_Japan_251212_001
OCS_Japan_251212_002
OCS_Japan_251212_002
OCS_Japan_251212_003
OCS_Japan_251212_003
OCS_Japan_251212_004
OCS_Japan_251212_004
OCS_Japan_251212_005
OCS_Japan_251212_005
OCS_Japan_251212_006
OCS_Japan_251212_006
OCS_Japan_251212_007
OCS_Japan_251212_007
OCS_Japan_251212_008
OCS_Japan_251212_008
OCS_Japan_251212_009
OCS_Japan_251212_009
OCS_Japan_251212_010
OCS_Japan_251212_010
OCS_Japan_251212_011
OCS_Japan_251212_011
OCS_Japan_251212_012
OCS_Japan_251212_012
OCS_Japan_251212_013
OCS_Japan_251212_013
OCS_Japan_251212_014
OCS_Japan_251212_014
OCS_Japan_251212_015
OCS_Japan_251212_015
OCS_Japan_251212_016
OCS_Japan_251212_016
OCS_Japan_251212_017
OCS_Japan_251212_017
OCS_Japan_251212_018
OCS_Japan_251212_018
OCS_Japan_251212_019
OCS_Japan_251212_019
OCS_Japan_251212_020
OCS_Japan_251212_020
OCS_Japan_251212_021
OCS_Japan_251212_021
OCS_Japan_251212_022
OCS_Japan_251212_022
OCS_Japan_251212_023
OCS_Japan_251212_023
OCS_Japan_251212_024
OCS_Japan_251212_024
OCS_Japan_251212_025
OCS_Japan_251212_025
OCS_Japan_251212_026
OCS_Japan_251212_026
OCS_Japan_251212_027
OCS_Japan_251212_027
OCS_Japan_251212_028
OCS_Japan_251212_028
OCS_Japan_251212_029
OCS_Japan_251212_029
OCS_Japan_251212_030
OCS_Japan_251212_030
OCS_Japan_251212_031
OCS_Japan_251212_031
OCS_Japan_251212_032
OCS_Japan_251212_032
OCS_Japan_251212_033
OCS_Japan_251212_033
OCS_Japan_251212_034
OCS_Japan_251212_034
OCS_Japan_251212_035
OCS_Japan_251212_035
OCS_Japan_251212_036
OCS_Japan_251212_036
OCS_Japan_251212_037
OCS_Japan_251212_037
OCS_Japan_251212_038
OCS_Japan_251212_038
OCS_Japan_251212_039
OCS_Japan_251212_039
OCS_Japan_251212_040
OCS_Japan_251212_040
OCS_Japan_251212_041
OCS_Japan_251212_041
OCS_Japan_251212_042
OCS_Japan_251212_042
OCS_Japan_251212_043
OCS_Japan_251212_043
OCS_Japan_251212_044
OCS_Japan_251212_044
OCS_Japan_251212_045
OCS_Japan_251212_045
OCS_Japan_251212_046
OCS_Japan_251212_046
OCS_Japan_251212_047
OCS_Japan_251212_047

This event also marked the last public event of our current General Manager, Shane Coughlan. We had a little ceremony and took some photos.

Dec 12

RECORDING: OpenChain Telco Work Group – 2025-12-04

By News

Attendees:

  • Jimmy Ahlberg, Ericsson
  • Takashi Ninjouji, Honda
  • Marc-Etienne Vargenau, Nokia

We show the anti-trust notice https://github.com/OpenChain-Project/Reference-Material/tree/master/OpenChain-Templates/Work-Group-Slide-Template as reminded by Shane.

Jimmy is back from his Asia trip. He will go in Japan for the Open Source and Compliance summits.

Jimmy has concerns about the recently released version 1.7 of the CycloneDX standard. CycloneDX v1.7 introduces first-class support for patents and patent families. These new fields could be used by patent trolls.

Shane will be leaving his role as OpenChain General Manager. His last day will be the 12th of December. There is no replacement for him yet. It might take some time. Everyone is welcome to propose candidates.

We have no news from CISA about their Minimum Elements document. Nokia comments were provided, but they are still not visible at https://www.regulations.gov/document/CISA-2025-0007-0001/comment. So we have no idea when the final version of the document will be published.

The Python ntia-conformance-checker https://pypi.org/project/ntia-conformance-checker/ has been updated. It is now possible to check also conformance to the CISA document, meaning checking also Licenses and Copyright Holder. But the default is still to check NTIA, an option has to be added to check for CISA. So it has no impact on the openchain-telco-sbom-validator that uses this library.

