The OpenChain Project aims to improve open source license compliance and security assurance through international standards. Over 1,000 companies collaborate through OpenChain to develop standards like ISO/IEC 5230 for license compliance and ISO/IEC 18974 for security assurance. Adoption of the standards is growing, with a 12% decrease in license issues and 31% of large German companies planning to adopt ISO/IEC 5230. OpenChain is working to develop new specifications and its global impact and member organizations are increasing.

1. The OpenChain Project
A Quick Summary For The FOSSLight Community Day 2023!

2. https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/ (2022)
Global Codebase Statistics
Over 93% use open source
53% have license compliance issues
81% have security issues

3. 1,000+
Companies In OpenChain Working
On A Better Supply Chain

4. Trust Built By Process Management
OpenChain ISO/IEC 5230:2020
International Standard for open source license compliance.
OpenChain ISO/IEC 18974
International Standard for open source security assurance.
High level process standards
Simple, effective and suitable for companies of all sizes in all markets
Openly developed by a vibrant user community and freely available to all
4

5. Key News Around
ISO/IEC 5230:2020

6. OpenChain Has 109 ISO/IEC 5230 Conformant
Orgs Listed On Our Website (totals are higher)
Total conformant numbers far higher.
Example: PwC Survey shows 31% of large companies in Germany use or are planning to adopt ISO/IEC 5230.

7. Recent ISO/IEC 5230 Conformance Examples
🎉

8. 12%
decrease in open source license compliance issues
since the year OpenChain ISO/IEC 5230 was published
https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/ (2022)

9. 31%
of large German companies already use or plan to adopt OpenChain ISO/IEC 5230
tps://www.pwc.de/en/digitale-transformation/open-source-software-management-and-compliance/open-source-software-current-trends-and-developments.ht

10. Key News Around
ISO/IEC 18974:2023

11. Key Developments
● ISO/IEC 18974:2023 is scheduled
for ISO publication in November
2023
● We will do plenty of PR to end the
year on this topic

12. First ISO Version Adoption Announced

13. Conformance Community Is Growing

14. What Else Is
Happening?

15. Global Impact Q1 to Q4 2023
● ISO/IEC 5230 Conformant Listed: 89 > 109 (22.48% increase)
● ISO/IEC 18974 Conformant Listed: 1 > 6 (500% increase)
● Certifiers: 7 > 13 (85.7% increase)
● Service Providers: 24 > 29 (20.8% increase)
● Vendors: 11 > 13 (18.2% increase)
● Legal Providers: 21 > 24 (14.3% increase)
● Standards maintained: 1 > 2 (100% increase)
● New specifications under proposal: 1 > 3 (200% increase)

16. The Global Community Collaborates
● We are working on the proposals for:
○ OpenChain License Compliance 3.0 (ISO/IEC 5230:2020 next gen)
○ OpenChain Security Assurance 2.0 (ISO/IEC 18974:2023 next gen)
○ OpenChain Contribution Process Management 1.0 (name TBD)
○ OpenChain Telco SBOM Specification 1.0
● These will go before the OpenChain Steering Committee in early December for
review.
● The Steering Committee will provide formal guidance on where to go next.

17. Track All This Work
● You can join our monthly North America / Europe and North America / Asia calls
every month (two meetings per month):
https://www.openchainproject.org/participate
● We publish the slides used for every meeting:
https://github.com/OpenChain-Project/Meeting-Minutes/tree/main/Slides
● We also publish a recording of every meeting:
https://www.openchainproject.org/news
● You can also join our specification mailing list to follow everything by email:
https://lists.openchainproject.org/g/specification

18. Well Done Everyone! Tell Your Friends To Join!
https://www.openchainproject.org/participate