Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.
Gu Ya Nan from SAIC Z-ONE Technology Co., Ltd will briefly discuss OpenChain ISO standards as part of her larger presentation on Friday 19th of July at the Automotive Software and Security Technology Week in Shanghai, China. Her contribution to spreading the word about our work to make a more trusted open source supply chain is appreciated!
IAV GmbH has announced adoption of ISO/IEC 5230:2020 via third-party certification provided by TimeToAct. Adjacent to this, IAV and TimeToAct are collaborating with the OpenChain Project on a webinar and case study about the certification rationale and process.
“The exceptional progress of OpenChain ISO/IEC 5230 in improving trust in the open source supply chain has been felt in many industries,” says Shane Coughlan, OpenChain Project General Manager. “However, automotive is perhaps where we have had the largest and broadest impact. In a sector with a high degree of regulation, our ISO standard for open source license compliance offers a clear, effective and efficient method of containing risk. We are delighted to welcome IAV GmbH to our community of conformance, and to have had the opportunity to collaborate with our official partner TimeToAct on sharing this news with others. Our forthcoming webinar and case study adjacent to the certification provides a useful tool for other companies seeking to align behind international standards for open source business process management.”
The case study will be released and the webinar will take place at 10:00 CEST on the 16th of July. Learn more about this from the OpenChain Global Calendar on our participation page.
There is no need to register for this webinar. Simply follow the Zoom link in the OpenChain Global Calendar.
IAV Automotive Engineering is a developer of computer app systems for the automotive industry. The company offers services in the areas of light vehicles, such as chassis, cockpit, combustion engine, E-Traction, exterior, gaseous-fuel vehicle, hybrid, interior, mobility, powertrain concept and integration, powertrain electronic, product life cycle,transmission, vehicle electronic, vehicle function, and vehicle safety services; commercial vehicles and work machines, including cabin, CO2 efficiency, driver assistance, functional architecture, powertrain, transportation and logistics, and work and agricultural machines; energy supply aspects; and methods and test facilities.
TIMETOACT GROUP modernises and integrates IT applications for upper midmarket companies, fortune 500 enterprises and the public sector, with the goal of increasing their agility, efficiency, and transparency and to reduce costs and risks. In addition, TIMETOACT GROUP designs and implements digital business models, opening up new market opportunities for its innovative customers. Its services include consulting and cloud transformation as well as data, software and system engineering in the fields of employee experience, business applications, and customer experience.
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
The OpenChain Project collaborated with LF Training on Introduction to Open Source License Compliance Management (LFC193), a free online training course intended to help people build the basic knowledge needed to get started in open source licensing management. Martin Yagi from the OpenChain UK Work Group has created a series of bite-sized videos to help summarise key points from the course. You can view them all below.
Huge thanks for Martin for all his hard work!
The OpenChain Project also has a more advanced course created in collaboration with LF Training called Implementing Open Source License Compliance Management (LFC194).
The OpenChain AI Study Group held its regular monthly workshop on the 2nd of July. This workshop included an overview of outcomes from the recent OpenChain Governing Board meeting regarding the AI Study Group, a presentation by Laurie Grant @ Qualcomm on ISO/IEC 42001, as well as other discussions to narrow down areas of shared concern and interest regarding AI compliance in the supply chain.
You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
You can find and get the dial-in details for all future AI Study Group meetings from our participate page here:
We held our regular Monthly North America and Europe Call this week. The focus was on discussing the Public Comment period for our draft proposed updates to the licensing and security specifications.
We keep all the slides from our monthly calls online and they can be a useful way to access direct links and more details:
Starting 2024-06-19 ~ Ending 2024-12-19
The OpenChain Project has announced the beginning of its six month Public Comment Period for proposed draft updates to the open source license compliance (ISO/IEC 5230:2020) and open source security assurance (ISO/IEC 18974:2023) specifications.
As per our specification development process outlined in the project FAQ, this Public Comment Period will run for six months, and it will be followed by a three month Freeze Period.
During the Public Comment Period everyone is invited to review and comment on the specifications. As an open project developing open standards, we host the draft documents on our GitHub repositories.
Learn More:
You can comment on this process by joining our monthly calls or via our Specification Mailing list. You can also leave comments via GitHub issues as detailed below.
The OpenChain Steering Committee is made up of voting members from our Governing Board + the chair of the Specification Work Group.
The Steering Committee will be moving to a regular quarterly meeting schedule, and as part of that I will be publishing the video minutes to ensure visibility during our Public Comment Period of potential future drafts of ISO/IEC 5230 and ISO/IEC 18974.
This recording shows the first formal Steering Committee meeting since the Specification Work Group moved from community drafting into the formal Public Comment period. It is focused on considering the proposed changes and reviewing the process of public comments and future freeze period as per the FAQ:
Newsletter – Issue 67 – June 2024
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.
Our community released the following meeting recordings via our main channel:
Note: Some community meetings are not recorded or are released through other channels
The OpenChain Specification Work Group held its regular North America and Asia monthly call on the 18th of June. This call has a regular agenda of reviewing project news, working on our draft future specifications, looking at reference or education material, and opening the floor to other topics.
We closed all open issues and formally moved into a Public Comment period for both draft specifications as potential updates to ISO/IEC 5230:2020 and ISO/IEC 18974:2023. Learn more:
Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/
You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate
This webinar features a speaker who has “been there” as we discuss best practices before, during, and after the due diligence phase to ensure post-close success. We cover:
(a) Why open source due diligence is key in tech transactions,
(b) Lessons learned on how to perform open source due diligence,
(c) How to leverage diligence findings in post-close integration.
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
This OpenChain Webinar was broadcast on 2024-06-17.
The OpenChain Korea Work Group meeting kindly hosted by CJ in Korea had a fantastic series of case studies presented by local community members. As usual, Shane Coughlan, OpenChina General Manager, gave a presentation on the overall state of our global community. You can find his keynote slides below.
© 2025 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
