The Linux Foundation Projects
Skip to main content
Category

News

OpenChain @ OSS NA – Empowering Asian Contributions: The Rise of Regional User Groups in Open Source Communities – 2025-06-24

By News

The OpenChain Project had a substantial presence at Open Source Summit North America 2025. We are posting some of our key talks to here to help with community education and discussion.

Empowering Asian Contributions: The Rise of Regional User Groups in Open Source Communities:

In the vast landscape of the global Open Source community, Asia, despite its significant population, has historically seen limited contributions. This session will delve into the recent surge in the establishment of regional user group in Japan and their ripple effects across Asia. We will explore the inception and growth of the OpenChain Project’s Japan Chapter since 2017, which has catalyzed the expansion of regional communities in China, Korea, and beyond. We will discuss the motivations driving individuals in these regional communities and highlight the unique characteristics of the OpenChain Japan community. Furthermore, we will examine the collaborative efforts between the Japanese community and other open source communities like the TODO Group, showcasing how these partnerships have amplified their impact. Through our experiences, we will share insights on the essential elements for fostering successful regional communities in Japan. Additionally, we will introduce messages from the managers of OpenChain and the TODO Group, emphasizing the importance of integrating regional activities with the global open source ecosystem.

Slides:

Speakers:

  • Norio Kobota, Sony
  • Naomichi Shima, Sony

RECORDING: OpenChain Monthly Specification and Education Call (Europe- Asia) – 2025-06-18

By News

We Discussed:

New Conformance Announcements

We reviewed the public announcements of adoption around ISO/IEC 5230 and ISO/IEC 18974 through 1H 2025.

New Reference Material

We had a look at the new and improve reference material through 1H 2025.

The Forthcoming Steering Committee Meeting

We discussed the vote in the forthcoming Steering Committee meeting to decide whether or not to accept community suggestions for edits to ISO/IEC 5230 and ISO/IEC 18974.

Check out the Meeting Slides:

Watch the Recording:

Coming Next:

The monthly calls for the OpenChain Specification and Education Work Groups will have a different format in July. Updates to follow on specifics.

Join Our Work:

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate

External: Operationalizing Software Trust: Why OpenChain Matters!

By News

Strengthening Trust, Transparency, and Compliance in the Software Supply Chain

Ibrahim Haddad has written a great article discussing the OpenChain Project, our standards, and why our work has impact over on LinkedIn. We encourage everyone to take a moment and read his overview. Short preview below:

Over the past decade, the software supply chain has moved from a technical implementation concern to a strategic enterprise risk. Software has become central to every product and service, raising the responsibility bar for organizations to ensure that the software they ship is secure, compliant, and transparently governed.

This is where the OpenChain Project, hosted by the Linux Foundation, enters the picture.

For those unfamiliar, OpenChain defines industry standards for managing open source license compliance and security assurance across complex software supply chains. It provides a shared language for companies to communicate expectations and verify open source due diligence internally and with partners.

Yet, many organizations are still sitting on the sidelines.

After helping build and advise dozens of OSPOs over the past 15 years, from startups to multinationals, I can say this with confidence:

If your organization consumes or distributes open source software (hint: you do), OpenChain is not optional. It’s inevitable.

> Read the full article on LinkedIn.

Webinar – AboutCode – Practical Compliance in One Stack – Licensing, Vulnerabilities, and More

By ai, automation, licensing, News, security

Our speaker was a good friend of the OpenChain Project, and the founder of AboutCode, Philippe Ombredanne. Our focus was on recent advances in the open source and open data AboutCode stack for licensing and security compliance.

This is an outcome webinar from the OpenChain and Friends event in Stuttgart, Germany during April 2025. This event saw speakers from Germany and beyond come together to share best practices around open source process management, compliance and automation.

Watch the Webinar:

Review the Slides:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2025-06-10.

Reflection on yesterday – OpenChain Korea Meeting, a community of professionals (and friends)

By News

After our meeting at Samsung yesterday (thank you Samsung team!), I wanted to add a short essay about what we have done and why it has helped people. Sometimes a history lesson helps us realize how far we have come, and how much we have accomplished.

When OpenChain started in 2016 there was a lot of uncertainty around open source compliance. We knew there were licenses, and we all had various ways to interpret them and make decisions around them, but apart from sharing notes there was no unified approach.

The OpenChain Project set out to change that, and it was designed to be open, collaborative and useful from the beginning. The founding members and the founding community felt strongly about a few things:
– Everything we build should be open and freely accessible
– The community – even the smallest company – should have a voice
– We would contribute “holistically” to making the supply chain more trusted

In other words, we would be open, we would have a problem to solve, but we would not become trapped in one topic or one period of the market. We were here to increase trust in the supply chain around compliance (starting with license compliance, but also including security and other compliance in the future).

As a side effect of what we were doing, we also wanted to help individuals. We wanted the professionals working in our field to get new skills and to have new long-term opportunities in their companies. A few years ago, one of the OpenChain community asked me “what career opportunities does someone working in open source compliance have?”

I said “it is important to remember that what we are doing is not making one implementation of one solution. For example, many people accomplish using our standards in an Open Source Program Office (OSPO), but OpenChain is not focused on OSPO, or SBOM formats, or metrics, or other things our sister projects do. Our work is complimentary but different. OpenChain is focused on business process management for supply chains, and the use of international standards. When someone works around OpenChain, they are not only being an open source expert, but also:
– Building proven experience in change management
– Building proven experience in using standards
– Building proven experience in adoption and applying business process management best practices
– And developing skills for cross-team collaboration inside and outside the company”

This is not by accident. We wanted to help the existing and the next generation of people in open source go further and have more opportunities. Our community would build new networks, and our activity would build new opportunities.

To date we have done a lot:
– Built ISO/IEC 5230 and ISO/IEC 18974 as international standards for open source business process management
– Guides around other areas of business process management (SBOM Quality, AI Compliance in the Supply Chain)
– We have introduced the first freely accessible maturity modeling for open source
– We have created the process to build totally open standards and to maintain them
– We have created the world’s largest library of business tools to help
– Policy
– Training
– Checklists
– Supplier education
– and so much more
– And our community has brought new people in contact with their future peers again and again in Korea, in Japan, in China and elsewhere.

In other words, thanks to you, we have completely transformed open source business management in the supply chain. And we have transformed how professional our field is. Open source is no longer a unique corner in a company. It is the same type of Software Asset Management as everything else, and that secures its future.

In Korea, we owe so much to so many people. I want to give special thanks to Haksung Jang, who has been at the center of the Korean Work Group from the beginning. Haksung has done more than organize the community. He has inspired it, and he has given it a blueprint for how to interact and share. The laughter, the open discussion, and the welcoming atmosphere was inspired by him. Haksung is a unique leader, and a precious part of the global open source community.

Many other people deserve praise too. For example, Soim for her playful but sincere help with community images, Seoyeon for her contributions to organizing and encouraging, and… you deserve praise too. If you have come to a meeting, or helped organize a meeting, or shared one of the many excellent presentations, to have helped build a true open source community.

It is very rare to see these things emerge. Most communities are frozen in one moment on one implementation. Very few communities transform a market, and still grown in new ways. We have never put barriers up (everything is free), we have never looked at commercial growth (we have a limit of 25 board members), and instead we have focused entirely on you – on what you, and I and our colleagues can do together.

Thank you so much for being part of that, and for reminding ourselves of how pure, useful and special freely sharing knowledge can be. True open community is kindness, and walking together to make everything better for all our benefit.

Regards
Shane Coughlan
General Manager, OpenChain

Slides: OpenChain @ OSPO Summit China – 2025-06-12

By News

The OpenChain Project had a keynote at the OSPO Summit 2025 held in Beijing. This opportunity to connect with our stakeholders and community provides an platform to discuss the latest developments in global open source risk management and shared processes.

View the Slides:

Mercedes-Benz Research and Development India Announces An ISO/IEC 5230 Conformant Program

By Featured, News

We are delighted to welcome Mercedes-Benz Research and Development India to the OpenChain community of conformance. This is another milestone in the adoption of OpenChain standards by the automotive supply chain, and serves as a reminder of the broad applicability for our solutions around the world.

About Mercedes-Benz Research and Development India:

Mercedes-Benz Research and Development India (MBRDI) is the largest research and development center for Mercedes-Benz Group AG outside of Germany. Started in 1996, the Bengaluru headquartered organisation plays a prominent role in the development of new technologies like connected, autonomous, and electric in the mobility world. MBRDI, known for its engineering innovations, has grown to a team of over 8,500 employees and is one of the earliest technology and innovation center of a global automotive company to set up a strong presence in India.

In line with the global ambitions of the Mercedes-Benz Group, MBRDI plays a prominent role in innovating and accelerating the future of sustainable mobility. Over the last 25 years of its presence in India, MBRDI has established itself as an innovation powerhouse. The engineers at MBRDI are committed to providing an unparalleled experience and comprehensive digital capabilities, with technology at the core. MBRDI harnesses the role of IT in accelerating the future of automotive technology in terms of engineering, digitalisation, testing and simulation, and data science.

MBRDI offices in Bengaluru specialise in end-to-end capabilities in product development and IT services. The satellite office in Pune focuses on interior component designs and IT engineering.

About the OpenChain Project:

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation:

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

OpenChain Newsletter #78

By Monthly Newsletter, News
logo

​ Newsletter – Issue 78 – May 2025

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

Headline News

    Outreach

    Webinars

    Our community released the following meeting recordings via our main channel:

    Note: Some community meetings are not recorded or are released through other channels

    Check Out All Our Previous Newsletters:

    Open Source Policy Template Updated

    By News
    The OpenChain Project publishes a policy template to help any organization (company or non-profit) quickly explore options for their own policy creation. This has now been updated with an “Example Policy Text” tab that shows options to inspire teams as they iterate.

    Download It Now:

    https://github.com/OpenChain-Project/Reference-Material/tree/master/Open-Source-Policy-Templates/ISO-IEC-5230-(OpenChain%202.1)/en

    You can also find all the previous versions of the policy template in the sub-folder marked “old” at the link above.

    Credit:

    Huge thanks to Martin Yagi for driving this improvement.

    Help Make This Better:

    Remember, this is a living document, so your own suggestions, improvements or corrections are most welcome! We coordinate our editing through our Education Work Group mailing list: