Cloudera’s Chinese subsidiary announced an ISO/IEC 5230 conformant program at the recent OSCAR Open Source Supply Chain Salon (OSCAR开源供应链沙龙) co-hosted by CAICT and the OpenChain Project. The ISO/IEC 5230 conformant program was third-party certified by CAICT.
CAICT and OpenChain held an OSCAR Open Source Supply Chain Salon on the 3rd of April 2023 with ISO/IEC 5230 third-party conformance announcements from:
Speakers covered topics around process management and other critical business affairs. You can learn more in Chinese below. Representatives from CAICT are also available to provide more information on request.
追本逐源丨OSCAR开源供应链沙龙圆满举办
近年来,在企业数字化转型进程逐步深入的过程中,开源保持高速增长态势,开源软件被各行业企业广泛使用和推广。国家层面,我国相关主管部门陆续出台开源相关政策,积极推动开源以开放、透明、协作的方式加速国家数字化转型步伐。行业层面,随着越来越多的企业加入到开源社区中,在享受开源软件带来的“红利”的同时,开源软件供应链风险治理的重要性也在不断的增强。
https://mp.weixin.qq.com/s/gOHer7ASzAdwniE5zVoNQA
信通院与OpenChain联合发布“2023年上半年可信开源供应链-OpenChain成果”
为进一步探讨开源供应链安全合规发展方向,4月3日下午,由中国信息通信研究院云计算与大数据研究所、OpenChain联合主办的“OSCAR开源供应链沙龙”活动在北京举办。
https://m.sohu.com/a/662781051_100302690/?trans=010005_pcwzywxewmsm
Our annual OpenChain Industry Survey covers a big topic: the global status of corporate engagement and management of open source. It focuses on a ‘strategy’ perspective rather than a ‘development’ perspective. Our goal is to help inform corporate project, product and supply chain decisions in the year ahead.
Your help in creating a snapshot of the current market is deeply appreciated. This will allow us to understand where to direct community resources and energy throughout 2023. We will post the results in May.
The English version of the OpenChain Industry Survey 2023 is based off the Japanese original. Kudos to everyone in the OpenChain Japan Work Group, especially Owada San and Fukuchi San!
Newsletter – Issue 52 – March 2023
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.
This edition of the newsletter was created and shared by Qiuyue Qi of OpenSCA, and we provide our thanks for the contribution!
Socionext & Suzhou Prism Colorful Information Technology Co., Ltd. have all announced conformance with ISO/IEC 5230.
CESI joined the OpenChain Project as the official partner.
The OpenChain Project has had open discussions with LG Electronics and SK Group, presented at LF APAC Leadership Summit and delivered a speech at OSPO Summit.
There are two vital updates to our essential materials to follow:
Moreover, we have prepared an introduction to our standard for open source security assurance, ISO/IEC DIS 18974, for those who are interested.
The record of LF Training Courses Translation Project is also now available.
We have held two webinars, respectively talking about an overview of SPDX 3.0 (#50) and the recap of FOSDEM (#49)
March has also witnessed lots of work done with our work groups and monthly meetings across the globe.
Our legal work group has been officially announced.
Both telco and export control work groups initiated insightful discussions.
Details of work groups in Germany, Korea and the UK can be found in the following links:
Checking our monthly meeting below:
OpenChain ISO/IEC 5230:2020 is featured in Journal Of Software Volume 33, Issue 3, 2023.
The OpenChain Project is launching a Legal Work Group with a focus on a regular industry request: model provisions for agreements.
This work group will provide a forum to do that with a particular focus on choice, translation and global applicability.
Please note: This is about creating reference material provided under CC0 licensing as part of our extensive reference library. Model provisions or clauses will not be included in future versions of the ISO/IEC standards. This is to ensure freedom of choice for companies in different markets and different geographies.
This webinar features Alexios Zavras, Chief Open Source Compliance Officer at Intel Corporation and a long-term friend and collaborator around the OpenChain Project. This time the topic was SPDX 3.0, a significant generational update to SPDX, a sister standard to OpenChain ISO/IEC 5230 and OpenChain ISO/IEC DIS 18974.
SPDX is a Software Bill of Materials (SBOM) specification, so it operates one layer down from the fundamental processes outlined by OpenChain’s standards, and it provides an excellent way to meet our requirements for an SBOM to be used by companies. The second generation of SPDX has been an ISO/IEC standard for two years as ISO/IEC 5962. The third generation shows interesting promise as a way to manage license compliance, security and more.
This is OpenChain Webinar #50, released on 2023-04-31.
The OpenChain Germany Work Group held its latest meeting virtually with a packed schedule and a very active discussion from members. Our hosts this time were PwC, who kindly lent us their WebEx platform and arranged all the administration of the event.
Due to an exceptionally active open discussion our slide presentations were compressed, with Shane (OpenChain) and Alexios (Intel) focusing on overviews of standardization around process management and SBOMs in the market respectively. Philippe (NexB) delivered a full slide deck and you will find it shared below.
The OpenChain Korea Work Group had an excellent meeting on the 28th of March 2023. This was the 17th meeting in total for the group, and the first face-to-face meeting since COVID caused a global shutdown in 2020. The meeting had a packed schedule of global overviews, local tooling, AI legal matters and more. We were kindly hosted by the LINE team at their offices in Seoul. Special thanks to Seo Yeon Lee from LINE for her coordination and to Haksung Jang from SK Telecom for his leadership of the group.
Our Korean community is notable for its excellent spirit and humor. We had great networking, plenty of jokes, and a chance to meet and greet new members. Attendees were left with a strong impression of positive things to come in 2023.
Our next Korea Work Group meeting will be hosted by Kakao. If you are interested in attending or more generally in collaborating with us, please check out the local community website and mailing list:
SocioNext, a key contributor to the OpenChain Japan Work Group, is the latest company to announce an ISO/IEC 5230 conformant program. Socionext is a global enterprise that designs, develops and delivers System-on-Chips to customers worldwide.
Suzhou Prism Colorful Information Technology Co., Ltd. is the latest company to complete self-certification to OpenChain ISO/IEC 5230, the International Standard for open source software license compliance.
© 2025 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
