Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source.
Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.
Kobota San of Sony, one of the OpenChain Governing Board members, will represent the OpenChain Project at the OSBC Open Source Conference 2024 in Seoul on the 19th of June 2024. His talk, entitled ‘Introduction of Sony Group Open Source Activities and Contributions to the OpenChain and SPDX (SBOM) Project,’ will open the afternoon session at 13:00.
Kobota San is well known in the OpenChain Project for his commitment to community collaboration and events, and is frequently found at open source events in Japan and around the world. A key contributor to initiatives like the SPDX Lite profile of the SPDX SBOM format, Kobota San is one of the main figures in the Planning Sub-Group of the OpenChain Japan Work Group.
Shane Coughlan, OpenChain General Manager, will deliver a talk on how to create open specifications and evolve them into formal international standards through ISO.
Abstract
This talk will explain the process of going from a blank page to an ISO standard using OpenChain ISO/IEC 5230:2020 as a case study. It will explain how the OpenChain specification team came together, how they created the first iterations of what would become ISO/IEC 5230, and how they collaborated with Joint Development Foundation (JDF) to evolve from de-facto industry standard into formal international standard through the JTC-1 PAS Transposition Process. Attendees will learn how to frame, build and deploy their own specifications and standards, with a particular focus on the practical decisions required: should this be a specification, should it be an ISO standard and what do I need to do to make this happen?
About Shane Coughlan
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated OIN into the largest patent non-aggression community in history and establishing the first global network for open source legal experts. He is a founder of both the first law journal and the first law book dedicated to open source. He currently leads the OpenChain Project and is a General Assembly Member of OpenForum Europe.
Shane Coughlan, OpenChain General Manager, will deliver a talk on how to discuss open source with IP departments.
Abstract
Product teams, R&D teams and OSPOs occasionally find themselves in an adversarial situation with IP Departments around open source and how it should be managed in an organization. This is usually due to misunderstandings about how open source provides value and how the risks associated with it can be contained. With open source increasingly necessary for organizations to compete effectively, it is important to ensure all departments understand its strategic importance, and how to manage it in the context of their KPIs and requirements. This talk will explain how to collaborate with IP Departments using the language of external risk containment and internal portfolio management, and help IP Department staff assess open source as part of a diversified IPR strategy.
About Shane Coughlan
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated OIN into the largest patent non-aggression community in history and establishing the first global network for open source legal experts. He is a founder of both the first law journal and the first law book dedicated to open source. He currently leads the OpenChain Project and is a General Assembly Member of OpenForum Europe.
On the 11th of June 2024, 07:00 UTC there was a special briefing from OpenForum Europe (OFE) on the EU Product Liability Directive. It is part of a series provided by OFE on European policy matters that impact open source, business processes and risk management.
More Details
“European Union reached provisional (political) agreement on the text for the proposed revision of the EU’s Product Liability Directive 85/374/EEC (PLD). The PLD establishes a strict liability (i.e., no fault) regime to enable claimants to seek compensation for defective products across the EU, meaning claimants do not need to establish fault to claim successfully. As a result, it is the preferred way of making product liability claims in the EU. The revision is a significant development, as the PLD dates back to 1985 and has been virtually unchanged for nearly 40 years – with only very minor amendments in 1999.” https://products.cooley.com/2023/12/21/new-product-liability-laws-one-step-closer-in-europe/
Our Speaker is Ciarán O’Riordan, Senior Policy Advisor at OpenForum Europe. His background is as a free software / open source software policy and communications expert.
OFE is a not-for-profit, Brussels-based independent think tank which explains the merits of openness in computing to policy makers and communities across Europe. Originally launched in 2002 to accelerate and broaden the use of Open Source Software (OSS) among businesses, consumers and governments, OFE’s focus has since evolved to also cover issues related to Open standards, Cybersecurity, Digital Government, Public Procurement, Intellectual Property, Cloud Computing and Internet Policy. https://openforumeurope.org/
More in the OFE Series
We held three special briefings from OFE for the OpenChain community from May to June 2024.
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
The OpenChain Governing Board has a Strategy Sub-Committee chaired by Matthew Crawford from Arm. This Sub-Committee reviews strategic topics, and many of its meetings are open to all OpenChain community participants. Recently it has been focusing on overviews of Work Group activity. In this meeting, the Sub-Committee hears from Andrew Katz of Orcro, chair of the Education Work Group.
Get Involved
Everyone is welcome to join public meetings of the Strategy Sub-Committee. These meetings will be promoted on our main mailing list and are listed here:
Please note: you do not have to be an expert in telecommunications or work for a telecommunications company to join the group. Work on subjects like the Telco SBOM Quality Guide is intended to also help other market sectors.
The OpenChain Specification Work Group held its regular monthly call on the 5th of June. This call has a regular agenda of reviewing project news, working on our draft future specifications, looking at reference or education material, and opening the floor to other topics.
The following issues were closed during this call:
The OpenChain AI Study Group held its regular monthly workshop on the 4th of June. This workshop included a short presentation from Max @ Alibaba, as well as other discussions to narrow down shared areas of concern and interest regarding AI compliance in the supply chain.
Track This Work
You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
Today at the launch event for openEuler 24.03 LTS it was announced that openEuler has adopted OpenChain ISO/IEC 18974, the international standard for open source security assurance. This announcement from the OpenAtom Foundation and the openEuler community builds on previous collaboration with the OpenChain Project and peers in the technology industry to promote effective, efficient supply chain management. The OpenChain Project, part of The Linux Foundation ecosystem, builds ISO standards, creates reference material for their adoption, and facilitates a diverse global community of organizations collaborating to improve open source process management.
“It’s a proud moment to announce the release of openEuler 24.03 LTS. This journey has been all about building a secure, compliant, and sustainable operating system community,” says Xiong Wei, Executive Director of openEuler. “Achieving ISO 18974 self-certification from OpenChain Project is a testament to our unwavering commitment to security and excellence. This certification recognizes our top-tier standards in development processes, software supply chain, risk assessment, management, and developer security capabilities. This milestone is not just a badge; it’s a reflection of the hard work, dedication, and collaboration within our community. I want to extend my heartfelt thanks to everyone involved in this journey. Your efforts have made this achievement possible.”
“openEuler’s adoption of OpenChain ISO/IEC 18974 is a significant milestone for the professionalization of open source software,” says Shane Coughlan, OpenChain General Manager. “The OpenChain standards are designed to support process management across organizations or communities of any scale, and the growing community of conformance around ISO 5230 for license compliance and ISO 18974 for security assurance validates that model. We are delighted to work closely with our partners in openEuler in building a more professional, sustainable and accountable supply chain.”
OpenAtom and openEuler have also released a case study explaining the benefit and impact of OpenChain ISO/IEC 18974 adoption.
openEuler is an open source, free Linux distribution platform. The platform provides an open community for global developers to build an open, diversified, and architecture-inclusive software ecosystem.
About the OpenAtom Foundation
The OpenAtom Foundation is a non-profit organization dedicated to promoting the development of the global open source community. It was founded in Beijing in June 2020.
The OpenAtom Foundation is committed to being a developer-oriented open source project incubation platform as well as a technology public welfare service organization. It follows the principles of co-construction, co-governance, and sharing, systematically builds an open and collaborative framework, establishes an international open source community, facilitates industry collaboration, and empowers various industries.
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
