We held our regular workshop for the OpenChain AI Work Group on April 1st. It was a two-hour session focused on finalizing a Guide to AI Bill of Material Compliance in the Supply Chain. The draft is reaching its final stages, and is expected to be ready by June.
You can follow and contribute to the work of the OpenChain AI Work Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
As well as our usual news and updates (you can check out the slides in our regular place), we had Ana from TODO Group as a special guest! She gave us an update on their latest activities in the world of Open Source Program Offices (OSPO), and we had a chance to chat, ask questions, and share other news.
One of the most powerful parts of the open source community, and organizations like The Linux Foundation, is providing a way for projects not only to grow but also to share. By supporting each other, and collaborating on events, material or code, innovation gets to more people, more quickly.
Coming Next:
We have a lot to do. The Freeze Period for proposed updates to ISO/IEC 5230 and ISO/IEC 18974 is over, so it’s time for formatting and handover to the Steering Committee. Meanwhile, the Education Work Group is about to dive into some pretty cool updates to existing material. It looks like our training course and the capability model will be first.
Everyone is welcome to be part of the Education Work Group and build reference material for open source process management. You can join the mailing list here: https://lists.openchainproject.org/g/education
As always, we focused on the question of “how do we use SBOMs in production, large-scale and complex supply chains?” We are dealing with the reality of supply chains with many participants who have different levels of skill, use different formats, and perhaps follow different regulations or policies.
Our SBOM Study Group brings all our various SBOM-related activities together and helps answer the question of “how do we use SBOMs in production, large-scale and complex supply chains?” Our original kick-off call has all the details.
QNAP Systems, Inc., a leading computing, networking, and storage solutions innovator based in Taipei, has announce and OpenChain ISO/IEC 5230 conformant program.
About QNAP
QNAP (Quality Network Appliance Provider) is devoted to providing comprehensive solutions in software development, hardware design and in-house manufacturing. Focusing on storage, networking and smart video innovations, QNAP now introduce a revolutionary Cloud NAS solution that joins our cutting-edge subscription-based software and diversified service channel ecosystem. QNAP envisions NAS as being more than simple storage and has created a cloud-based networking infrastructure for users to host and develop artificial intelligence analysis, edge computing and data integration on their QNAP solutions.
About the OpenChain Project:
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation:
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Open source software providers are facing a triple threat: tightening US and EU regulations, rising IP litigation, and the risks introduced by Gen AI. Soon, your board—and your customers and suppliers— might be asking that you have specific insurance that actually covers OSS-related liabilities. But, does such insurance exist? Does it work? And how should it work?
Historically, insurers have struggled to grasp OSS risks, offering inadequate or unclear coverage. Now, a new wave of insurance solutions is emerging, informed by OpenChain standards and best practices.
Join this session to explore how the insurance industry is evolving, what new OSS-specific coverage looks like, and how you can help shape it to meet the real needs of the open source community.
We start on 2025-04-22 @ 08:00 UTC / 09:00 BST / 10:00 CEST / 16:00 CST / 17:00 KST / 17:00 JST
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
This time we discussed strategic matters like next steps in our existing ISO standards, board strategy discussions underway, and community considerations. We also took a look at two items from sister projects related to project health and security:
We will be following up on the activities outlined above on the mailing lists, and we will continue our regular series of calls and meetings throughout the year.
The OpenChain Telco Work Group is in the final stages of preparing Version 1.1 of the Telco SBOM Guide, an industry-specific but adaptable guide to addressing the question of SBOM quality in the supply chain. Learn more in their latest meetings.
Be part of this:
You can get involved with the OpenChain Telco Work Group through their dedicated mailing list. At this link, you will also find connections to other working groups around the world:
Please note: you do not have to be an expert in telecommunications or work for a telecommunications company to join the group. Work on subjects like the Telco SBOM Quality Guide is intended to also help other market sectors.
This meeting featured a special presentation by Jeronimo Ortiz of SCANOSS. It provided an overview of the open source SCA tooling and technologies that SANOSS has open sourced and maintains, and looked at some of the user guides and documentation to reduce the adoption effort.
In addition, Jeronimo demoed how to make use of the osskb.org service from Software Transparency Foundation at scale using GitHub Actions, and how you can leverage scanoss.py to make use of such a service for detecting open source at file and snippet level, getting license and copyright information, or creating simple and quick SBOMs in different formats.
The presentation also included an overview of the work being done to integrate osskb.org with well known tools like ORT or FOSSology.
An introduction to DeepSeek, its technical highlights, its history, its company, and its vision. The main presentation for this webinar will be by Jerry Tan, a long-time contributor to the open source ecosystem in China.
Join using this link up to ten minutes before the official start:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
