Skip to main content
THE LINUX FOUNDATION PROJECTS
search
Category

News

Sep 11

RECORDING: OpenChain Telco Work Group – September – 2025-09-04

By News

This Meeting Had A Packed Agenda:

Watch the Recording:

Be part of this:

Everyone is welcome to be part of this study group! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list:
https://lists.openchainproject.org/g/telco

💻 We have a dedicated GitHub Repo:
https://github.com/OpenChain-Project/Telco-WG

You are also welcome to participate in any of our other working groups around the world:

Sep 11

OpenChain in the CEN CENELEC CRA Discussion

By News

Thanks to the advocacy of SZ Lin, OpenChain ISO/IEC 18974 has been officially referenced in the EU Cyber Resilience Act (CRA) harmonized standards discussion.

You will find OpenChain ISO/IEC 18974 cited in Slide 67 of the “CRA Standards Unlocked: Unlocking CRA Security Controls: preparation for UNE Event” from CEN CENELEC:
https://www.cencenelec.eu/media/CEN-CENELEC/Events/Webinars/2025/2025-09-08_webinar_unlocking_cra_security_controls_preparation_for_une_event.pdf

We are referenced alongside:
• ISO/EC TR 5895:2022 – Cybersecurity – Multi-party coordinated vulnerability disclosure and handling
• SO/EC 30111:2019 – Information technology – Security techniques – Vulnerability handling processes
• ISO/IEC 29147:2018 – Information technology – Security techniques – Vulnerability disclosure

What this means:

The value of our security standard has been positively recognized by the parties bringing together the official CRA standards / requirements portfolio.

It provides a door to both continue and expand our collaboration in this space. The precise next steps will be determined in collaboration with our community and the governing board.

Ideas welcome!

Sep 09

OpenChain Webinar: Introduction to the Cyber Resilience Act (CRA) @ 17:00 EDT 2025-09-11

By News

Our next webinar will be entitled ‘Introduction to the Cyber Resilience Act (CRA)’ and will be delivered by our very own David A. Wheeler, Director of Open Source Supply Chain Security at the Linux Foundation. This will be a great starting point for people getting up-to-speed around the current situation.

About This Webinar:

The European Union (EU) Cyber Resilience Act (CRA) is a new law that covers almost all “products with digital elements”, including software, released in the EU. Enforcement will begin in 2026, even on organizations who aren’t based in the EU. This presentation will briefly explain the scope and requirements of the CRA. This webinar will be lead by David A. Wheeler, Director of Open Source Supply Chain Security at the Linux Foundation.

We start at 17:00 EDT 2025-09-11. All welcome, no registration needed.

Join here at the start time:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

Sep 09

OpenChain Webinar: Compliant containers with the OSADL Base Image @ 09:00 CEST 2025-09-10

By News

Our next webinar will be entitled ‘Compliant containers with the OSADL Base Image’ and will be delivered by Caren Kresse of OSADL. This will address one of the hottest topics in compliance: “how do you make containers compliant?”

About This Webinar:

While containers certainly simplify deploying software, fulfilling FOSS license obligations for containers is made difficult by their layered structure and the lack of compliance material in public repositories. Although every container is customized for its particular use and therefore comprises different software components, many are built on a base image that provides essential system components. It seems obvious to apply the Open Source principle of sharing development of non-differentiating technologies and services to license obligations of container base images. Therefore, OSADL offers the so called OSADL Base Images that are provided together with all required legal information and material needed to be distributed compliantly. A company may build their individual container images on top of the OSADL Docker Base Image and use the provided instructions to fulfill license obligations for the additional software to achieve license compliant container distribution. This presentation will explain how the base images and in particular the license compliance material are created, list what flavors, versions and variants are available and show how they can be used to facilitate licensing of individual containers.

Project page: https://www.osadl.org/base-image
Docker Hub: https://hub.docker.com/r/osadl/

We start at 09:00 CEST 2025-09-10. All welcome, no registration needed.

Join here at the start time:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

Sep 04

SBOM Study Group > Developing a New Guide to SBOM Quality – What’s Next?

