Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source.
Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.
龙蜥社区理事长马涛说:“我们很高兴宣布获得 OpenChain ISO/IEC 5230 认证。开源一直是龙蜥社区创新的源泉。龙蜥社区将会坚定地拥抱开源,贡献开源,为 AI 时代的操作系统领域贡献龙蜥力量。这次认证通过是龙蜥在开源合规能力建设上的一个非常重要的里程碑,也是一个新的起点。龙蜥社区会持续在安全合规方向进行投入和提升,保证社区的安全合规水平。”
龙蜥社区标准化 SIG 负责人刘大鹏表示,龙蜥社区获得OpenChain5230认证,对社区的发展具有重要意义,标准和社区开源形成互补,互相促进和增强,共同为构建开放、互通、繁荣、创新的技术生态发挥重要作用。未来标准化 SIG 将继续联合社区生态伙伴共同制定龙蜥社区的工程标准,并确保社区产品符合相关标准要求。
关于OpenAnolis(龙蜥社区):
龙蜥社区成立于 2020 年 9 月,立足云计算打造数字创新基石,聚拢产业生态力量,共创数字化发展开源新基建。汇聚企事业单位、高等院校、科研单位、个人开发者等多元角色,作为面向国际的 Linux 服务器操作系统开源根社区及创新平台,龙蜥社区持续推动软、硬件及应用生态繁荣发展。
Socionext, a semiconductor and System on a Chip (SOC) company based in Japan, has completed recertification of OpenChain ISO/IEC 5230. This is an important part of the 18 month review cycle required by the specification to ensure processes are current.
“ISO standard periodic recertification is a critical building block in creating trust,” says Shane Coughlan, OpenChain General Manager. “As companies evolve and markets change, it is important to use clear, unambiguous processes like those outlined in OpenChain ISO/IEC 5230, the International Standard for open source license compliance. This is key to managing the open source software supply chain, and Socionext has long been a leader in this area.”
About Socionext Inc.
Socionext Inc., a leading global System-on-Chip (SoC) supplier, is a pioneer of the ‘Solution SoC’ business model. This innovative approach encompasses Socionext’s ‘Entire Design’ capabilities and offering of ‘Complete Service’. As a trusted silicon partner, Socionext fuels global innovation, providing superior features, performance, and quality that set its customers’ products and services apart in diverse domains ranging from automotive and data centers to networking, smart devices, and industrial equipment.
Socionext Inc., based in Yokohama, operates offices across Japan, Asia, the United States, and Europe for development and sales. For more information, visit https://www.socionext.com/en/.
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Reflections on our lessons learned in making ISO 18974, and our process of drafting proposed updates to the standards, to try and provide a template for other projects looking at making and maintaining standards.
Education:
A review of the updated Reference Library, updated open source policy template and drafting underway for a new OpenChain Adoption Guide + discussion about and call for engagement with updates to our online training.
And…
The Future:
The OpenChain Project has been very busy with various things in recent months. AI Compliance in the supply chain. SBOM Quality (Telco and Cross-Industry). Country meetings (Germany, Korea, Japan), and so on. However, attendance on the main monthly call has been modest. We discussed how to change that, and also how to address the issue of timezones.
The second point was front-of-mind for our Specification Chair, Chris Wood. When drafting a specification, or considering an update to a presentation, the majority of the work tends to be live-editing on calls. However, with the geographic split between North America, Europe and Asia, our retrospective on the ISO/IEC 5230 and ISO/IEC 18974 proposed updates revealed this to be a concern.
Starting next month, we will explore options to boost interest, engagement and attendance with this primary call, and to improve the ability of people from around the world to live edit, rather than needing to catch-up via mailing lists or on GitHub.
The first step will be adjusted scheduling (watch this space) and the second step will be to invite the various work groups and study groups to join the main call, and to provide briefings and Q&A around their work.
We will be following up on the activities outlined above on the mailing lists, and we will continue our regular series of calls and meetings throughout the year.
To round off a successful run of Open Source Software Masterclasses, Bristows are pleased to announce that the final session, ‘Tech in focus: navigating legal and commercial challenges in an increasingly open source world’,has been expanded to include additional topics, offering even greater value. Please find the full programme below.
