OpenAnolis officially announced that it has met the OpenChain ISO/IEC 18974 standard, becoming one of the few open-source operating system communities worldwide to receive this authoritative security accreditation. As an open-source community jointly built by enterprises, academic institutions, research organizations and individual developers, OpenAnolis has long been committed to creating a secure, reliable, and compliant digital infrastructure foundation. This certification marks a significant milestone in the community’s progress in open-source security governance.
ISO/IEC 18974, initiated by the OpenChain Project, defines the core requirements for open-source software security assurance programs, focusing on an organization’s ability to identify, respond to, and manage known security vulnerabilities such as CVEs and dependency issues. By establishing a comprehensive lifecycle security governance framework, OpenAnolis has implemented standardized processes for vulnerability monitoring, incident response, code security auditing, and software supply chain protection, ensuring trustworthiness in critical scenarios such as cloud-native environments and AI computing. The community has also developed SBOM (Software Bill of Materials) capabilities to enable transparent dependency management. With automated toolchains and AI Agents, OpenAnolis continuously performs intelligent vulnerability detection and remediation, providing strong security assurance for downstream OS distributions and industry users.
Long Qin, Chairman of the OpenAnolis Security Alliance, said: “The OpenAnolis Community’s Openchain ISO/IEC 18974 certification is of great significance to the development of the community’s security capability. In the era of integration between AI and cloud-native technologies, the security boundaries of operating systems have evolved beyond traditional patching to a holistic and proactive defense system that addresses heterogeneous computing, complex software supply-chain dependencies, and emerging threats caused by intelligent technologies. OpenAnolis will continue to invest in security innovation and work with global developers to build a trustworthy open-source ecosystem that supports the intelligent computing era.”
Liu Dapeng, Head of the OpenAnolis Standardization SIG, said: “OpenChain ISO/IEC 18974 provides open source communities with an authoritative guideline for software supply chain security governance and compliance management, laying a solid foundation for OpenAnolis to enhance collaboration efficiency and build ecosystem-wide trust. Looking ahead, the OpenAnolis Standardization SIG will continue to actively engage in OpenChain standard development under the Linux Foundation, striving to contribute OpenAnolis’ practical experience to international standards and working hand-in-hand with partners to co-create a secure, transparent, trustworthy, and thriving open source operating system ecosystem.”
About OpenAnolis
Founded in 2020, OpenAnolis is an international open-source root community for Linux server operating systems, focusing on cloud computing, edge computing, and AI computing scenarios. The community has brought together more than 1,000 ecosystem partners and released core distributions such as Anolis OS 23, providing full support for x86, ARM, and RISC‑V architectures. OpenAnolis technologies are widely deployed across cloud-native and intelligent computing fields.
About the OpenChain Project
Led by the Linux Foundation, the OpenChain Project promotes open-source license compliance (ISO/IEC 5230) and security assurance standards (ISO/IEC 18974), helping organizations establish efficient open-source compliance and security management systems. With over 1,000 global enterprise participants, OpenChain is a key international force in securing and standardizing the open-source supply chain.
About the Linux Foundation
The Linux Foundation is the world’s largest open-source collaboration platform, supporting critical infrastructure projects such as Linux, Kubernetes, and Node.js. Through standardization, community operations, and industry collaboration, it drives sustainable development of open-source technologies across software, hardware, and data domains.
