Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source.
Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.
The OpenChain Telco Work Group has released Version 1.1 of the Telco SBOM Guide, an industry-specific but easily adaptable guide to addressing SBOM quality in the supply chain. Learn more about the release and what it means in their latest meeting.
Everyone is welcome to be part of this study group! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.
As always, we focused on the question of “how do we use SBOMs in production, large-scale and complex supply chains?” We are dealing with the reality of supply chains with many participants who have different levels of skill, use different formats, and perhaps follow different regulations or policies.
In this meeting, we looked at the question of how someone could approach building a cross-industry, cross-format guide to SBOM Quality. The mental model was “how would we use the Telco SBOM Quality Guide as a starting point,” and our Japanese sub-group prepared a proof-of-concept.
Learn More About This Study Group:
Our SBOM Study Group brings all our various SBOM-related activities together and helps answer the question of “how do we use SBOMs in production, large-scale and complex supply chains?” Our original kick-off call has all the details.
Get Involved:
Everyone is welcome to be part of this study group! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.
This webinar provided an introduction to DeepSeek, covering its technical highlights, history, the company, and their vision. Our presenter was Jerry Tan, a long-time contributor to the open source ecosystem in China, and Executive Vice Secretary-General of the China Open Source Promotion Union (COPU).
Watch the Webinar:
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.
Amazon is the latest company to join the OpenChain Project as a Platinum Member and to take a seat at the Governing Board and Steering Committee. This highlights their unwavering commitment to leadership in open source technology, process management and in building trusted supply chains.
“At Amazon, we believe in strengthening the open source ecosystem through collaboration and shared best practices,” said Nithya Ruff, Director of Amazon’s Open Source Program Office. “By joining the OpenChain Project, we’re committed to contributing our experience across cloud services and consumer devices to support and evolve industry standards. We look forward to working with the OpenChain community to make supply chain collaboration easier and more effective for the industry.”
“Amazon pioneered modern digital management of complex supply chains at massive scale,” says Shane Coughlan, OpenChain General Manager. “Their engagement with the OpenChain Project, and more broadly with all aspect of open source process management, underlines the vital role that open standards and open communities play in building a more trusted supply chain. We look forward to benefiting from their thought-leadership as OpenChain enters the next stage of its evolution.”
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Today we are delighted to share the news that ZF Group has implemented an ISO/IEC 5230 conformant program.
This significant achievement underscores their commitment to excellence, innovation, and adherence to the highest standards of compliance and best practices in their open-source initiatives. As noted by Sarah Moser of the ZF Group team, implementing the ISO/IEC 5230 standard represents a crucial step in fostering a culture of transparency, collaboration, and continuous improvement.
ZF Group’s conformance was via third-party certification in collaboration with TIMETOACT. The approach they took, their motivations and their practical solutions will be highlight in a forthcoming OpenChain webinar and case study.
Huge thanks to Sarah, the ZF OSPO team and also Simon Pletschacher at TIMETOACT for not only making this happen, but helping to communicate it widely to inspire others.
About ZF Group
ZF is a global technology company represented with 161 production locations in 30 countries. With some 161,600 employees worldwide, ZF reported sales of €41.4 billion in fiscal year 2024.
Founded in 1915, ZF has evolved from a supplier specializing in aviation technology to a global mobility technology company.
Group shareholders include the Zeppelin Foundation, administered by the City of Friedrichshafen, holding 93.8 percent of shares, and the Dr. Jürgen and Irmgard Ulderup Foundation, Lemförde, with 6.2 percent.
About the OpenChain Project:
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation:
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
We held our regular workshop for the OpenChain AI Work Group on April 1st. It was a two-hour session focused on finalizing a Guide to AI Bill of Material Compliance in the Supply Chain. The draft is reaching its final stages, and is expected to be ready by June.
You can follow and contribute to the work of the OpenChain AI Work Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:
As well as our usual news and updates (you can check out the slides in our regular place), we had Ana from TODO Group as a special guest! She gave us an update on their latest activities in the world of Open Source Program Offices (OSPO), and we had a chance to chat, ask questions, and share other news.
One of the most powerful parts of the open source community, and organizations like The Linux Foundation, is providing a way for projects not only to grow but also to share. By supporting each other, and collaborating on events, material or code, innovation gets to more people, more quickly.
Coming Next:
We have a lot to do. The Freeze Period for proposed updates to ISO/IEC 5230 and ISO/IEC 18974 is over, so it’s time for formatting and handover to the Steering Committee. Meanwhile, the Education Work Group is about to dive into some pretty cool updates to existing material. It looks like our training course and the capability model will be first.
Everyone is welcome to be part of the Education Work Group and build reference material for open source process management. You can join the mailing list here: https://lists.openchainproject.org/g/education
As always, we focused on the question of “how do we use SBOMs in production, large-scale and complex supply chains?” We are dealing with the reality of supply chains with many participants who have different levels of skill, use different formats, and perhaps follow different regulations or policies.
Our SBOM Study Group brings all our various SBOM-related activities together and helps answer the question of “how do we use SBOMs in production, large-scale and complex supply chains?” Our original kick-off call has all the details.