Skip to main content
All Posts By

Shane Coughlan

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.

OpenChain Export Control Work Group 2023-08-01

By News

The Export Control work group is collaborating on a pre-existing website conversion project.

This involves:

  • Getting reviews going for the per-country files.
  • Thinking about common attributes of country files.

This is the website we are working on converting from HTML to MarkDown:

We are working on it here:

We have a bunch of issues opened:

Since the last call we have closed a few:

Check out the recording below to see what we did next.

OpenChain Automation Work Group 2023-08-02

By News

Provisional minutes. Recording below.

(1) We are doing to do a reset of the group to help people engage more, especially with regards bringing back more technical people and technical updates.
(2) First, we use the Sharing Creates Value GitHub repo as the single source of truth for organizing things from now on, including (a) new content, (b) polls for next steps and (c) arranging future meetings.
(3) We move to a new agenda that brings back the emphasis on engineering as follows:
– News (~10 mins?);
– Technical discussions unpacking open source tools etc (~30-40 mins?);
– Update on the meta level (capabilities map) (~10 mins?).
(4) We will also introduce a fix group of chairs (volunteers) to help ensure the meetings are driven forward while not overloading any one person. Redundancy and mutual support is the goal.

  • Seeking a volunteer to help run the 3rd Tuesday of August 🙂
  • Shane can help run both meetings in September.
  • Marcel is going to help run the first meeting in October.

Other items:

Make the Global Calendar clearer – including timezone offsets – so people can use this as the single-source of truth for confirming our call times. Done. See:
https://www.openchainproject.org/participate

OpenChain Legal Work Group 2023-07-28 – Outcomes

By Featured, News

We covered a lot of ground in this meeting. Check out the full recording below. The current document is here:

Andrew updated the core language substantially and it looks like we are near release:

Carlo submitted a patch with new language covering the verification that a Declaration is not just pro-forma:

We decided to move non-core language to the Risk Grid and then have that queued as an item for review and reorder after the core is published:

We also discussed what to do when we move to a milestone release document rather than this initial drafting phase:

Next Steps

We move towards release of the core language with a final Request for Comments, and then we turn our attention to updating the Risk Grid.

External Survey: Investigating Needs of Legal Practitioners in the Context of Software License Compliance

By News

The Software Engineering Maintenance and Evolution Research Unit (SEMERU) lab at William and Mary is running a new survey relating to third-party software license compliance. The target audience is “people with a background in law, preferably with a law degree and some amount of experience in practice.”

Research Goal and Procedure

The purpose of this study is to investigate issues, needs, and opportunities related to open source software licensing. In particular, this study aims to investigate how legal practitioners address concerns related to software licensing and identifying pain points and unmet needs.

If you decide to participate, you will take a brief survey via the Qualtrics platform. The study will last about 15 minutes during which time you will be asked questions regarding your familiarity and experience with several topics related to open source software licensing that pertain to your work.

With your permission, we may contact you by email and invite you to participate in a follow-up interview.

Access the Survey

About the College of William & Mary

The College of William & Mary is a public research university in Williamsburg, Virginia. Founded in 1693 by a royal charter issued by King William III and Queen Mary II, it is the second-oldest institution of higher education in the United States and the ninth-oldest in the English-speaking world.

OpenChain Newsletter #56

By Monthly Newsletter, News
logo

​ Newsletter – Issue 56 – July 2023

The OpenChain Newsletter provides a monthly summary of our work. It contains an overview of what we are doing to build trust around license compliance and security in the open source supply chain. We accept suggestions and ideas. Feel free to mail us at any time.

Headline News

Outreach

Shane Coughlan, OpenChain General Manager, was the guest presenter on a webinar for InnerSource Commons:

Webinars

The OpenChain webinar series continued with presentations about open source in automotive and on InnerSource:

Meetings

Our multiple work groups had regular meetings:

Check Out All Our Previous Newsletters:

Collabora is the latest organization to announce an OpenChain ISO/IEC 5230 conformant program

By Featured, News

Collabora, a leading open source software consultancy, has become the latest organization to announce an OpenChain ISO/IEC 5230 conformant program.

