The Linux Foundation Projects
Skip to main content
Category

News

COMING SOON: Webinar – The Future of Insurance for Open Source: Are You Really Covered? – 2025-04-22 @ 08:00 UTC

By News

Open source and insurance has long been a topic of interest to commercial providers of products and solutions. This webinar will help unpack the reality of insurance considerations in this space. All welcome.

Abstract:

Open source software providers are facing a triple threat: tightening US and EU regulations, rising IP litigation, and the risks introduced by Gen AI. Soon, your board—and your customers and suppliers— might be asking that you have specific insurance that actually covers OSS-related liabilities. But, does such insurance exist? Does it work? And how should it work?

Historically, insurers have struggled to grasp OSS risks, offering inadequate or unclear coverage. Now, a new wave of insurance solutions is emerging, informed by OpenChain standards and best practices.

Join this session to explore how the insurance industry is evolving, what new OSS-specific coverage looks like, and how you can help shape it to meet the real needs of the open source community.

Meet Your Presenters:

Lewis Parle, Head of Intellectual Property Risks @ Lockton

Andrew Katz, CEO @ Orcro

Stephen Pollard, Director Open Source Advisory @ Orcro

Join the Webinar:

LINK PENDING

COMING SOON: OpenChain Korea Work Group – Meeting #25 – 2025-03-25

By News

The 25th Meeting of the OpenChain Korea Work Group is coming soon! Join one of the most energetic, friendly and productive open source communities dedicated to better supply chain management. All welcome, even if you do not speak Korean.

Time and Date: 25th of March (2025-03-25) 14:00 – 17:00

Location: Korea Digital Certification Association (Yeouido Park One Building Tower 2, 48th floor) – https://maps.app.goo.gl/YnxTkz8LjHPXFJBv6

Check out the agenda and learn more here:

Please note: Format registration will launch soon. You can already express your interest on the OpenChain Korea Work Group mailing list (https://lists.openchainproject.org/g/korea-wg).

OpenChain Newsletter #75

By Monthly Newsletter, News
logo

​ Newsletter – Issue 75 – February 2025

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

Headline News

Outreach

    Webinars

    Meetings

    Our community released the following meeting recordings via our main channel:

    Note: Some community meetings are not recorded or are released through other channels

    Check Out All Our Previous Newsletters:

    OpenChain Japan Community Day #34

    By News

    The OpenChain Japan Community Day #34 was held at Tokyo on March 3rd. Below you can learn more details of the event (Japanese).

    OpenChain Japan Community Day #34@トヨタ大手町
    OpenChainのメンバーが一堂に介し、OSSの最新情報を共有したり、ネットワーキングしたり、
    各業界の課題を議論したりするCommunity Dayの2025年第1弾をトヨタ大手町で実施致します。
    日時:3月3日(月)13:30-17:00、3月4日(火)9:30-12:00
    会場:トヨタ自動車株式会社大手町オフィス

    【3月3日(月)】
    13:30-14:00 (30分)
    House Keeping
    OpenChain紹介
    Shane GMによるKeynote
    14:00-14:30 (30分)
    トヨタ自動車のオープンソース活動の紹介
    14:30-15:00 (30分)
    自動車業界におけるSBOM PoCの紹介
    15:00-15:15
    休憩&ネットワーキング
    15:15-16:15 (60分)
    Automotive Open Source Panel(トヨタ、ホンダ等)
    16:15-16:45 (30分)
    Project ESSTRA:ソフトウェアの透明性とトレーサビリティを強化するソフトウェアスイート(ソニーグループ 生江さん)
    16:45-17:00 (15分)
    ラップアップ

    RECORDING: OpenChain SBOM Study Group – Monthly Meeting – 2025-02-26

    By News

    As always, we focused on the question of “how do we use SBOMs in production, large-scale and complex supply chains?” We are dealing with the reality of supply chains with many participants who have different levels of skill, use different formats, and perhaps follow different regulations or policies.

    This meeting looked at two important pieces of analysis from the OpenChain Japan SBOM Sub-Group. The goal was to find common challenges, and how we can address them when we consider:

    • Process management as our focus (the management layer)
    • Previous OpenChain work in this field (e.g. the Telco SBOM Guide)
    • Other work around the world (e.g. emerging regulation etc.)

    Background Analysis #1 – SBOM Quality Considerations:

    Background Analysis #2 – Further SBOM Quality Considerations:

    Watch the Meeting:

    Learn More About This Study Group:

    Our SBOM Study Group brings all our various SBOM-related activities together and helps answer the question of “how do we use SBOMs in production, large-scale and complex supply chains?” Our original kick-off call has all the details.

    Get Involved:

    ✉️ We have a dedicated mailing list:
    https://lists.openchainproject.org/g/sbom

    💻 We have a dedicated GitHub Repo:
    https://github.com/OpenChain-Project/SBOM-sg

    Announcing Elixir OpenChain ISO/IEC 5230 Certification

    By Featured, News

    The Elixir Project is pleased to share that the Elixir project now complies with OpenChain ISO/IEC 5230, the international standard for open source license compliance. This step aligns with broader efforts to meet industry standards for supply chain and cybersecurity best practices.

    “Today’s announcement around Elixir’s conformance represents another significant example of community maturity,” says Shane Coughlan, OpenChain General Manager: “With projects – the final upstream – using ISO standards for compliance and security with increasing frequency, we are seeing a shift to longer-term improvements to trust in the supply chain.”