It is now also possible to check conformance for SPDX 3 SBOMs. But we have not yet tested this capability.

A new release 0.3.3 of the openchain-telco-sbom-validator has been published. It only fixes a very small bug in the handling of the CISA SBOM type when followed by more text in the comment.

Nokia has published a new Python tool https://pypi.org/project/pypispdx/ to create SBOMs for Python packages available on https://pypi.org/. It will create an SBOM in multiple SPDX 2.3 formats (tag:value, JSON, RDF, XML, YAML). The SBOM will be compliant with the OpenChain Telco SBOM Guide. It includes the recursive dependencies of the package. For every package, it contains the PackageDownloadLocation, the PackageChecksum in both SHA256 and MD5 and the licenses when available.

Takashi-san reminds that the last version of the German BSI document requires SPDX in version 3, whereas the previous version required only SPDX 2. Most tools, including for example Black Duck, produce only SPDX 2 for the moment. We do not know the reason why the BSI requires it. In practice, the simplest solution could be to convert SPDX 2 to SPDX 3 using the Java tools https://github.com/spdx/tools-java.

Takashi-san shows the work done by the automotive group about SPDX 3.

The OpenChain automotive work group handles SPDX 3 generate by Yocto and would like to validate it against the Telco Guide. Currently, the validator can only handle SPDX 2, as the Python library it uses (https://github.com/spdx/tools-python/) cannot parse SPDX 3. The last release of this library is more that one year old. A new maintainer has been nominated, so we hope to have a new release that can handle SPDX 3, but we have no date.

We can start to think to an update of the SBOM Guide to allow SPDX 3. The OpenChain SBOM work group has produced in its document a mapping table of the Telco Guide between SPDX 2 and SPDX 3.

Jimmy will provide a better wording of the paragraph about encryption (see https://github.com/OpenChain-Project/Telco-WG/pull/214).

Watch the Recording:

Be part of this:

Everyone is welcome to be part of this study group! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list:
https://lists.openchainproject.org/g/telco

💻 We have a dedicated GitHub Repo:
https://github.com/OpenChain-Project/Telco-WG

You are also welcome to participate in any of our other working groups around the world:

Dec 11

RECORDING: OpenChain AI Work Group – Monthly Workshop for North America and Europe – 2025-12-02

By News

We continued to explore the question of how to address the intersection of open source, AI and process management in our regulation OpenChain AI Work Group Workshop for North America and Europe. Chaired by Matthew Crawford of Arm and Dave Marr of Qualcomm, this work group is building on the knowledge gathered and deployed to market in the OpenChain AI System Bill of Materials Compliance Guide.

Watch the Recording:

Get Involved:

Everyone is welcome to be part of this activity! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list for the AI Work Group: https://lists.openchainproject.org/g/ai

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here: https://www.openchainproject.org/participate

Dec 09

OpenChain and Friends 2026 – Stuttgart – March 24~26

By News

Save the date! We will hold the second annual OpenChain and Friends event in Stuttgart from the 24th to the 26th of March 2026.
(learn about last year’s edition here: https://openchainproject.org/news/2025/02/20/openchain-and-friends-stuttgart )

Main Event Location:

  • Service and Supply Chain Campus Feuerbach,

Satellite Event Locations:

  • Mercedes-Benz in Vaihingen
  • Bosch in Ludwigsburg

In Partnership With:

The FOSS-LÄND Community

Topic Streams:

  1. Open Source Compliance and OSPOs – join the Matrix Open Source Compliance and OSPO discussion
  2. Cybersecurity – join the Matrix CyberSecurity discussion
  3. Women in Open Source – join the Matrix Women in Open Source discussion
  4. Embedded and OpenHW – join the Matrix Embedded and OpenHW discussion
  5. Artificial Intelligence – join the Matrix Artificial Intelligence discussion
  6. Digital Sovereignty and Open Source in Business – join the Matrix Digital Sovereignty discussion
  7. Education – join the Matrix Education discussion
  8. Automotive /SDV – join the Matrix Automotive and SDV discussion

Program details are collaboratively developed and can be tracked in our repository: OpenChain and Friends Program 2026.

Contact helpdesk@lists.openchainproject.org for more information. We would love for you to be part of this, and to help contribute to our welcoming community of open source governance professionals. We welcome everyone from small, medium and large companies, local and national government, non-profit organizations, academica and also independent parties curious about what is happening in this space.