Skip to main content
All Posts By

Shane Coughlan

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.

openEuler Announces Adoption of OpenChain ISO/IEC 18974

By Featured, News

Today at the launch event for openEuler 24.03 LTS it was announced that openEuler has adopted OpenChain ISO/IEC 18974, the international standard for open source security assurance. This announcement from the OpenAtom Foundation and the openEuler community builds on previous collaboration with the OpenChain Project and peers in the technology industry to promote effective, efficient supply chain management. The OpenChain Project, part of The Linux Foundation ecosystem, builds ISO standards, creates reference material for their adoption, and facilitates a diverse global community of organizations collaborating to improve open source process management.

“It’s a proud moment to announce the release of openEuler 24.03 LTS. This journey has been all about building a secure, compliant, and sustainable operating system community,” says Xiong Wei, Executive Director of openEuler. “Achieving ISO 18974 self-certification from OpenChain Project is a testament to our unwavering commitment to security and excellence. This certification recognizes our top-tier standards in development processes, software supply chain, risk assessment, management, and developer security capabilities. This milestone is not just a badge; it’s a reflection of the hard work, dedication, and collaboration within our community. I want to extend my heartfelt thanks to everyone involved in this journey. Your efforts have made this achievement possible.”

“openEuler’s adoption of OpenChain ISO/IEC 18974 is a significant milestone for the professionalization of open source software,” says Shane Coughlan, OpenChain General Manager. “The OpenChain standards are designed to support process management across organizations or communities of any scale, and the growing community of conformance around ISO 5230 for license compliance and ISO 18974 for security assurance validates that model. We are delighted to work closely with our partners in openEuler in building a more professional, sustainable and accountable supply chain.”

OpenAtom and openEuler have also released a case study explaining the benefit and impact of OpenChain ISO/IEC 18974 adoption.


About the openEuler Project

openEuler is an open source, free Linux distribution platform. The platform provides an open community for global developers to build an open, diversified, and architecture-inclusive software ecosystem. 

About the OpenAtom Foundation

The OpenAtom Foundation is a non-profit organization dedicated to promoting the development of the global open source community. It was founded in Beijing in June 2020.

The OpenAtom Foundation is committed to being a developer-oriented open source project incubation platform as well as a technology public welfare service organization. It follows the principles of co-construction, co-governance, and sharing, systematically builds an open and collaborative framework, establishes an international open source community, facilitates industry collaboration, and empowers various industries.

About the OpenChain Project

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs

About The Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

openEuler Releases OpenChain ISO/IEC 18974 Adoption Case Study

By Featured, News

We are delighted to announce a new case study from OpenAtom and openEuler explaining the benefit and impact of OpenChain ISO/IEC 18974 adoption.

Read the Case Study on SlideShare

Download from the OpenChain Reference Library


This case study has been published alongside the formal announcement that openEuler has adopted OpenChain ISO/IEC 18974, the international standard for open source security assurance at the openEuler 24.3 LTS launch event.


“It’s a proud moment to announce the release of openEuler 24.03 LTS. This journey has been all about building a secure, compliant, and sustainable operating system community,” says Xiong Wei, Executive Director of openEuler. “Achieving ISO 18974 self-certification from OpenChain Project is a testament to our unwavering commitment to security and excellence. This certification recognizes our top-tier standards in development processes, software supply chain, risk assessment, management, and developer security capabilities. This milestone is not just a badge; it’s a reflection of the hard work, dedication, and collaboration within our community. I want to extend my heartfelt thanks to everyone involved in this journey. Your efforts have made this achievement possible.”

“openEuler’s adoption of OpenChain ISO/IEC 18974 is a significant milestone for the professionalization of open source software,” says Shane Coughlan, OpenChain General Manager. “The OpenChain standards are designed to support process management across organizations or communities of any scale, and the growing community of conformance around ISO 5230 for license compliance and ISO 18974 for security assurance validates that model. We are delighted to work closely with our partners in openEuler in building a more professional, sustainable and accountable supply chain.”

About the openEuler Project

openEuler is an open source, free Linux distribution platform. The platform provides an open community for global developers to build an open, diversified, and architecture-inclusive software ecosystem. 

About the OpenAtom Foundation

The OpenAtom Foundation is a non-profit organization dedicated to promoting the development of the global open source community. It was founded in Beijing in June 2020.

The OpenAtom Foundation is committed to being a developer-oriented open source project incubation platform as well as a technology public welfare service organization. It follows the principles of co-construction, co-governance, and sharing, systematically builds an open and collaborative framework, establishes an international open source community, facilitates industry collaboration, and empowers various industries.

About the OpenChain Project

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs

About The Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

OpenChain @ International Open Source Trends For Industries – Building The OpenSource Ecosystem In Taiwan – 2024-06-04

By News
Singing from Open Culture Foundation opens the event

Today the OpenChain Project is keynoting a special workshop held in collaboration with the Open Culture Foundation (OCF) in Taiwan on the topic of international open source trends for industries. This event will feature local speakers covering international and Taiwanese open source experiences, as well having plenty of space for networking and open discussion.

As with all OpenChain-related events, this is a space for collaboration where user companies and other parties can share ideas, knowledge and questions.

Learn More About OCF’s Work:

Webinar – OFE Briefing on the EU AI Act

By ai, Featured, legal, News, Webinar

On the 28th of May 2024, 07:00 UTC there was a special briefing from OpenForum Europe (OFE) on the EU AI Act. It is part of a series provided by OFE on European policy matters that impact open source, business processes and risk management.

More Details

“The AI Act is the first-ever legal framework on AI, which addresses the risks of AI and positions Europe to play a leading role globally. The AI Act aims to provide AI developers and deployers with clear requirements and obligations regarding specific uses of AI. At the same time, the regulation seeks to reduce administrative and financial burdens for business, in particular small and medium-sized enterprises (SMEs).” 
https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai

Our Speaker is Ciarán O’Riordan, Senior Policy Advisor at OpenForum Europe. His background is as a free software / open source software policy and communications expert.

OFE is a not-for-profit, Brussels-based independent think tank which explains the merits of openness in computing to policy makers and communities across Europe. Originally launched in 2002 to accelerate and broaden the use of Open Source Software (OSS) among businesses, consumers and governments, OFE’s focus has since evolved to also cover issues related to Open standards, Cybersecurity, Digital Government, Public Procurement, Intellectual Property, Cloud Computing and Internet Policy.
https://openforumeurope.org/

More in the OFE Series

We held three special briefings from OFE for the OpenChain community from May to June 2024.

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2024-05-28.

OpenChain Monthly North America – Asia Call – 2024-05-21 – Full Recording

By News

The OpenChain Project held its monthly North America – Asia Call on 2024-05-21. This call is focused on providing an overview of project news, acting as the main space for our Specification Work Group to develop new drafts of our standards, and to allow a recap of important activities from the Education Work Group.

On this call we covered the following issues:

License Compliance

Verification Material For Training – next iteration #38
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/38

This issue was closed and the adjustment merged with the draft License Compliance 3.0 specification.

Security Assurance

[Improvement] Expand definitions section for (1) Secure Software Development to include Secure Programming Techniques and (2) Security Testing to include Static and Dynamic #36
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/36

The Security Assurance issue was closed but reopened, and therefore is pending finalization on the next call for the draft Security Assurance 2.0 specification.

OpenChain Webinar Coming Soon: OFE Briefing – EU AI Act

By News

On the 28th of May 2024, 07:00 UTC / 09:00 CEST there will be a special briefing from OpenForum Europe (OFE) on the EU AI Act. It is part of a series provided by OFE on European policy matters that impact open source, business processes and risk management.

Join via our Global Calendar

Dial in details are contained in the OpenChain Global Calendar:
https://openchainproject.org/participate

More Details

“The AI Act is the first-ever legal framework on AI, which addresses the risks of AI and positions Europe to play a leading role globally. The AI Act aims to provide AI developers and deployers with clear requirements and obligations regarding specific uses of AI. At the same time, the regulation seeks to reduce administrative and financial burdens for business, in particular small and medium-sized enterprises (SMEs).” 
https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai

Our Speaker is Ciarán O’Riordan, Senior Policy Advisor at OpenForum Europe. His background is as a free software / open source software policy and communications expert.

OFE is a not-for-profit, Brussels-based independent think tank which explains the merits of openness in computing to policy makers and communities across Europe. Originally launched in 2002 to accelerate and broaden the use of Open Source Software (OSS) among businesses, consumers and governments, OFE’s focus has since evolved to also cover issues related to Open standards, Cybersecurity, Digital Government, Public Procurement, Intellectual Property, Cloud Computing and Internet Policy.
https://openforumeurope.org/

This is the second special briefing from OFE for the OpenChain community. You can check out the first webinar, covering the CRA, here:
https://openchainproject.org/news/2024/04/23/webinar-cyber-resilience-act

Coming Soon: OpenChain Supply Chain Security & Compliance Workshop in Shenzhen – May 31st 2024

By News

On the 31st of May there will be a workshop at the Hilton Shenzhen Shekou Nanhai (蛇口希尔顿南海酒店) in Shenzhen by Huawei, SecTrend and OpenChain Project on the topic of supply chain security and compliance. The core of the workshop will be discussing these questions in the context of OpenChain ISO/IEC 5230 and OpenChain ISO/IEC 18974. This event will be held in Chinese, with an opening keynote and a closing panel in English. Special thanks are due to the open source team at Huawei for helping to organize and host this event.

议题安排

  • 9:00-9:30
    签到
  • 9:30-9:45
    特邀嘉宾致辞
  • 9:45-10:10 
    OpenChain-Shane Coughlan
    2024 年 ISO 5230(许可)和 ISO 18974(安全)对专业人士的影响
  • 10:10-10:35 
    麒麟软件-邢鹏
    由案例见证我国GPL司法裁判尺度的演变
  • 10:35-10:50  
    休息
  • 10:50-11:15  
    广东良马律所-邹良城
    从0到1,企业如何进行开源合规
  • 11:15-11:40  
    openEuler、OpenHarmony-高琨、高亮
    开源社区如何遵从ISO 5230(许可)和 ISO 18974(安全)
  • 11:40-12:05  
    博世华域-张亚峰
    汽车零部件 FOSS 合规治理
  • 12:05-14:00
    午餐&休息
  • 14:00-14:25 
    中兴通讯(ZTE)-项曙明
    许可证合规工程落地初探
  • 14:25-14:50 
    安势信息-朱贤曼
    软件供应链安全治理中工具的价值
  • 14:50-15:15 
    中科微澜-杨牧天
    微源开源软件可信中心仓
  • 15:15-15:45  
    茶歇&休息
  • 15:45-16:10 
    中伦律所-王红燕  
    发布《开源合规白皮书》
  • 16:10-16:35 
    华为-李自
    AI大模型训练数据合规治理框架与实践
  • 16:35-17:00 
    东北大学-王莹
    AIGC时代的软件供应链安全挑战
  • 17:00-17:30 
    神秘嘉宾(下周公布
    圆桌讨论:探讨中国供应链的未来发展趋势。

Learn More

OpenChain Webinar: AboutCode and Beyond – End-to-End SCA

By automation, community, legal, licensing, News, security, Webinar

This OpenChain Webinar digs into open source tooling with open data for open source compliance.

Full Overview From The Presenters

Ensuring software license and security compliance can be difficult. Managing open source components – especially their licensing, provenance, and vulnerability risk – is a critical part of Software Composition Analysis (SCA), which is now a prerequisite for modern organizations to comply with mandated SBOMs and other regulations.

Expensive, proprietary SCA solutions rely on proprietary data that can be outdated or just wrong. To make using open source easier for everyone, we need FOSS tools and open data for FOSS SCA. Philippe Ombredanne will explain how using 100% open source software and open data, the AboutCode stack offers a new approach for the practical management of open source software for licensing and vulnerability risks for organizations of all sizes.

Philippe will share how modular open source projects like ScanCode, VulnerableCode, and DejaCode fit together to identify components and their license, provenance, and known vulnerabilities, and aggregate this and SBOM data across products, teams, and organizations to address security, legal, and regulatory requirements for software license and security compliance in an integrated solution.

Philippe will also discuss exciting updates on new open source projects for better software supply chain integrity and security like CRAVEX, which delivers modern open source tools for developers to manage, triage, rate, review, and determine exploitability of package vulnerabilities in a package-centric world.

Get The Slides

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2024-05-15.