Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.
The OpenChain Export Control Work Group held its second meeting in December 2022. This meeting is providing an informal, exploratory platform for discussion around open source, export control, and the type of community resources people have found in the ecosystem.
We are working on a landscape spreadsheet. Everyone is invited to contribute:
Would you like to check out our previous meeting?
The OpenChain Security Assurance Specification 1.1 is now available in Simplified Chinese. This translation was created by Zhang Jun Xia from the China Academy of Information and Communications Technology (翻译人:张俊霞,中国信息通信研究院). Zhang Jun Xia previously contributed the Simplified Chinese self-certification checklist for this specification.
The GitHub version is stored as MarkDown, a type of text format. Do you want to download it in different formats?
Please note that we are always glad to have review for any errors in the translations we provide, and we are always glad to receive new translations. We work via GitHub and you can find the OpenChain Security Assurance Specification repository here:
Part 10 (!) of a long-running open source compliance series on the Japanese website @IT covers some of the differences between SPDX and CycloneDX, two SBOM formats with growing mindshare across the supply chain. Ninjouji San from Toshiba is the author of this article and is well-known for his contributions as an OpenChain Japan Work Group member and a board representative for Toshiba as a Platinum of the OpenChain Project.
OSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する連載「解決! OSSコンプライアンス」。今回は、協力会社を巻き込んだ開発で重要性を増す、話題のSBOMと標準フォーマットを詳しく解説します。
[忍頂寺毅, OpenChain Japan Work Group] (2022年12月7日)OSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する連載「解決! OSSコンプライアンス」。今回からは、ソフトウェア開発企業X社の開発者である新城くんが、協力会社も巻き込んだ大規模な開発に取り組む中で直面する、OSSコンプライアンス問題とその解決策を解説していきます。
[遠藤雅人, OpenChain Japan Work Group] (2022年10月24日)OSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する連載「解決! OSSコンプライアンス」。8回目は、利用するOSSの選択とコンプライアンスについて解説する。
[小保田規生, OpenChain Japan Work Group] (2022年9月16日)OSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する連載「解決! OSSコンプライアンス」。7回目は、意図的に使ってはいないが、OSSコンプライアンスで対応しなければならないOSSのユースケースについて説明する。
[福地弘行, OpenChain Japan Work Group] (2022年8月24日)OSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する連載「解決! OSSコンプライアンス」。6回目は、OSSコンプライアンスのために不可欠な「ライセンスクリアランス」について説明し、具体的な手順を紹介する。
[福地弘行, OpenChain Japan Work Group] (2022年7月12日)OSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する連載「解決! OSSコンプライアンス」。5回目は、「ライセンスって1つじゃないの?」「OSSを配布するってどういうこと?」という2つのエピソードと解決策を紹介する。
[島直道, OpenChain Japan Work Group] (2022年6月15日)OSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する連載「解決! OSSコンプライアンス」。4回目は、「ライセンスどおりにしたのに違反?」「バージョンアップでライセンスが変わった!?」という2つのエピソードと解決策を紹介する。
[大内佳子, 渡邊歩, OpenChain Japan Work Group] (2022年4月21日)OSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する連載「解決! OSSコンプライアンス」。3回目は、「ライセンスが英語で分からない!」「ソースコード提供ってどういう方法でやればいい?」という2つのエピソードと解決策を紹介する。
[大内佳子, 渡邊歩, OpenChain Japan Work Group] (2022年3月16日)OSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する連載「解決! OSSコンプライアンス」。2回目は、「OSSライセンスってよく分からないんだけど」 「OSSライセンスはどこに書いてあるの?」という2つのエピソードと解決策を紹介する。
[大内佳子, 渡邊歩, OpenChain Japan Work Group] (2022年2月21日)「OSSなんて、うちの会社に関係ない」「無料なんだから、使い倒せばいいだけでしょ?」。まだ、こうした考えを持っている企業も多い。だが、ソフトウェアをビジネスの武器にしようとしている企業は、OSSの利用を避けることはできない。利用を適切に管理しないと、思わぬ法的トラブルを引き起こす可能性がある。 この連載ではOSSコンプライアンスに関するお悩みポイントと解決策を具体的に紹介する。
[遠藤雅人, OpenChain Japan Work Group] (2022年1月13日)
The OpenChain Project has invested resources throughout 2022 towards improving the sustainability and continuity of our project. As part of this, the OpenChain Project Governing Board decided to initiate a chairperson election. This initiative was lead by David Marr of Qualcomm, our founding chairperson, and was designed to introduce processes for a predictable cycle of leadership rotation at the very top of the project management structure.
