Skip to main content
search
All Posts By

Shane Coughlan

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.

Jan 31
Love0

The OpenChain Capability Model Reaches General Release

By Featured, News

Background

The OpenChain Project frequently talks about how open source is more professionally managed, and how this helps make using open source quicker, more efficient and more effective across the supply chain.

What is Happening?

Today we take a huge step forward in supporting this evolution of maturity by releasing capability modeling as CC-0 (effectively public domain) to help companies around the world do open source license compliance and other types of compliance using the same approaches as the world’s best and most funded companies.

This model was developed by Orcro, DeLoitte and the rest of the community of contributors who make up the OpenChain Education Work Group.

Why?

Capacity or maturity modeling in Software Asset Management (SAM) plays a vital role in understanding an organization’s current state regarding SAM practices. Here’s a structured overview of its importance:

  1. Assessment of Current Practices: It evaluates the organization’s existing SAM processes, identifying strengths and gaps that need attention.
  2. Improved Decision-Making: By highlighting gaps, it enables informed decisions on software investments, tool acquisitions, and optimization strategies, enhancing efficiency and compliance.
  3. Enhanced Efficiency and Compliance: A mature SAM practice can reduce redundant purchases, minimize license overuse, and mitigate audit risks, ensuring better management of assets.
  4. Support for Open Source Management: It aids in managing open-source usage, ensuring compliance to avoid licensing issues, thereby facilitating innovation by allowing proper use and adaptation of open-source tools.
  5. Facilitation of Open Innovation: In collaborative environments, it helps track external code usage, ensuring compliance and fostering better collaboration without legal risks.

In summary, capacity modeling is essential for establishing a robust SAM framework, enhancing operational efficiency, and supporting both open source management and open innovation, thereby driving organizational success.

Get the Model

We host the model in our Reference Library in GitHub. You can find it in a dedicated directory called “Capability-Maturity-Model” and you will find latest releases sorted by date.

Access and download it here:
https://github.com/OpenChain-Project/Reference-Material

You can also open GitHub issues with ideas, suggestions and bug-fixes:
https://github.com/OpenChain-Project/Reference-Material/issues

Contribute to Further Development

The Capability model was developed by the OpenChain Education Work Group after initial work through the OpenChain UK Work Group. You can participate in further development by joining the Education Work Group mailing list:
https://lists.openchainproject.org/g/education

You can also join our monthly call by checking out the calendar on our participation page:
https://openchainproject.org/participate

Please Note

This is reference material to help inspire individual organizations in their own development and use of models. It is not designed to be (a) legal advice, (b) assured to work in your context or (c) replace internal or third-party professional support and advice.

Jan 28
Love0

Webinar: Practical Compliance in One Stack – Licensing, Vulnerabilities, and More

By automation, community, licensing, News, security, Webinar

What We Covered:

The Cyber Resiliency Act (CRA) is coming and this European regulation will impact software development worldwide. Organizations (and projects) of all sizes need efficient compliance processes to correctly identify software components and strengthen cybersecurity efforts.

The AboutCode stack of 100% open source tools and open data is engineered to automate compliance, with a practical approach. Tools like ScanCode and DejaCode paired with aggregated open databases like PurlDB and VulnerableCode ensure accurate origin, licensing, vulnerability detection, and comprehensive SBOM management. Newer projects like Massive FOSS Scan, CRAVEX, and AI-Generated Code Search deliver new performance improvements and advanced capabilities to improve the automation of compliance processes.

In this presentation, AboutCode lead maintainer Philippe Ombredanne shared the latest updates on how to use the AboutCode stack for better, faster, and more efficient license and security compliance automation.

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2025-01-20.

Jan 25
Love0

RECORDING: OpenChain SBOM Study Group Monthly Call – 2025-01-22

By News

Our SBOM Study Group brings all our various activities together and helps answer the question of “how do we use SBOMs in production, large-scale and complex supply chains?”

This meeting was centered on looking at SBOM challenges as a raw material in discussion about potential cross-industry, cross-format guide development. This is building on previous Guide development by the Telco Work Group on SBOM quality for their industry.