Register now to secure your in-person place. Attendance is available for the full day, or for either the morning or afternoon sessions. Don’t miss this excellent opportunity to discuss the latest Open Source insights and network with peers in the tech law community.
OpenChain will feature prominently, and many familiar faces from our UK community will be present.
Open Source in transactions: M&A and commercial agreements Toby Crick, Partner, Bristows
4:15 pm
Panel discussion: open source and risk management Lewis Parle, Head of Intellectual Property Risk, Lockton, Stephen Pollard, Director Open Source Advisory, Orcro, Andrew Katz, Consultant, Bristows & CEO, Orcro, Toby Crick, Partner, Bristows
The OpenChain Project has begun a new guide designed to expand on options for small, medium and large companies adopting one or the other of our existing ISO standards. The goal is to outline some of the implementation choices an organization can make when filling out process points for open source business management. It is also going to link more deeply into our Reference Library for further examples and resources.
This guide is in early days, and we are putting out a call for ideas, suggestions and contributions.
Expand on the options available for each topic covered
Include better references to open source tooling for open source compliance matters
Note:
One thing that is noteworthy is that this guide is human-drafted but it is being developed in conjunction with a locally-installed LLM (Gemma3 12b). The LLM prompts and original output are at the bottom of the guide itself. There is no intention to replace human review and development, but rather to test to what extent current LLMs are providing accurate or useful information around our standards. This will help us develop guidance on LLM use for OpenChain and other compliance initiatives later in the year.
The OpenChain Project publishes a template for making open source policies. This is a non-prescriptive document that provides plenty of options for policy development for organizations of all sizes.
With huge thanks to Gary Armstrong over at FOSSID (and to Andrew Katz, Education Chair, for the merge), please find below a new version of the OpenChain open source policy template:
(You can also find the old version at the same link)
The updated policy template improves the content, formatting and fixes bugs, and it a recommended upgrade for anyone using our template to help develop or refine open source policy in organizations.
Interested in Helping?
The OpenChain Policy Template is a living document (just like all our reference library). We activity welcome feedback and suggestions for improvement from everyone involved in open source and open innovation.
You can be part of the process by joining our Education Work Group mailing list:
The OpenChain Project maintains a reference library of over 1,000 documents. This library has been built over eight years from our original, first release of a set of a training slides for open source license compliance. The library has now been comprehensively updated to make it easier to find, use and share resources.
To ensure easer of navigation and our ability to adjust and improve the library structure over time, you will find that navigation is primarily guided by the README file, which acts as the starting point for all navigation. You can also get a full preview of the structure of the library later in this post.
The intention is that:
You will enter this library at the top level of the archive
You will use this README file as your index
We will update the README as the library evolves
The library contains:
Adoption Guidance
AI Compliance Guidance
Case Studies
Compliance Training Slides
Explainers for Internal Teams
Maturity Models
Policy Templates
SBOM Quality Guidance
Source Material for Online Training Courses
Self-Certification Material
Supplier Education Material
Templates and Overview Material for OpenChain Project
+ Much, much more.
Licensing:
Most of the material in this repository is available under CC-0 licensing (effectively public domain). You will notice some exceptions with Guides (like the Telco SBOM Guide) and with case studies. These documents are not designed to be freely altered because they provide either guidance developed to consensus in our work groups, or the specific experience of companies in addressing compliance matters.
Navigating the Library:
As of 2025-05-08, the library is structured in the following folders alphabetically:
AI-SBOM-Compliance
Open-Source-Compliance-Support-Material
Open-Source-Policy-Templates
OpenChain-Adoption-Guides
OpenChain-Case-Studies
OpenChain-Explainers-For-Internal-Teams
OpenChain-FAQ
OpenChain-For-Mergers-and-Acquisitions
OpenChain-Maturity-Models
OpenChain-Promotion-Material
OpenChain-Standards-Self-Certification
OpenChain-Supplier-Education
OpenChain-Templates
OpenChain-Training
SBOM-Quality-Management
AI-Compliance
OpenChain has an AI Work Group. This is where you will find our work on AI compliance topics. The current focus is on AI SBOM management in the supply chain, and what type of program process points are required to manage this effectively.
This folder contains compliance-related material non-specific to OpenChain. You may find these community contributions useful in your work.
Open-Source-Policy-Templates
Having an open source policy is a requirement in our standards. This folder contains some template material to get you started or to help you refine existing policies.
OpenChain-Adoption-Guides
This folder contains guides to adopting the OpenChain standards.
OpenChain-Case-Studies
This folder contains case studies from companies that have adopted OpenChain standards.
OpenChain-Explainers-For-Internal-Teams
Explaining the value of OpenChain approaches to compliance process management is critical to ensure buy-in and support across an organization. We have created a series of quick explainer documents to support this.
OpenChain-FAQ
This folder contains the official OpenChain Project Frequently Asked Questions. These are mirrored on our website.
OpenChain-For-Mergers-and-Acquisitions
This folder contains some material relevant to understanding OpenChain standards in the context of Mergers and Acquisitions.
OpenChain-Maturity-Models
Once an organization has begun to adopt OpenChain standards, the question arises of how to iterate and improve their compliance program. Maturity models or capability models are a tool to assist with this. We have one to share with you as a reference guide.
OpenChain-Promotion-Material
This folder contains infographics, one-pagers and introductory presentations to help organizations understand the OpenChain Project, its standards, its reference material, and the global community supporting its work.
OpenChain-Standards-Self-Certification
This folder contains self-certification checklists and questionnaires to help companies easily adopt our standards. This material can also be used as a “health check” for organizations not currently using our standards.
OpenChain-Supplier-Education
This folder contains a leaflet designed to give suppliers a single file that takes them from “what is open source” through to the importance of license compliance, and the use of OpenChain standards.
OpenChain-Templates
This folder contains templates so that the community can develop new presentations or documents with the OpenChain trademarks, mascots and other images.
OpenChain-Training
This folder contains our reference training slides and also the source code for our online training courses.
SBOM-Quality-Management
OpenChain has an SBOM Study Group. This is where you will find our work on SBOM-related topics. The current focus is on SBOM Quality in the supply chain, and what type of approach is required to manage this effectively.
In the last year and a half the OpenChain Project has developed, published and seen adoption around the OpenChain Telco SBOM Guide. It helps define what is needed for a quality SBOM in practical supply chain use.
We just released Version 1.1 of the Guide, and you can learn more about that in our launch announcement:
The guide is supported by automation to make things more scalable. This matters for saving time, saving money and enabling sustainability. We started the automation journey around SBOM quality management with a validator for the OpenChain Telco SBOM Guide contributed by Nokia:
This week SCANOSS announced their automation support for the OpenChain Telco SBOM Guide, the first commercial tooling provider formally aligning with our work on SBOM quality. You can get all the details on the SCANOSS blog post dedicated to this development.
“The OpenChain Telco SBOM Guide does a remarkable job in providing to the industry a shared direction,” said Julian Coccia, CTO at SCANOSS. “It represents an outstanding complement to the OpenChain 2.1, ISO/IEC 5230:2020 that provides a simple, clear and effective process management standard for open source license compliance. By integrating support to the schema described in this Guide directly into our tools, SCANOSS makes it easy for organizations to adopt these guidelines efficiently.”
Community Credits
Huge credit to Marc-Etienne Vargenau for his steady hand in chairing the OpenChain Telco Work Group, and to Jimmy Ahlberg of Ericsson for kicking off that work group, and his continued work as the Chair of the OpenChain Project Governing Board. Special thanks to all of our wonderful community, especially the contributors inside the OpenChain Telco Work Group who made this happen.
Naturally we also want to extend our thanks to Julian and the rest of the SCANOSS team for their adoption and support of the OpenChain Telco SBOM Guide.
Huge credit to Marc-Etienne Vargenau for his steady hand in chairing the OpenChain Telco Work Group, and to Jimmy Ahlberg of Ericsson for kicking off that work group, and his continued work as the Chair of the OpenChain Project Governing Board. Special thanks to all of our wonderful community, especially the contributors inside the OpenChain Telco Work Group who made this happen.
And… a big thank you to all of the Nokia team who have created and supported this validator!