Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source.
Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.
For the second year in row, we welcome Philippe Ombredanne to recap the FOSDEM event for us. This is a great way to catch-up on one of the best events in the world discussing open source development, management and (most importantly for us) legal, licensing and automation.
BlackBerry, an early adopter of ISO/IEC 5230:2020 and OpenChain Security Assurance Specification 1.1 (later ISO/IEC 18974:2023), has completed regular recertification for both standards. The recertification was completed in partnership with OSS Consultants, an official OpenChain Partner, and long-term collaborator in the open source governance space.
ISO/IEC 5230 and ISO/IEC 18974 have a regular recertification process to ensure that open source programs are up-to-date and match current organizational strategy and staffing. Recertification can be done through self-certification, independent assessment or third-party certification on a regular 18 month cycle. The OpenChain Project provides extensive certification support via its website: https://www.openchainproject.org/get-started
“BlackBerry has a long history of cataloging, tracking, and securing its open source components that are bundled as part of its software supply chain. OpenChain has helped us bring together these capabilities and license compliance to have a more holistic open source management process. Having standards like OpenChain is a powerful tool that assures our customers that we take the security and integrity of our software supply chain seriously. As the security community continues to push forward with initiatives like the Software Bill of Materials, companies will need to implement standards like OpenChain to meet the demands of the growing list of customers who prioritize security.”- Christine Gadsby, VP of Product Security at BlackBerry.
“The use of standards like ISO/IEC 5230 and ISO/IEC 18974 provide a strong foundation for companies to manage their open source supply chain. The recertification process is a key part in ensuring processes are current and match products, services and strategy. BlackBerry, as a leader in the field of providing enterprise solutions, is also a leader in software governance and management. Their recertification to our standards for open source license compliance and open source security assurance underlines their stance at the forefront of sustainable, reliable software asset management.” – Shane Coughlan, OpenChain General Manager.
“OSS Consultants is pleased to have partnered with BlackBerry to attain the first whole-entity ISO/IEC 5230 conformance in North America in 2022, the first whole-entity ISO/IEC 18974 conformance in early 2023, and again now to perform the recertification of both standards. This recertification for BlackBerry demonstrates their unwavering dedication to the security and integrity of their software supply chain.” – Russ Eling, Founder & CEO at OSS Consultants
About the OpenChain Project
The OpenChain Project has been building Trust in the Supply Chain Since 2016. Our vision is a supply chain where open source is delivered with trusted and consistent process management information. Our mission is to make that happen. The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. Learn more at https://www.openchainproject.org/
About BlackBerry
BlackBerry (NYSE: BB; TSX: BB) provides intelligent security software and services to enterprises and governments around the world. The company’s software powers over 235M vehicles. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy, and is a leader in the areas of endpoint security management, encryption, and embedded systems. BlackBerry’s vision is clear – to secure a connected future you can trust.
BlackBerry. Intelligent Security. Everywhere.
For more information, visit BlackBerry.com and follow @BlackBerry.
About OSS Consultants
OSS Consultants is a business dedicated to helping organizations of all sizes – from the world’s largest and well-known companies to small businesses and start-ups – design, implement, and manage the most efficient, comprehensive and robust open-source program offices and policies on the planet. Service offerings range from a scan and audit of your third-party and proprietary software to creating a full OSPO within your organization. Find more information at www.ossconsultants.com and follow @OSSConsultants.
Jasper Orschulko presented the concept of the meta-osselot project ( https://github.com/iris-GmbH/meta-osselot ) and how the curated data in OSSelot may be leveraged in OpenEmbedded environments.
This webinar is part of a new series provided by the OpenChain Automation Workgroup to provide insights in good practices for community based IP audits. The good practices shall be used to align on a community wide standard for metadata curation as base for sharing FOSS License Management Data.
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
Gary O’Neall of Source Auditor talked about how the new SPDX Services Profile proposal structures information. This profile is likely to have an important on business process management, as it covers topics far beyond open source compliance, with one example being fields for topics like Export Control. Gary’s deep background as a core contributor to the SPDX Project allowed him to contextualize this discussion from a historical perspective.
Philippe Ombredanne from nexB will lead an overview of the FOSDEM conference held in Brussels on the 3rd and 4th of February 2024. This builds on his webinar covering the same topic last year, and it will be an excellent way to understand the conversations, presentations and knowledge shared by attendees.
This meeting focused on closing two open issues around the Licensing Specification (ISO/IEC 5230) as we prepare a proposed update for the Steering Committee:
The latest OpenChain AI Study Group meeting was hosted by our co-chair, Matthew Crawford of Arm. Check out the full recording and get the slides below.
Caren Kresse from OSADL talks about sharing and reusing publicly available FOSS compliance material, as provided by the OSSelot project (https://www.osselot.org/), which requires trust in the reliability of the data. Such trust can be fostered by ensuring high quality and consistency of the data through a standardized curation process and strict review of all contributions. This presentation will demonstrate the curation process for the OSSelot project, present the resulting material, and give an example of how a contribution is reviewed.
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.