Skip to main content
All Posts By

Shane Coughlan

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.

OpenChain Security Assurance Specification 1.1 – Global Support

By Featured, News

The OpenChain Security Assurance Specification 1.1 has been building momentum as a sister specification to ISO/IEC 5230:2020, the International Standard for open source license compliance. With an identical approach to high level process management, the OpenChain Security Assurance Specification is designed to help companies adopt the key requirements of a quality open source security assurance program.

Self-certification is available in English, German and Simplified Chinese. In addition, the following companies have announced services to support adoption of this specification. Three of these organizations are OpenChain Project official third-party certifiers, and all of these companies provide onboarding, adoption and review services across the global supply chain.

CAICT (Mainland China)

CAICT is an official OpenChain Project partner and one of our third-party certifiers with a regional service offering.

Bureau Veritas (Taiwan, Worldwide)

Bureau Veritas is an official OpenChain Project partner and one of our third-party certifiers with a global service offering.

PwC (Germany, Worldwide)

PwC is an official OpenChain Project partner and one of our solution providers and third-party certifiers with a global service offering.

  • PwC OpenChain Security Assurance Specification services in English:
    https://www.pwc.de/en/opensource
    (Under ‘Consulting & Implementation’ and ‘Audit & Certification’)

Orcro (UK, Worldwide)

Orcro is an official OpenChain Project partner and one of our solution providers and third-party certifiers with a global service offering.

Source Code Control (UK, Worldwide)

Source Code Control is an official OpenChain Project partner and one of our solution providers with a global service offering.

OSS Consultants (USA, Worldwide)

OSS Consultants is an official OpenChain Project partner and one of our solution providers with a global service offering.

External: A New Level of Trust: Corporate-Wide OpenChain ISO/IEC 5230:2020 Conformance

By News

If you’re not already aware of it, OpenChain ISO/IEC 5230:2020 is the International Standard for open-source license compliance and is designed to build trust in the supply chain. The standard allows companies of all sizes and in all sectors to adopt the key requirements of a quality open-source compliance program. This is an open standard, and all parties are welcome to engage with the community to share their knowledge and contribute to the future of the standard. BlackBerry recently became the first company based in North America to adopt and conform to OpenChain across its entire product portfolio. The company saw the need to lead in this space and joined other technology-leading companies to adopt a higher standard for its software supply chain.

Read the rest on the BlackBerry blog:

OpenChain Export Control Work Group 2022-12-13 – Full Recording

By News

The OpenChain Export Control Work Group held its second meeting in December 2022. This meeting is providing an informal, exploratory platform for discussion around open source, export control, and the type of community resources people have found in the ecosystem.

We are working on a landscape spreadsheet. Everyone is invited to contribute:

Would you like to check out our previous meeting?

OpenChain Security Assurance Specification 1.1 Now In Simplified Chinese

By Featured, News

The OpenChain Security Assurance Specification 1.1 is now available in Simplified Chinese. This translation was created by Zhang Jun Xia from the China Academy of Information and Communications Technology (翻译人:张俊霞,中国信息通信研究院). Zhang Jun Xia previously contributed the Simplified Chinese self-certification checklist for this specification.


The GitHub version is stored as MarkDown, a type of text format. Do you want to download it in different formats?



Please note that we are always glad to have review for any errors in the translations we provide, and we are always glad to receive new translations. We work via GitHub and you can find the OpenChain Security Assurance Specification repository here:

External: Discussing SBOMS – SPDX and CycloneDX (Japanese)

By News

Part 10 (!) of a long-running open source compliance series on the Japanese website @IT covers some of the differences between SPDX and CycloneDX, two SBOM formats with growing mindshare across the supply chain. Ninjouji San from Toshiba is the author of this article and is well-known for his contributions as an OpenChain Japan Work Group member and a board representative for Toshiba as a Platinum of the OpenChain Project.

解決!OSSコンプライアンス(10):

SBOMの2大フォーマット「SPDX」「CycloneDX」の違いとは?

OSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する連載「解決! OSSコンプライアンス」。今回は、協力会社を巻き込んだ開発で重要性を増す、話題のSBOMと標準フォーマットを詳しく解説します。

[忍頂寺毅, OpenChain Japan Work Group] (2022年12月7日)


Want to read the whole series? No problem! See below.


