Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source.
Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.
The OpenChain Project will host a Birds of a Feather (BoF) at 6pm on Monday the 22nd of October at Open Source Summit Europe.
This BoF is designed to provide a “ground level” introduction to what we are doing, how we are doing it, and why you should be part of this.
Speaking more formally, here is the abstract:
“Open source compliance across the supply chain is a challenge known but unsolved for more than a decade. This BoF will explore recent developments in standards and tooling that can help reduce compliance errors as code moves between teams or companies.”
The OpenChain Project will be featured at a forthcoming Bird & Bird event on the 20th of November in Frankfurt, Germany. Find out more or register for this event by contacting the Bird & Bird team:
Bird & Bird & Open Source License Compliance in Softwarelieferketten
Am 20. November 2018 findet in unserem Frankfurter Büro ein Seminar zur Open Source License Compliance statt, das wir in Kooperation mit dem OpenChain-Projekt der LinuxFoundation durchführen. Sprecher sind u.a. Andreas Bärwald (TÜV SÜD Product Services GmbH), Dr. Michael Jaeger (Siemens AG), Dr. Catharina Maracke (Software Compliance Academy) und Shane Coughlin (OpenChain Projekt).
The OpenChain Project will host a workshop co-located with the Open Source Summit Europe in Edinburgh on the 23rd of October. Details below. All welcome!
The OpenChain Workshop – The Supply Chain Compliance Solution (Not A Blockchain)
The OpenChain Project defines the key requirements for a quality open source compliance program through a single, simple specification. It supports this specification with free online self-certification and educational reference material for organizations of all sizes. This workshop will feature the latest developments around supply chain compliance and provide an excellent opportunity for attendees to both learn from and contribute to the project work teams. The goal is to provide practical solutions for real-world challenges across all market sectors.
Date: Tuesday, October 23 Time: 15:00 – 16:30 Location: Edinburgh 1, Sheraton Grand Hotel & Spa Edinburgh Registration Cost: Complimentary; Pre-registration required
Can the OpenChain Project offer even more news this week? Of course. We are delighted to announce the public Beta of a new Web App for benchmarking OpenChain Conformance. The idea is to provide a quick, simple and attractive way for companies to check their status regarding meeting the OpenChain standard. This project is being managed by our good friends at Source Code Control.
We are seeking feedback on the current offering regarding:
Ideally we will end up with a great thinking tool to support companies undertaking formal conformance.
“Source Code Control wanted to offer an easy to use, interactive and engaging mechanism for people or organizations interested in learning more about the Software Supply Chain and OpenChain to benchmark their current position,” says Paul McAdam, Director, Source Code Control. “This quick self-assessment format helps to identify the gap in understanding and capability.”
“OpenChain Conformance is of vital importance to improving the quality of open source compliance,” says Shane Coughlan, OpenChain General Manager. “As our project matures we are collaborating with partners to support the process with better reference material and better tools. A quick benchmarking tool fits right into this concept. We are delighted to work with Source Code Control on this new beta…and on developing it into a finished work product for the project as a whole.”
Notes on this Beta release:
Currently the URL clearly comes from the Source Code Control Typeform subscription. This will be replaced with a project address later in the beta.
The “respond to” email address is Paul’s but will be replaced with a project address later in the beta.
Today the OpenChain Project closes off our ranges of educational case studies with two anonymous contributions via our Japan Work Group. These are available in both English and Japanese.
“Building out a collection of case studies has been one of the most frequent requests from our community,” says Shane Coughlan, OpenChain General Manager. “We started with general open source case studies three months ago and for the past month we have been focusing on a series of releases around education. Our two anonymous case studies today close off this branch and provide a great conclusion to our work. Watch this space for more topics in the near future.”
These case studies are made available under the CC-BY-ND 4.0 license.
The OpenChain Project will be featured in a Flexera webinar on the 25th of October at 11am Central Time. This event will serve as a great starting point for any organization seeking to adopt the key processes of a quality open source compliance program. The webinar will be hosted by Shane Coughlan, OpenChain General Manager, and Jeff Luszcz, Vice President of Product Management at Flexera.
Points covered:
Overview of the software supply chain; why is OpenChain necessary
What is OpenChain and how does it address software supply chain issues
How is OpenChain being deployed in the market right now
The OpenChain Project is delighted to announce that our friends at TÜV SÜD Japan have launched an OpenChain Certification Program. This is the first such program and foreshadows a series of announcements over the coming months.
