42dot has achieved conformance with ISO/IEC 5230, the international standard for open source license compliance developed through the OpenChain Project.
ISO/IEC 5230 provides a framework for organizations to establish and maintain effective open source compliance programs. Conformance demonstrates that an organization has implemented the processes and controls needed to manage open source software and associated license obligations in a consistent and reliable manner.
As part of this effort, 42dot strengthened its open source governance framework and enhanced collaboration across engineering, legal, and other key functions. The result is a scalable compliance program that supports the responsible use of open source software throughout the organization.
Open source software plays a critical role in modern mobility solutions, including software-defined vehicles and connected mobility platforms. As these technologies continue to evolve, effective governance helps organizations manage software supply chain risks while enabling innovation and collaboration.
“Achieving ISO/IEC 5230 conformance marks an important milestone for 42dot,” said a company representative. “The work involved in reaching this standard has helped us further mature our internal processes and establish a strong foundation for the continued growth of our open source activities.”
This achievement also reinforces the importance of transparency, accountability, and effective software supply chain management as open source software continues to power the next generation of mobility technologies.
42dot joins a growing community of organizations around the world that have adopted ISO/IEC 5230 as a benchmark for open source compliance and software supply chain management.
OpenAnolis officially announced that it has met the OpenChain ISO/IEC 18974 standard, becoming one of the few open-source operating system communities worldwide to receive this authoritative security accreditation. As an open-source community jointly built by enterprises, academic institutions, research organizations and individual developers, OpenAnolis has long been committed to creating a secure, reliable, and compliant digital infrastructure foundation. This certification marks a significant milestone in the community’s progress in open-source security governance.
ISO/IEC 18974, initiated by the OpenChain Project, defines the core requirements for open-source software security assurance programs, focusing on an organization’s ability to identify, respond to, and manage known security vulnerabilities such as CVEs and dependency issues. By establishing a comprehensive lifecycle security governance framework, OpenAnolis has implemented standardized processes for vulnerability monitoring, incident response, code security auditing, and software supply chain protection, ensuring trustworthiness in critical scenarios such as cloud-native environments and AI computing. The community has also developed SBOM (Software Bill of Materials) capabilities to enable transparent dependency management. With automated toolchains and AI Agents, OpenAnolis continuously performs intelligent vulnerability detection and remediation, providing strong security assurance for downstream OS distributions and industry users.
Long Qin, Chairman of the OpenAnolis Security Alliance, said: “The OpenAnolis Community’s Openchain ISO/IEC 18974 certification is of great significance to the development of the community’s security capability. In the era of integration between AI and cloud-native technologies, the security boundaries of operating systems have evolved beyond traditional patching to a holistic and proactive defense system that addresses heterogeneous computing, complex software supply-chain dependencies, and emerging threats caused by intelligent technologies. OpenAnolis will continue to invest in security innovation and work with global developers to build a trustworthy open-source ecosystem that supports the intelligent computing era.”
Liu Dapeng, Head of the OpenAnolis Standardization SIG, said: “OpenChain ISO/IEC 18974 provides open source communities with an authoritative guideline for software supply chain security governance and compliance management, laying a solid foundation for OpenAnolis to enhance collaboration efficiency and build ecosystem-wide trust. Looking ahead, the OpenAnolis Standardization SIG will continue to actively engage in OpenChain standard development under the Linux Foundation, striving to contribute OpenAnolis’ practical experience to international standards and working hand-in-hand with partners to co-create a secure, transparent, trustworthy, and thriving open source operating system ecosystem.”
About OpenAnolis
Founded in 2020, OpenAnolis is an international open-source root community for Linux server operating systems, focusing on cloud computing, edge computing, and AI computing scenarios. The community has brought together more than 1,000 ecosystem partners and released core distributions such as Anolis OS 23, providing full support for x86, ARM, and RISC‑V architectures. OpenAnolis technologies are widely deployed across cloud-native and intelligent computing fields.
About the OpenChain Project
Led by the Linux Foundation, the OpenChain Project promotes open-source license compliance (ISO/IEC 5230) and security assurance standards (ISO/IEC 18974), helping organizations establish efficient open-source compliance and security management systems. With over 1,000 global enterprise participants, OpenChain is a key international force in securing and standardizing the open-source supply chain.
About the Linux Foundation
The Linux Foundation is the world’s largest open-source collaboration platform, supporting critical infrastructure projects such as Linux, Kubernetes, and Node.js. Through standardization, community operations, and industry collaboration, it drives sustainable development of open-source technologies across software, hardware, and data domains.
Olive Young becomes the first in the domestic health and beauty (H&B) industry to declare the open source international standard ‘ISO/IEC 5230:2020’ certification.
Proves the security and transparency of its open source management system… Lays the foundation for securing reliability for its overseas services.
“As the leading K-beauty platform, we will continue to advance our open source management system in accordance with global standards.”
CJ Olive Young (hereinafter “Olive Young”) announced on the 9th that it has declared the open source international standard ‘ISO/IEC 5230:2020’ certification, marking a first in the domestic health and beauty (H&B) industry.
