OSSAPAC helps organisations across the Asia-Pacific establish robust open source processes — from compliance and vulnerability management to contribution governance and AI-ready SBOM strategies.
We help organisations establish, mature, and scale their open source governance — covering compliance, security, and community contribution.
Establish robust processes for the compliant use of open source software across your organisation. We design and implement governance frameworks tailored to your engineering workflows.
Proactively manage security risks in your open source supply chain. We help you build processes to identify, triage, and remediate vulnerabilities continuously.
Enable your teams to contribute back to open source strategically and safely. We establish the policies, processes, and culture for effective upstream engagement.
Whether you're establishing a new Open Source Program Office or maturing an existing one, we provide hands-on advisory grounded in real-world enterprise experience.
Navigate the evolving landscape of AI and open source. We help organisations understand model licensing, data governance, and build responsible AI frameworks.
Achieve ISO/IEC 5230:2020 conformance with a structured, guided programme. We take you from gap analysis through process design to audit readiness.
Practical, hands-on training designed for engineering teams, legal counsel, and leadership — available on-site or remote across APAC.
Establish or strengthen your Open Source Program Office with proven frameworks and governance structures used by leading enterprises.
Deep-dive into open source licensing — from permissive to copyleft, SPDX identifiers, SBOMs, and achieving ISO 5230 / OpenChain conformance.
Practical workshop on integrating software composition analysis tools into CI/CD pipelines for continuous compliance and vulnerability detection.
Executive briefing on open source as a strategic asset — policy creation, risk management, contribution strategies, and community engagement.
Guided programme to achieve ISO/IEC 5230:2020 conformance, including gap analysis, process design, and audit preparation.
Navigating the intersection of AI/ML and open source — model licensing, AI SBOMs, data governance, and responsible AI frameworks for APAC organisations.
We bring deep domain knowledge to the industries where open source governance matters most.
Software-defined vehicles, AUTOSAR, regulatory compliance
Embedded systems, IIoT, supply chain governance
Firmware compliance, device security, SBOM requirements
Regulatory frameworks, risk management, audit readiness
Network infrastructure, open source at scale, vendor management
Sovereign capability, security clearance contexts, policy frameworks
OSSAPAC was founded to bridge the gap between global open source best practices and the unique needs of organisations across the Asia-Pacific region. We provide hands-on consulting, training, and advisory services built on real-world experience establishing and scaling open source governance in enterprise environments.
Our expertise spans the full lifecycle of open source management — from compliant consumption and vulnerability management to strategic contribution and community engagement. As active participants in the OpenChain ecosystem and the broader open source compliance community, we stay at the forefront of evolving standards and tooling.
We work across industries including automotive, industrial, IoT, financial services, telecommunications, and government — helping organisations build the processes, policies, and culture needed to use open source confidently and responsibly.
OpenChain conformance expertise
Software & AI transparency
Pipeline integration & automation
Engineering, legal & procurement alignment
Active engagement with the open source ecosystem — from emerging standards to regional community building.
Establishing a regional working group to drive OpenChain / ISO 5230 awareness and adoption across Australian enterprises.
As AI models increasingly depend on open source components and datasets, traditional SBOMs fall short. We're developing AI SBOM frameworks that capture model provenance, training data lineage, licence obligations for model weights, and dependency chains across the ML pipeline — helping organisations meet emerging regulatory requirements.
Researching the intersection of AI model licensing, open source compliance, and responsible AI governance for enterprise contexts across the APAC region.
Building partnerships with enterprises, universities, and government bodies across the Asia-Pacific to promote open source literacy and governance capability.
Identifying and documenting compliance gaps in open source tooling — contributing fixes and documentation upstream to strengthen the ecosystem.
Regular writing and speaking on open source strategy, OSPO best practices, vulnerability management, and compliance trends in the APAC market.
Whether you're establishing open source processes, managing vulnerabilities in your supply chain, or enabling contribution — we'd love to hear about your goals.