Keep track of all our monthly calls working on the OpenChain standards via our specification mailing list:
This is the first planning call for an OpenChain Study Group focused around the topic of AI compliance. The goal is to formally start the AI Study Group in 2024.
After this call, a mailing list was created for the AI Study Group, and this is where future activities will be coordinated. Everyone is invited to participate.
Join the Mailing List
OpenChain Welcomes ISO/IEC 18974:2023, The International Standard For Open Source Security Assurance
KakaoBank is the first company to formally announce conformance to ISO/IEC 18974:2023 adjacent to the ISO publication of the specification.
Learn more about the KakaoBank announcement: https://www.openchainproject.org/news/2023/11/22/kakaobank-iso18974
The Linux Foundation, Joint Development Foundation and the OpenChain Project are delighted to announce the publication of ISO/IEC 18974:2023 as an International Standard. Formally known as OpenChain Security Assurance 1.1 or ISO/IEC DIS 18974, this is a simple, clear and effective process management standard for open source security assurance. It allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source security assurance program.
Companies around the world can learn more about ISO/IEC 18974:2023, methods of self-certification, independent assessment or third-party certification, as well as access a large library of reference material at https://www.openchainproject.org
ISO/IEC 18974:2023 is an open standard and all parties are welcome to engage with our community, learn from their peers, share their knowledge, and to contribute to the future of our standard. There is no charge to access and use our reference material, self-certification or to engage with our numerous calls, webinars, mailing lists and meetings.
“ISO/IEC 18974:2023 is the result of over seven years work in building simple, effective process management specifications for the open source supply chain. As a sister standard to ISO/IEC 5230:2020, the International Standard for open source license compliance, it has a direct pedigree based on decades of open source management experience distilled and applied by hundreds of contributors. It can immediately be used by companies of any sizes to reduce risk, increase efficiency and ensure sustainability around code management.”
Shane Coughlan, OpenChain General Manager
This standard was created with the input of dozens of people across a period of more than a year. The majority of this process was lead by the co-chairs of the OpenChain Specification Work Group, Chris Wood, Fellow at Lockheed Martin and Helio Chissini de Castro, Software Technologies Lead at CARIAD – a Volkswagen Group Company.
“It is a great accomplishment for the OpenChain team’s hard work to have our Software Assurance specification accepted for publication as an Internationally recognized specification by ISO/IEC.”
Chris Wood, Fellow at Lockheed Martin
“ISO/IEC 18974 fills a market gap that OpenChain could effectively address by connecting people. In a world where security and compliance are no longer seen side by side but rather crossing paths, an intelligent approach on how to manage this situation was needed by professionals. OpenChain provided the right people and the right environment to achieve a practical solution based on the approach previously proven via ISO/IEC 5230.”
Helio Chissini de Castro, Software Technologies Lead at CARIAD – a Volkswagen Group Company.
Industry reception has been equally positive, with the follow endorsement from OPPO – an OpenChain Platinum Member – underlining the global applicability of ISO/IEC 18984:2023 for open source security assurance.
“As a core member of OpenChain, OPPO is pleased to see OpenChain’s newly released ISO standard, which aims to ensure the security of the open source software’s supply chain. The development is expected to bring numerous strengths to OPPO and its partners, including enhanced security, improved product quality, and increased competitive advantages. This achievement marks yet another significant milestone in the ongoing development of OpenChain.”
Haydon, Vice President of OPPO and President of Software Engineering
Our official partners at PwC Germany have added their endorsement from the perspective of open source management, regulatory bodies and third-party certification.
“Great joint effort and achievement! As regulatory bodies increasingly recognize the significance of cybersecurity and the necessity for Software Bill of Materials (SBOMs), the introduction of ISO 18974 is a timely and important element for open source management. Its adoption will enhance the resilience and reliability of digital products and services. Furthermore, an external ISO 18974 certification will boost trust within the supply chain and facilitate efficient collaboration.”
Marcel Scholze, Head of Open Source Management Services at PwC Germany
Other companies have previously adopted ISO/IEC 18974:2023 in its OpenChain Security Assurance 1.1 or ISO/IEC DIS 18974:2023 variants, including LG Electronics and BlackBerry. These are functionally identical to ISO/IEC 18974:2023. You can learn more about the companies adopting OpenChain Project standards by visiting our “Community of Conformance” page:
https://www.openchainproject.org/community-of-conformance
Keep track of all the activities of the Education Work Group via their dedicated mailing list:
On 2023-12-14 the OpenChain Project held a special strategic workshop in Beijing on Licensing, Security and Export Control Compliance matters. You can check out the full recording below.
China Industrial Control Systems Cyber Emergency Response Team (CIC) is the latest official OpenChain Partner. They will help companies in China with process development and compliance scanning activities.
“China Industrial Control Systems Cyber Emergency Response Team ( CIC ) is delighted to become an official partner of the OpenChain Project,” said Huang Yunhua, deputy director of the CIC’s Institute of Intellectual Property. “OpenChain ISO/IEC 5230 stipulates key requirements for a high-quality open source license compliance program, which can effectively improve the level of open source supply chain security governance services. We will actively promote the application of OpenChain standards in the field of industrial and information safety, provide services for the domestic open source ecology and related enterprises, and build a more reliable open source software supply chain.”
“The OpenChain Project welcomes CIC to the official partner community today,” says Shane Coughlan, OpenChain General Manager. “This is an important development in strengthening the provision of ISO 5230 and ISO 18974 services in the Chinese market, and it is also an important development in terms of building event more bridges between China and other parts of the global supply chain. As a leader in the open source market, China and Chinese companies are critical to good governance in what we do. Our next steps together will help make open source more effective and more valuable for everyone involved.”
Visit Their Website
Keep track of all the activities of the Export Control Work Group via their dedicated mailing list:
Stefano Maffulli, Executive Director at the Open Source Initiative, joined us to explain what is happening around the Open Source Definition, AI and more.
Get The Slides
Check Out The Rest Of Our Webinars
This is OpenChain Webinar #57, released on 2023-12-06.
TOKYO, Japan, December 07, 2023 – Honda, a global leader in the manufacturing of automobiles, motorcycles, and power equipment, today announces an OpenChain ISO/IEC 5230 conformant program. Joining other leaders in the domain of open source software, Honda continues to drive long-term, sustainable innovation around the next generation of technologies.
“Honda has a remarkable position as the world’s largest motorcycle manufacturer and the world’s largest manufacturer of internal combustion engines,” says Shane Coughlan, OpenChain General Manager. “Perhaps most notably, they have a remarkable position as a leader in innovation that helps to empower people around mobility. Open source is a key part of the future of this industry, and with today’s announcement of an OpenChain ISO/IEC 5230 program, Honda underlines its position as a thought leader in this domain. A trusted supply chain is critical, and we are fortunate to have companies like Honda driving lasting change.”
About Honda
Honda is a mobility company powered by everyone’s dreams, creating mobility that helps and inspires people, in a wide range of fields such including motorcycles, automobiles, power products and aircraft.
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
The OpenChain Project had the opening keynote at the FOSSLight Community Day 2023 held in Seoul, South Korea at the end of November. You can check out our slides from the event below.