‘ISO/IEC 5230:2020’ is the sole international standard that evaluates a company’s open source license compliance system and management capabilities. Open source refers to publicly available source code that anyone can use freely. While it offers the advantage of reducing development costs and time, its transparent nature can also expose security vulnerabilities, making it crucial to strictly adhere to relevant license regulations. Accordingly, the certification is awarded only to companies that meet the criteria through a comprehensive evaluation of their compliance capabilities, including open source software policies and processes, the expertise of dedicated organizations and personnel, and relevant training.
This certification is highly significant as it officially recognizes that the security and transparency of Olive Young’s open source management system—as the company leaps forward as a ‘global beauty-tech platform’—fully meet international standards. As Olive Young accelerates its global expansion, including the opening of its first offline store in the U.S. this coming May, this achievement is expected to serve as a pivotal momentum in enhancing the stability and reliability of its services overseas.
Olive Young has been meeting the criteria for this international standard by establishing a robust open source management system since 2023. The company designated a dedicated organization and personnel for open source verification and management, and formed an ‘Open Source Council’ to establish a systematic approach for identifying and managing potential risk factors. Furthermore, it implemented internal open source management regulations and a strict process that mandates open source verification during system development. It also currently operates an automated system for verifying open source licenses and inspecting security vulnerabilities.
An official from Olive Young stated, “This certification is an acknowledgment of Olive Young’s proactive efforts, including the nurturing of IT talent and the establishment of an internal management system.” The official added, “As the representative platform for K-beauty, we will continue to advance our open source management system in strict alignment with global standards.”
Analog Devices, Inc. (ADI) has announced an OpenChain ISO/IEC 5230:2020 conformant program, making another important step forward for open source governance and management in the global silicon supply chain.
“Achieving OpenChain conformance underscores our belief that open source stewardship is foundational to engineering excellence,” said Rob Oshana, Senior Vice President, Software & Digital Platforms at ADI. “It reinforces our commitment to transparent processes, clear compliance standards and continuous improvement across the software lifecycle.”
“ADI is an excellent steward of open source,” says Shane Coughlan, OpenChain General Manager. “Their contributions to the open source community have been notable too, not least their direct engagement with the OpenChain Project as we have developed and deployed standards and reference material related to open source compliance. It is a genuine pleasure to welcome them to our community of conformance, and we look forward to continued collaboration in the future.”
About ADI
ADI is a global semiconductor leader that bridges the physical and digital worlds to enable breakthroughs at the Intelligent Edge. ADI combines analog, digital, AI, and software technologies into solutions that help drive advancements in automation and robotics, mobility, energy and data centers, and healthcare, combat climate change, and reliably connect humans and the world. With revenue of more than $11 billion in FY25, ADI ensures today’s innovators stay Ahead of What’s Possible. Learn more at www.analog.com and on LinkedIn and X (formerly Twitter).
About the OpenChain Project:
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation:
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
CJ Logistics announced on the 5th that it has obtained ‘OpenChain ISO/IEC 5230:2020′ international standard certification.
The OpenChain Project, an initiative led by the U.S. non-profit organization The Linux Foundation, maintains ‘ISO/IEC 5230:2020’ and provides self-certification support to companies. These companies can use the standard and self-certification material to audit and develop a robust open source license compliance program and management capabilities.
This achievement is the first of its kind among Korean logistics companies and signifies that CJ Logistics has received international recognition for its responsible management of open source software throughout its digital transformation.
About the OpenChain Project:
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation:
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Check Out The Publicly Announced Community of Conformance:
CJ CGV announces that it has become the first company in the Korean entertainment industry to obtain ‘ISO/IEC 5230:2020’ self-certification, the international standard for open source license compliance. This achievement signifies that CJ CGV’s systematic open source management system has earned global recognition for its effective operation.
The OpenChain Project, which maintains this standard, is an international collaboration initiated by the nonprofit Linux Foundation in the United States. The standard comprehensively evaluates the compliance capabilities of companies, including their open source software policies and processes, organizational expertise, and employee education. The international standard (ISO/IEC 5230:2020) defines key requirements for companies to use open source safely and efficiently, covering obligations for open source license compliance.
Recognizing the growing importance of open source in building next-generation systems, CJ CGV has strengthened its management capabilities. Since 2023, the company has established an open source management system, gradually meeting the core requirements of the international standard.
To achieve this, CJ CGV designated dedicated teams and personnel for open source verification and management, formed an ‘open source council’ including legal and security experts, and set up a system to identify and manage potential risks proactively. The company also introduced its internal open source management regulations, made open source verification mandatory during system development, and implemented an automated open source management system that verifies licenses and checks for security vulnerabilities.
On July 15, during the planning and development of its new next-generation system, CJ CGV rigorously examined the safety and security of all open source components. This effort supported one of the system’s primary goals—strengthening information protection capabilities—and provided critical technical infrastructure for “CineTalk,” CJ CGV’s movie community service.