    Why OpenChain Compliance Helps

    By following OpenChain ISO/IEC 5230, we demonstrate clear processes around license compliance. This benefits commercial and community users alike, making Elixir easier to adopt and integrate with confidence.

    Changes for Elixir Users

    • All future Elixir releases will include a Source SBoM in CycloneDX 16 or later and SPDX 2.3 or later formats.
    • Each release will be attested along with the Source SBoM.

    These additions offer greater transparency into the components and licenses of each release, supporting more rigorous supply chain requirements.

    Changes for Contributors

    • Contributions remain under the Apache-2.0 License. Other licenses cannot be accepted.
    • The project now enforces the Developer Certificate of Origin (DCO), ensuring clarity around contribution ownership.

    Contributors will notice minimal procedural changes, as standard practices around
    licensing remain in place. For more details, see the CONTRIBUTING guidelines

    Commitment

    These updates were made in collaboration with the Erlang Ecosystem Foundation, reflecting a shared commitment to robust compliance and secure development practices. Thank you to everyone who supported this milestone. We appreciate the community’s ongoing contributions and look forward to continuing the growth of Elixir under these established guidelines.

    Learn more about Elixir:

    CSI Piemonte Announces Recertification to OpenChain ISO/IEC 5230

    By Featured, News

    CSI Piemonte, an early adopter of OpenChain ISO/IEC 5230, has announced their fourth periodic recertification of the international standard for open source license compliance processes.

    “CSI Piemonte has renewed its self-certification to ISO/IEC 5230:2020 for the fourth time, aware of its decades-long aptitude to implement, acquire, and publish open source software,” says Marco Alberto Panepinto, Open Source Subject Matter Expert at CSI Piemonte. “Italian law, in particular, requires public administrations to publish self-produced software on the national Developers Italia catalog, on which CSI Piemonte publishes the products implemented for local Piedmontese bodies, including mainly the Piedmont Region. Our processes are aimed at providing and promoting the creation and control of open source software, aimed at reuse by other public administrations, as our legislation provides. It is therefore since 2020 that we have adhered to the standard and we are proud to continue pursuing the goal of making our software open.”

    “In recent months we have highlighted recertification activity around our standards to underline the concept of sustainable approaches to software management,” says Shane Coughlan, OpenChain General Manager. “Continuity in supply chain management is key to ensure that issues are minimized and productivity is maximized. We are delighted to collaborate with CSI Piemonte on yet another reminder of this important point, and the suitability of OpenChain standards for such long-term management.”

    About CSI Piemonte

    CSI Piemonte has promoted technological innovation and digital transformation for public administrations since 1977. OpenChain is delighted to welcome them to our community of conformance.

    Learn More About CSI

    About the OpenChain Project:

    The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

    About The Linux Foundation:

    The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

    Collabora Highlights ISO/IEC 5230 Renewal

    By Featured, News

    Collabora has recently completed its regular 18 month renewal of ISO/IEC 5230 conformance via self-certification, and is highlighting this activity for the benefit of the wider community. This underlines an important principle of standard adoption and use: sustainability through periodically checking processes to ensure their integrity.

    “Our renewed ISO/IEC 5230 certification demonstrates Collabora’s unwavering commitment to maintaining the highest standards of compliance to open-source licenses,” says Olivier Potin, Chief Operating Officer at Collabora. “Through OpenChain, we ensure our customers have complete visibility into their software supply chain while guaranteeing compliance with open source licensing requirements. This certification reinforces our position as a trusted partner in delivering open source solutions.”

    “The principle of ensuring continued conformance to a standard is a key part of genuine sustainability,” says Shane Coughlan, OpenChain General Manager. “We appreciate Collabora’s decision to publicly highlight their example in double-checking process integrity, and helping to inspire similar long-term approaches in the supply chain.

    About Collabora:

    Collabora is a global consultancy specializing in delivering the benefits of Open Source software to the commercial world. Whether it’s the Linux kernel, graphics, multimedia or machine learning, Collabora’s expertise spans across all key areas of Open Source software development. By harnessing the potential of community-driven projects, and re-using existing components, Collabora helps its clients focus on creating product differentiation, enabling them to develop the best solutions. From tailoring the latest Open Source technologies to your projects, to integrating Open Source methodologies into your organization, Collabora can help you navigate the ever-evolving world of Open Source. Learn more at collabora.com.

    About the OpenChain Project:

    The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

    About The Linux Foundation:

    The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

    RECORDING: OpenChain Monthly Specification and Education Call (North America – Europe) – 2025-02-13

    By News

    Our February meeting of the Specification and Education Work Groups for North America and Europe covered four major topics:

    1. The current status of the freeze period for proposed updates to ISO/IEC 5230 and ISO/IEC 18974
    2. Potential future standardization work
    3. The recent release of the Capability Model for ISO/IEC 5230
    4. Next steps for the Education Work Group

    Check out the Meeting Slides:

    Watch the Recording:

    Coming Next:

    We will be following up on the activities outlined above on the mailing lists, and we will continue our regular series of calls and meetings throughout the year.

    Join Our Work:

    Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
    https://lists.openchainproject.org/g/specification/

    You can find and be part of all OpenChain calls through our participation page here:
    https://openchainproject.org/participate