This meeting features a talk about maturity models and how recent developments apply to open source and especially standards like ISO/IEC 5230:2020. The maturity model discussion was presented by Andrew Katz and Stephen Pollard of Orcro and is a direct follow-up from the panel covering this topic at the Open Compliance Summit 2023.
Get the slides:
Learn more about the activities of this study group via their dedicated mailing list:
Please find the recording from our recent meeting here:
We covered a few different topics, but the key item was the explore how we could work together with SPDX as they look at adding Export Control fields into SPDX 3.1.
Get the slides:
We had a previous presentation from SPDX on this topic here:
The currently proposed SPDX schema is here:
Their mailing list to discuss this topic is here:
Thank you to everyone who attended the meeting. We had some great feedback. Check out the recording here:
Most Important Outcome
We adjusted the review / renewal period for the Security and Licensing specifications from 18 months to 12 months to align with ISO 17021 for certification of management systems. You can see the details as follows:
Security Specification (potential future ISO 18974 update):
Licensing Specification (potential future ISO 5230 update):
Next Monthly North America / Europe Call Focus Items
Maturity Model consideration for ISO 18974:
+ GM Addition
Scope – for next iteration of ISO 5230:
Review The Past
You can download the slides from this meeting and all previous meetings since we started the specification update cycle here:
Please note: this post initially contained some material related to editing the specification editing that occurred on the North America / Asia call. You can find that material on the North America / Asia call for January 2024 blog post.
We kicked off the year with a call to review the 2023 Annual Report and the 2024 “Where We Go Next” statement. This was also an opportunity to discuss the outcomes of the Steering Committee meeting in December 2023.
Get The Slides For This Meeting (and all the others) On GitHub:

The OpenChain Project was featured in the FinTech Sub-Forum of the Shanghai Open Source Summit 2023. Shane Coughlan, OpenChain General Manager, delivered a recorded speech to the audience. We would like to thank the event organizers for giving us this opportunity.


The Shanghai Computer Software Technology Development Center was approved by the former National Science and Technology Commission in 1984 and is a public institution directly under the Shanghai Academy of Sciences. Shanghai Computer Software Technology Development Center has long been committed to software technology standard research and software application technology research. It has promoted industrial development through the application of technical services and achievements, and gradually formed the core concept of “service industry, development industry”, and made many pioneering contributions to China’s software industry.

Soft Security Science and Technology Co., Ltd. was registered in Chengdu High School District in May 2021. The company focuses on software quality and security control, with SCA analysis tool, source code static test analysis tool, fuzzy test tool, and is quickly building software supply chain security solutions combined with open source governance solutions, security development solutions and software compliance solutions. It has offices in Chengdu, Beijing, Shanghai, Wuhan, and Shenzhen.
Learn more on their site:
Learn more about the Telco Work Group and their activities around topics like SBOM Quality on the dedicated mailing list:
Learn more about the Telco Work Group and their activities around topics like SBOM Quality on the dedicated mailing list: