OpenChain Project

Most people know the OpenChain Project as the home of ISO/IEC 5203 (the international standard for open source license compliance) and ISO/IEC 18974 (the international standard for open source security assurance). Some people know us for our work around SBOM (for example, the Japan Work Group created the "SPDX Lite" part of SPDX SBOM). Some people know us for our new work in spaces like AI Compliance. But did you know about the OpenChain Onsen Study Group chaired by Norio Kobota of Sony?

Some years ago in Hong Kong, key figures from OpenChain and the Chinese community met for dinner. Here the seeds were planted for future sharing, and this directly lead to regular OpenChain Work Group meetings in China. Join our activities (anywhere): https://hubs.la/Q02VqHnP0

Not a panacea: a nuanced take on the challenges of SBOM for open source compliance. This type of talk provides a bridge between understanding a task, a tool to assist and the realities of implementation. The Linux Foundation SBOM Summit was filled with such insight and helpful, practical consideration of using SBOM in the supply chain.

So many key contributors to the OpenChain Project community ❤️

And that's a wrap! Open Source Summit Japan contained a wide (wide) range of tracks covering everything from code creation to IP management. It was also a wonderful networking opportunity. A big thank you to the organizers. OpenChain will be there again next year.

During The Linux Foundation Open Compliance Summit and SBOM Summit in Tokyo, Oscar Valenzuela gave three excellent talks around different aspects of managing open source processes, compliance, automation and scaling. The talk with Diego Jorquera was a great conversation-starter early in the event cycle. We are fortunate to have such international speakers come over and network with our local community contributors. With strong representation from China, Japan and Korea, the conference week provided a solid bridge between open source in the Americas, Europe and Asia. (big thanks to Linux Foundation Japan for all their local coordination!)

高(Gao)琨（King）( Shanghai Sectrend Information Technology Co., Ltd.) , Tony Yang (openEuler) and Shane Coughlan (OpenChain Project) had a chance to catch up at The Linux Foundation Open Compliance Summit. This event, focused on sharing knowledge around open source license, security and other compliance topics, is held once a year in Tokyo. We had a very international audience this year, and an excellent roster of speakers. A big thank you to everyone involved.

A mysterious cluster during a recent OpenChain Project event in Korea. What could be happening? Someone brought sweets. 😜 Open source process management is challenging and intense. With a community, we share the burden, and add a little fun. Join us: https://hubs.la/Q02VqPBw0

When we think about Software Build of Materials, we are looking at what might be a multi-dimensional space consisting of hierarchy, linking, modification, export restrictions, security vulnerabilities, distribution type, versions, etc. Care must be taken when setting up the SBOMs to both list the components used and to show how they are incorporated into your products. This OpenChain Project webinar discusses how a visualization of such meta-information was implemented to display the relationships and potential risks in a quick and in easy-to-understand way. It was part of a research project funded by the Federal Ministry for Economic Affairs and Climate Protection (BMWi) and with the Bonn-Rhein-Sieg University of Applied Sciences and Bitsea GmbH. Learn more and watch the webinar: https://hubs.la/Q02WpyHk0

Driving forward open source management with new open reference material, new initiatives for modeling and new stakeholders - including those from areas like insurance.