“One of the key benefits of ISO standards created by the OpenChain Project is to signal the adoption and use of the processes necessary for quality compliance or security programs related to open source,” says Shane Coughlan, OpenChain General Manager. “The announcement by Collabora of an ISO/IEC 5230 conformant program is an example of their commitment to excellence around open source license compliance management. We are delighted to welcome them to our community of conformance, and we look forward to fostering a productive long-term collaboration around our shared industry.”

“Being a ISO9001:2015 and ISO27001:2017 certified organization, we are delighted to join the OpenChain Project’s extensive global community,” says Eleni Katsoula, Engineering Operations Manager at Collabora. Along with so many of Collabora’s esteemed customers being Platinum members of the OpenChain community, we look forward to promoting the project’s focus on commercial and non-commercial open source process management.”

About Collabora

Collabora is a global consultancy specializing in delivering the benefits of Open Source software to the commercial world. Whether it’s the Linux kernel, graphics, multimedia or machine learning, Collabora’s expertise spans across all key areas of Open Source software development. By harnessing the potential of community-driven projects, and re-using existing components, Collabora helps its clients focus on creating product differentiation, enabling them to develop the best solutions. From tailoring the latest Open Source technologies to your projects, to integrating Open Source methodologies into your organization, Collabora can help you navigate the ever-evolving world of Open Source. Learn more at collabora.com.

Webinar: Understanding InnerSource

By community, Featured, News, Webinar

This webinar was lead by Clare Dillon, the Executive Director of InnerSource Commons, and it highlighted the activities and value behind the InnerSource movement. InnerSource is the use of open source best practices for software development within the confines of an organization. Understanding this has become a key part of business strategy for forward-looking organizations.

Two Resource Flagged By Our Speaker

Check Out The Rest Of Our Webinars

This is OpenChain Webinar #55, released on 2024-07-27.

OpenChain Japan Work Group Meeting #28 – Hybrid #3 – 2023-07-11

By News

The OpenChain Japan Work Group held its 28th meeting (3rd hybrid) on the 11th of July. This meeting contained an exceptional roster of speakers and topics covered. OpenSSF, SPDX 3.0, OSPO leadership, education material and addressing common licensing misunderstandings. You name it, we covered it. Check out the recording below in Japanese for details:

Be part of this:

Everyone is invited to be part of the OpenChain Japan Work Group and contribute to (or simply participate in) future activities.

https://lists.openchainproject.org/g/japan-wg

OpenChain Monthly Specification Development Calls – July 2023

By News

During July we had two excellent calls covering the next generations of our license compliance and security assurance specifications.

The first call took place on the 11th of July and allowed North American and European contributors to gather:

The second call took place on the 18th of July and allowed North American and Asian contributors to gather:

Two GitHub issues were central to the discussion:

Align “Terms and Definitions” in Section 2 with Licensing Spec 3.0

Adjust SBOM definition to align with Licensing Spec 3.0

Initially scoped to focus on the Security Assurance specification, the conversations lead to improved material for the License Compliance specification as well.

The discussion then proceeded on a related topic:

What is a quality or complete SBOM for licensing or security use cases?

This issue is actively soliciting comments. It is significantly influenced by the forthcoming Telco Spec:

Next Steps

There is a next step to review what the SPDX Lite proposal from the OpenChain Japan community covers:

(See slide 25 and 26)

They have already submitted SPDX Lite for the forthcoming SPDX 3.0 specification via this pull request at the SPDX Project:

Open Issues

Of course, both the next generation License Compliance specification and the next generation Security Assurance specification also have pre-existing open issues for review:

Licensing:

Security:

External: Writing a Formal IT Specification

By News

Join a Complimentary Live Webinar Hosted by The Linux Foundation on August 9, 2023 | 08:00 AM PDT (UTC-7)

A formal specification for an IT project allows implementers to understand what is required to build an implementation (or create a process) that conforms to that specification, and it allows a conformance test suite (or checklist) to be developed that can be used to check an implementation’s conformance. Users of tools that (partly or fully) conform to that specification can use the specification to learn the potential impact of moving source code, data, or processes between different implementations.

This presentation outlines a number of considerations involved when creating a formal IT specification, in general, and for software, in particular, such as a programming language or library.1

[Note: this will NOT be specific to making an ISO standard; that will be the subject of another webinar.]

Register on the official website: