Open source has long been a central component of modern software development
but the landscape of associations, standards, and initiatives is complex.

This page provides an overview of the most important organisations, standards, and security agencies in the open source environment. The selection includes international committees, political initiatives, and technical standardisations that are relevant for compliance, security, and sustainable open source management. The aim is to provide you with a quick overview—from industry associations such as Bitkom to international standards such as OpenChain and SPDX to security databases such as NVD and EUVD.
This allows you to stay up to date on the most important developments, guidelines, and contacts related to open source.

Associations & Interest Groups

Organisations that connect open source communities, companies, and politics or set guidelines

bitkom_logo

Bitkom Open Source

German Digital Association with working groups on open source.

openchain_Logo

OpenChain

Cross-industry standard for open source compliance processes (ISO 5230, ISO 18974).

OSADL_logo

Open Source Automation Development Lab

Association for the promotion of open source in industrial automation.

todo_logo

TODO group

Association of open source program managers from large companies.

fsfe_logo

Free Software Foundation Europe

Non-profit organisation promoting free software in Europe.

Open Source Organisation & Political Initiatives

Non-profit or multi-stakeholder organisations that promote open source at the political or social level

sfc_logo

Software Freedom Conservancy

Non-profit organisation that provides legal and organisational support to open source projects.

ofe_logo

OpenForum Europe

Think tank for open digital standards and political advocacy in the EU.

STA_logo

Sovereign Tech Agency

German agency for the promotion of digital sovereignity and open source techologies.

Osi_logo

OSI

International organisation that manages the definition of "open source" and certifies licences.

Security and Standardisation Bodies

Institutions and initiatives for security, standardisation, and compliance in the open-source context

BSI_Logo

BSI

National authority for IT security and cyber defense in Germany.

SPDX_logo

SPDX

Open standard for describing software components and licences. 

Cyclon_logo

CyclonDX

Standard for Software Bill of Materials (SBOM) with a focus on security.

enisa_Logo

European Union Vulnerability Database

EU-wide vulnerability database for harmonising IT security information.

NIST_logo

National Vulnerability Database

US government vulnerability database maintained by NIST.