Son Jong-soo, Head of Digital Innovation at CJ CGV, stated, “As digital transformation accelerates, strategic and secure utilization of open source has become essential in the entertainment industry. Achieving this international standard certification highlights CJ CGV’s technical management capabilities. We will continue to deliver trustworthy services and contribute to the growth of the open source ecosystem.”
About the OpenChain Project:
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation:
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Check Out The Publicly Announced Community of Conformance:
AVL List GmbH has announced an ISO/IEC 5230 conformant program.
About AVL
AVL is a world-leading technology company specialising in development, simulation and testing in the automotive industry and other sectors such as rail, marine and energy. Through extensive research, AVL delivers concepts, technology solutions, methodologies and development tools for sustainable, safe and advanced mobility and beyond.
AVL supports international partners and customers in sustainable and digital transformation, with a focus on electrification, software, AI and automation. AVL also supports companies in energy-intensive sectors on their way to green and efficient energy generation and supply.
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
IAV GmbH has announced adoption of ISO/IEC 5230:2020 via third-party certification provided by TimeToAct. Adjacent to this, IAV and TimeToAct are collaborating with the OpenChain Project on a webinar and case study about the certification rationale and process.
“The exceptional progress of OpenChain ISO/IEC 5230 in improving trust in the open source supply chain has been felt in many industries,” says Shane Coughlan, OpenChain Project General Manager. “However, automotive is perhaps where we have had the largest and broadest impact. In a sector with a high degree of regulation, our ISO standard for open source license compliance offers a clear, effective and efficient method of containing risk. We are delighted to welcome IAV GmbH to our community of conformance, and to have had the opportunity to collaborate with our official partner TimeToAct on sharing this news with others. Our forthcoming webinar and case study adjacent to the certification provides a useful tool for other companies seeking to align behind international standards for open source business process management.”
The case study will be released and the webinar will take place at 10:00 CEST on the 16th of July. Learn more about this from the OpenChain Global Calendar on our participation page.
There is no need to register for this webinar. Simply follow the Zoom link in the OpenChain Global Calendar.
About IAV GmbH
IAV Automotive Engineering is a developer of computer app systems for the automotive industry. The company offers services in the areas of light vehicles, such as chassis, cockpit, combustion engine, E-Traction, exterior, gaseous-fuel vehicle, hybrid, interior, mobility, powertrain concept and integration, powertrain electronic, product life cycle,transmission, vehicle electronic, vehicle function, and vehicle safety services; commercial vehicles and work machines, including cabin, CO2 efficiency, driver assistance, functional architecture, powertrain, transportation and logistics, and work and agricultural machines; energy supply aspects; and methods and test facilities.
About TimeToAct
TIMETOACT GROUP modernises and integrates IT applications for upper midmarket companies, fortune 500 enterprises and the public sector, with the goal of increasing their agility, efficiency, and transparency and to reduce costs and risks. In addition, TIMETOACT GROUP designs and implements digital business models, opening up new market opportunities for its innovative customers. Its services include consulting and cloud transformation as well as data, software and system engineering in the fields of employee experience, business applications, and customer experience.
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Circle, a leading global financial technology firm and the issuer of USDC, the world’s largest, regulated U.S. dollar-backed stablecoin, has announced an OpenChain ISO/IEC 5230 conformant program. ISO/IEC 5230 is the international standard for open source license compliance, and provides a clear, globally recognized way to run a quality program to ensure effective, trustable supply chain management.
Circle enables businesses of all sizes to harness the power of digital currencies, public blockchains and open-source technologies for payments, commerce and financial applications worldwide. Circle’s payment stablecoins – USDC and EURC – and platforms are helping to build a new financial system that moves at internet speed, scale and cost.
“Circle is at the forefront of bringing open internet software into the world of money,” said Trevor Baker, VP Technical Operations. “A digital dollar like USDC is a key technology that supports businesses, developers, and the future of payments. The OpenChain certification represents Circle’s commitment to maintaining the highest compliance standards for open source technology in the financial arena.”
“The OpenChain certification journey was an incredible return on investment by streamlining our open source processes,” stated Jeff Tang, Circle’s Chief Intellectual Property Counsel. “Circle is excited to help raise the bar in blockchain development.”
“Adopting ISO/IEC 5230 is fast becoming a litmus test for commitment to industry best practices around open source,” says Shane Coughlan, OpenChain General Manager. “I am delighted to see Circle take leadership in this area, and to provide a strong signal to the FinTech market regarding effective management of open technology. They join companies like KakaoBank in working with our standards, and I look forward to collaborating with the Circle team on next steps for the financial supply chain.”
About Circle Internet Financial, LLC
Circle is a global financial technology firm that enables businesses of all sizes to harness the power of digital currencies and public blockchains for payments, commerce and financial applications worldwide. Circle is the issuer of USDC and EURC – highly liquid, interoperable and trusted money protocols on the internet. Circle’s open and programmable platform and APIs make it easy for organizations to run their internet-scale business, whether it is making international payments, building globally-accessible Web3 apps or managing their internal treasury. Learn more at https://circle.com.
