Skip to main content
All Posts By

Shane Coughlan

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.

OpenChain Open Source Policy Template Now Available

By News

The OpenChain Project is delighted to announce the release of an Open Source Policy Template for organizations seeking to conform to the OpenChain Specification. This template has been contributed from Moorcrofts Law Firm and Orcro Compliance in the UK and has been extensively reviewed by the OpenChain Project community.

The focus of this template is to help apply the key requirements for a quality open source compliance program. It provides sample policy text that helps organizations select, classify, incorporate and publish open source code with a focus on legal compliance of open source. Companies may need to consider others matters related to business requirements, engineering requirements and inter-organization / inter-project relationships when completing their own open source policy. You can obtain broader reference policy material from the TODO Group, a sister project to OpenChain at the Linux Foundation.

Get The OpenChain Policy Template

Get Broader Reference Material:

Contact The Original Authors

OpenChain M&A Checklist – Out Now

By News

The OpenChain Project is delighted to announce that the OpenChain Project Merger and Acquisition Checklist is now available in PDF, DOCX and ODT formats. It is intended to help companies addressing open source discovery and compliance with respect to integration of external legal entities.

This checklist comes from KPMG, an organization that has built a proactive relationship with the OpenChain Project via Indira Bhatt, our elected community representative. The checklist was collaborative refined with contributions from the broader OpenChain community.

“Establishing trust between the target and acquirer around Open Source license compliance is one of the key factors for a successful and timely deal close,” says Indira Bhatt, Manager, Open Source Software Security and Compliance, Tech M&A at KPMG. “I am happy to bring my experience with licensing and compliance processes to help create the OpenChain M&A checklist.”

“OpenChain Conformance is most frequently applied to purchasing in the global supply chain,” says Shane Coughlan, OpenChain General Manager. “However, the OpenChain Specification and its identification of key requirements for quality open source compliance programs is equally valuable for Mergers and Acquisitions. Today marks the beginning of reference material to cover this use-case and we are fortunate to have this contribution guided by a representative of one of the world’s foremost authorities in M&A.”

 

Get this guide and many more documents in the OpenChain Reference Library: https://github.com/OpenChain-Project/Reference-Material

Knowledge Sharing: Reference guideline for exchanging license information in the supply chain

By News

The OpenChain Project Japan Work Group is creating a reference guideline for exchanging license information in the supply chain. The basic concept is that all the entities, suppliers, integrators and OSS communities exchange license information by SPDX (Software Package Data Exchange), an open standard for communicating software bill of material information.

Learn More:

Knowledge Sharing: How to use SPDX and FOSSology from the OpenChain Japan Work Group

By News

One of the great things about the OpenChain Project is the endless collaboration between people addressing all aspects of open source license compliance. Here is a great example text about SPDX and FOSSology in Japanese that was translated by the OpenChain Japan Work Group. More knowledge, more sharing, a better result.

Learn More

Request for Comments: OpenChain FAQ 2.0

By News

The OpenChain Project will shortly refresh our Frequently Asked Questions. This is a major update with consolidation, rewording and restructuring to assist with easier understanding and internationalization. We are soliciting comments on the release candidate of this material until January 15th.

Review and Comment (or Expand)

Request for Comments: OpenChain Open Source Policy Template

By News

The OpenChain Project has been working on an open source policy template to help organizations of all sizes meet the requirements of the OpenChain Specification. This template can also help companies frame their engagement with open source outside of OpenChain Conformance. This is your chance to comment. We would like feedback by close of business Pacific time on the 14th of January.

Review and Comment

Reminder: ABA Committee on Open Source Software – OpenChain – January 17th 2019

By News

The American Bar Association Committee on Open Source Software will host an OpenChain talk by David Marr, Vice President, Legal Counsel, Qualcomm Technologies to open the year. This call will be held on January 17, 2019 at 12PM – 1PM EST. Interested parties are invited to reach out to the ABA for more details. This call is open to new participants.

Conference Bridge Information:

  • Dial in: 1-800-925-7671
  • Passcode: 4576326

Learn More

OpenChain Newsletter #20

By Monthly Newsletter, News

Newsletter – Issue 20 – December 2018

The OpenChain Project has active bi-weekly calls and a central mailing list that provide the “nuts and bolts” of our community activity. These are joined by various releases of documents and announcements of OpenChain-related events throughout each month. We collect key developments in this newsletter once a month.

Introduction

OpenChain closed out the year with activity on all fronts. The most notable activities included multiple multinationals publicly supporting and adopting OpenChain, and the significant growth of reference material targeted towards solving known challenges around compliance in the supply chain.

OpenChain @ Members

We had a terrific month for new membership in the OpenChain Project. Facebook, Google and Uber joined as Platinum Members and put their collective weight behind the adoption and growth of our standard for effective open source compliance in the supply chain:
https://www.openchainproject.org/news/2018/12/06/2488

OpenChain @ Conformance

OpenChain welcomed Scania and Interneuron to the community of conformance. The former organization is a Swedish trucking company with a fantastic heritage as part of the VW Group. The latter is a community interest company in the UK connected with our adoption and growth in the British National Health System eco-system:
https://www.openchainproject.org/news/2018/12/06/openchain-welcomes-scania-to-our-community-of-conformance

These companies were joined by Hitachi, a pre-existing Platinum Member, and one of the largest entities in our history to declare conformance:
https://www.openchainproject.org/news/2018/12/11/hitachi-has-joined-the-openchain-community-of-conformance

OpenChain @ Partners

Adjacent to the Hitachi conformance the OpenChain Project announced TUV SUD as the first certification authority in the OpenChain Partner Program. TUV SUD provided the first third-party audit of OpenChain Conformance to Hitachi through their new TPS PPP 15001A certification based on the OpenChain Specification:
https://www.openchainproject.org/news/2018/12/11/tuv-sud-becomes-the-first-certification-authority-in-the-openchain-partner-program

OpenChain @ Events

The OpenChain Project had an extremely busy month for outreach. The OpenChain Japan Work Group held its 7th meeting at TUV SUD Japan on the 5th of December, one of the largest dedicated events for the project. Learn more:
https://www.openchainproject.org/news/2018/12/03/openchain-japan-work-group-7th-meeting-on-5th-december 

On the same day Malcolm Bain from our parter organization id Law Partners delivered a keynote at European Open Source and Free Software Law Event (EOLE) in Paris:
https://www.openchainproject.org/news/2018/12/11/openchain-eole-2018-5th-december

OpenChain was center stage at the Greymatter Cloud Enablement event on the 14th of December in the UK. As with many recent events our project was explained and promoted by one of our partners, Source Code Control in this case:
https://www.openchainproject.org/news/2018/12/04/save-the-date-openchain-greymatter-cloud-enablement-14th-dec

OpenChain also announced the first event of 2019, a volunteer desk at OSC Osaka in January, with our contributor Dote San taking lead:
https://www.openchainproject.org/news/2018/12/02/openchain-osc-osaka-2019

This was quickly followed by an announcement regarding an ABA Committee on Open Source Software on the 17th of January:
https://www.openchainproject.org/news/2018/12/19/aba-committee-on-open-source-software-openchain

OpenChain @ Material

The OpenChain Project released an update to our general introduction slides:
https://www.openchainproject.org/news/2018/12/13/openchain-introduction-slides-updated

The OpenChain Project has been working on improved material for new and existing participants in the project. We kicked off with a project to build a single, simpler unified FAQ for all aspects of the project. Participants were invited to contribute:
https://www.openchainproject.org/news/2018/12/04/request-for-comments-the-unified-openchain-faq

The OpenChain Japan Work Group contributed the first trench of reference business workflows for open source compliance in English and Japanese:
https://www.openchainproject.org/news/2018/12/11/rfc-reference-business-workflows-for-open-source-compliance

OpenChain @ Adoption Support

The OpenChain Project launched new and improved conformance logos. These logos can be used by conformant organizations to demonstrate the existence of their program and the products that flow through that program:
https://www.openchainproject.org/news/2018/12/06/openchain-project-launches-new-certification-logos

OpenChain @ Internationalization

The OpenChain Project continued to build out its internationalization support by launching our full Japan translation of the website. This is a precursor to our releases of Chinese and Korea versions of the website in 2019. Our goal is to make sure OpenChain is as inclusive and understandable as possible:
https://www.openchainproject.org/news/2018/12/06/openchain-website-in-japanese

OpenChain @ Survey

Finally, the OpenChain Project announced the publication of the first OpenChain Survey. The results covered engagement with the project, motives behind this, and areas where we can improve:
https://www.openchainproject.org/news/2018/12/18/openchain-q4-survey-the-results

Summary

OpenChain has seen an uptick in membership and conformance adjacent to significant volunteer educational and reference material production activities. As we conclude 2018 we look forward to positioning 2019 as a tipping point for even wider market engagement.

License and Trademarks

Copyright 2019 The Linux Foundation. This newsletter is licensed under the Creative Commons Attribution-NoDerivs 2.0 Generic (CC BY-ND 2.0). Please feel free to share it onwards! OpenChain is a trademark of The Linux Foundation. It may be used according to The Linux Foundation Trademark Policy and the OpenChain Terms of Use. All other trademarks belong to their respective owners.

ABA Committee on Open Source Software & OpenChain – January 17th 2019

By News

The American Bar Association Committee on Open Source Software will host an OpenChain talk by David Marr, Vice President, Legal Counsel, Qualcomm Technologies to open the year. This call will be held on January 17, 2019 at 12PM – 1PM EST. Interested parties are invited to reach out to the ABA for more details.

Learn More

OpenChain Q4 Survey – The Results

By News

Today the OpenChain Project is releasing the results of our Q4 Survey, a wide-ranging exploration of how the project is being used, how our reference and conformance material is perceived, and how the support structures around the project are working out for real-world users.

Key Results

Visitors are satisfied with the discoverability and context of our overview material. However, ease of engagement with our community returned mixed results.

It is regarded as relatively simple to find out about the specification and conformance, and people are generally very satisfied with access to our educational material.

Finding our translations was regarded as a mix bag (some easy, some hard). Hopefully our revised website will help with that. Recognizing business value, on the other hard, was very easy. It was also quite easy to get help.

53.3% of people visiting the site did not use our online conformance web app. 13.3% used it for conformance-related activities. 20% used it for private “health checks” for their organization.

For those seeking to conform to the OpenChain Specification it was generally regarded as a very accessible process.

46.2% of respondents want to be listed as having an OpenChain Conformance compliance program. 38.5% are seeking a private “health check” of their current processes. 15.4% are engaging with the project for another reason.

Of the 15.4% are engaging with the project for another reason the disclosed activities are consultancy around OpenChain and seeking concrete (reference) solutions for some issues.

Interestingly, 66.7% of people said getting help with the online conformance web app was not applicable to their use case. The remaining 33.3% confirmed that it was easy to get the help they wanted.

53.5% of people found it easy to get help with general conformance questions. 46.7% of people said this was not applicable to their use-case.

A significant 53.5% of people said they would like an offline printable conformance handbook with a checklist for private “health-checks.” 40% said they would like this for OpenChain Conformance. Only 6.7% said this was not applicable to them.

26.7% of people said they are interested in getting help to conformance with the OpenChain Specification. 53.5% said they may be interested in the future. 20% are not interested.

66.7% of people are interested in getting OpenChain certification help in the future. 20% are interested today. 13.3% are not interested in services in this area.

66.7% of people are aware of the OpenChain partners and the services they provide. 33.3% are not aware of these services.

We had some great written feedback as well.

We received one comment we want to immediately address.

“Please don’t turn this into a sales funnel for feeding your ‘partners’. I’m actually pretty put off by the fact that this survey asked if we knew what partners were and whether we needed help. If you’re creating a standard and a process that is so difficult that it can only be done with external consultants then it’s pointless, and mere devs and engineering groups will not be able to implement it.”

Self-certification is at the heart of OpenChain. It always has been and always will be. OpenChain is explicitly a user driven project and standard (check out our platinum members, all user organizations rather than vendors).

The first path to conformance offered is to our self-certification web app. The next path is to our community for help if required. This will never change.

If someone wants commercial assistance they have to explicitly search for the pilot partner program. The existence of this program is to provide conformance support to entities that explicitly ask for this type of support.

To prevent any confusion or impression that a partner’s services are required to conform, one of the requirements for any entity applying to be part of that program is that they “may not represent to any clients that [their] service is necessary to comply with OpenChain Project and that [they] must make the interested client aware of the option of the education materials and the self-certification process.”

We also received some great usability suggestions.

And finally we had some useful suggestions for improvement in the future.

The OpenChain Project is owned by and made better each day by its community. We would like to express our thanks to everyone who took the time to fill out this survey and to provide some insight into where we should focus resources in 2019.