The Linux Foundation Projects
Skip to main content
Category

News

OpenChain Newsletter #79

By Monthly Newsletter, News

Newsletter – Issue 79 – June 2025

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

News:

Note: This newsletter usually only contains primary meetings. Some community meetings are not recorded or are released through other channels.

Read Previous Newsletters:

AI Usage:

This newsletter is created by using a template, curating links from a month of OpenChain news posted on the blog and using these prompts on Google Gemini (free version) to fill out the central news:
  • “summarize the following newsletter for folks interested in the open source compliance to learn the latest changes in the space and find possible items that can act on.”
and
  • “include the links in this newsletter”
The newsletter is then subject to an edit cycle. If you spot any errors we missed, please contact us.

Webinar: Unlocking Potential – Case Study on ZF’s ISO/IEC 5230 Third-Party Certification with TIMETOACT

By community, legal, licensing, News, standards, Webinar

The OpenChain Project held a webinar on the 29th of July 2025 to provide a case study on how ZF – one of the world’s largest automotive suppliers – collaborated with TIMETOACT to obtain third-party certification for OpenChain ISO/IEC 5230.

Abstract:

This case study is suitable for organizations new to the OpenChain standards, organizations in the process of adopting the standards, or organizations reviewing how others met this milestone in open source process management. It will be structured as a series of short section presentations that provide:

  • A brief introduction to ISO/IEC 5230
  • The importance of ISO/IEC in the automotive industry
  • ZF’s certification journey
  • Forming an OSPO
  • Steps taken to accomplish ISO/IEC 5230 certification
  • Challenges faced
  • Role of TIMETOACT in the certification process
  • Gap analysis with TIMETOACT and ZF
  • How ZF used OpenChain and InnerSource Commons resources
  • Lessons learned
  • Closing thoughts

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2025-07-29.

RECORDING: OpenChain Mini-Summit @ Open Source Summit North America

By News

The OpenChain Project held a mini-summit during Open Source Summit North America. It featured a series of talks from OpenChain Governing Board members covering SBOM quality, compliance tooling and AI compliance guidance, before ending with a forward-looking talk about quantum encryption-related compliance challenges by our Specification Work Group chair.

Jump To Individual Talks:

OpenChain Japan Work Group – Community Day #34 in Yokohama – 2025-07-31

By News

About:

The OpenChain Japan Work Group is holding a two-day event on the 31st July ~ 1st August 2025. Our Japan Community Day #34 is kindly hosted by Mitsubishi Electric at their innovation hub in Yokohama. This event will also be broadcast live on Zoom.

Join Via Zoom:

In-person registration is closed, but you can still join via Zoom.

Day 1, 13:00 to 17:00:

Day 2, 09:30 to 11:45:

Agenda:

【DAY 1 – 7月31日(木)-】
13:00-13:30 (30分) : 三菱電機 Serendie Street(共創空間) ガイドツアー
★希望者のみ。現地参加登録の際に一緒にお申し込みください。
13:30-14:05 (35分) : House Keeping、OpenChain紹介、Shane GMによるKeynote
14:05-14:25 (20分) : 三菱電機のOSPO活動紹介
14:25-15:15 (50分) : オープンソースライセンス研究所 うっかりミス防止研究会の活動紹介
15:15-15:45 (30分) : 休憩&ネットワーキング
15:45-16:20 (35分) : FAQ-sgより、うっかりミス関連FAQ紹介
16:20-16:50 (30分) : イベントリキャップ OSS Summit NA 2025
16:50-17:00 (10分) : クロージング
17:30-19:00 (90分) : 同会場にてネットワーキング(懇親会)

【DAY 2 – 8月1日(金)-】
9:30-11:30 (120分) : Education-sg紹介、初学者向け OSSコンプライアンス教育
11:30-11:45 (15分) : 教育資料オープンレビュー

CJ CGV Announces An ISO/IEC 5230 Conformant Program

By Featured, News

CJ CGV announces that it has become the first company in the Korean entertainment industry to obtain ‘ISO/IEC 5230:2020’ self-certification, the international standard for open source license compliance. This achievement signifies that CJ CGV’s systematic open source management system has earned global recognition for its effective operation.

The OpenChain Project, which maintains this standard, is an international collaboration initiated by the nonprofit Linux Foundation in the United States. The standard comprehensively evaluates the compliance capabilities of companies, including their open source software policies and processes, organizational expertise, and employee education. The international standard (ISO/IEC 5230:2020) defines key requirements for companies to use open source safely and efficiently, covering obligations for open source license compliance.

