The OpenChain Education Work Group has been working on developing a simplified capability model to assess a company’s capability in open source license compliance against ISO 5230:2020.
In this session, we presented the simplified model, and invited questions and comments about how to improve it.
You can find the working version of the model here:
Zhenhua Sun of ByteDance, OpenChain China Work Group Chair, presented our work at the OSCAR 2024 conference in Beijing on October 16th. This presentation builds on our existing relationship with official partners like CAICT, and previous collaboration around the OSCAR event.
Osaka, Japan, October 17, 2024 – Honda, a global leader in the manufacturing of automobiles, motorcycles, and power equipment, today announces an OpenChain ISO/IEC 18974 conformant program. By adopting the international standard for open source security assurance, Honda builds on their December 2023 adoption of OpenChain ISO/IEC 5230:2020, a previous milestone in the use of the international standard for open source license compliance. Honda continues to drive long-term, sustainable innovation around the next generation of technologies.
“Honda has a remarkable position as the world’s largest motorcycle manufacturer and the world’s largest manufacturer of internal combustion engines,” says Shane Coughlan, OpenChain General Manager. “By adoption of both ISO/IEC 5230 and ISO/IEC 18974 in the last twelve months, Honda has underlined its position as a thought leader in the domain of open source. A trusted supply chain is critical, and we are fortunate to have companies like Honda driving lasting change.”
About Honda
Honda is a mobility company powered by everyone’s dreams, creating mobility that helps and inspires people, in a wide range of fields such including motorcycles, automobiles, power products and aircraft.
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Osaka NDS, a company providing business integration, software and hardware research, development and manufacturing (and other services) has announced an OpenChain ISO/IEC 5230:2020 conformant program.
“A key aspect of the OpenChain mission is engagement and adoption of our ISO standards in the supply chain,” says Shane Coughlan, OpenChain General Manager. “Osaka NDS – as a leading company in the Japanese supply chain – is an excellent example of the type of care, leadership and sustainability towards practical open source deployment that can inspire others. We welcome their adoption of ISO/IEC 5230 and looking forward to working closely together in the future.”
About Osaka NDS
・Company name: Osaka NDS Co., Ltd. ・Head office location: Sumitomo Life OBP Plaza Building 8F, 1-4-70 Shiromi, Chuo-ku, Osaka City, Osaka Prefecture 540-0001 ・President: Takeshi Hirayama ・Establed: July 1993 ・Capital: 30 million yen ・Contact: TEL .06-6945-6800 FAX .06-6945-6801 ・Business contents: Integration business, software and hardware-related research and development, manufacturing, sales, development commissioning and dispatch of engineers for computer and peripheral equipment
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
About once a month the OpenChain Project releases a slide deck to help explain what we do. The October edition is now available in the same location as all previous editions.
If you are a community advocate, please take it and help people get an overview of our work and our latest news.
If you are a curious reader, please use it as a starting point for engagement with our work and community.
The OpenChain AI Study Group held its regular Asia sync on the 10th of October. This focused on a recap of the earlier monthly workshop, which saw Karen Bennet from SPDX provided a briefing on AI BOM. Work also progressed on the draft scratchpad for management of AI BOMs.
Track This Work
You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
To help you navigate the complexities of AI, data and the supply chain, Nick Schifano CEO and founder of FastCatalog.ai discussed the intersection of AI innovation and legal frameworks. With years of experience in IP law, standards, and AI/ML legal frameworks, Nick guided us through key considerations for managing the AI supply chain—focusing on how companies can prepare for and comply with new regulatory requirements.
Webinar Highlights: ✔️ Insights into the hidden risks behind model lineage and training data in open-source AI models ✔️ Scenarios where data transparency becomes crucial for AI systems ✔️ Operational strategies to better manage AI and data supply chains ✔️ Preparing for the upcoming EU AI Act and its implications for companies
Watch the Webinar
Review the Slides
About the Speaker:
Nick Schifano is a leading expert in AI and legal frameworks. Before founding FastCatalog.ai, a company dedicated to revolutionizing AI supply chain management, Nick served as Assistant General Counsel at Microsoft, where he led groundbreaking initiatives in open innovation and AI/ML legal practices. With a technical foundation in software engineering and IT consulting, Nick brings a holistic view of both the technical and legal aspects of AI development.
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
The OpenChain Automotive Work Group held an online meeting to discuss a recent face-to-face in Stuttgart, Germany, Over-The-Air (OTA) update concepts and Software Bill of Materials. The meeting was hosted by Marcel Kurzmann of Bosch.
Watch the Recording
Review the Agenda
Re-Cap of the OpenChain Automotive F2F Workgroup-meeting from September 10th
Presentation of OTA concepts in automotive – maybe by eSync Alliance
Updates from the SBOM-study-group and discussion about potential automotive specific requirement