Skip to main content
All Posts By

Shane Coughlan

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.

OpenChain Newsletter #63

By Monthly Newsletter, News
logo

​ Newsletter – Issue 63 – February 2024

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

Headline News

Outreach

  • No external events this month

Webinars

Meetings

Our community released the following meeting recordings via our main channel:

Note: Some community meetings are not recorded or are released through other channels

Check Out All Our Previous Newsletters:

BlackBerry Recertification of ISO/IEC 5230:2020 and ISO/IEC 18974:2023

By Featured, News

BlackBerry, an early adopter of ISO/IEC 5230:2020 and OpenChain Security Assurance Specification 1.1 (later ISO/IEC 18974:2023), has completed regular recertification for both standards. The recertification was completed in partnership with OSS Consultants, an official OpenChain Partner, and long-term collaborator in the open source governance space.

ISO/IEC 5230 and ISO/IEC 18974 have a regular recertification process to ensure that open source programs are up-to-date and match current organizational strategy and staffing. Recertification can be done through self-certification, independent assessment or third-party certification on a regular 18 month cycle. The OpenChain Project provides extensive certification support via its website: https://www.openchainproject.org/get-started

“BlackBerry has a long history of cataloging, tracking, and securing its open source components that are bundled as part of its software supply chain. OpenChain has helped us bring together these capabilities and license compliance to have a more holistic open source management process. Having standards like OpenChain is a powerful tool that assures our customers that we take the security and integrity of our software supply chain seriously. As the security community continues to push forward with initiatives like the Software Bill of Materials, companies will need to implement standards like OpenChain to meet the demands of the growing list of customers who prioritize security.”- Christine Gadsby, VP of Product Security at BlackBerry.

“The use of standards like ISO/IEC 5230 and ISO/IEC 18974 provide a strong foundation for companies to manage their open source supply chain. The recertification process is a key part in ensuring processes are current and match products, services and strategy. BlackBerry, as a leader in the field of providing enterprise solutions, is also a leader in software governance and management. Their recertification to our standards for open source license compliance and open source security assurance underlines their stance at the forefront of sustainable, reliable software asset management.” – Shane Coughlan, OpenChain General Manager.

“OSS Consultants is pleased to have partnered with BlackBerry to attain the first whole-entity ISO/IEC 5230 conformance in North America in 2022, the first whole-entity ISO/IEC 18974 conformance in early 2023, and again now to perform the recertification of both standards. This recertification for BlackBerry demonstrates their unwavering dedication to the security and integrity of their software supply chain.” – Russ Eling, Founder & CEO at OSS Consultants

About the OpenChain Project

The OpenChain Project has been building Trust in the Supply Chain Since 2016. Our vision is a supply chain where open source is delivered with trusted and consistent process management information. Our mission is to make that happen. The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. Learn more at https://www.openchainproject.org/

About BlackBerry

BlackBerry (NYSE: BB; TSX: BB) provides intelligent security software and services to enterprises and governments around the world. The company’s software powers over 235M vehicles. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy, and is a leader in the areas of endpoint security management, encryption, and embedded systems. BlackBerry’s vision is clear – to secure a connected future you can trust.

BlackBerry. Intelligent Security. Everywhere. 

For more information, visit BlackBerry.com and follow @BlackBerry.

About OSS Consultants

OSS Consultants is a business dedicated to helping organizations of all sizes – from the world’s largest and well-known companies to small businesses and start-ups – design, implement, and manage the most efficient, comprehensive and robust open-source program offices and policies on the planet. Service offerings range from a scan and audit of your third-party and proprietary software to creating a full OSPO within your organization. Find more information at www.ossconsultants.com and follow @OSSConsultants.

Webinar: FOSS License Management – meta-osselot for OSSelot-Data in OpenEmbedded

By automation, licensing, News, Webinar

Jasper Orschulko presented the concept of the meta-osselot project ( https://github.com/iris-GmbH/meta-osselot ) and how the curated data in OSSelot may be leveraged in OpenEmbedded environments.

This webinar is part of a new series provided by the OpenChain Automation Workgroup to provide insights in good practices for community based IP audits. The good practices shall be used to align on a community wide standard for metadata curation as base for sharing FOSS License Management Data.

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #71, released on 2024-02-26.

Webinar: SPDX 3.1 – Services Profile Overview

By community, legal, licensing, News, security, standards, Webinar

Gary O’Neall of Source Auditor talked about how the new SPDX Services Profile proposal structures information. This profile is likely to have an important on business process management, as it covers topics far beyond open source compliance, with one example being fields for topics like Export Control. Gary’s deep background as a core contributor to the SPDX Project allowed him to contextualize this discussion from a historical perspective.

Coming Soon: OpenChain Webinar #74 – FOSDEM Recap – 2024-02-26 @ 09:00 CET

By News

Philippe Ombredanne from nexB will lead an overview of the FOSDEM conference held in Brussels on the 3rd and 4th of February 2024. This builds on his webinar covering the same topic last year, and it will be an excellent way to understand the conversations, presentations and knowledge shared by attendees.

Join us on Monday, February 26th, 09:00 CET / 16:00 CST / 17:00 KST + JST:
https://zoom-lfx.platform.linuxfoundation.org/meeting/96974434553?password=0e08c5f9-01d7-4202-9fbe-dacd592b82c8

This event is listed in our global calendar:
https://www.openchainproject.org/participate

OpenChain Monthly North America and Asia Meeting – 2024-02-20 – Full Recording

By Featured, News

This meeting focused on closing two open issues around the Licensing Specification (ISO/IEC 5230) as we prepare a proposed update for the Steering Committee:

Check out the full recording below:

Want to join our calls?

Want to be part of the mailing list for specification development?

OpenChain AI Study Group – North America and Europe – 2024-02-20 – Recording

By Featured, News

The latest OpenChain AI Study Group meeting was hosted by our co-chair, Matthew Crawford of Arm. Check out the full recording and get the slides below.

Get the Slides:

Learn more about the activities of this study group via their dedicated mailing list:

OpenChain Project Meetings This Week (all times UTC)

By News

This week we have the following international meetings:

Tuesday 20th February:

– OpenChain Monthly North America / Asia Call @ 01:00 UTC

– OpenChain AI Study Group (North America / Europe) @ 16:00 UTC

Wednesday 21st February:

– OpenChain Webinar #71 – FOSS License Management: meta-osselot project for integrating OSSelot-Data in OpenEmbedded @ 09:00 UTC

– OpenChain Automation Work Group Meeting (European Afternoon) @ 16:00 UTC

Thursday 22nd February:

– OpenChain Webinar #60 – SPDX 3.1 – Services Profile Overview @ 01:00 UTC

– OpenChain Education Work Group Meeting @ 17:00 UTC

You can check out all our international meetings and get instructions on adding our calendar to your client here: https://www.openchainproject.org/participate

Webinar: Curating FOSS license information for the OSSelot database

By automation, licensing, News, Webinar

Caren Kresse from OSADL talks about sharing and reusing publicly available FOSS compliance material, as provided by the OSSelot project (https://www.osselot.org/), which requires trust in the reliability of the data. Such trust can be fostered by ensuring high quality and consistency of the data through a standardized curation process and strict review of all contributions. This presentation will demonstrate the curation process for the OSSelot project, present the resulting material, and give an example of how a contribution is reviewed.

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #59, released on 2024-02-14.