OpenChain and Friends 2026: Driving trust and innovation in the global software supply chain

From March 24-26, 2026, Stuttgart became the hotspot for the open-source community as experts from across the globe gathered for the "OpenChain and Friends" event. This yearly returning event, co-organized by The Linux Foundation's OpenChain Project and The FOSS-LÄND Community, brought together a diverse group of specialists from industry, research, and the public sector. As an active member of the OpenChain Project and an advocate for collaborative innovation, Bosch was at the heart of the discussions, both as a participant and host for several topic streams. Besides the main event location at the Bosch Supply Chain Campus in Feuerbach, several sessions took place at Mercedes-Benz Tech Innovation in Vaihingen and the Bosch Digital office in Ludwigsburg.

The event's core mission was to address a critical question: How can we enable responsible, scalable, and trusted use of open-source software across the entire supply chain? For Bosch, this is not just a theoretical question; it is a strategic imperative driven by the belief that establishing common standards for compliance is the key to building trust, reducing friction, and fostering innovation across all industries.

The three-day event was a mix of presentations, hands-on workshops, and invaluable networking, organized by, for and with the OpenSource Community. The agenda was thoughtfully curated into ten distinct topic streams, each tackling a critical facet of the modern software landscape.

Discussions on Open Source Compliance & OSPOs centered on methodologies for scaling Open Source Program Offices, automating compliance, and navigating new regulations like the Cyber Resilience Act (CRA). Directly related, the Cybersecurity stream focused on sharing best practices for securing the software supply chain, emphasizing the crucial role of Software Bill of Materials (SBOMs) and the ISO 18974 standard.

Technical deep dives shaped the conversation in several key areas. The Artificial Intelligence stream explored systematic engineering for AI systems and the development of open data platforms, while the Automotive / SDV track examined the evolution towards the Software-Defined Vehicle, with deep dives into platforms like Automotive Grade Linux and Eclipse S-Core. The Embedded and Open Source Hardware stream covered the full lifecycle of hardware, from open-source chip design to strategies for strengthening Europe's semiconductor sovereignty, while the Linux OS and beyond track provided a foundational perspective on the software supply chain from the viewpoint of the Linux ecosystem.

Broader strategic themes were also addressed, with the Digital Sovereignty & Open Source in Business stream looking at open source as a competitive advantage. Fostering community was a key theme, with a dedicated Women in Open Source stream providing a networking platform, and the Education stream focusing on developing next-generation training formats. Finally, the Cross-Innovation stream looked to the future, exploring how to mix creative industries with industrial open source to design a collaborative community roadmap.

Bosch is an active contributor to the very standards being discussed and has initiated projects like SEPIA (SBOM Exchange Procedures, Interfaces, and Architecture) within the OpenChain SBOM Workgroup. This initiative delivers open-source tooling to simplify and validate the exchange of Software Bill of Materials (SBOMs) — a critical topic at the forefront of the cybersecurity discussions.
Contributing to the development of global standards helps create a more predictable and efficient ecosystem. A shared compliance framework reduces the need to negotiate complex requirements with every partner and supplier, establishing a common set of expectations. This process can accelerate development, mitigate risk, and allow for a greater focus on engineering and innovation.