Due to the explosion of applications in 5G, AIoT, and Industry 4.0, the transformation towards computerization, digitization, and intelligence has led to a continuous occurrence of supply chain attacks, making supply chain cybersecurity a globally concerning issue in recent years. Open Source Software has become a mainstream trend in the information and communications field in the past few years, and the industry frequently uses open source software as a component for integration or secondary development. Therefore, building an open source secure supply chain is a crucial issue. Since building an open source secure supply chain requires collaboration between the upstream and downstream industries, SZ will share how major international companies and different industries use process management regulations to identify the entry and exit points that should exist in organizational processes, policies, or training. Combined with Software Bill of Material (SBOM) to identify and track compliance and security status of software used and actually deployed, trust can be established among different companies to exchange deliverables composed of open source software. In addition to sharing industry examples, SZ will also share the future development blueprints and first-hand information from the OpenChain open source security standards and the international SBOM standard SPDX, hoping to build an open source secure supply chain together.