Recognizing the growing importance of open source in building next-generation systems, CJ CGV has strengthened its management capabilities. Since 2023, the company has established an open source management system, gradually meeting the core requirements of the international standard.

To achieve this, CJ CGV designated dedicated teams and personnel for open source verification and management, formed an ‘open source council’ including legal and security experts, and set up a system to identify and manage potential risks proactively. The company also introduced its internal open source management regulations, made open source verification mandatory during system development, and implemented an automated open source management system that verifies licenses and checks for security vulnerabilities.

On July 15, during the planning and development of its new next-generation system, CJ CGV rigorously examined the safety and security of all open source components. This effort supported one of the system’s primary goals—strengthening information protection capabilities—and provided critical technical infrastructure for “CineTalk,” CJ CGV’s movie community service.

Son Jong-soo, Head of Digital Innovation at CJ CGV, stated, “As digital transformation accelerates, strategic and secure utilization of open source has become essential in the entertainment industry. Achieving this international standard certification highlights CJ CGV’s technical management capabilities. We will continue to deliver trustworthy services and contribute to the growth of the open source ecosystem.”

About the OpenChain Project:

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation:

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Check Out The Publicly Announced Community of Conformance:

COMING SOON: OpenChain Webinar – Understanding the CHAOSS Project

By News

About This Webinar:

CHAOSS is a Linux Foundation project focused on creating metrics, metrics models, and software to better understand open source community health on a global scale. This webinar will delve into how it accomplishes these goals, and how you can get involved.

Join On The 13th August @ 08:00 PDT / 10:00 CDT / 15:00 UTC / 16:00 BST / 17:00 CEST:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

RECORDING: OpenChain AI Work Group – Monthly Workshop for Europe and Asia – 2025-07-24

By News
  • We held our regular OpenChain AI Work Group meeting for Europe and Asia on the 24th of July.There were two items on the agenda:
    1. We launched a Public Comment Period for the Artificial Intelligence System Bill of Materials – Compliance Management Guide for the Supply Chain on the 7th of July. The public comment period will run for six weeks, and conclude on the 18th of August at 04:00 PDT / 11:00 UTC / 13:00 CEST / 20:00 JST. The public comment period was discussed.
    2. Assuming a successful comment period, we had some questions and discussions to plan for the formal release of the guide framed by three questions:
      (i) How should the guide be messaged to the supply chain?
      (ii) What are the “metrics for success” to measure impact?
      (iii) What is the timescale for the next phase of guide development?

Watch the Recording:

Get Involved:

Everyone is welcome to be part of this activity! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list for the AI Work Group:
https://lists.openchainproject.org/g/ai

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here:
https://www.openchainproject.org/participate

RECORDING: OpenChain SBOM Study Group – Monthly Meeting – 2025-07-23

By News

As always, we focused on the question of “how do we use SBOMs in production, large-scale and complex supply chains?”

This Meeting Discussed:

  1. News – Contributions of New Documents for SBOM Quality
  2. News – OpenChain @ Debian Conf 25
  3. Comments on the term “SBOM Document”
  4. Who should create SBOMs and how they can be created
  5. Key points regarding security considerations

Watch the Meeting:

Learn More About This Study Group:

Our SBOM Study Group brings all our various SBOM-related activities together and helps answer the question of “how do we use SBOMs in production, large-scale and complex supply chains?” Our original kick-off call has all the details.

Get Involved:

Everyone is welcome to be part of this study group! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list:
https://lists.openchainproject.org/g/sbom

💻 We have a dedicated GitHub Repo:
https://github.com/OpenChain-Project/SBOM-sg

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here:
https://www.openchainproject.org/participate

RECORDING: OpenChain AI Work Group – Monthly Workshop for North America and Europe – 2025-07-22

By News

We held our regular OpenChain AI Work Group meeting for North America and Europe on the 22nd of July.

There were two items on the agenda:

  1. We launched a Public Comment Period for the Artificial Intelligence System Bill of Materials – Compliance Management Guide for the Supply Chain on the 7th of July. The public comment period will run for six weeks, and conclude on the 18th of August at 04:00 PDT / 11:00 UTC / 13:00 CEST / 20:00 JST. The public comment period was discussed.
  2. Assuming a successful comment period, we had some questions and discussions to plan for the formal release of the guide framed by three questions:
    (i) How should the guide be messaged to the supply chain?
    (ii) What are the “metrics for success” to measure impact?
    (iii) What is the timescale for the next phase of guide development?

Watch the Recording:

Get Involved:

Everyone is welcome to be part of this activity! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list for the AI Work Group:
https://lists.openchainproject.org/g/ai

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here:
https://www.openchainproject.org/participate