Skip to main content
THE LINUX FOUNDATION PROJECTS
search
Category

News

Aug 15

RECORDING: OpenChain Monthly Specification and Education Call (North America – Europe) – 2025-08-13

By News

We Discussed:

Quite a few things! Lead by Chris Wood (Chair, Specification Work Group) and Martin Yagi (Chair Education Work Group), the call covered the following agenda:

  1. OpenChain Project News
  2. Open Compliance Summit – Call for Papers
  3. Specification Work Group – Some Questions for the Community
  4. Education Work Group – Update on Status and Community Work Items
  5. Any Other Business?

A reminder for those in Asia – while this edition of the monthly call is happening in the darkest hours of the night (01:30 in Japan!), we also have a monthly Europe / Asia call that works better for those in Eastern time zones. Check out the schedule for this and all our other meetings here: https://openchainproject.org/participate

Watch the Recording:

Coming Next:

  • A ton of work pending on education, and a survey to be released for the spec. Expect a strong focus on looking at what we have accomplished, looking at feedback, and making it better.

Join Our Work:

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate

Aug 15

Webinar: Understanding the CHAOSS Project

By automation, community, News, Webinar

About This Webinar:

CHAOSS is a Linux Foundation project focused on creating metrics, metrics models, and software to better understand open source community health on a global scale. This webinar delves into how it accomplishes these goals, and how you can get involved. Huge thanks to Dr. Dawn Foster and Prof. Matt Germonprez for presenting, and to Andrew Katz for hosting!

Watch the Webinar:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2025-08-13.

Aug 12

Updates to OpenChain Self-Certification

By Featured, News

The OpenChain Project has always offered online self-certification support, and we are delighted to announce that this has been improved for our two ISO/IEC standards:

Any organization can self-certify to OpenChain ISO/IEC 5230 or OpenChain ISO/IEC 18974. It is as simple as answering “yes” to all the questions on the online form. If an organization cannot answer “yes” to all of the questions, it does not yet meet the requirements of the standard.

Please note that this is a self-certification, and an organization is solely responsible for the accuracy of the statements it makes about conformance.

Jul 31

OpenChain Newsletter #79

By Monthly Newsletter, News

Newsletter – Issue 79 – June 2025

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

News:

Note: This newsletter usually only contains primary meetings. Some community meetings are not recorded or are released through other channels.

Read Previous Newsletters:

AI Usage:

This newsletter is created by using a template, curating links from a month of OpenChain news posted on the blog and using these prompts on Google Gemini (free version) to fill out the central news:
  • “summarize the following newsletter for folks interested in the open source compliance to learn the latest changes in the space and find possible items that can act on.”
and
  • “include the links in this newsletter”
The newsletter is then subject to an edit cycle. If you spot any errors we missed, please contact us.
Jul 31

Webinar: Unlocking Potential – Case Study on ZF’s ISO/IEC 5230 Third-Party Certification with TIMETOACT

By community, legal, licensing, News, standards, Webinar

The OpenChain Project held a webinar on the 29th of July 2025 to provide a case study on how ZF – one of the world’s largest automotive suppliers – collaborated with TIMETOACT to obtain third-party certification for OpenChain ISO/IEC 5230.

Abstract:

This case study is suitable for organizations new to the OpenChain standards, organizations in the process of adopting the standards, or organizations reviewing how others met this milestone in open source process management. It will be structured as a series of short section presentations that provide:

  • A brief introduction to ISO/IEC 5230
  • The importance of ISO/IEC in the automotive industry
  • ZF’s certification journey
  • Forming an OSPO
  • Steps taken to accomplish ISO/IEC 5230 certification
  • Challenges faced
  • Role of TIMETOACT in the certification process
  • Gap analysis with TIMETOACT and ZF
  • How ZF used OpenChain and InnerSource Commons resources
  • Lessons learned
  • Closing thoughts

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2025-07-29.

Jul 31

RECORDING: OpenChain Mini-Summit @ Open Source Summit North America

By News

The OpenChain Project held a mini-summit during Open Source Summit North America. It featured a series of talks from OpenChain Governing Board members covering SBOM quality, compliance tooling and AI compliance guidance, before ending with a forward-looking talk about quantum encryption-related compliance challenges by our Specification Work Group chair.

