1.
OpenChain
Building Practical Trust in the Supply Chain

2.
We set the tone for how the supply chain works

3.
Standards and Supporting Material
Standards set the shared market approach
(OpenChain is here)
Strategy sets the organization’s approach
(we provide reference material and community)
Process, Method Tools set the organization's tactical choices
(we provide reference material and community)
Implementation sets the reality of deployment
(we provide reference material and community)

4.
$5.5+ Trillion
Market value of OpenChain Platinum Members

5.
This is the small part

6.
1,000+
Companies in the active OpenChain Community

7.
https://www.openchainproject.org/interviews

8.
https://www.openchainproject.org/get-started/participate

9.
Commercial Support?
Yes, of course

10.
License Compliance Specification

11.
License Compliance Specification
● OpenChain ISO/IEC 5230:2020 is the International Standard for open
source license compliance
● It provides a process framework to establish and run a quality open
source license compliance program
● It has been adopted across virtually every market sector

12.
Simple, Seven Pages Of Process Inflection Points

13.
Self-Certification Freely Available

14.
20%
Adoption as per PwC / Bitkom survey 2021 in
German companies with 2,000 or more employees

15.
https://www.openchainproject.org/

16.
Security Assurance Specification

17.
Security Assurance Specification
● OpenChain Security Assurance Specification 1.1 available today as a de
facto industry standard
● Submission to ISO/IEC in October 2022 via JTC-1 Publicly Available
Specification (PAS) Transposition Process
● Translation: ISO/IEC Standard for open source security circa mid-2023
● Adoption already support via self-certification

18.
Simple, Seven Pages Of Process Inflection Points

19.
Self-Certification Freely Available

20.
自助认证，等同效力，毋需费用

21.
https://www.openchainproject.org/

22.
OpenChain Telecommunications
Group SBOM Specification
[Draft v 1.0]

23.
Our Telco Work Group Is Drafting Stuff
● Jimmy wrote a sentence that manages to say “SBOM” three times:
○ This document aims to outline certain requirements related to how an entity creates,
delivers, and consumes Software Bill of Materials (SBOM), so that entities that produces
and/or consumes SBOMs that conform to this specification can ensure repeatability and
streamlining of tools and processes for generating and consuming SBOMs.
tl;dr:
The Telco people are creating a specification for how
Telco companies can adopt Software Bill of Materials
This is useful for guiding people to specific choices

24.
https://bit.ly/3s91WtI

25.
Why Should You Care?
● Industry-specific discussions tease out details
● These details tend to cross industries or inspire other discussions
● And everyone is welcome to observe or participate

26.
Dear God… This Sounds Abstract

27.
https://github.com/OpenChain-Project/Reference-Material

28.
https://www.openchainproject.org/webinars

29.
https://www.openchainproject.org/automation-webinars

30.
In Other Words…

31.
Today The OpenChain Project Provides…
● Open Source License Compliance Standard (ISO/IEC 5230)
● Open Source Security Assurance Standard (ISO/IEC mid-2023)
● Industry coverage for policy, export control, SBOM + more
● Training, education, case studies
● Place to meet your peers

32.
The Fundamental Building Blocks For Strategy

33.
www.openchainproject.org

34.
Contact Me
scoughlan@linuxfoundation.org