By News

There was a significant market impact with the release of Version 1.1 of the Telco SBOM Quality Guide:
https://openchainproject.org/featured/2025/05/09/openchain-telco-sbom-guide-version-1-1-now-available

This lead to discussions about how we can make an explicitly cross-industry guide covering the topics of *how* we determine what is quality, and *how* we manage this across multiple industries. This lead to the development of a ”thinking” document considering how a cross-industry, cross-format SBOM quality could be structured:
https://github.com/OpenChain-Project/SBOM-sg/blob/main/Cross-Industry-SBOM-Quality-Guide/en/Cross-Industry-SBOM-Quality-Guide.md

As of last week, permission was given by the OpenChain Governing Board for the SBOM Study Group to turn into a full OpenChain Work Group, and to explicitly work on turning the thinking document into an official OpenChain guide for everyone. The formal announcement regarding the SBOM Study Group evolution will be made later this week, and meanwhile, you can check out a detailed presentation on the topic of a cross-industry SBOM Quality Guide in the slides below.

Check Out The Slides:

Learn More About This Study (and soon Work) Group:

Our SBOM Study Group brings all our various SBOM-related activities together and helps answer the question of “how do we use SBOMs in production, large-scale and complex supply chains?” Our original kick-off call has all the details.

Get Involved:

Everyone is welcome to be part of this study group! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list:
https://lists.openchainproject.org/g/sbom

💻 We have a dedicated GitHub Repo:
https://github.com/OpenChain-Project/SBOM-sg

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here:
https://www.openchainproject.org/participate

Sep 04

RECORDING: OpenChain AI Work Group – Monthly Workshop for North America and Europe – 2025-09-02

By News

We held our regular OpenChain AI Work Group meeting for North America and Europe on the 2nd of September. This meeting focused on reviewing comments around the AI Compliance Guide, which recently completed its public comment period and approval by the Governing Board.

The specific comments addressed were:

  1. https://github.com/OpenChain-Project/Reference-Material/issues/101
  2. https://github.com/OpenChain-Project/Reference-Material/issues/102
  3. https://github.com/OpenChain-Project/Reference-Material/issues/107
  4. https://github.com/OpenChain-Project/Reference-Material/issues/108
  5. https://github.com/OpenChain-Project/Reference-Material/issues/109

Watch the Recording:

Get Involved:

Everyone is welcome to be part of this activity! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list for the AI Work Group: https://lists.openchainproject.org/g/ai

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here: https://www.openchainproject.org/participate

Sep 03

OpenChain @ OSS NA – International Community, Language and Cognitive Load

By News

It is a bit of a “community week” here at the OpenChain Project, and you will see various things from Open Source Summit Europe appearing across our news and social media. However, there is another item we wanted to flag from Open Source Summit North America recently.

OpenChain is a totally global project, with contributors from three continents (we are open to every other continent contributing as well), and that means we operate in a lot of languages. That means far more than translation. It means cognitive load, and other challenges.

There was a wonderful talk from Naomichi Shima and Norio Kobota at Sony Group Corporation (voting alternate and board members of OpenChain respectively) on this topic at OSS NA. It was called “Empowering Asian Contributions: The Rise of Regional User Groups in Open Source Communities”

There is something really important contained in this presentation about how much effort is needed to communicate across language barriers. While the OpenChain Project has always tried to pay attention to this, and we have developed various workflows and methods over the last nine years, we want to (a) make sure we keep doing that effectively and (b) make sure every other project has access to our lessons learned.

You can view the full presentation here:

Aug 25

RECORDING: OpenChain Japan Community Day #34 at Mitsubishi Electric

By News

About:

The OpenChain Japan Work Group held a two-day event on the 31st July ~ 1st August 2025, kindly hosted by Mitsubishi Electric at their innovation hub in Yokohama. We are delighted to share recordings of both days with you, with great thanks to Owada San for preparing the edits.

