News

The OpenChain Project will hold a special mini-summit covering ‘Open Source Software Supply Chain Security Compliance in the AI Era’ at the 2025 CCF China Open Source Conference on the 3rd of August 2025.

More About The Speakers And Event:

• https://chinaosc.ccf.org.cn/information/detail/943

The OpenChain Project held a mini-summit during Open Source Summit North America. It featured a series of talks from OpenChain Governing Board members covering SBOM quality, compliance tooling and AI compliance guidance, before ending with a forward-looking talk about quantum encryption-related compliance challenges by our Specification Work Group chair.

View The Full Summit Playlist:

• https://www.youtube.com/playlist?app=desktop&list=PLbzoR-pLrL6pBZlIfGL4B8Dm5rNF88r2E

Jump To Individual Talks:

We Also Had Talks During The Main Conference:

• Empowering Asian Contributions: The Rise of Regional User Groups in Open Source Communities
• In From the Cold: Open Source as Part of Mainstream Software Asset Management
• Expanding the OpenChain Standards Portfolio – More Sister Standards?

About:

The OpenChain Japan Work Group is holding a two-day event on the 31st July ~ 1st August 2025. Our Japan Community Day #34 is kindly hosted by Mitsubishi Electric at their innovation hub in Yokohama. This event will also be broadcast live on Zoom.

Join Via Zoom:

In-person registration is closed, but you can still join via Zoom.

Day 1, 13:00 to 17:00:

• https://zoom-lfx.platform.linuxfoundation.org/meeting/96349935978?password=97d03064-27bd-4b1e-8426-b48ee786163f

Day 2, 09:30 to 11:45:

• https://zoom-lfx.platform.linuxfoundation.org/meeting/96050597218?password=c8063216-159b-4a67-b4b6-07be196ae73a

Agenda:

【DAY 1 – 7月31日（木）-】
13:00-13:30 (30分) ： 三菱電機 Serendie Street(共創空間) ガイドツアー
★希望者のみ。現地参加登録の際に一緒にお申し込みください。
13:30-14:05 (35分) ： House Keeping、OpenChain紹介、Shane GMによるKeynote
14:05-14:25 (20分) ： 三菱電機のOSPO活動紹介
14:25-15:15 (50分) ： オープンソースライセンス研究所 うっかりミス防止研究会の活動紹介
15:15-15:45 (30分) ： 休憩＆ネットワーキング
15:45-16:20 (35分) ： FAQ-sgより、うっかりミス関連FAQ紹介
16:20-16:50 (30分) ： イベントリキャップ OSS Summit NA 2025
16:50-17:00 (10分) ： クロージング
17:30-19:00 (90分) ： 同会場にてネットワーキング(懇親会)

【DAY 2 – 8月1日（金）-】
9:30-11:30 (120分) ： Education-sg紹介、初学者向け OSSコンプライアンス教育
11:30-11:45 (15分) ： 教育資料オープンレビュー

About This Webinar:

CHAOSS is a Linux Foundation project focused on creating metrics, metrics models, and software to better understand open source community health on a global scale. This webinar will delve into how it accomplishes these goals, and how you can get involved.

Join On The 13th August @ 08:00 PDT / 10:00 CDT / 15:00 UTC / 16:00 BST / 17:00 CEST:

• https://zoom-lfx.platform.linuxfoundation.org/meeting/91685525578?password=c66b63da-4ff1-4676-b211-29fccb873e3b

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

• https://www.openchainproject.org/webinars

• We held our regular OpenChain AI Work Group meeting for Europe and Asia on the 24th of July.There were two items on the agenda:
  1. We launched a Public Comment Period for the Artificial Intelligence System Bill of Materials – Compliance Management Guide for the Supply Chain on the 7th of July. The public comment period will run for six weeks, and conclude on the 18th of August at 04:00 PDT / 11:00 UTC / 13:00 CEST / 20:00 JST. The public comment period was discussed.
  2. Assuming a successful comment period, we had some questions and discussions to plan for the formal release of the guide framed by three questions:
     (i) How should the guide be messaged to the supply chain?
     (ii) What are the “metrics for success” to measure impact?
     (iii) What is the timescale for the next phase of guide development?

Watch the Recording:

Get Involved:

Everyone is welcome to be part of this activity! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list for the AI Work Group:
https://lists.openchainproject.org/g/ai

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here:
https://www.openchainproject.org/participate

As always, we focused on the question of “how do we use SBOMs in production, large-scale and complex supply chains?”

This Meeting Discussed:

1. News – Contributions of New Documents for SBOM Quality
2. News – OpenChain @ Debian Conf 25
3. Comments on the term “SBOM Document”
4. Who should create SBOMs and how they can be created
5. Key points regarding security considerations

Watch the Meeting:

Learn More About This Study Group:

Our SBOM Study Group brings all our various SBOM-related activities together and helps answer the question of “how do we use SBOMs in production, large-scale and complex supply chains?” Our original kick-off call has all the details.

Get Involved:

Everyone is welcome to be part of this study group! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list:
https://lists.openchainproject.org/g/sbom

💻 We have a dedicated GitHub Repo:
https://github.com/OpenChain-Project/SBOM-sg

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here:
https://www.openchainproject.org/participate