Presentation:

GitHub Page For Comments:

Watch the Recording:

Learn More About This Study Group:

Our new SBOM Study Group brings all our various activities together and helps answer the question of “how do we use SBOMs in production, large-scale and complex supply chains?” Our original kick-off call has all the details.

Get Involved Through Our Mailing List:

https://lists.openchainproject.org/g/sbom

✉️ We have a dedicated mailing list:
https://lists.openchainproject.org/g/sbom

🗨️ We have a dedicated Slack Channel:
https://join.slack.com/t/openchainproject/shared_invite/zt-7ayys8g2-dgijHIK_kyrhEWEknrD0cQ

💻 We have a dedicated GitHub Repo:
https://github.com/OpenChain-Project/SBOM-sg

Jan 22
Love0

COMING SOON: OpenChain SBOM Study Group Monthly Call – 2025-01-22 @ 08:00 UTC

By News

👉 Coming later today: OpenChain SBOM Study Group Monthly Call

🕗 2025-01-22 @ 08:00 UTC / 09:00 CET / 16:00 CST / 17:00 KST + JST

Our SBOM Study Group brings all our various activities together and helps answer the question of “how do we use SBOMs in production, large-scale and complex supply chains?”

☎️ Join the call here:
https://zoom-lfx.platform.linuxfoundation.org/meeting/93693718211?password=6adbb7a3-e2be-4f44-8962-b38e0306c7a0

✉️ We have a dedicated mailing list:
https://lists.openchainproject.org/g/sbom

🗨️ We have a dedicated Slack Channel:
https://join.slack.com/t/openchainproject/shared_invite/zt-7ayys8g2-dgijHIK_kyrhEWEknrD0cQ

💻 We have a dedicated GitHub Repo:
https://github.com/OpenChain-Project/SBOM-sg

Jan 21
Love0

Software Security Technology is the latest Official OpenChain Partner

By News

Software Security Technology (SST) is the latest official OpenChain Project partner. Their engagement with the OpenChain partner program underscores the growing maturity of the Chinese market, and its increasing adoption of ISO/IEC 5230 for open source license compliance, and ISO/IEC 18974 for open source security assurance.

“We believe the world is empowered by software and will be further innovated by hardcore technologies like AI/LLM, Autonomous driving, embodied robot, blockchain, etc; which are not only software-centric but also open source driven,” says Kelfen Yang, Co-founder, Sales VP of SST. “Compliance was never a liability in-terms of technology development, on the contrary, an accelerator;  which maximize the overall efficiency and trust relationship.  This is also the reason we seek for partnership with OpenChain, together we are hoping to help tech companies globally to build trustworthy, high quality and secure software system through our product, service and experience.”

“We are delighted to welcome Software Security Technology to the OpenChain partner program,” says Shane Coughlan, OpenChain General Manager. “The importance of choice in seeking solutions like commercial tooling is a vital part of helping to make open source compliance and security easier, quicker and more efficient for companies in the supply chain. Throughout 2025, we hope to see our official partners support the development of more automation that addresses legal and regulatory requirements.”

About Software Security Technology

Software Security Technology specializes in the areas of software quality and security testing, providing customers with a one-stop solution to software ecosystem quality and security issues tailored to their specific scenarios.  Our core team is composed of experts from leading domestic and international AST companies.  Through three years of diligent effort, we have independently developed security testing tools, including SCA, SAST, and FUZZ, and have crafted industry-specific solutions that seamlessly integrate with various business scenarios.  Our solutions have gained recognition from leading customers in fields such as automobiles, semiconductors, and communications.  With offices in Chengdu, Wuhan, Shanghai, Beijing, and Shenzhen, our company is able to provide timely and professional pre-sales and after-sales services to our clients.

Learn more: https://www.softsec-tech.cn/

About the OpenChain Project:

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation:

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Jan 20
Love0

KFTC Announces an OpenChain ISO/IEC 5230 Conformant Program

By Featured, News

Korea Financial Telecommunications & Clearings Institute (KFTC), has announced an OpenChain ISO/IEC 5230 Conformant program. KFTC is a leading financial institution that provides essential infrastructure and services for the Korean financial industry.