解決!OSSコンプライアンス(9):

「協力会社のOSS利用、把握する必要なんかあるんですか?」

OSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する連載「解決! OSSコンプライアンス」。今回からは、ソフトウェア開発企業X社の開発者である新城くんが、協力会社も巻き込んだ大規模な開発に取り組む中で直面する、OSSコンプライアンス問題とその解決策を解説していきます。

[遠藤雅人, OpenChain Japan Work Group] (2022年10月24日)

解決!OSSコンプライアンス(8):

「企業で使うOSSの選び方は違う?」「OSSコミュニティーはずっと今のままじゃない?」

OSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する連載「解決! OSSコンプライアンス」。8回目は、利用するOSSの選択とコンプライアンスについて解説する。

[小保田規生, OpenChain Japan Work Group] (2022年9月16日)

解決!OSSコンプライアンス(7):

「使ったつもりのないOSSが入り込むなんてことある?」

OSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する連載「解決! OSSコンプライアンス」。7回目は、意図的に使ってはいないが、OSSコンプライアンスで対応しなければならないOSSのユースケースについて説明する。

[福地弘行, OpenChain Japan Work Group] (2022年8月24日)

解決!OSSコンプライアンス(6):

OSSライセンスの「クリアランス」ってどういうこと? 具体的にどうやればいい?

OSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する連載「解決! OSSコンプライアンス」。6回目は、OSSコンプライアンスのために不可欠な「ライセンスクリアランス」について説明し、具体的な手順を紹介する。

[福地弘行, OpenChain Japan Work Group] (2022年7月12日)

解決!OSSコンプライアンス(5):

「ライセンスって1つじゃないの?」「OSSを『配布する』ってどういうこと?」

OSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する連載「解決! OSSコンプライアンス」。5回目は、「ライセンスって1つじゃないの?」「OSSを配布するってどういうこと?」という2つのエピソードと解決策を紹介する。

[島直道, OpenChain Japan Work Group] (2022年6月15日)

解決! OSSコンプライアンス(4):

「ライセンスどおりにしたのに違反?」「バージョンアップでライセンスが変わった!?」

OSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する連載「解決! OSSコンプライアンス」。4回目は、「ライセンスどおりにしたのに違反?」「バージョンアップでライセンスが変わった!?」という2つのエピソードと解決策を紹介する。

[大内佳子, 渡邊歩, OpenChain Japan Work Group] (2022年4月21日)

解決! OSSコンプライアンス(3):

「ライセンスが英語で分からない!」「ソースコード提供ってどういう方法でやればいい?」

OSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する連載「解決! OSSコンプライアンス」。3回目は、「ライセンスが英語で分からない!」「ソースコード提供ってどういう方法でやればいい?」という2つのエピソードと解決策を紹介する。

[大内佳子, 渡邊歩, OpenChain Japan Work Group] (2022年3月16日)

解決! OSSコンプライアンス(2):

「OSSライセンスってよく分からないんだけど」 「OSSライセンスはどこに書いてあるの?」

OSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する連載「解決! OSSコンプライアンス」。2回目は、「OSSライセンスってよく分からないんだけど」 「OSSライセンスはどこに書いてあるの?」という2つのエピソードと解決策を紹介する。

[大内佳子, 渡邊歩, OpenChain Japan Work Group] (2022年2月21日)

解決! OSSコンプライアンス(1):

「OSSはただの無料ソフト」「うちの会社に関係ない」? 企業におけるオープンソースの戦略的活用と法的リスク

「OSSなんて、うちの会社に関係ない」「無料なんだから、使い倒せばいいだけでしょ?」。まだ、こうした考えを持っている企業も多い。だが、ソフトウェアをビジネスの武器にしようとしている企業は、OSSの利用を避けることはできない。利用を適切に管理しないと、思わぬ法的トラブルを引き起こす可能性がある。 この連載ではOSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する。

[遠藤雅人, OpenChain Japan Work Group] (2022年1月13日)

Jimmy Ahlberg is the new OpenChain Governing Board Chair

By Featured, News
Jimmy Ahlberg, Ericsson

The OpenChain Project has invested resources throughout 2022 towards improving the sustainability and continuity of our project. As part of this, the OpenChain Project Governing Board decided to initiate a chairperson election. This initiative was lead by David Marr of Qualcomm, our founding chairperson, and was designed to introduce processes for a predictable cycle of leadership rotation at the very top of the project management structure.

