Skip to main content
search
All Posts By

Shane Coughlan

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.

Oct 14
Love0

Self-Certification Checklist for OpenChain Security Assurance Specification 1.1 Now Available

By Featured, News

The OpenChain Security Assurance Specification 1.1 self-certification checklist is now available. This is designed to help organizations adopt the de facto standard for open source security assurance. Organizations using this self-certification process will also meet the requirements of the specification when it graduates the ISO/IEC JTC-1 PAS Transposition process, with an estimated arrival time of that International Standard in mid-2023.

The checklist contains a series of “yes” or “no” statements. If you can answer “yes” to everything, you are self-certified. If you answer “no” to some items, you know where to invest further time to build a quality program.

Security Assurance Self-Certification Checklist

This checklist is licensed under CC-0 (effectively public domain), so you can take it, integrate it, and remix it without any restrictions. You do not even have to provide attribution.

We welcome contributions to improve this checklist. You can contribute by opening a GitHub issue here:
https://github.com/OpenChain-Project/Reference-Material/issues

Oct 14
Love0

Witzel Erb Backu & Partner is the Latest OpenChain Project Partner

By News

Witzel Erb Backu & Partner, a law firm founded in 2020 by alumni of the Munich law firm SSW Schneider Schiffer Weihermüller, has joined the OpenChain Partner Program. 

“The importance of Open Source Software shall not be underestimated,” says Stefan Haßdenteufel, Partner at Witzel Erb Backu & Partner. “The idea of permitting others to use your software free of charge combined with the availability of the source code boosted the entire software industry years ago. Nowadays, it is all about the little IoT devices and the IT services that emerge – all driven by Open Source Software components. While software is still becoming more important for our economy and our everyday life, the need for Open Source Software continues to grow.”

“There is tremendous value in having the option of outside counsel for addressing supply chain questions,” says Shane Coughlan, OpenChain General Manager. “We are delighted to announce the strengthening of official OpenChain Partner coverage in Germany in this respect, and we expect to work closely with Witzel Erb Backu & Partner as the OpenChain standards for license compliance and security assurance extend more deeply into procurement in Europe and beyond.”

About Witzel Erb Backu & Partner

Witzel Erb Backu & Partner, founded by eleven partners and twelve associates in 2020, has its roots in the law firm SSW Schneider Schiffer Weihermüller, a well-established law firm founded in Munich in 1998. Many years of experience, our depth of knowledge and our genuine enthusiasm are what we stand for. Law is our passion. Our team of currently more than 25 lawyers combines the highest standards with the utmost professional expertise, focusing on four key areas: family law, commercial law, IT law as well as tax criminal and business criminal law. Especially with IT law, our focus lies on issues of technological change, innovation and digitalization in all areas of life.

Oct 13
Love0

OpenChain Telco Work Group Meetings – New Regular Schedule

By News

The OpenChain Telco Work Group holds meetings on a monthly schedule. These are designed to allow anyone with an interest in areas like the telecommunication industry, their actions around open source management, and the development of a telco specification for Software Bill of Materials (SBOM). All levels of experience are welcome.

Our new regular schedule is:

First Thursday @ 07:00 UTC
First Thursday @ 15:00 UTC

At the scheduled time click to join the voice, video or screen sharing session:  
https://zoom.us/j/4377592799

You will also find our events in the OpenChain Global Calendar.

Oct 12
Love0

OpenChain Work Groups – New and Improved Structure

By Featured, News

The OpenChain Project has been very active since its formal launch in late 2016. Our global community has built an ISO/IEC standard for license compliance, launched a de facto (and soon to be ISO/IEC) standard for security. We have contributed to SBOM, OSPO, training, policy and other discussions. We built the world’s largest library of open source management reference material.

To reflect our growth and to make it easier to navigate the project we are going to make some adjustments to our work groups. Nothing too radical, but definitely something to help people find their way around more quickly, and to get the information they want faster. The image above contains a summary of the evolution approved by our Governing Board at their last meeting in September, and targeted for release during October 2022.

The changes?

  1. The Specification Work Group will split into two parts – a Licensing Work Group for ISO/IEC 5230 and a Security Work Group for the Security Assurance Specification.
  2. The Education Work Group and Outreach Work Group will combine into the Education Work Group.
  3. We will launch a new Export Control Work Group and a new Policy Work Group. The former will help to navigate issues around increasing international trade tensions. The later will help us provide strategic advice around the highest level of planning for open source in legislation and business.
  4. The dormant Conformance Work Group will be wound down and discussions regarding self-certification moved to Education Work Group, with discussions about the nuance of conformance parameters moved to our Steering Committee.
  5. Finally (if there are no objections), we will re-brand the Reference Tooling Work Group to the Automation Work Group to help guide people hearing about automation to the right solutions.

Feedback?

Your feedback – as always – is most welcome. Please provide comments to our main mailing list:
https://lists.openchainproject.org/g/main

Please provide feedback by Close of Business UTC (17:00 UTC) on the 18th of October 2022.

Oct 12
Love0

OpenChain Automotive Work Group – Next Meeting 2022-11-11 07:00 UTC (16:00 JST)

By Featured, News

The OpenChain Automotive Work Group will host its next meeting as a virtual event on the 11th of November between 16:00-17:00 JST (2022-11-11 07:00 UTC). Everyone is welcome and there is no need to register. We will host the meeting in our usual Zoom room:
https://zoom.us/j/4377592799

Draft Agenda

(1) Introductions
(2) Automotive news in 2022
(3) IP news relevant to industry
(4) Developments in OpenChain 
– Security Assurance Spec enters ISO in October
– License Compliance Spec entering review in October
– Company Playbooks (Small, Medium, Big)
– New conformance support (online, checklists)
(5) Discussion: What is missing to support the industry
(6) Discussion: Make plan to fill industry support gaps
(7) Discussion: Schedule for next steps
(8) Close of meeting

Questions and comments very welcome! You can contact us and also contribute to all our activities via the OpenChain Automotive Work Group mailing list:
https://groups.io/g/openchain-automotive-work-group

Oct 12
Love0

External Report: OSCAR开源产业大会 | 开源合规论坛顺利召开

By News

在2022年9月16日召开的OSCAR开源产业大会上,由中国信通院【可信开源合规计划】承办的开源合规论坛顺利举办。本次论坛聚集了一批产业界开源合规专家,就开源合规相关话题与社会各界进行了热烈讨论。

致辞

Linux基金会OpenChain项目总监 Shane Coughlan

Linux基金会OpenChain项目总监Shane Coughlan首先通过远程方式发表了致辞。Shane Coughlan表示:“多年来,OpenChain始终致力于开源生态建设,追求可信的软件供应链;我们与中国信通院的伙伴关系将加快这项使命的达成。”

Shane Coughlan在致辞中

企业级开源软件供应链管理经验分享

荣耀终端 钟鸣

钟鸣在演讲中

荣耀终端有限公司开源软件管理工程师钟鸣老师与参会专家共同探讨了针对开源软件供应链管理,如何平衡开源软件管理投入与收益。

软件企业开源应用的风险治理策略

快手 李嫄

北京快手科技有限公司开源合规顾问李嫄老师从一个APP的全生命周期维度,讲述了如何在企业内进行开源风险治理。Image

李嫄在演讲中

【可信开源合规计划】工作分享:如何推动我国开源合规体系建设

中国信通院 俊哲

中国信通院云计算与大数据研究所开源工程师俊哲老师也重点围绕开源软件合规风险、开源许可协议规定与企业开源合规风险防控三大环节展开了讨论。
Image

俊哲在演讲中

破除开源许可证迷思

开放原子开源基金会 王荷舒

开放原子开源基金会法务与知识产权部部长王荷舒老师对开源的基本法律逻辑和开源许可证的基本范式进行了简要说明,澄清了开源许可证的一些迷思。

王荷舒在演讲中

开源软件与出口管制合规探讨

国浩律师(北京)事务所 胡静

国浩律师(北京)事务所合伙人胡静老师针对开源软件开发全流程中出口管制合规要点进行了探讨。

胡静在演讲中

字体开源、内容开源相关许可证分享

北京京东世纪贸易有限公司 李欣博

北京京东世纪贸易有限公司知识产权顾问李欣博老师带来了字体开源、内容开源相关许可证分享。

李欣博在演讲中

开源片段引用风险治理

华为 陈一雄

华为软件工程师陈一雄老师也通过视频的方式介绍了开源项目中片段引用的风险及治理。Image

陈一雄在演讲中

本次开源合规论坛的顺利举行,为开源合规问题的探讨提供了重要平台,对于保障开源生态建设的平稳运行而言意义重大。

关于可信开源合规计划

中国信息通信研究院于2022年5月20日牵头发起了【可信开源合规计划】(TWOS-C)。【可信开源合规计划】为聚焦开源合规的国内开源组织,该组织旨在凝聚各方力量,聚集一大批国内开源合规人才,整合优质资源,完善开源合规标准体系,输出开源合规建设经验,全面提升我国开源合规水平,为行业的发展提供强劲合力。Image

【可信开源合规计划】负责人:

  • 张燕 13716220988(电话号码)
  • 13856344090(微信)
  • Zhangyan12@caict.ac.cn
  • 俊哲 18900125677(微信同号)
  • junzhe@caict.ac.cn
Oct 06
Love0

OpenChain Monthly Community Call – 2022-10-04

By Featured, News

The OpenChain Project kicked off its new monthly community call series with the latest news around our specification, SBOMs, OSPOs and automation, before proceeding to a behind-the-scenes on our security specification ISO/IEC submission and an interactive session on updating key website materials like the FAQ and path to conformance. Ana from TODO dropped by to share the OSPO news this time around.