Our Agenda:

【DAY 1 – 7月31日(木)-】
13:00-13:30 (30分) : 三菱電機 Serendie Street(共創空間) ガイドツアー
★希望者のみ。現地参加登録の際に一緒にお申し込みください。
13:30-14:05 (35分) : House Keeping、OpenChain紹介、Shane GMによるKeynote
14:05-14:25 (20分) : 三菱電機のOSPO活動紹介
14:25-15:15 (50分) : オープンソースライセンス研究所 うっかりミス防止研究会の活動紹介
15:15-15:45 (30分) : 休憩&ネットワーキング
15:45-16:20 (35分) : FAQ-sgより、うっかりミス関連FAQ紹介
16:20-16:50 (30分) : イベントリキャップ OSS Summit NA 2025
16:50-17:00 (10分) : クロージング
17:30-19:00 (90分) : 同会場にてネットワーキング(懇親会)

【DAY 2 – 8月1日(金)-】
9:30-11:30 (120分) : Education-sg紹介、初学者向け OSSコンプライアンス教育
11:30-11:45 (15分) : 教育資料オープンレビュー

The Recording of Day 1:

The Recording of Day 2:

Aug 22

OpenChain Newsletter #80

By Monthly Newsletter, News

Newsletter – Issue 80 – July 2025

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

Key Announcements & Action Items:

  • Public Comment Period for AI Bill of Materials: The OpenChain Project has announced a public comment period for its “Artificial Intelligence System Bill of Materials – Compliance Management Guide for the Supply Chain.” This is a key opportunity for professionals to provide feedback and shape this important guidance.
  • New Leadership: The 2025/2026 chairs for the OpenChain Specification, Education, and Telco Work Groups have been elected.
    • Action: Meet the new chairs and consider reaching out to them with your ideas and offers of support.

Conformance & Community Growth:

Several companies have announced their conformance with OpenChain ISO/IEC 5230, demonstrating the standard’s growing adoption across various industries.

New Resources & Materials:

  • Updated Overview Slides: The OpenChain overview slides have been updated for July 2025, providing fresh material to explain the path to a more trusted supply chain.
    • Action: Get the slides to use in your own presentations and to advocate for open source compliance within your organization.
  • Telco Industry Handbook & Translation: A new handbook for software supply chain security in the Telco industry has been released, along with a Korean translation of the OpenChain Telco SBOM Guide.

Webinars & Recordings:

A wealth of knowledge has been shared through recent webinars and community calls. These recordings are a great way to catch up on the latest discussions and best practices.

Other Community Updates:

  • Japan Work Group Community Day: Notes and pictures from the 34th Community Day in Yokohama. View Here
  • Tooling Work Group Slides: Slides from the July 2nd meeting are available. View Here

To get more involved in the OpenChain Project, including joining mailing lists, attending meetings, and contributing to the work, please visit: https://openchainproject.org/participate

Note: This newsletter usually only contains primary meetings. Some community meetings are not recorded or are released through other channels.

Read Previous Newsletters:

AI Usage:

This newsletter is created by using a template, curating links from a month of OpenChain news posted on the blog and using these prompts on Google Gemini to fill out the central news:

  • “Summarize the following newsletter for folks interested in the open source compliance to learn the latest changes in the space and find possible items that can act on. Include the links in this newsletter. Add notes on potential further actions by readers, particularly around attending future meetings. Direct people to this link to participate further: https://openchainproject.org/participate”

The newsletter is then subject to an edit cycle. If you spot any errors we missed, please contact us.

Aug 21

OpenChain @ OSS Europe – An Epic Community Presence

By Featured, News

Get To Know Our Thought-Leaders:

The OpenChain Project will have a substantial presence at Open Source Summit Europe next week! Catch talks and panels from our Board Members and Work Group Chairs, and have a chance to ask questions or share ideas.

Learn More:

+ The Mini-Summit on the 28th of August will be Special:

The OpenChain Mini-Summit will feature a great many of our current board members and chairs in one place, ready to share their knowledge and experience with both beginners and experts in license, security and regulatory compliance.

Get to know:
☑️ Ayumi Watanabe, Hitachi Solution
☑️ Helio Chissini de Castro, CARIAD
☑️ Jimmy Ahlberg, Ericsson
☑️ Jonathan Torres, META
☑️ Marcel Kurzmann, Bosch
☑️ Marc-Etienne Vargenau, Nokia
☑️ Masato Endo, Toyota
☑️ Norio Kobota, Sony
☑️ Sandra Hermoso Rodriguez, Arm
☑️ Taiki Kawamura, Honda

It’s Free To Register for the Mini-Summit: