Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source.
Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.
The OpenChain AI Study Group holds a two hour webinar at the beginning of each month for participants in North America and Europe. Around one week later, there is a one hour sync call for North America and Asia. This is a great way to get a summary of activity, and a great way to start getting involved in our work to consider AI Compliance in the supply chain.
Watch the Recording
Track This Work
You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
The OpenChain Project has announced the beginning of its six month Public Comment Period for proposed draft updates to the open source license compliance (ISO/IEC 5230:2020) and open source security assurance (ISO/IEC 18974:2023) specifications.
During the Public Comment Period everyone is invited to review and comment on the specifications. As an open project developing open standards, we host the draft documents on our GitHub repositories.
You can comment on this process by joining our monthly calls or via our Specification Mailing list. You can also leave comments via GitHub issues as detailed below.
A brief outline of our current steps is that the project will:
Open a Public Comments Period nine months before our target completion date. This runs for 6 months and only accepts minor updates such as typos or grammar corrections that do not change the requirements of the content. We do not accept any material changes during this period. All other feedback and recommendations are queue for consideration during the next version release cycle.
Open a Freeze Period three months before our target completion date to allow a 3 month review of any changes made during the Public Comments Period.
If a consensus expresses concerns over any changes made during the Public Comments period we would
i) make changes to accommodate those concerns followed by
ii) an additional 14 day Public Comments period; followed by
iii) another 14 day Freeze period. Anyone with significant reservations on the final draft should state their position/concerns via the spec mailing list. The changes will be accepted once we achieve consensus for the final draft.
In the event we do not have consensus on the final version – we would repeat the following cycle until we have consensus:
i) accommodate changes to address majority concerns;
ii) 14 day Public Comments period; followed by
iii) a 14 day Freeze period cycle.
Send the completed draft specification to the OpenChain Steering Committee for formal review and a vote on whether to accept the community recommendations for an updated or new specification.
In principle, we target updates to our ISO standards once every five years
Please Note: the final decision on content and release of OpenChain Project specifications lies with the OpenChain Steering Committee.
The OpenChain Project collaborated with OpenForum Europe (OFE) on a three-part series of webinars covering European policy matters that impact open source, business processes and risk management. These webinars took place between May and June 2024, and are intended to provide a simple, clear and unbiased look at the impact recent European Union policy will have on companies in the open source supply chain.
Our Speaker is Ciarán O’Riordan, Senior Policy Advisor at OFE. His background is as a free software / open source software policy and communications expert.
The EU Cyber Resilience Act
More Details
“The proposal for a regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, bolsters cybersecurity rules to ensure more secure hardware and software products. Hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of €5.5 trillion by 2021.” https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act
The EU AI Act
More Details
“The AI Act is the first-ever legal framework on AI, which addresses the risks of AI and positions Europe to play a leading role globally. The AI Act aims to provide AI developers and deployers with clear requirements and obligations regarding specific uses of AI. At the same time, the regulation seeks to reduce administrative and financial burdens for business, in particular small and medium-sized enterprises (SMEs).” https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
The EU Product Liability Directive
More Details
“European Union reached provisional (political) agreement on the text for the proposed revision of the EU’s Product Liability Directive 85/374/EEC (PLD). The PLD establishes a strict liability (i.e., no fault) regime to enable claimants to seek compensation for defective products across the EU, meaning claimants do not need to establish fault to claim successfully. As a result, it is the preferred way of making product liability claims in the EU. The revision is a significant development, as the PLD dates back to 1985 and has been virtually unchanged for nearly 40 years – with only very minor amendments in 1999.” https://products.cooley.com/2023/12/21/new-product-liability-laws-one-step-closer-in-europe/
About OpenForum Europe (OFE), Our Partners in this Series
OFE is a not-for-profit, Brussels-based independent think tank which explains the merits of openness in computing to policy makers and communities across Europe. Originally launched in 2002 to accelerate and broaden the use of Open Source Software (OSS) among businesses, consumers and governments, OFE’s focus has since evolved to also cover issues related to Open standards, Cybersecurity, Digital Government, Public Procurement, Intellectual Property, Cloud Computing and Internet Policy. https://openforumeurope.org/
More About Our Webinar Series
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
Our OpenChain China Work Group is moving from occasional workshops to a regular meeting schedule in June 2024. Regular Meeting #1 will take place on the 28th of June at the ByteDance offices. Full details and registration link below.
Date and Time:
2024-06-28, 14:00 to 16:00 (doors open 13:30)
Agenda:
Informal discussion about how ByteDance manages open source IP.
Informal discussion about how Honor manages open source IP.
Networking break.