We always follow this agenda:

1 Introductions 
2 Specification (process standards) news 
3 SBOM news
4 OSPO news
5 Automation news 
6 Community feedback and comments – issues for standards and core supporting material
7 Community feedback and comments – issues for reference and supporting material
8 Community feedback and comments – issues to support other projects
9 Any other business
10 Close of meeting

You can join our monthly calls (and all our other calls and events) via the OpenChain calendar. The monthly calls take place on the first Tuesday at 16:00 UTC (US/Europe) and the third Tuesday at 01:00 UTC (US/Asia):

Oct 06
Love0

OpenChain Japan Work Group Meeting #25 (Virtual #12) on 2022-10-31

By News

The OpenChain Japan Work Group will host its next meeting on the 31st of October between 15:30 and 16:30 JST. This meeting will be held mostly in Japanese. All are welcome.

== Information in Japanese follows ==

【全体会合】【2022年10月31日(月)15:30-16:30】
今回は、以下の2つのSubgroupの活動紹介を予定しています。
Leaflet Subgroup 新しい活動のお知らせ
OSPO Subgroup これまでの活動と今後の予定の紹介第25回全体会合(第12回オンライン会合)
日時:2022年10月31日(月)15:30-16:30開催場所(Venue):Zoom
https://zoom.us/j/99975267803?pwd=ekhxaHA3bVZUSVU5M0dVMkF2Z0pkQT09
Meeting ID: 99975267803 / パスワード: ]>guXS~6アジェンダ:
15:30 – 15:32 Opening
15:32 – 15:40 Keynote   by Shane Coughlan
15:40 – 15:50 Leaflet SubWG よりお知らせ
15:50 – 16:30 OSPO SubWG の紹介
16:30 Closing
(optional) 16:30 – 17:00  交流会多くの方々のご参加をお待ちしております。

Oct 06
Love0

Behind-The-Scenes: Working On MarkDown in Our Reference Library

By News

The OpenChain Project has a lot of meetings being run by various work groups around the world. We constantly share the outcomes of these meetings in recordings throughout our community, but today we wanted to do something a little different. Let’s dig into a whole workflow through a recent three-part call to action around MarkDown in our reference library.

Our goal was to create a workflow to allow us to transition over time from many, many different file formats to a single, easy to edit and easy to translate file format for our reference material. This would never cover 100% of the material we share, but it could cover a lot, and it would make both contributions and tracking changes a lot easier.

The calls were a success, and ended not only in the guidelines we wanted, but also in providing a core project resource in the new format (our self-certification questionnaire) and facilitating the quick alteration of that document into a new format (our new self-certification checklist).

Learn about precisely how we did it in these three videos recording our calls.

Oct 05
Love0

Preparing Next-Gen OpenChain Self-Certification Questionnaire and Checklist

By News

As part of our newly evolved situation with two specifications in market (one ISO/IEC standard for license compliance and one de facto but soon to be ISO/IEC standard for security compliance), our self-certification efforts are ripe for revamp and expansion. 

We took the first step in that direction today (2022-10-05) by creating a version of the Self-Certification Questionnaire for ISO/IEC 5230 in MarkDown based on the material from the existing Self-Certification Web App located on the OpenChain Website. Huge credit to Steve @ Analogue Devices for this work. 

Steve’s initial contribution gives us a super clean and easy way to review and improve the questions for self-certification related to ISO/IEC 5230:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Self-Certification/Questionnaire/ISO5230-2020/en/OpenChain%20Self-Certification%20Questionnaire%202021-11-26.md

It also provides us with a clean way to fork and create a sister self-certification questionnaire for our Security Assurance Specification, the sister standard to ISO/IEC 5230.

Oh wait, but there is more!

On the markdown call today (2022-10-05) we decided that the best structure moving forward is checklist rather than a questionnaire. This is initially identical to the self-certification questionnaire in terms of structure and general wording, but everything is phrased as a statement rather than a question. You can find there here:
https://github.com/OpenChain-Project/Reference-Material/blob/master/Self-Certification/Checklist/ISO5230-2020/en/OpenChain%20Self-Certification%20Checklist%202022-10-05.md

And now we have a call to action. Please help review the checklist and see what you think of the wording for each statement. Is it clear enough? Can you improve it? If you find bugs or opportunities for improvement, please open an issue or a pull request to help make self-certification to ISO/IEC 5230 easier than ever. 

What we do will feed back into the primary website resources, and it will form the basis of new self-certification material for our Security Assurance Reference Specification.

Close Menu