Newsletter – Issue 79 – June 2025
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.
News:
- New Conformance Programs:
- Mercedes-Benz Research and Development India has announced an ISO/IEC 5230 Conformant Program, demonstrating a commitment to open source compliance.
- S-core has strengthened its open source security by adopting OpenChain ISO/IEC 18974. These announcements indicate growing industry adoption and focus on formalizing open source compliance and security.
- Action Item: Companies can look into pursuing ISO/IEC 5230 or ISO/IEC 18974 conformance to enhance their own open source governance and security posture.
- Updated Open Source Policy Template:
- The Open Source Policy Template has been updated, providing a valuable resource for organizations developing or refining their open source policies.
- Action Item: Review the updated template to ensure your organization’s open source policy aligns with best practices and incorporates the latest considerations.
- Recordings of Meetings and Calls:
- Recordings of the OpenChain Q2 2025 Steering Committee Meeting – 2025-06-25 and the OpenChain Monthly Specification and Education Call (Europe- Asia) – 2025-06-18 are available. These provide insights into ongoing discussions, future directions, and educational content.
- Action Item: Watch these recordings to stay informed about the strategic direction of OpenChain and learn from community discussions.
- Articles on OpenChain:
- An article titled “Reflection on yesterday – OpenChain Korea Meeting, a community of professionals (and friends)” and an External Contribution: Operationalizing Software Trust: Why OpenChain Matters! emphasize the importance of OpenChain in building software trust.
- Action Item: Read these articles to deepen your understanding of the strategic value of OpenChain and how it can be applied within your organization.
- Webinars:
- Webinars on “AboutCode – Practical Compliance in One Stack – Licensing, Vulnerabilities, and More” and “How big is the risk of using LLM-generated code from the open source license compliance point of view?” are highlighted. The latter is particularly relevant given the increasing use of AI in software development.
- Action Item: Attend or review summaries of these webinars to gain practical insights into compliance tools and navigate the complexities of AI-generated code from a licensing perspective.
- Events:
- OpenChain had a presence at OSS NA with sessions on:
- OpenChain was also at the OSPO Summit China, and we have released Keynote Slides.
- Action Item: Review the materials from these events to understand discussions around the future of OpenChain standards, community building, and the broader context of open source in enterprise software management. Look for opportunities to participate in future OpenChain events or regional user groups.
Note: This newsletter usually only contains primary meetings. Some community meetings are not recorded or are released through other channels.
Read Previous Newsletters:
AI Usage:
This newsletter is created by using a template, curating links from a month of OpenChain news posted on the blog and using these prompts on Google Gemini (free version) to fill out the central news:
-
“summarize the following newsletter for folks interested in the open source compliance to learn the latest changes in the space and find possible items that can act on.”
and
-
“include the links in this newsletter”
