Open source governance is a key strategic topic when building open source programs. It has developed significantly in recent years with the emergence of OpenChain ISO 5230 as a process management standard and SPDX ISO 5962 as a software bill of materials. Recent discussions around security and supply chains, including work by NTIA and the US Government Executive Order, underline how important this matter is in policy as well as business.

This talk will explore the landscape and provide specific examples of how Linux Foundation Projects have become central in discussing the future of open source governance in the Context of Compliance and Security for open source programs.