OpenChain is a Linux Foundation project that started in 2016 to promote open source license compliance and has since expanded to also address security compliance. It has a global governing board and working groups that have developed standards like ISO/IEC 5230:2020 for open source compliance and a Security Assurance Specification. OpenChain aims to continue building adoption of these standards, convert more guidance into ISO standards, and support the open source community with reference materials and translations.

1. OpenChain + LF
Standards
Making open source more predictable and sustainable

2. OpenChain Project – Trust in the Supply Chain
● Started in 2016
● First worked on open source license compliance
● Recently also worked on security compliance
● Always focused on one mission:
Building trust in the supply chain

3. OpenChain Governing Board Members

4. Global Open Chain Working Groups
Licensing Education Automation Policy Security Export Control
Local User Groups
China Japan Korea Taiwan India Germany UK US
Industry Special Interest Groups
Automotive Telco Partners

5. ISO/IEC 5230:2020

6. OpenChain Security Assurance Specification

7. Extensive Reference Material

8. What Is Coming in 2023?
Continue to build adoption of ISO/IEC 5230:2020.
Convert Security Assurance Specification into a sister ISO/IEC standard.
Explore other topics like public policy.
Develop even more reference material, translations and community support.

9. Pulling Back To The “How?”

10. Pulling Back To The “How?”

11. You Can Do This Too

12. Summary
Open source management via standards is easier than before