Skip to main content
All Posts By

Shane Coughlan

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.

OpenChain Newsletter #64

By Monthly Newsletter, News
logo

​ Newsletter – Issue 64 – March 2024

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

Headline News

Outreach

Webinars

Meetings

Our community released the following meeting recordings via our main channel:

Note: Some community meetings are not recorded or released through other channels

Check Out All Our Previous Newsletters:

BlackBerry: Three-Way Case Study – The use of ISO/IEC 5230:2020 by a company providing mission-critical services to enterprise clients around the world

By Featured, News

BlackBerry, OSS Consultants and OpenChain

The OpenChain Project maintains two ISO/IEC standards designed to help optimize business process management around open-source software. One of the standards, ISO/IEC 5230:2020, focuses on how to establish and run a quality open-source license compliance program. Another of the standards, ISO/IEC 18974:2023, focuses on how to establish and run a quality open-source security assurance program. Taken together, these standards provide a reliable, efficient and effective way to manage the open-source supply chain.

This case study will highlight the use of ISO/IEC 5230:2020 by a company providing mission-critical services to enterprise clients around the world.

The Direction Taken

For BlackBerry’s particular use-case, OSS Consultants recommended a centralized solution that enabled a single process to serve the business. This allowed BlackBerry to utilize our expertise to further develop in-house OSPO capabilities, reduce their tooling spend, and provide better holistic coverage based on a single strategy that included a single set of standards and principles.

Key Lesson Learned

The ISO/IEC 5230 recertification process provided an excellent opportunity to assess lessons learned and consider these not only from the company perspective, but also with respect to larger supply chain optimization.

Review and Download the Case Study

OpenChain Korea Work Group Meeting #21 – 2024-03-26

By News

일정
  • 일정: 2024-03-26 (화) 오후2시~5시장소: 카카오 판교아지트 지하1층 세미나실
  • 아젠다TimeAgendaSpeakerSlide14:00~14:10Welcome & Intro장학성, SK텔레콤-14:10~14:20OpenChain Global UpdateShane Coughlan, Linux Foundationpptx14:20~14:30OpenChain KWG Update장학성, SK텔레콤pptx14:30~14:50Tooling Subgroup 활동 및 주요 사례- 오픈소스 통합관리 포털- The AboutCode stack- SW 공급망보안 XSCAN박원재, LG전자-14:50~15:10Legal Subgroup 활동 및 주요 사례- Stability AI 집단소송 – Motion to Dismiss- GPL-2.0: 라이선스 경계 문제와 컴플라이언스- SFC v. Vizio 소송 사례- 중국의 오픈소스 2차적저작물 소송 판결 결과- LF의 오픈소스 라이선스 컴플라이언스 리포트- GPL-violations.org는 어떤 사항들을 문제삼았나?- GPL의 발전: GPL-3.0, AGPL-3.0박정숙, ETRIpdf15:10~15:30BreakAll-15:30~17:00그룹 토의- 컴플라이언스 실무- 컴플라이언스 이슈/동향- AI와 오픈소스&저작권 이슈- 오픈소스 보안취약점- 오픈소스 관리 조직- 오픈소스 기여/공개- OpenChain KWG 커뮤니티사회 : 이서연, 라인플러스-Sponsor참석사
  • 국민은행금융결제원라인플러스삼성전자안랩카카오카카오뱅크티맵모빌리티한글과컴퓨터현대모비스현대오토에버현대자동차CJ올리브네트웍스CJ주식회사ETRIkt dsLG전자NAVERNHNSK주식회사SK텔레콤
  • Photo

    Learn More

    OpenChain Monthly North America – Asia Call – 2024-03-19 – Full Recording

    By News

    This call covered the following open issues in the draft for a potential update to the Security Specification:

    ●[Improvement] ZA/NM05 – Proposed rewording for 3.1.5
    https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/18

    ●[Improvement] Add triage entry to specific situations where vulnerability not appliable
    https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/29

    ●[New Material] What is a quality or complete SBOM for licensing or security use cases?
    https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/32

    Get the Slides

    OpenChain Workshop – Supply Chain Best Practices in China using ISO 5230 and ISO 18974 – Full Recording

    By Featured, News

    We held a special workshop in Shinagawa on March 18th focused on case studies about open source business process management in China. The main topic was how ISO 5230 and ISO 18974 are being used from upstream project to commercial ecosystem.

    We used an operating system ecosystem called openEuler as the basis for our case studies. openEuler is an emerging operating system ecosystem in China with 36.8% of the server operating system market, 17,000+ developers and 500+ projects. It is hosted by the OpenAtom Foundation, and a healthy ecosystem of companies creating products exists around it. OpenChain ISO 5230 and OpenChain ISO 18974 are at the center of how business processes are managed in openEuler.


    The Agenda



    The Morning Session:



    The Afternoon Session:



    Learn More About openEuler:


    Webinar: Universal CVSS Calculator

    By automation, News, security, Webinar

    This webinar discusses a Universal CVSS Calculator released by {metæffekt} GmbH. The open-source online tool is intended to support the assessment of vulnerabilities with their various CVSS scores from multiple authorities. It was created due to the lack of CVSS calculators which could ingest multiple vectors with different CVSS versions and compare the scores consistently.

    Read The Slides

    More About Our Webinars:

    This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

    Check Out The Rest Of Our Webinars

    This is OpenChain Webinar #69, released on 2024-03-22.

    OpenChain Project Meetings This Week (all times UTC)

    By News

    This week we have the following international meetings:

    Monday 18th March:

    – OpenChain Deep Dive – Case Study of Establishing and Maintaining Supply Chain Best Practices Across a Complete Operating System Ecosystem – openEuler @ 00:00 UTC

    – OpenChain Webinar: Universal CVSS Calculator @ 09:00 UTC

    Tuesday 19th March:

    – OpenChain Monthly North America / Asia Call @ 01:00 UTC

    Wednesday 20th March:

    – OpenChain Automation Work Group Meeting (European Afternoon) @ 16:00 UTC

    You can check out all our international meetings and get instructions on adding our calendar to your client here:

    OpenChain AI Study Group Call (Europe and Asia) – 2024-03-14 – Full Recording

    By News

    On the 6th of March the OpenChain AI Study Group held a special AI workshop instead of the regular AI call. It provided an opportunity to deep dive into the topic with experts from Qualcomm and Arm, and a chance to ask questions or share ideas. The call on the 14th of March was a chance to brief OpenChain AI Study Group participants on the outcomes, and to discuss next steps.

    Track This Work

    You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:

    Attend Future Meetings

    You can find and get the dial-in details for all future AI Study Group meetings from our participate page here:

    Webinar: Understanding GitHub Copilot

    By ai, News, Webinar

    This OpenChain Webinar welcomes Jiyon Yun and T. Greg Doucette of the GitHub team to discuss GitHub Copilot from the perspective of engagement by users, especially business users considering cost/benefit and risk containment from a legal perspective.

    More About Our Webinars:

    This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

    Check Out The Rest Of Our Webinars

    This is OpenChain Webinar #61, released on 2024-03-14.

    Outcomes of the Special OpenChain AI Workshop – 2024-03-06

    By Featured, News

    On the 6th of March the OpenChain AI Study Group held a special AI workshop instead of the regular AI call. It provided an opportunity to deep dive into the topic with experts from Qualcomm and Arm, and a chance to ask questions or share ideas. The idea was to fold in the ideas shared thus far and seek a single coherent narrative.

    Please note, at the request of attendees, this meeting was held under Chatham House Rule, and therefore a recording is not being shared.

    The Formal Agenda:

    – Opening comments (Dave and Matthew)
    – AI Model supply chain issues (Brian)
    — Use cases in context of regulatory backdrop
    — Open vs. Proprietary
    — War stories
    — Roundtable
    – Dataset supply chain issues (Jeff)
    — Use cases and pragmatic practices
    — Open vs. Proprietary
    — War stories
    — Roundtable
    – Possible Solutions – how can OpenChain best provide value to the ecosystem (All)
    – Closing (Dave and Matthew)

    The Outcomes

    It was decided that following meetings would:
    – Work through key use cases
    — Start with LLM – text to text as a first hypothetical
    – Work through the Huggingface Model Card example
    https://huggingface.co/templates/model-card-example
    — Initial focus will be on what can one should supply when delivering and what one wants to see when receiving

    Track This Work

    You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:

    Attend Future Meetings

    You can find and get the dial-in details for all future AI Study Group meetings from our participate page here: