Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source.
Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.
The OpenChain Germany Work Group held its latest meeting virtually with a packed schedule and a very active discussion from members. Our hosts this time were PwC, who kindly lent us their WebEx platform and arranged all the administration of the event.
Due to an exceptionally active open discussion our slide presentations were compressed, with Shane (OpenChain) and Alexios (Intel) focusing on overviews of standardization around process management and SBOMs in the market respectively. Philippe (NexB) delivered a full slide deck and you will find it shared below.
Some of the key OpenChain Korea Contributors, Shane and Brown the Bear from LINE
The OpenChain Korea Work Group had an excellent meeting on the 28th of March 2023. This was the 17th meeting in total for the group, and the first face-to-face meeting since COVID caused a global shutdown in 2020. The meeting had a packed schedule of global overviews, local tooling, AI legal matters and more. We were kindly hosted by the LINE team at their offices in Seoul. Special thanks to Seo Yeon Lee from LINE for her coordination and to Haksung Jang from SK Telecom for his leadership of the group.
Everyone going crazy and attacking the coffee delivery trolly
Our Korean community is notable for its excellent spirit and humor. We had great networking, plenty of jokes, and a chance to meet and greet new members. Attendees were left with a strong impression of positive things to come in 2023.
So many socks and other cute gifts from Japan (thanks Shane)
Our next Korea Work Group meeting will be hosted by Kakao. If you are interested in attending or more generally in collaborating with us, please check out the local community website and mailing list:
SocioNext, a key contributor to the OpenChain Japan Work Group, is the latest company to announce an ISO/IEC 5230 conformant program. Socionext is a global enterprise that designs, develops and delivers System-on-Chips to customers worldwide.
First of all, a big thank-you to Tom Sadler and David Buckhurst [at the BBC] for hosting the meeting yesterday. I’m sorry not to be able to make the meeting personally and I remain envious! And thank you also to all those who took the time to attend, both virtually and in person. Thank you also to Shane for a great update on everything going on in the world of OpenChain, and to Martin Yagi for the great work he’s done on the bite-sized training project. Also, thanks to Steve Kilbane for his questions and thoughts on the end-to-end compliance issue, and also to Sami for his input and agreeing to hold the fort. I hope that, for those who travelled, that you had safe and uneventful journeys home.
I will be circulating a note shortly summarising the outcomes from the meeting, and suggesting some dates for the next meeting, which will also be a hybrid in-person/virtual event, probably at the end of May or the beginning of June.
This post will be updated with Andrew’s notes as they become available.
During our presentation and open discussion with the LG Electronics team, we also had a chance to tour the offices and see recent awards for things like the release and growth of the FOSSLight Project.
The OpenChain Project was at LG Electronics on the 27th of March to discuss the current market and developments around trust in the supply chain.
There was a special meeting and presentation hosted at SK Telecom to SK Group companies on 2023-03-27. Haksung Jang of SK Telecom, and the leader of the Korea Work Group, kindly wrote a summary of the event. Find some of the introduction and conclusion below, with a link to the full article as well.
Take it away Haksung!
기업이 개발하는 제품 소프트웨어의 93% 이상이 오픈소스를 사용한다고 할 정도로 현대 소프트웨어 개발에 오픈소스를 사용하는 건 거의 필수적입니다.
그런데, 사용하는 오픈소스의 53%는 라이선스 컴플라이언스 이슈가 있고, 81%는 보안 취약점을 갖고 있다는 보고가 있습니다.
복잡한 현대 소프트웨어의 개발환경과 방대한 Software Supply Chain을 고려한다면,
기업이 오픈소스로 제품을 개발하면서 라이선스 컴플라이언스와 보안 취약점 리스크 최소화를 위한 오픈소스 관리 노력이 필요한데요,
Our 50th webinar will feature Alexios Zavras, Chief Open Source Compliance Officer at Intel Corporation and a long-term friend and collaborator around the OpenChain Project. This time the topic will be SPDX 3.0, a significant generational update to SPDX, a sister standard to OpenChain ISO/IEC 5230 and OpenChain ISO/IEC DIS 18974.
SPDX is a Software Bill of Materials (SBOM) specification, so it operates one layer down from the fundamental processes outlined by OpenChain’s standards, and it provides an excellent way to meet our requirements for an SBOM to be used by companies. The second generation of SPDX has been an ISO/IEC standard for two years as ISO/IEC 5962. The third generation shows interesting promise as a way to manage license compliance, security and more.
Our regular monthly meeting continued our work to edit the next generation of our license compliance and security assurance specifications. Our focus this time was on some open issues around the next generation of the Security Assurance Specification.
