Join a webinar on the Digital Personal Data Protection Act, 2023 to understand key compliance obligations, consent mechanisms, and cross-border data transfer requirements. This 60-minute session offers a general overview and practical understanding to help both individuals and companies align with India’s DPDPA 2023. The event will be lead by Biju Nair, Chair of the OpenChain India Work Group.
The OpenChai Meridian 22 Work Group will be represented by Vladimir Slavov at OpenFest 2025 this weekend.
OpenFest is the biggest Bulgarian conference dedicated to free culture, free knowledge sharing, free and open source software. It is the most anticipated annual gathering of fans, creators and supporters of open source and free art in Bulgaria.
JUN Legal GmbH is the latest official OpenChain Partner, expanding coverage and diversity of options in the German market.
“Open source is a strategic topic for the European Union,” says Florian Hackel, specialized lawyer for IT law. “Projects like OpenChain, and the ISO process standards they maintain, offer a path to sustainable, reliable and trustworthy management. We are delighted to be able to support our clients and the broader community in the continued professionalization of open source.”
“Germany is a key market for the OpenChain Project,” says Shane Coughlan, OpenChain General Manager. “I am delighted to see our options for the community expanding, and our avenues for advocacy and support doing the same. I look forward to future collaboration with JUN and their team.”
About JUN Legal GmbH
JUN Legal is a medium-sized German law firm specializing in IT law, AI and open source compliance. Our team currently includes 27 attorneys with FOSS experience, eight of whom are Certified Specialist Lawyers for IT Law. For more than a decade, we have supported major corporate clients in ensuring license-compliant integration of open source software components and in developing strategic policies for the use of open source and its diverse licensing models. Our experience also includes delivering expert lectures, publishing on open source legal topics, and representing clients in selected court proceedings.
Learn more: https://jun.legal/en/
The OpenChain Project delivered a keynote at the recent ZF Conference in Germany. This event, targeted towards internal terms across the ZF Group, and to customers and suppliers, provided a platform to discuss open source strategy and practical management. As an adopter of OpenChain ISO/IEC 5230, ZG Group has taken a leadership position in seeking excellence in the open source automotive supply chain.
Lead by Chris Wood (Chair, Specification Work Group) and Martin Yagi (Chair Education Work Group), the call covered the following agenda:
A reminder for those in Asia – while this edition of the monthly call is happening in the darkest hours of the night (01:30 in Japan!), we also have a monthly Europe / Asia call that works better for those in Eastern time zones. Check out the schedule for this and all our other meetings here:
https://openchainproject.org/participate
Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/
You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate
During our regular OpenChain AI Work Group meeting for North America and Europe the agenda was:
Everyone is welcome to be part of this activity! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.
✉️ We have a dedicated mailing list for the AI Work Group: https://lists.openchainproject.org/g/ai
You can find and get the dial-in details for all future meetings from our participate page here: https://www.openchainproject.org/participate
OSS Security Technology Workshop (OWS) aims to encourage interaction between the corporate OSS community and academia, thereby stimulating research on OSS security and movement toward its practical application. OWS 2025 will be a key event to share knowledge and experience.
Kobota San and Namae San of Sony (and the OpenChain community) will be speaking in Okayama on the 28th of October at 15:50.
Improving SBOM Quality: Practitioner Challenges and Initiatives to Strengthen Software Supply Chain Trust
This presentation examines the critical role of high-quality SBOMs in regulatory compliance and software supply chain hardening. SBOM is essential for robust security management and compliance with OSS licenses. However, as things stand at present, many implementations are inadequate – for example, “Source SBOM” is often unable to capture real binaries or runtime components, while “Build SBOM” generated via CI/CD pipelines tends to rely on package metadata, resulting in incomplete or mismatched data. Sony is focusing its efforts on the OpenChain project, developing SBOM Document Quality Guides based on ISO/IEC 5230 and ISO/IEC 18974, implementing measures such as ESSTRA, software for embedding source code details of executable binaries released by Sony as OSS, and providing upstream OSS packages in collaboration with the Debian community.
Newsletter – Issue 82 – September 2025
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.
For those who missed recent meetings, recordings are available:
To participate further in the OpenChain Project, including joining mailing lists and attending meetings, please visit: https://openchainproject.org/participate
Note: This newsletter usually only contains primary meetings. Some community meetings are not recorded or are released through other channels.
AI Usage:
This newsletter is created by using a template, curating links from a month of OpenChain news posted on the blog and using these prompts on Google Gemini to fill out the central news:
The newsletter is then subject to an edit cycle. If you spot any errors we missed, please contact us.
Seven Services is the latest company to announce an OpenChain ISO/IEC 5230 conformant program. Based in Saudi Arabia, they are the first organization to enter the OpenChain Community of Conformance from that region.
Seven Services is a multi-industry company, delivering advanced services and solutions tailored to meet the evolving demands of multiple industries. With a strong commitment to innovation, reliability, and excellence, we specialize in providing comprehensive solutions across key sectors, including:
Committed to innovation and customer success, Seven Services empowers businesses with secure, efficient, and scalable solutions.
© 2025 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