To meet the requirements of the OpenChain ISO/IEC 5230:2020 standard, KFTC has implemented a comprehensive open source program within the organization. This includes establishing an Open Source Program Office (OSPO), enacting guidelines for open source utilization, and developing an in-house open source management platform. The platform automatically identifies open source components and licenses used in the software development lifecycle, providing guidance to employees.

“In today’s rapidly evolving IT landscape, characterized by AI, big data, and cloud computing technologies, leveraging open source software is not just beneficial—it’s essential,” said Lee Songwon, CIO of KFTC. “Based on our capabilities in open source utilization and management, KFTC will continue to foster a robust open source ecosystem through collaboration with other financial and public sector organizations across Korea.”

About KFTC (Korea Financial Telecommunications & Clearings Institute):

Korea Financial Telecommunications and Clearings Institute (KFTC), jointly founded by the Bank of Korea and commercial banks in 1986, has been a leading institution in developing and operating Korea’s national payment and settlement infrastructure. Over the years, KFTC has introduced various advanced payment systems, including the CD/ATM network and the Real-time Fund Transfer network. In the digital era, KFTC launched the Payment Gateway for e-commerce, Point of Sales (POS) networks for payment card transactions, and mobile payment networks. As the country transitioned to Open Finance, KFTC played a pivotal role in developing Korea’s Open Banking platform, enabling seamless and secure data sharing between financial institutions and fintech companies.

Learn more at https://eng.kftc.or.kr

About the OpenChain Project:

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation:

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Jan 18
Love0

COMING SOON: OpenChain webinar on a single open source stack for open source compliance and security – 2025-01-20 @ 08:00 UTC

By News

What We Will Cover:

CRA is coming. And this European regulation will impact software development worldwide. Organizations (and projects) of all sizes need efficient compliance processes to correctly identify software components and strengthen cybersecurity efforts.

The AboutCode stack of 100% open source tools and open data is engineered to automate compliance, with a practical approach. Tools like ScanCode and DejaCode paired with aggregated open databases like PurlDB and VulnerableCode ensure accurate origin, licensing, vulnerability detection, and comprehensive SBOM management. Newer projects like Massive FOSS Scan, CRAVEX, and AI-Generated Code Search deliver new performance improvements and advanced capabilities to improve the automation of compliance processes.

In this presentation, AboutCode lead maintainer Philippe Ombredanne will share the latest updates on how to use the AboutCode stack for better, faster, and more efficient license and security compliance automation.

How To Join:

or

  • One tap mobile:
    • US (iOS): +12532158782,,92010703079#,,,,209683#
    • US (Android): +12532158782;92010703079#;209683#

or

  • International numbers: https://zoom.us/u/alwnPIaVT

Meeting ID: 92010703079
Meeting Passcode: 209683

Check Out The Rest Of Our Webinars

Jan 17
Love0

RECORDING: OpenChain Monthly Specification and Education Call (Europe – Asia) – 2025-01-15

By News

Our second meeting of the Specification and Education Work Groups was a Europe and Asia call.

Check out the Meeting Slides:

Watch the Recording:

Specification Work Group:

We covered:

  1. The end of the comment period for proposed updates to ISO/IEC 5230 and ISO/IEC 18974 (2024-06-19 ~ Ending 2024-12-19) [1]
  2. What happens next in the three-month Freeze Period [2]
  3. What to expect from the Steering Committee meeting to review the Specification Drafts on 2025-02-03 adjacent to the Q1 2025 Governing Board Meeting in Brussels
  4. What is happening with the separate ISO/IEC 5230 periodic review at ISO as it reaches five years of age, and what to expect next
[1] https://hubs.la/Q031H2V_0
[2] https://hubs.la/Q031H12h0

Education Work Group:

We covered:

  1. What happens next with the OpenChain Explainer Series – Documents (Release) and Videos (Beta) [3]
  2. The status of the Capability Model and what to expect next [4]
  3. A proposal to consider where we can go with online training for ISO/IEC 5230 (LFC 193 and LFC 194 refresh with LF Training?) and ISO/IEC 18974 (New LFC courses with LF Training?)
[3] https://hubs.la/Q031H0dQ0 (YouTube: https://tinyurl.com/5n7bja9d)
[4] https://tinyurl.com/358s8smy

Other Items:

A note on the timing of the call, and sustainability:

This call takes place between 01:30 and 02:30 in Japan to allow North American and European participants to collaborate. However, this makes it difficult for the General Manager to attend. There is a request to action one of two things:

  1. Move the meeting to a North America / Asia schedule, complementary with the other OpenChain Monthly Specification and Education Call (Europe / Asia) on 3rd Wednesdays or
  2. A community volunteer to run the meeting on a regular basis

Issue to be discussed further.

Coming Next:

We will be following up on the activities outlined above on the mailing lists, and we will continue our regular series of calls and meetings throughout the year.

Join Our Work:

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate

Jan 17
Love0

RECORDING: OpenChain AI Work Group – Monthly Workshop for North America and Europe – 2025-01-14

By News

We held the first monthly workshop for the OpenChain AI Work Group in 2025. It was a two-hour session to allow topics related to AI compliance to be discussed, explored and defined. The key focus for the Work Group is to develop and finalize a Guide to AI Bill of Material Compliance in the Supply Chain, and there is active drafting going on during each meeting.

The Draft Guide:

Full Recording:

The Draft Guide:

https://docs.google.com/document/d/1g1kdmx1bDlQ0feSeW-ZY5JRFAF-HC30a/edit

Track This Work:

You can follow and contribute to the work of the OpenChain AI Work Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:

Attend Future Meetings:

You can find and get the dial-in details for all future AI Work Group meetings from our participate page here:

Jan 10
Love0

RECORDING: OpenChain Monthly Specification and Education Call (North America and Europe) – 2025-01-08

By News

Our first meeting of the Specification and Education Work Groups started with a North America and Europe call.

Check out the Meeting Slides:

Watch the Recording:

Specification Work Group:

We covered:

  1. The end of the comment period for proposed updates to ISO/IEC 5230 and ISO/IEC 18974 (2024-06-19 ~ Ending 2024-12-19) [1]
  2. What happens next in the three-month Freeze Period [2]
  3. What to expect from the Steering Committee meeting to review the Specification Drafts on 2025-02-03 adjacent to the Q1 2025 Governing Board Meeting in Brussels
  4. What is happening with the separate ISO/IEC 5230 periodic review at ISO as it reaches five years of age, and what to expect next
[1] https://hubs.la/Q031H2V_0
[2] https://hubs.la/Q031H12h0

Education Work Group:

We covered:

  1. What happens next with the OpenChain Explainer Series – Documents (Release) and Videos (Beta) [3]
  2. The status of the Capability Model and what to expect next [4]
  3. A proposal to consider where we can go with online training for ISO/IEC 5230 (LFC 193 and LFC 194 refresh with LF Training?) and ISO/IEC 18974 (New LFC courses with LF Training?)
[3] https://hubs.la/Q031H0dQ0 (YouTube: https://tinyurl.com/5n7bja9d)
[4] https://tinyurl.com/358s8smy

Other Items:

A note on the timing of the call, and sustainability:

This call takes place between 01:30 and 02:30 in Japan to allow North American and European participants to collaborate. However, this makes it difficult for the General Manager to attend. There is a request to action one of two things:

  1. Move the meeting to a North America / Asia schedule, complementary with the other OpenChain Monthly Specification and Education Call (Europe / Asia) on 3rd Wednesdays or
  2. A community volunteer to run the meeting on a regular basis

Issue to be discussed further.

Coming Next:

We will be following up on the activities outlined above on the mailing lists, and we will continue our regular series of calls and meetings throughout the year.

Join Our Work:

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate

Close Menu