Jimmy Ahlberg of Ericsson was duly elected OpenChain Project Governing Board Chair on the 8th of December by his peers, the voting members of the OpenChain Project Governing Board. The board is made up of one voting representative from each of the Platinum Member companies. We currently have 24 Platinum Members spread across three continents, providing one of the most geographically diverse boards in our industry.
The OpenChain Board Chair is a pivotal position. As with everything in this project, it is a position that offers influence but not control, though in this case the influence is specifically targeted towards our long-term strategic future. Jimmy has been elected for a period of three years.
As the steward of two industry standards, one of which already has an ISO/IEC grant, the OpenChain Project Governing Board has a responsibility to ensure stability and sustainability. From fiscal decisions to overarching strategy, they meet once a quarter to assess our status and future steps. Because this is an open source project, their decisions are not taken in isolation. Our community has tremendous latitude and influence on this project, and our board has tremendous respect for what that means.
Jimmy is stepping into the role with the continued support of David and the rest of the OpenChain Project Governing Board, and our fundamental strategy remains consistent. This said, we expect and look forward to Jimmy making his mark as new chairperson, and innovating around our top-level strategy based on his insight, experience and corporate background.
If you have questions, comments or suggestions directed towards Jimmy, don’t hesitate to connect with him on one of our monthly calls, via our mailing lists or by direct mail. The leadership of the OpenChain Project is here to serve you, the community seeking to build trust in the supply chain.
To end this lengthy post, please note that the OpenChain Project Governing Board formally thanks David Marr for his exceptional work in founding and growing this project. He first brought people together to discuss the concept of standardization around open source license compliance eight years ago, and it takes a special type of determination and community-building to turn that into an executed ISO/IEC standard. It is also thanks to David that we have expanded our activities based on community feedback to other aspects of a trusted supply chain. His impact has been and continues to be immeasurable.
The OpenChain Security Assurance Specification 1.1 is now available in German. Self-certification is also available via checklists and questionnaires. Huge thanks to Katharina and the rest of the the team at PwC for making this happen.
Get the OpenChain Security Assurance Specification 1.1 in German:
Self-Certify to the OpenChain Security Assurance Specification 1.1 in German via a checklist:
Self-Certify to the OpenChain Security Assurance Specification 1.1 in German via a questionnaire:
If you self-certify, you can be listed on the OpenChain Project website alongside your peers. This is optional but recommended as a useful exercise for the supply chain. Contact us to get the free process underway.
Self-certification for the Security Assurance Specification 1.1 is now available in English, Simplified Chinese and German. More languages are expected to be made available soon.
The first OpenChain Public Policy Work Group meeting was held on 2022-12-12. This meeting was an agenda-setting exercise. The key outcome was to create a spreadsheet and start to collect a landscape of links related to public policy. Everyone is invited to help out here:
https://docs.google.com/spreadsheets/d/1Yv7DEbG_aLhBo7a4MeM4ylmgmGJeetQAokYZkWkgsSU/edit#gid=0
 Helio Chissini de Castro, CARIAD |  Chris Wood, Lockheed Martin |
The OpenChain Project recently held an election for Specification Work Group co-chair. The suggested nominees from the community vote were passed to the OpenChain Governing Board for review and – on the 8th of December – were unanimously accepted by the OpenChain Platinum Members.
Helio Chissini de Castro, CARIAD and Chris Wood, Lockheed Martin are duly announced as the co-chairs of the OpenChain Specification Work Group for a period of one year. Congratulations both!
Join our specification mailing list to keep up to date with our work around ISO/IEC 5230 and the OpenChain Security Assurance Specification:
The most recent OpenChain Monthly Call focused on editing our license compliance specification (ISO/IEC 5230). We are currently in an edit cycle that will see an update prepared for end-2023 for potential 2024 release. In this call we touched on scope and definitions based on previously submitted issues.
As one key example of our discussion, we covered this GitHub issue:
We also discussed this one:
At the Open Compliance Summit 2022 there was an informal discussion around the recently launched OpenChain Export Control Work Group. The slides are below.
Read the full overview and watch the recording from the first OpenChain Export Control Work Group meeting here:
© 2025 OpenChain. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use
