1.
The OpenChain Project
Telco Work Group Call 2022-02-03

2.
Antitrust Reminder
All Linux Foundation (LF) activities are subject to compliance with the LF’s Antitrust Policy. Each
individual participant and attendee at this meeting is responsible for complying with the LF
Antitrust Policy. The LF Antitrust Policy is available at the URL link below or, if applicable, may be
immediately emailed to anyone attending this meeting.
http://www.linuxfoundation.org/antitrust-policy
Participants of this meeting must NOT discuss:
• The business strategy of any Member
• Any attempts to restrict or hinder the growth or use of another industry standardization initiative
• Actual, projected or future prices, or sales terms of their products
• Marketing strategy, production capacity or release dates of their products
• Allocation of customers or customer categories for their products

3.
Telco group agenda
1. Welcome & “round the table” introduction of who is who.
2. Agree on cornerstone principles for our work on “Telco Standard SBOM” going forward. (below are my
proposals, if you would like to add further suggestion feel free to do so during the meeting or
over email).
a. We do not aim to change the OpenChain specification or fork it.
b. To implement the “Telco standard for SBOM” you need not be OpenChain conformant.
c. The solution in its entirety needs to adhere to the relevant international regulatory
requirements.
3. Is there a need for a formal Terms of Reference style document?
4. Work items: The suggestion is that we discuss some of the major points that was brought up during
our brainstorming sessions.
a. SBOM Dataformat: Suggestions so far include that the “Telco standard for SBoM” should mandate
SPDX in its latest version, SPDX in its ISO format, Cyclone DX (no version suggested), or that we
remain agnostic to the issue of dataformat.
b. File format (What should we use for the machine readable SBoM, one format or many? What format
should we use for the human readable version?) Do we want to support that these on a voluntary
basis are transactable separately from the binary/source?
c. Timing, when should the SBOM be delivered?
d. Template contract clauses to reference our “Telco Standard for SBOM”/playbooks.

4.
Legal Notice
The Linux Foundation, The Linux Foundation logos, and other marks that may be used herein are owned by The Linux Foundation or its affiliated entities, and are subject to The Linux
Foundation’s Trademark Usage Policy at https://www.linuxfoundation.org/trademark-usage, as may be modified from time to time.
Linux is a registered trademark of Linus Torvalds. Please see the Linux Mark Institute’s trademark usage page at https://lmi.linuxfoundation.org for details regarding use of this trademark.
Some marks that may be used herein are owned by projects operating as separately incorporated entities managed by The Linux Foundation, and have their own trademarks, policies and
usage guidelines.
TWITTER, TWEET, RETWEET and the Twitter logo are trademarks of Twitter, Inc. or its affiliates.
Facebook and the “f” logo are trademarks of Facebook or its affiliates.
LinkedIn, the LinkedIn logo, the IN logo and InMail are registered trademarks or trademarks of LinkedIn Corporation and its affiliates in the United States and/or other countries.
YouTube and the YouTube icon are trademarks of YouTube or its affiliates.
All other trademarks are the property of their respective owners. Use of such marks herein does not represent affiliation with or authorization, sponsorship or approval by such owners unless
otherwise expressly specified.
The Linux Foundation is subject to other policies, including without limitation its Privacy Policy at https://www.linuxfoundation.org/privacy and its Antitrust Policy at
https://www.linuxfoundation.org/antitrust-policy. each as may be modified from time to time. More information about The Linux Foundation’s policies is available at
https://www.linuxfoundation.org.
Please email legal@linuxfoundation.org with any questions about The Linux Foundation’s policies or the notices set forth on this slide.
4