OpenChain is the international standard for open source license compliance programs ; it has been created by a joined effort of the community. The OpenChain project has several work groups. The Telco work group was formed to create a recommendation for an SBOM format to be exchanged between telecommunication companies, their suppliers and customers.

The result is the "OpenChain Telco SBOM Guide" that describes what a quality SBOM should contain and how and when it should be distributed. It includes industry standard requirements like "NTIA SBOM Minimum elements" and PURL. Although developed by telcos, it is generic and can be used by other industries.

Translations of the guide are available in French, Japanese and Chinese to facilitate its adoption worldwide.

The OpenChain Telco SBOM Guide is used by Nokia as a basis for its SBOM format. Nokia provided an open source tool to validate SBOMs against the guide. The talk will discuss lessons learned from implementing the Guide at Nokia.

The OpenChain Telco SBOM Guide is available at https://github.com/OpenChain-Project/Telco-WG/blob/main/OpenChain-Telco-SBOM-Guide_EN.md

The validator is available at https://pypi.org/project/openchain-telco-sbom-validator/ The source code is available at https://github.com/OpenChain-Project/Telco-WG/tree/main/tools/openchain_telco_sbom_validator under Apache-2.0 license.