News

The OpenChain Korea Work Group has created and published ‘A Handbook for Software Supply Chain Security in the Telco Industry.’  This handbook offers practical, step-by-step guidance for organizations in the telecommunications industry to implement the ‘OpenChain Telco SBOM Guide.’ It provides implementation plans and use-case scenarios tailored to each stakeholder, helping organizations establish effective SBOM management systems and strengthen their software supply chain security.

“It is hard to overstate the importance of this handbook and what it means,” says Shane Coughlan, OpenChain General Manager. “Guides, specifications and training material all link together with the community, and take organizations from uncertainty to understanding. This publication is a huge contribution to help with the adoption and use our SBOM quality work. As global regulatory requirements around security and product liability increase, such resources will be key to the efficient and effective use of open source.”

Huge thanks to Haksung Jang and all the rest of the community for making this happen!

Get it here:
https://openchain-project.github.io/OpenChain-KWG/en/guide/telco_sbom/

We are delighted to announce that Haksung Jang, Chair of the OpenChain Korea Work Group, has contributed a Korean translation of the OpenChain Telco SBOM Guide, Version 1.1.

What is the OpenChain Telco SBOM Guide?

The OpenChain Telco SBOM Guide aims to outline certain requirements related to how an entity creates, delivers, and consumes Software Bill of Materials (SBOM), so that entities that produce and/or consume SBOMs that conform to this guide can ensure repeatability and streamlining of tools and processes for generating and consuming SBOMs.

This guide is designed to work on a per SBOM level: an entity can use it as its sole way of delivering SBOMs but it is the individual SBOM that the guide refers to, not the entity that provides the SBOM. An SBOM using this guide can be called “OpenChain Telco SBOM Guide Compatible.”

Get The Korean Translation:

You can access it in the OpenChain Telco Work Group’s GitHub repo:
https://github.com/OpenChain-Project/Telco-WG/blob/main/OpenChain-Telco-SBOM-Guide_KR.md

Get Even More Translations:

Get the English, French, Japanese and Traditional Chinese versions here:
https://github.com/OpenChain-Project/Telco-WG

Watch the Recording:

Check out the Meeting Slides:

• https://github.com/OpenChain-Project/Meeting-Minutes/tree/main/Slides/2025

Check Out The Presenter Slides:

Join Our Work:

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate

Video Overview Of The Work Group:

The OpenChain Tooling Work Group:

The OpenChain Tooling Work Group meets bi-weekly to discuss open source tooling for open source compliance. It covers license compliance, security compliance and regulatory compliance matters. Everyone is welcome to be part of the discussion, and you can always find the next scheduled meetings on the OpenChain Global Calendar: https://openchainproject.org/participate

Making It Easier To Participate:

The Tooling Work Group is one of the oldest activities, and it hosts its calls on a BigBlueButton instance on a Free Software Foundation Europe (FSFE) server. This is because Zoom, the default app used by Linux Foundation, is often not permitted in European companies, and the founding companies of the Tooling Work Group are based in Europe. The BigBlueButton instance records all the public OpenChain Tooling Work Group calls. You can log in (URL: https://conf.fsfe.org/b/compliance-tooling and meeting code: 199143 ) to view all those recordings.

However, we are always looking at ways to make it easier to be part of OpenChain Project activities. We are now also beginning to mirror the Tooling Work Group calls on the main OpenChain Project YouTube channel. We are starting with publishing the 2025 call series (so far). Over time, we plan to make all the legacy recordings available on that channel.

Please note: we have published some Tooling Work Group calls on the YouTube channel before. This is about moving from an ad-hoc to a more complete previous, and it an example of another small step towards sharing even more knowledge in even easier and more accessible ways.

You will find copies of the this year’s meetings below. We will also be posting backdated individual posts on the OpenChain newsfeed to aid with time-based searches and discovery.

OpenChain Tooling Work Group – 2025-02-20:

OpenChain Tooling Work Group – 2025-03-05:

OpenChain Tooling Work Group – 2025-03-20:

OpenChain Tooling Work Group – 2025-05-07:

OpenChain Tooling Work Group – 2025-05-21:

OpenChain Tooling Work Group – 2025-07-02:

Be Part of This:

Everyone is welcome to be part of the OpenChain Tooling Work Group. You can join the mailing list here: https://groups.io/g/oss-based-compliance-tooling

FAQ:

Q:

Why are some recordings missing?

A:

Not every call is recorded. Some are under Chatham House Rule or attendees express discomfort in being recorded. You will generally find recordings for calls with presentations / guest speakers.

Help Share Best Practices:

We publish a slide deck to help our community share information about the OpenChain Project, our standards, our community and our reference material. The slides are updated about once every month, and can be remixed to talk with different audiences about building a more trusted supply chain.

Download the Latest Slides:

You will always find our project overview slides in our reference library.

• https://github.com/OpenChain-Project/Reference-Material/tree/master/OpenChain-Promotion-Material/OpenChain-Overview-Presentations/en

We have our monthly Europe / Asia call tomorrow (2025-07-16) @ 08:30 UTC / 09:30 BST / 10:30 CEST / 16:30 CST / 17:30 JST + KST

• We will cover activity in the Education Work Group
• We will cover formal outcomes in the Specification Work Group
• We will check out the AI Compliance Guide Public Comment Period
• We will hear about what’s happening with the SPDX Operations Profile

In other words, lots of standards, processes and reference material. This goes beyond news, and into impactful action items underway across our community.

Be part of this. 🙂

Join here:

https://zoom-lfx.platform.linuxfoundation.org/meeting/98605614769?password=dd739f3e-5991-4c87-b428-39a7b550ca0d

About Our Work Group:

The OpenChain Tooling Work Group holds meetings on a bi-weekly schedule. They allow anyone with an interest in open source tooling for license, security or other compliance matters to learn, share and collaborate. All levels of experience are welcome.

Next Meeting:

Our next meeting takes place on the 16th of July 2025 at 17:00 CEST (15:00 UTC).

Dial-In:

• https://conf.fsfe.org/b/compliance-tooling
• Access Code: 199143

Join Our Mailing List:

• https://groups.io/g/oss-based-compliance-tooling

The OpenChain Project will hold a webinar on the 29th of July 2025 to provide a case study on how ZF – one of the world’s largest automotive suppliers – collaborated with TIMETOACT to obtain third-party certification for OpenChain ISO/IEC 5230.

2025-07-29 @ 07:00 UTC / 08:00 BST / 09:00 CEST / 15:00 CST / 16:00 KST + JST

Join at the start time using this link:
https://zoom-lfx.platform.linuxfoundation.org/meeting/91433079580?password=a677a4f4-2af5-4453-8ec9-07dcc28f9656

Abstract:

This case study is suitable for organizations new to the OpenChain standards, organizations in the process of adopting the standards, or organizations reviewing how others met this milestone in open source process management. It will be structured as a series of short section presentations that provide:

• A brief introduction to ISO/IEC 5230
• The importance of ISO/IEC in the automotive industry
• ZF’s certification journey
• Forming an OSPO
• Steps taken to accomplish ISO/IEC 5230 certification
• Challenges faced
• Role of TIMETOACT in the certification process
• Gap analysis with TIMETOACT and ZF
• How ZF used OpenChain and InnerSource Commons resources
• Lessons learned
• Closing thoughts

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

• https://www.openchainproject.org/webinars

This OpenChain Webinar will be broadcast on 2025-07-29.