The OpenChain Telco SBOM Guide

The telecommunications industry operates in a complex ecosystem where security, compliance, and interoperability are critical. With the increasing reliance on open source software, ensuring transparency and quality in Software Bill of Materials (SBOMs) has become a priority. This is where industry-driven harmonisation efforts play a transformative role, offering a structured approach to SBOM quality and completeness. The OpenChain Telco Work Group has developed the OpenChain Telco SBOM Guide, that provides a clear framework for generating high-quality, standardised SBOMs, helping organisations streamline compliance, improve security, and manage open source risks more effectively. 

SCANOSS  has now incorporated these Telco guides on their SPDX reports, enabling companies to generate SBOMs that fully comply with these standards. “By leveraging our Software Intelligence solutions, organisations can efficiently produce standardised SBOMs without compromising accuracy or completeness, ensuring seamless integration into existing workflows,” said SCANOSS CEO, Alan Facey. 

Standardisation is essential for ensuring interoperability across the software supply chain. Nokia has embraced the OpenChain Telco SBOM schema as the foundation for its own internal framework. According to Gergely Csatári, Senior Open Source Specialist at Nokia, "to ensure the interoperability of SBOMs both internally and in our external interfaces, there is a need for harmonisation of both completeness, quality, and content." By harmonising SBOMs structures companies can enhance collaboration with vendors and customers while maintaining a consistent approach to compliance and security.

For Nokia, adopting the Telco SBOM Guide has significantly improved internal workflows. The company has aligned its internal SBOM schema with the guide to ensure seamless interoperability across systems and external partners. Additionally, by requiring vendors to comply with the format, Nokia can maintain a unified and reliable approach to open source compliance and vulnerability management across their supply chain. 

Looking ahead, the widespread adoption of standardised SBOM formats will be essential to improving transparency and reducing risk across the software supply chain. “The OpenChain Telco SBOM Guide does a remarkable job in providing to the industry a shared direction,” said Julian Coccia, CTO at SCANOSS. “It represents an outstanding complement to the OpenChain 2.1, ISO/IEC 5230:2020 that provides a simple, clear and effective process management standard for open source license compliance. By integrating support to the schema described in this Guide directly into our tools, SCANOSS makes it easy for organizations to adopt these guidelines efficiently.” 

SCANOSS plays a crucial role in this transition, helping organisations prepare for the future of open source management with confidence. To mitigate the risks of security vulnerabilities, operational disruptions, and reputational damage, telcos must prioritise SBOM standardisation and quality. Security threats from untracked vulnerabilities, inefficiencies caused by incomplete SBOMs, and potential reputational harm from breaches all underscore the need for a reliable solution.

SCANOSS provides a comprehensive solution that enables organisations to enhance security, streamline operations, and build trust across the software supply chain with confidence.