Guided discussion about the EU Cyber Resiliency Act
Location:
北京市朝阳区太阳宫地区七圣中街12号院融中心A座B1- 培训室02 (ByteDance Offices, B1-Training Room 02, Building A, Rongzhongxin, No. 12, Qisheng Middle Street, Chaoyang District, Beijing)
The OpenChain Japan Work Group will host its 31st regular meeting on the 27th of June at the Kioxia Corporation Head Office. As always, everyone is invited to attend this meeting. Additionally, on the 28th of June there will be a meeting co-hosted for the OSPO Sub-Work Group Local Meetup.
The OpenChain Korea Work Group will host its 22nd regular meeting on the 20th of June at the CJ Talent Training Center in Seoul. As always, everyone is invited to attend a series of talks, case studies and networking sessions designed to support professionals from companies using open source in the business supply chain.
Kobota San of Sony, one of the OpenChain Governing Board members, will represent the OpenChain Project at the OSBC Open Source Conference 2024 in Seoul on the 19th of June 2024. His talk, entitled ‘Introduction of Sony Group Open Source Activities and Contributions to the OpenChain and SPDX (SBOM) Project,’ will open the afternoon session at 13:00.
Kobota San is well known in the OpenChain Project for his commitment to community collaboration and events, and is frequently found at open source events in Japan and around the world. A key contributor to initiatives like the SPDX Lite profile of the SPDX SBOM format, Kobota San is one of the main figures in the Planning Sub-Group of the OpenChain Japan Work Group.
Shane Coughlan, OpenChain General Manager, will deliver a talk on how to create open specifications and evolve them into formal international standards through ISO.
Abstract
This talk will explain the process of going from a blank page to an ISO standard using OpenChain ISO/IEC 5230:2020 as a case study. It will explain how the OpenChain specification team came together, how they created the first iterations of what would become ISO/IEC 5230, and how they collaborated with Joint Development Foundation (JDF) to evolve from de-facto industry standard into formal international standard through the JTC-1 PAS Transposition Process. Attendees will learn how to frame, build and deploy their own specifications and standards, with a particular focus on the practical decisions required: should this be a specification, should it be an ISO standard and what do I need to do to make this happen?
About Shane Coughlan
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated OIN into the largest patent non-aggression community in history and establishing the first global network for open source legal experts. He is a founder of both the first law journal and the first law book dedicated to open source. He currently leads the OpenChain Project and is a General Assembly Member of OpenForum Europe.
Shane Coughlan, OpenChain General Manager, will deliver a talk on how to discuss open source with IP departments.
Abstract
Product teams, R&D teams and OSPOs occasionally find themselves in an adversarial situation with IP Departments around open source and how it should be managed in an organization. This is usually due to misunderstandings about how open source provides value and how the risks associated with it can be contained. With open source increasingly necessary for organizations to compete effectively, it is important to ensure all departments understand its strategic importance, and how to manage it in the context of their KPIs and requirements. This talk will explain how to collaborate with IP Departments using the language of external risk containment and internal portfolio management, and help IP Department staff assess open source as part of a diversified IPR strategy.
About Shane Coughlan
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated OIN into the largest patent non-aggression community in history and establishing the first global network for open source legal experts. He is a founder of both the first law journal and the first law book dedicated to open source. He currently leads the OpenChain Project and is a General Assembly Member of OpenForum Europe.
On the 11th of June 2024, 07:00 UTC there was a special briefing from OpenForum Europe (OFE) on the EU Product Liability Directive. It is part of a series provided by OFE on European policy matters that impact open source, business processes and risk management.
More Details
“European Union reached provisional (political) agreement on the text for the proposed revision of the EU’s Product Liability Directive 85/374/EEC (PLD). The PLD establishes a strict liability (i.e., no fault) regime to enable claimants to seek compensation for defective products across the EU, meaning claimants do not need to establish fault to claim successfully. As a result, it is the preferred way of making product liability claims in the EU. The revision is a significant development, as the PLD dates back to 1985 and has been virtually unchanged for nearly 40 years – with only very minor amendments in 1999.” https://products.cooley.com/2023/12/21/new-product-liability-laws-one-step-closer-in-europe/
Our Speaker is Ciarán O’Riordan, Senior Policy Advisor at OpenForum Europe. His background is as a free software / open source software policy and communications expert.
OFE is a not-for-profit, Brussels-based independent think tank which explains the merits of openness in computing to policy makers and communities across Europe. Originally launched in 2002 to accelerate and broaden the use of Open Source Software (OSS) among businesses, consumers and governments, OFE’s focus has since evolved to also cover issues related to Open standards, Cybersecurity, Digital Government, Public Procurement, Intellectual Property, Cloud Computing and Internet Policy. https://openforumeurope.org/
More in the OFE Series
We held three special briefings from OFE for the OpenChain community from May to June 2024.
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