The core of the OpenChain Project is our specification (standard) and our simple, free process for self-certification. Commercial activities adjacent to this by TÜV SÜD Japan and other organizations are complementary, providing an avenue for verified/audited certification for entities that want to have this level of assurance.
“One of the key requirements for any quality open source program is to comply with the requirements of open source licences. Companies, especially new entrants to the field, often have a lot of questions about what processes to follow, the methods of compliance and what challenges may be involved. The OpenChain Project by the Linux Foundation is a standard developed to solve and answer all these questions. To understand more about the OpenChain Project, Ankita K.S. from the EFY Group had a chat with Shane Coughlan, OpenChain general manager at the Linux Foundation.”
Open Source For You is Asia’s leading IT publication focused on open source technologies. Launched in February 2003 (as Linux For You), the magazine aims to help techies avail the benefits of open source software and solutions.
The OpenChain Project is delighted to announce our fifth and final major company educational case study. This contribution comes from Fujitsu and is available in both English and Japanese.
“Five Japanese companies with a vision of building broader, stronger community engagement have contributed a great deal through recent educational case studies,” says Shane Coughlan, OpenChain General Manager. “This marks another inflection point in our steady march towards ensuring open source compliance in the supply chain is effective, measurable and efficient.”
This case study is made available under the CC-BY-ND 4.0 license.
The OpenChain Project has active bi-weekly calls and a great mailing list that provide the “nuts and bolts” of our community activity. These are joined by various releases of documents and announcements of OpenChain-related events throughout each month. In September the big news was the appointment of our first Community Representative to our Steering Committee and a terrific, exceptional series of educational case studies in English and Japanese from our Japan Work Group.
Community
We are delighted to announce that Indira Bhatt acted as our OpenChain Community Representative during our inaugural Steering Committee meeting. Indira is a Manager in KPMG’s San Francisco Advisory practice with nearly 10 years of experience in the area of Free and Open Source Software (FOSS) due diligence. She has extensive experience in setting up FOSS compliance teams including leading, training and mentoring junior and senior analysts. Indira has helped various organizations successfully contribute code to the open source community and establish FOSS review boards by either defining or refining existing governance and usage and approval policies and procedures. https://www.openchainproject.org/news/2018/09/11/openchain-announces-our-first-community-representative-on-the-steering-committee
Indira will represent the community in our second Steering Committee scheduled for late October before rotating the role with another community member.
Contributions
This month is all about case studies. This time around we focused on how companies instituted educational programs. All of the case studies came from our excellent and highly productive Japan Work Group. Big thanks are due to Fukuchi San from Sony for coordinating all the moving pieces.
The OpenChain Project benefited from outreach talks being reserved in the international schedule by our chair of the Specification Work Team and one of our most active partners in the UK.
First up, Mark Gisi presented the latest news from our project at the recent SPDX General Meeting. One of the most interesting highlights was the reveal of SParts – a supply chain ledger leveraging blockchain technology – can solve accountability and access questions. This merges SPDX and Hyperledger to provide a supply chain solution that can be immediately useful for companies managing open source compliance. https://www.openchainproject.org/news/2018/09/04/openchain-spdx-general-meeting
A little bit down the road, Andrew Katz from Moorcrofts has booked a space at FINOS Open Source Strategy Forum in London on the 14th and 15th of November. This conference for financial technology professionals is designed to accelerate open source engagement at their firms. This marks our first step into the FinTech community: https://www.openchainproject.org/news/2018/09/05/openchain-finos-open-source-strategy-forum-in-london
Summary
October will see a strong emphasis on outreach, both at Open Source Summit Europe and via other events and webinars. At the same time the project is benefiting from an expanding commercial ecosystem, purely market driven, that indicates further substantial growth in the adoption of best practices for open source compliance programs is just around the corner.
License and Trademarks
Copyright 2018 The Linux Foundation. This newsletter is licensed under the Creative Commons Attribution-NoDerivs 2.0 Generic (CC BY-ND 2.0). Please feel free to share it onwards! OpenChain is a trademark of The Linux Foundation. It may be used according to The Linux Foundation Trademark Policy and the OpenChain Terms of Use. All other trademarks belong to their respective owners.
Newsletter – Issue 17 – September 2018