Jump To Individual Talks:

Jul 31

OpenChain Japan Work Group – Community Day #34 in Yokohama – 2025-07-31

By News

About:

The OpenChain Japan Work Group is holding a two-day event on the 31st July ~ 1st August 2025. Our Japan Community Day #34 is kindly hosted by Mitsubishi Electric at their innovation hub in Yokohama. This event will also be broadcast live on Zoom.

Join Via Zoom:

In-person registration is closed, but you can still join via Zoom.

Day 1, 13:00 to 17:00:

Day 2, 09:30 to 11:45:

Agenda:

【DAY 1 – 7月31日(木)-】
13:00-13:30 (30分) : 三菱電機 Serendie Street(共創空間) ガイドツアー
★希望者のみ。現地参加登録の際に一緒にお申し込みください。
13:30-14:05 (35分) : House Keeping、OpenChain紹介、Shane GMによるKeynote
14:05-14:25 (20分) : 三菱電機のOSPO活動紹介
14:25-15:15 (50分) : オープンソースライセンス研究所 うっかりミス防止研究会の活動紹介
15:15-15:45 (30分) : 休憩&ネットワーキング
15:45-16:20 (35分) : FAQ-sgより、うっかりミス関連FAQ紹介
16:20-16:50 (30分) : イベントリキャップ OSS Summit NA 2025
16:50-17:00 (10分) : クロージング
17:30-19:00 (90分) : 同会場にてネットワーキング(懇親会)

【DAY 2 – 8月1日(金)-】
9:30-11:30 (120分) : Education-sg紹介、初学者向け OSSコンプライアンス教育
11:30-11:45 (15分) : 教育資料オープンレビュー

Jul 30

CJ CGV Announces An ISO/IEC 5230 Conformant Program

By Featured, News

CJ CGV announces that it has become the first company in the Korean entertainment industry to obtain ‘ISO/IEC 5230:2020’ self-certification, the international standard for open source license compliance. This achievement signifies that CJ CGV’s systematic open source management system has earned global recognition for its effective operation.

The OpenChain Project, which maintains this standard, is an international collaboration initiated by the nonprofit Linux Foundation in the United States. The standard comprehensively evaluates the compliance capabilities of companies, including their open source software policies and processes, organizational expertise, and employee education. The international standard (ISO/IEC 5230:2020) defines key requirements for companies to use open source safely and efficiently, covering obligations for open source license compliance.

Recognizing the growing importance of open source in building next-generation systems, CJ CGV has strengthened its management capabilities. Since 2023, the company has established an open source management system, gradually meeting the core requirements of the international standard.

To achieve this, CJ CGV designated dedicated teams and personnel for open source verification and management, formed an ‘open source council’ including legal and security experts, and set up a system to identify and manage potential risks proactively. The company also introduced its internal open source management regulations, made open source verification mandatory during system development, and implemented an automated open source management system that verifies licenses and checks for security vulnerabilities.

On July 15, during the planning and development of its new next-generation system, CJ CGV rigorously examined the safety and security of all open source components. This effort supported one of the system’s primary goals—strengthening information protection capabilities—and provided critical technical infrastructure for “CineTalk,” CJ CGV’s movie community service.

Son Jong-soo, Head of Digital Innovation at CJ CGV, stated, “As digital transformation accelerates, strategic and secure utilization of open source has become essential in the entertainment industry. Achieving this international standard certification highlights CJ CGV’s technical management capabilities. We will continue to deliver trustworthy services and contribute to the growth of the open source ecosystem.”

About the OpenChain Project:

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation:

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Check Out The Publicly Announced Community of Conformance:

Jul 30

COMING SOON: OpenChain Webinar – Understanding the CHAOSS Project

By News

About This Webinar:

CHAOSS is a Linux Foundation project focused on creating metrics, metrics models, and software to better understand open source community health on a global scale. This webinar will delve into how it accomplishes these goals, and how you can get involved.

Join On The 13th August @ 08:00 PDT / 10:00 CDT / 15:00 UTC / 16:00 BST / 17:00 CEST:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars