OpenChain

OpenAnolis Announces Adoption of ISO/IEC 18974

jmertic — Mon, 16 Mar 2026 12:45:05 +0000

OpenAnolis officially announced that it has met the OpenChain ISO/IEC 18974 standard, becoming one of the few open-source operating system communities worldwide to receive this authoritative security accreditation. As an open-source community jointly built by enterprises, academic institutions, research organizations and individual developers, OpenAnolis has long been committed to creating a secure, reliable, and compliant digital infrastructure foundation. This certification marks a significant milestone in the community’s progress in open-source security governance.

ISO/IEC 18974, initiated by the OpenChain Project, defines the core requirements for open-source software security assurance programs, focusing on an organization’s ability to identify, respond to, and manage known security vulnerabilities such as CVEs and dependency issues. By establishing a comprehensive lifecycle security governance framework, OpenAnolis has implemented standardized processes for vulnerability monitoring, incident response, code security auditing, and software supply chain protection, ensuring trustworthiness in critical scenarios such as cloud-native environments and AI computing. The community has also developed SBOM (Software Bill of Materials) capabilities to enable transparent dependency management. With automated toolchains and AI Agents, OpenAnolis continuously performs intelligent vulnerability detection and remediation, providing strong security assurance for downstream OS distributions and industry users.

Long Qin, Chairman of the OpenAnolis Security Alliance, said: “The OpenAnolis Community’s Openchain ISO/IEC 18974 certification is of great significance to the development of the community’s security capability. In the era of integration between AI and cloud-native technologies, the security boundaries of operating systems have evolved beyond traditional patching to a holistic and proactive defense system that addresses heterogeneous computing, complex software supply-chain dependencies, and emerging threats caused by intelligent technologies. OpenAnolis will continue to invest in security innovation and work with global developers to build a trustworthy open-source ecosystem that supports the intelligent computing era.”

Liu Dapeng, Head of the OpenAnolis Standardization SIG, said: “OpenChain ISO/IEC 18974 provides open source communities with an authoritative guideline for software supply chain security governance and compliance management, laying a solid foundation for OpenAnolis to enhance collaboration efficiency and build ecosystem-wide trust. Looking ahead, the OpenAnolis Standardization SIG will continue to actively engage in OpenChain standard development under the Linux Foundation, striving to contribute OpenAnolis’ practical experience to international standards and working hand-in-hand with partners to co-create a secure, transparent, trustworthy, and thriving open source operating system ecosystem.”

About OpenAnolis

Founded in 2020, OpenAnolis is an international open-source root community for Linux server operating systems, focusing on cloud computing, edge computing, and AI computing scenarios. The community has brought together more than 1,000 ecosystem partners and released core distributions such as Anolis OS 23, providing full support for x86, ARM, and RISC‑V architectures. OpenAnolis technologies are widely deployed across cloud-native and intelligent computing fields.

About the OpenChain Project

Led by the Linux Foundation, the OpenChain Project promotes open-source license compliance (ISO/IEC 5230) and security assurance standards (ISO/IEC 18974), helping organizations establish efficient open-source compliance and security management systems. With over 1,000 global enterprise participants, OpenChain is a key international force in securing and standardizing the open-source supply chain.

About the Linux Foundation

The Linux Foundation is the world’s largest open-source collaboration platform, supporting critical infrastructure projects such as Linux, Kubernetes, and Node.js. Through standardization, community operations, and industry collaboration, it drives sustainable development of open-source technologies across software, hardware, and data domains.

OpenChain and Friends event series

board — Fri, 13 Mar 2026 07:23:47 +0000

The OpenChain project plans to facilitate regional events with local representatives of diverse Open Source Communities using #openchainandfriends (see e.g. LinkedIn ).

OpenChain and Friends events characteristics

Diversity – OpenChain and Friends events typically have the following characteristics:

Common denominator for communities and topics: Open Source and the supply chain
OpenChain workgroup and topic-structure as main skeleton of the event/meetup
Supported by OpenChain Ambassadors
Free event (ideally hosted in venue(s) provided by community members)
Typically as fringe event to global community events to join forces
Inclusive – everyone is welcome and diversity in the agenda
Open Source Community Marketplace as possibility for Community representatives to reach out for new members and contributors

Inclusiveness – The OpenChain project will try to facilitate the events with the following boundaries

Schedule should also provide young families the opportunity to participate in networking / socializing activities
Local women network inclusion
enabling the next generation of Open Source Community members (e.g. new speakers can use stage for first steps, teach Open Source handling basics, …)
Local for local (local communities meeting local attendees ideally in the local language, but english as fall-back for international attendees)

Efficieny – As community driven events the OpenChain Project tries to be as efficient as possible

In-person (no live-streaming, no recordings as a default)
Quality over quantity (no pressure to have huge number of attendees)
Webinar-follow-ups as additional online offering for speakers
Optional: Accompanying Blog

Upcoming OpenChain and Friends events

OpenChain and Friends Stuttgart 2026: https://openchainproject.org/news/2025/12/09/openchain-and-friends-2026

CJ OliveYoung Becomes the First in the Korean Beauty Industry to Declare Open Source International Standard Certification

jmertic — Tue, 10 Mar 2026 15:34:39 +0000

Olive Young becomes the first in the domestic health and beauty (H&B) industry to declare the open source international standard ‘ISO/IEC 5230:2020’ certification.
Proves the security and transparency of its open source management system… Lays the foundation for securing reliability for its overseas services.
“As the leading K-beauty platform, we will continue to advance our open source management system in accordance with global standards.”

CJ Olive Young (hereinafter “Olive Young”) announced on the 9th that it has declared the open source international standard ‘ISO/IEC 5230:2020’ certification, marking a first in the domestic health and beauty (H&B) industry.

‘ISO/IEC 5230:2020’ is the sole international standard that evaluates a company’s open source license compliance system and management capabilities. Open source refers to publicly available source code that anyone can use freely. While it offers the advantage of reducing development costs and time, its transparent nature can also expose security vulnerabilities, making it crucial to strictly adhere to relevant license regulations. Accordingly, the certification is awarded only to companies that meet the criteria through a comprehensive evaluation of their compliance capabilities, including open source software policies and processes, the expertise of dedicated organizations and personnel, and relevant training.

This certification is highly significant as it officially recognizes that the security and transparency of Olive Young’s open source management system—as the company leaps forward as a ‘global beauty-tech platform’—fully meet international standards. As Olive Young accelerates its global expansion, including the opening of its first offline store in the U.S. this coming May, this achievement is expected to serve as a pivotal momentum in enhancing the stability and reliability of its services overseas.

Olive Young has been meeting the criteria for this international standard by establishing a robust open source management system since 2023. The company designated a dedicated organization and personnel for open source verification and management, and formed an ‘Open Source Council’ to establish a systematic approach for identifying and managing potential risk factors. Furthermore, it implemented internal open source management regulations and a strict process that mandates open source verification during system development. It also currently operates an automated system for verifying open source licenses and inspecting security vulnerabilities.

An official from Olive Young stated, “This certification is an acknowledgment of Olive Young’s proactive efforts, including the nurturing of IT talent and the establishment of an internal management system.” The official added, “As the representative platform for K-beauty, we will continue to advance our open source management system in strict alignment with global standards.”

Our New Executive Director for OpenChain

board — Thu, 05 Mar 2026 11:43:18 +0000

New Executive Director of OpenChain Project

We are pleased to announce that Mary Meixia Wang has joined the OpenChain Project as our new Executive Director.

We extend our sincere gratitude to our board members and contributors for their continued dedication and support. We would also like to recognize the pioneering leadership of Shane Coughlan whose vision and commitment have been instrumental in establishing OpenChain’s global success.

Mary Wang brings extensive experience in software development and open source governance, with particular expertise in the telecommunications and automotive sectors. Her leadership will be vital as we continue to advance our mission: to build a supply chain in which open source is delivered with trusted and consistent process management information.

Under Mary’s guidance, we are confident that OpenChain will further strengthen its global impact, expand cross-industry adoption, and drive practical innovation aligned with the evolving open source ecosystem.

Please join us in welcoming Mary to her new role. We look forward to the next chapter of OpenChain’s journey and will share further updates in the months ahead.

OpenChain and Friends Stuttgart 2026

board — Tue, 03 Mar 2026 13:46:19 +0000

“OpenChain and Friends” is an in-person community event focused on open source software supply chain management, compliance, and collaboration. It’s organized by the OpenChain Project in partnership with local and international communities, such as The FOSS-LÄND Community. The event takes place in Stuttgart, Germany and gathers people working with open source across different industries.

A preliminary schedule is available on the event website: OpenChain and Friends in Stuttgart 2026

Please register for this free in-person event on the 24^th , 25^th and 26^th of march 2026 in Stuttgart and regularly visit our event website to monitor the progress or even get involved yourself!

Hitachi Energy achieves OpenChain (ISO 5230) Certification, reinforcing commitment to Open Source excellence

rchauhan — Tue, 27 Jan 2026 14:42:29 +0000

Hitachi Energy is proud to announce that it has achieved OpenChain (ISO 5230) certification, the leading global standard for open source compliance. This milestone underscores our dedication to delivering products that meet the highest standards of quality, security, and transparency.

By attaining ISO 5230 certification, Hitachi Energy demonstrates a mature and reliable open source compliance program that partners and customers can trust. This achievement reduces legal and operational risks, streamlines documentation, and ensures consistent, well-governed use of open source technologies across our organization. It also strengthens our position in global supply chains, where ISO 5230 certification is increasingly recognized as a mark of professionalism and readiness for evolving regulatory requirements such as the Cyber Resilience Act. The certification brings tangible benefits to our customers and partners. It enables faster collaboration and onboarding, minimizes audit requirements, and ensures predictable, high-quality products through standardized and repeatable compliance processes. Ultimately, it reflects our commitment to building trust and fostering strong relationships throughout the technology ecosystem.

Achieving OpenChain certification is more than a milestone, it is a statement of our ongoing dedication to responsible open source use, industry best practices, and continuous improvement. Hitachi Energy remains focused on driving innovation while maintaining the highest standards of governance and security across all our products and services.

About the Bureau Veritas:

Bureau Veritas is a globally recognized leader in inspection, conformity assessment, and certification services, with a presence in countries worldwide.

Founded in 1828, it supports clients in improving performance through innovative solutions and services aimed at verifying that products, assets and processes meet mandatory and voluntary standards in quality, health and safety, environment and social responsibility (QHSE-SA).

Bureau Veritas offers a comprehensive cybersecurity services portfolio, leveraging global expertise to ensure a consistent customer experience across all areas of cybersecurity.

About the OpenChain Project:

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation:

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Check Out The Publicly Announced Community of Conformance:
https://openchainproject.org/community-of-conformance

Panasonic Automotive Systems Announces OpenChain ISO/IEC 5230 Conformance

Shane Coughlan — Mon, 22 Dec 2025 13:00:15 +0000

Today Panasonic Automotive Systems has announced an OpenChain ISO/IEC 5230 conferment program. As a leading Tier 1 automotive supplier, Panasonic Automotive Systems is at the forefront of both using and effectively managing open source technology.

“During the certification process, we worked to improve the reliability of our OSS usage and products by structuring OSS utilization processes and building a highly secure management system.” said Masashige Mizuyama, Executive Vice President and Chief Technology Officer at Panasonic Automotive Systems. “We have actively contributed to the industry by promoting the standardization and open-sourcing of VirtIO, an open-source virtualization technology. Taking this certification as an opportunity, we will continue to provide high-quality and highly reliable solutions leveraging OSS, and contribute to the expansion and sustainable growth of the open source ecosystem in the in-vehicle device industry.”

“We are delighted to welcome Panasonic Automotive Systems into our community of conformance,” says Shane Coughlan, OpenChain General Manager. “Adoption of OpenChain ISO/IEC 5230 has been exceptional across the automotive supply chain, and the influence and inspiration provided by Tier 1 adoption cannot be overstated. We look forward to working with the Panasonic Automotive Systems team in the months and years ahead.”

About Panasonic Automotive Systems Co., Ltd.:

Panasonic Automotive Systems Co., Ltd., (PAS) was launched on April 1, 2022 as an operating company responsible for the automotive systems business in line with the start of the Panasonic Group’s operating company system, and on December 2, 2024 the company moved to a management structure in which 80% of its shares are held by the funds managed by an affiliate of Apollo Global Management, Inc. and 20% by Panasonic Holdings Corporation.

Headquartered in Japan, PAS is a global company with subsidiaries in eight other countries and, as a Tier 1 company, it provides advanced proprietary technologies such as infotainment systems to automakers in Japan and overseas, helping to create comfortable, safe, and secure automobiles. PAS is committed to meeting the expectations of its customers around the world with technologies that stand by people in pursuit of its corporate vision of becoming the “Joy in Motion” design company. To learn more about our company, please visit https://automotive.panasonic.com/en

About the OpenChain Project:

About The Linux Foundation:

Check Out The Publicly Announced Community of Conformance:
https://openchainproject.org/community-of-conformance

Save the date for our next OpenChain and Friends event in 2026!

rchauhan — Thu, 18 Dec 2025 11:02:47 +0000

After a successful first #openchainandfriends – event this year, we plan to have our next event for 2026.

So mark the 24^th , 25^th and 26^th of march 2026 in your calendars and prepare to join us in Stuttgart and talk about “Supply Chain (Chances and) Risk Management and beyond!”

We enhance our open source process management and automation topics with a dedicated stream for Open Source education and will have additional topic streams about Artificial Intelligence, CyberSecurity and Digital Sovereignty. We will explore Automotive / SDV and Embedded and OpenHW topics and discuss potential Open Source business opportunities for small- and medium-sized enterprises.

The program is collaboratively developed by the contributing communities so please regularly visit our event website to monitor the progress or even get involved yourself!:

https://openchainproject.org/news/2025/12/09/openchain-and-friends-2026

Big thanks to our friends at The FOSS-LÄND Community (https://github.com/the-foss-laend) for helping to make this happen and also supporting us again in the next year.

Registration will open in early January – Stay tuned!

We wish everyone a great holiday season and hope to see you in our event in 2026!

RECORDING: OpenChain Monthly Specification and Education Call (North America – Europe) – 2025-12-10

Shane Coughlan — Wed, 17 Dec 2025 06:26:01 +0000

We Discussed:

Lead by Chris Wood (Chair, Specification Work Group) and Martin Yagi (Chair Education Work Group), the call covered the following topics:

Survey results around the OpenChain ISO standards, the final draft of the new online training course material, and next steps to encourage community feedback.

Watch the Recording:

Check out the Meeting Slides:

https://github.com/OpenChain-Project/Meeting-Minutes/tree/main/Slides/2025

Coming Next:

A ton of work pending on education, and a survey to be released for the spec. Expect a strong focus on looking at what we have accomplished, looking at feedback, and making it better.

Join Our Work:

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate

RECORDING: OpenChain AI Work Group – Monthly Workshop for Europe and Asia – 2025-12-10

Shane Coughlan — Wed, 17 Dec 2025 06:11:00 +0000

Our regular OpenChain AI Work Group Asia Sync took place with participants from Europe and Asia, and with a focus on discussing next steps with the AI System Bill of Materials Compliance Guide. We are encouraging more market feedback to inform future development.

Watch the Recording:

Get Involved:

Everyone is welcome to be part of this activity! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

We have a dedicated mailing list for the AI Work Group: https://lists.openchainproject.org/g/ai

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here: https://www.openchainproject.org/participate