Jimmy Ahlberg of Ericsson was duly elected OpenChain Project Governing Board Chair on the 8th of December by his peers, the voting members of the OpenChain Project Governing Board. The board is made up of one voting representative from each of the Platinum Member companies. We currently have 24 Platinum Members spread across three continents, providing one of the most geographically diverse boards in our industry.

The OpenChain Board Chair is a pivotal position. As with everything in this project, it is a position that offers influence but not control, though in this case the influence is specifically targeted towards our long-term strategic future. Jimmy has been elected for a period of three years.

As the steward of two industry standards, one of which already has an ISO/IEC grant, the OpenChain Project Governing Board has a responsibility to ensure stability and sustainability. From fiscal decisions to overarching strategy, they meet once a quarter to assess our status and future steps. Because this is an open source project, their decisions are not taken in isolation. Our community has tremendous latitude and influence on this project, and our board has tremendous respect for what that means.

Jimmy is stepping into the role with the continued support of David and the rest of the OpenChain Project Governing Board, and our fundamental strategy remains consistent. This said, we expect and look forward to Jimmy making his mark as new chairperson, and innovating around our top-level strategy based on his insight, experience and corporate background. 

If you have questions, comments or suggestions directed towards Jimmy, don’t hesitate to connect with him on one of our monthly calls, via our mailing lists or by direct mail. The leadership of the OpenChain Project is here to serve you, the community seeking to build trust in the supply chain. 

David Marr, Qualcomm

To end this lengthy post, please note that the OpenChain Project Governing Board formally thanks David Marr for his exceptional work in founding and growing this project. He first brought people together to discuss the concept of standardization around open source license compliance eight years ago, and it takes a special type of determination and community-building to turn that into an executed ISO/IEC standard. It is also thanks to David that we have expanded our activities based on community feedback to other aspects of a trusted supply chain. His impact has been and continues to be immeasurable.

Security Assurance Specification – German Version and Self-Certification

By Featured, News

The OpenChain Security Assurance Specification 1.1 is now available in German. Self-certification is also available via checklists and questionnaires. Huge thanks to Katharina and the rest of the the team at PwC for making this happen.

Get the OpenChain Security Assurance Specification 1.1 in German:


Self-Certify to the OpenChain Security Assurance Specification 1.1 in German via a checklist:


Self-Certify to the OpenChain Security Assurance Specification 1.1 in German via a questionnaire:


If you self-certify, you can be listed on the OpenChain Project website alongside your peers. This is optional but recommended as a useful exercise for the supply chain. Contact us to get the free process underway.

Self-certification for the Security Assurance Specification 1.1 is now available in English, Simplified Chinese and German. More languages are expected to be made available soon.

OpenChain Specification Co-Chairs Announced

By Featured, News

Helio Chissini de Castro, CARIAD

Chris Wood, Lockheed Martin

The OpenChain Project recently held an election for Specification Work Group co-chair. The suggested nominees from the community vote were passed to the OpenChain Governing Board for review and – on the 8th of December – were unanimously accepted by the OpenChain Platinum Members.

Helio Chissini de Castro, CARIAD and Chris Wood, Lockheed Martin are duly announced as the co-chairs of the OpenChain Specification Work Group for a period of one year. Congratulations both!

Join our specification mailing list to keep up to date with our work around ISO/IEC 5230 and the OpenChain Security Assurance Specification:

OpenChain Monthly Call – First Tuesday – 2022-12-06 – Full Recording

By News

The most recent OpenChain Monthly Call focused on editing our license compliance specification (ISO/IEC 5230). We are currently in an edit cycle that will see an update prepared for end-2023 for potential 2024 release. In this call we touched on scope and definitions based on previously submitted issues. 

As one key example of our discussion, we covered this GitHub issue:

We also discussed this one: