Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.
The most recent OpenChain Education Work Group call saw work continue on our training material. Check out what Nathan and team discussed in the recording below.
Join our education mailing list to contribute thoughts, ideas and suggestions.
https://lists.openchainproject.org/g/education
The OpenChain Project is delighted to welcome National Financial Technology Certification Center (Beijing) as our latest official certification partner. Our collaboration will enable more FinTech and Financial Sector organizations in China to adopt the OpenChain standards for open source license compliance and security assurance.
NFTC would like to
About NFTC
NFTC is a reputable third-party certification agency dedicated to serving the financial industry, and the first national-level certification institution in China. Established in 2011 through the decision of the People’s Bank of China (The central bank of China), and approved by the National Administration for Market Regulation and the Certification and Accreditation Administration of China, NFTC is committed to providing quality certification, testing and evaluation, and assessment services for products, services, systems, infrastructure, and other aspects of the financial industry.
You are invited to join the OpenChain Mini-Summit adjacent to Open Source Summit Europe.
Our focus will be on:
This is an hybrid physical and virtual event. It is free of charge for all participants.
Due to in-person space being limited, we invite everyone to register for the virtual event, and to email scoughlan@linuxfoundation.org if they want a seat at the physical event.
We previously planned to hold this Mini-Summit on Monday the 18th of September, but we have moved it to Thursday the 21st of September to avoid overlap with the SPDX Mini-Summit covering SPDX 3.0.
https://zoom.us/meeting/register/tJIuduGpqjwjGtJqMYPosKE06BZdbKE8ddwj
This event will be held mainly in English. Part of the sessions will be delivered in Mandarin. Please see the agenda below for details.
這次的活動將以英文為主要語言來進行,部分議程則將以中文進行,詳如議程表後標示。
OpenChain 協助產業在碰觸或思索開源合規 (Open Source Compliance) 爭議或政策時,有一套流程可以提供參考!
這場工作坊將會介紹 OpenChain 專案,同時也邀請國內外的開源合規專家來分享實務經驗,特別是在日本流行起來的 SBOM (Software Bill of Materials) 及 OSPO (Open Source Program Office) 。OpenChain 的推動過程中如何會遭遇到什麼樣的困難,又有什麼克服的方法 ? 若是你正在使用、正要接觸開源軟體,或者是單純想要了解開源軟體,都歡迎你一起加入討論!
什麼是 OpenChain ?
OpenChain 已在 2020/12/16 正式成為 ISO 認證(ISO/IEC 5230:2020),透過導入 OpenChain ISO 標準,供應鏈裡各參與廠商將能清楚了解在哪個開發環節使用哪些自由開源軟體,並進一步釐清發生授權問題的解決方案。
開源軟體在全世界的應用非常廣泛,隨著開源軟體的商業化,複雜的開源授權規定也讓許多商業使用者不知所措,而層出不窮的侵權糾紛,也讓開源合規的議題逐漸受到企業重視。隸屬於 Linux Foundation Project 的 OpenChain 專案透過簡化及標準化開源合規實務,使企業、組織可更為有效滿足開源合規,從而建立產業供應鏈對開源軟體的信任。包含微軟、Google、高通、西門子、Sony 與 Uber 等都已採用OpenChain 進行開源合規管理並通過 OpenChain 認證。
13:30~14:00|Check-In
14:00~14:10|Opening 開場
14:10~14:40|OpenChain – From One Standard To A Family
English / Shane Coughlan, General Manager at OpenChain Project, The Linux Foundation
14:40~15:10|如何建立開源管理機制,做到安全又合規? How to construct an open source managing system to achieve security & compliance?
Mandarin / 中文 / Singing Li, CEO, Open Culture Foundation (李欣穎,開放文化基金會執行長)
15:10~15:40|Break – Tea Time
15:40~16:10| “SBOM” and “OSPO” in JAPAN
English / Masato Endo, Group Manager of Driver Monitoring Group, Toyota.
16:10~16:40| 深入淺出國際開源資安標準 OpenChain Security Assurance Specification
Mandarin / 中文 / SZ Lin (林上智), Chief Expert, Bureau Veritas
16:40~17:00|Q & A
集思北科大會議中心 205 瑞特廳
地址:台北市忠孝東路 3 段 1 號-億光大樓 2 樓 ( 197 號旁邊棟)
若您對於本活動有任何的問題或意見,歡迎透過電子郵件信箱 taiwan-wg@lists.openchainproject.org 或直接到 OpenChain telegram 頻道提出。
The Export Control work group is collaborating on a pre-existing website conversion project.
This involves:
This is the website we are working on converting from HTML to MarkDown:
We are working on it here:
We have a bunch of issues opened:
Since the last call we have closed a few:
Check out the recording below to see what we did next.
(1) We are doing to do a reset of the group to help people engage more, especially with regards bringing back more technical people and technical updates.
(2) First, we use the Sharing Creates Value GitHub repo as the single source of truth for organizing things from now on, including (a) new content, (b) polls for next steps and (c) arranging future meetings.
(3) We move to a new agenda that brings back the emphasis on engineering as follows:
– News (~10 mins?);
– Technical discussions unpacking open source tools etc (~30-40 mins?);
– Update on the meta level (capabilities map) (~10 mins?).
(4) We will also introduce a fix group of chairs (volunteers) to help ensure the meetings are driven forward while not overloading any one person. Redundancy and mutual support is the goal.
Make the Global Calendar clearer – including timezone offsets – so people can use this as the single-source of truth for confirming our call times. Done. See:
https://www.openchainproject.org/participate
We covered a lot of ground in this meeting. Check out the full recording below. The current document is here:
Andrew updated the core language substantially and it looks like we are near release:
Carlo submitted a patch with new language covering the verification that a Declaration is not just pro-forma:
We decided to move non-core language to the Risk Grid and then have that queued as an item for review and reorder after the core is published:
We also discussed what to do when we move to a milestone release document rather than this initial drafting phase:
We move towards release of the core language with a final Request for Comments, and then we turn our attention to updating the Risk Grid.
The Software Engineering Maintenance and Evolution Research Unit (SEMERU) lab at William and Mary is running a new survey relating to third-party software license compliance. The target audience is “people with a background in law, preferably with a law degree and some amount of experience in practice.”
The purpose of this study is to investigate issues, needs, and opportunities related to open source software licensing. In particular, this study aims to investigate how legal practitioners address concerns related to software licensing and identifying pain points and unmet needs.
If you decide to participate, you will take a brief survey via the Qualtrics platform. The study will last about 15 minutes during which time you will be asked questions regarding your familiarity and experience with several topics related to open source software licensing that pertain to your work.
With your permission, we may contact you by email and invite you to participate in a follow-up interview.
The College of William & Mary is a public research university in Williamsburg, Virginia. Founded in 1693 by a royal charter issued by King William III and Queen Mary II, it is the second-oldest institution of higher education in the United States and the ninth-oldest in the English-speaking world.
Newsletter – Issue 56 – July 2023
The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.
Shane Coughlan, OpenChain General Manager, was the guest presenter on a webinar for InnerSource Commons:
The OpenChain webinar series continued with presentations about open source in automotive and on InnerSource:
Our multiple work groups had regular meetings:
Collabora, a leading open source software consultancy, has become the latest organization to announce an OpenChain ISO/IEC 5230 conformant program.
“One of the key benefits of ISO standards created by the OpenChain Project is to signal the adoption and use of the processes necessary for quality compliance or security programs related to open source,” says Shane Coughlan, OpenChain General Manager. “The announcement by Collabora of an ISO/IEC 5230 conformant program is an example of their commitment to excellence around open source license compliance management. We are delighted to welcome them to our community of conformance, and we look forward to fostering a productive long-term collaboration around our shared industry.”
“Being a ISO9001:2015 and ISO27001:2017 certified organization, we are delighted to join the OpenChain Project’s extensive global community,” says Eleni Katsoula, Engineering Operations Manager at Collabora. Along with so many of Collabora’s esteemed customers being Platinum members of the OpenChain community, we look forward to promoting the project’s focus on commercial and non-commercial open source process management.”
About Collabora
Collabora is a global consultancy specializing in delivering the benefits of Open Source software to the commercial world. Whether it’s the Linux kernel, graphics, multimedia or machine learning, Collabora’s expertise spans across all key areas of Open Source software development. By harnessing the potential of community-driven projects, and re-using existing components, Collabora helps its clients focus on creating product differentiation, enabling them to develop the best solutions. From tailoring the latest Open Source technologies to your projects, to integrating Open Source methodologies into your organization, Collabora can help you navigate the ever-evolving world of Open Source. Learn more at collabora.com.
© 2025 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
