Skip to main content
All Posts By

Shane Coughlan

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.

Help Update Our License Compliance And Security Assurance Standards

By Featured, News

The OpenChain Project is ready to start accepting feedback to improve our license compliance and security standards.

OpenChain Security Assurance Specification:
https://github.com/OpenChain-Project/Security-Assurance-Specification

Easy way to suggest Security Assurance Specification improvements:
https://github.com/OpenChain-Project/Security-Assurance-Specification/issues/new/choose

OpenChain License Compliance Specification (ISO/IEC 5230):
https://github.com/OpenChain-Project/License-Compliance-Specification

Easy way to suggest License Compliance Specification improvements:
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/new/choose

You can also send your suggestions to our specification mailing list:
https://lists.openchainproject.org/g/specification

Notes

  • The next generation of our license compliance standard will update ISO/IEC 5230.
  • Our security assurance standard (generation 1) is scheduled to become an ISO/IEC standard in mid-2023. The update to generation 2 will trigger an update to the new ISO/IEC standard for late 2023~mid-2024.
  • You will find extensive feedback on our standards already exists on GitHub and you can easily review that before submitting a suggestion for improvement.

Pre-existing submissions for the security assurance standard:

https://github.com/OpenChain-Project/Security-Assurance-Specification/issues

Pre-existing submissions for the license compliance standard:

https://github.com/OpenChain-Project/License-Compliance-Specification/issues

Webinar: Bitsea and their OpenChain-Related Services

By community, News, Partner Webinar, standards, Webinar

This series highlights offerings from various service providers throughout the global OpenChain eco-system. Each featured partner has an official relationship with the project, whereby they may use our trademark for marketing OpenChain-specific services, and in exchange they help with community outreach, education and other aspects of collaborative (and free) support.




More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2022-10-18.

New OpenChain Meeting and Presentation Slide Template Now Available

By News

The OpenChain Project has a new slide template for meetings and presentations. You will find it here:

Please feel free to use this for your work groups, advocacy around the project, and to help education people inside your company or supply chain.

Please Note:

The OpenChain Project Meeting and Presentation Template contains the OpenChain trademark and can only be used for matters related to OpenChain Project activities. This template also contains The Linux Foundation trademarked logo. The Linux Foundation trademark policy can be found here:

To use the OpenChain trademark for commercial activities please join the OpenChain Partner Program:

Self-Certification Checklist for OpenChain Security Assurance Specification 1.1 in Simplified Chinese

By Featured, News

The OpenChain Security Assurance Specification 1.1 self-certification checklist is now available in Simplified Chinese. A big thank you to Zhang Jun Xia from CAICT for making this happen.

This checklist is designed to help organizations adopt the de facto standard for open source security assurance. Organizations using this self-certification process will also meet the requirements of the specification when it graduates the ISO/IEC JTC-1 PAS Transposition process, with an estimated arrival time of that International Standard in mid-2023.

The checklist contains a series of “yes” or “no” statements. If you can answer “yes” to everything, you are self-certified. If you answer “no” to some items, you know where to invest further time to build a quality security assurance program.


Do you want to get the English version of the self-certification checklist?


This checklist is licensed under CC-0 (effectively public domain), so you can take it, integrate it, and remix it without any restrictions. You do not even have to provide attribution.

We welcome contributions to improve this checklist. You can contribute by opening a GitHub issue here:
https://github.com/OpenChain-Project/Reference-Material/issues

REMINDER: OpenChain Monthly Community Call – 09:00 CST (01:00 UTC) 2022-10-18 (Tomorrow)

By News

This is the OpenChain Monthly Community Call for Mainland China / Japan / Korea / Taiwan + USA. People from everywhere else are very welcome to join too! We realize the timezone is terrible for Europe. We have a separate monthly call designed for Europe / USA. It takes place on the First Tuesday of every month.

It is open to every individual and company regardless of their membership of Linux Foundation or the OpenChain Project. It provides a forum to bring together the various things the OpenChain community is doing around the world, from building our family of standard (licensing compliance and now security compliance), assisting with tooling, SBOMs and OSPOs, and facilitating industry specific discussions in areas like telco and automotive.

Agenda
1 Introductions 
2 Specification (process standards) news 
3 SBOM news
4 OSPO news
5 Automation news 
6 Community feedback and comments – issues for standards and core supporting material
7 Community feedback and comments – issues for reference and supporting material
8 Community feedback and comments – issues to support other projects
9 Any other business
10 Close of meeting

This meeting is held in the OpenChain Project Zoom room:
https://zoom.us/j/4377592799

Check your timezone:
PDT United States Pacific UTC-07:00
UTC Coordinated Universal Time UTC
CET Central European Time UTC+01:00
IST India Standard Time UTC+05:30
CST China Standard Time UTC+08:00
KST Korea Standard Time UTC+09:00
JST Japan Standard Time UTC+09:00

Compare timezones:
https://www.worldtimebuddy.com

Join via one tap mobile:
+86 10 8783 3177,,4377592799# Mainland China
+33 1 8699 5831,,4377592799# France
+49 69 7104 9922,,4377592799# Germany
+81 524 564 439,,4377592799# Japan
+82 2 3143 9612,,4377592799# Korea
+91 80 71 279 440,,4377592799# India
+886 (2) 7741 7473,,4377592799# Taiwan
+44 330 088 5830,,4377592799# UK
+13017158592,,4377592799# USA

Find your local country number:
https://zoom.us/u/awFnORNiA
Meeting ID: 437 759 2799

Self-Certification Checklist for OpenChain Security Assurance Specification 1.1 Now Available

By Featured, News

The OpenChain Security Assurance Specification 1.1 self-certification checklist is now available. This is designed to help organizations adopt the de facto standard for open source security assurance. Organizations using this self-certification process will also meet the requirements of the specification when it graduates the ISO/IEC JTC-1 PAS Transposition process, with an estimated arrival time of that International Standard in mid-2023.

The checklist contains a series of “yes” or “no” statements. If you can answer “yes” to everything, you are self-certified. If you answer “no” to some items, you know where to invest further time to build a quality program.


This checklist is licensed under CC-0 (effectively public domain), so you can take it, integrate it, and remix it without any restrictions. You do not even have to provide attribution.

We welcome contributions to improve this checklist. You can contribute by opening a GitHub issue here:
https://github.com/OpenChain-Project/Reference-Material/issues

Witzel Erb Backu & Partner is the Latest OpenChain Project Partner

By News

Witzel Erb Backu & Partner, a law firm founded in 2020 by alumni of the Munich law firm SSW Schneider Schiffer Weihermüller, has joined the OpenChain Partner Program. 

“The importance of Open Source Software shall not be underestimated,” says Stefan Haßdenteufel, Partner at Witzel Erb Backu & Partner. “The idea of permitting others to use your software free of charge combined with the availability of the source code boosted the entire software industry years ago. Nowadays, it is all about the little IoT devices and the IT services that emerge – all driven by Open Source Software components. While software is still becoming more important for our economy and our everyday life, the need for Open Source Software continues to grow.”

“There is tremendous value in having the option of outside counsel for addressing supply chain questions,” says Shane Coughlan, OpenChain General Manager. “We are delighted to announce the strengthening of official OpenChain Partner coverage in Germany in this respect, and we expect to work closely with Witzel Erb Backu & Partner as the OpenChain standards for license compliance and security assurance extend more deeply into procurement in Europe and beyond.”

About Witzel Erb Backu & Partner

Witzel Erb Backu & Partner, founded by eleven partners and twelve associates in 2020, has its roots in the law firm SSW Schneider Schiffer Weihermüller, a well-established law firm founded in Munich in 1998. Many years of experience, our depth of knowledge and our genuine enthusiasm are what we stand for. Law is our passion. Our team of currently more than 25 lawyers combines the highest standards with the utmost professional expertise, focusing on four key areas: family law, commercial law, IT law as well as tax criminal and business criminal law. Especially with IT law, our focus lies on issues of technological change, innovation and digitalization in all areas of life.

OpenChain Telco Work Group Meetings – New Regular Schedule

By News

The OpenChain Telco Work Group holds meetings on a monthly schedule. These are designed to allow anyone with an interest in areas like the telecommunication industry, their actions around open source management, and the development of a telco specification for Software Bill of Materials (SBOM). All levels of experience are welcome.

Our new regular schedule is:

First Thursday @ 07:00 UTC
First Thursday @ 15:00 UTC

At the scheduled time click to join the voice, video or screen sharing session:  
https://zoom.us/j/4377592799

You will also find our events in the OpenChain Global Calendar.

OpenChain Work Groups – New and Improved Structure

By Featured, News

The OpenChain Project has been very active since its formal launch in late 2016. Our global community has built an ISO/IEC standard for license compliance, launched a de facto (and soon to be ISO/IEC) standard for security. We have contributed to SBOM, OSPO, training, policy and other discussions. We built the world’s largest library of open source management reference material.

To reflect our growth and to make it easier to navigate the project we are going to make some adjustments to our work groups. Nothing too radical, but definitely something to help people find their way around more quickly, and to get the information they want faster. The image above contains a summary of the evolution approved by our Governing Board at their last meeting in September, and targeted for release during October 2022.

The changes?

  1. The Specification Work Group will split into two parts – a Licensing Work Group for ISO/IEC 5230 and a Security Work Group for the Security Assurance Specification.
  2. The Education Work Group and Outreach Work Group will combine into the Education Work Group.
  3. We will launch a new Export Control Work Group and a new Policy Work Group. The former will help to navigate issues around increasing international trade tensions. The later will help us provide strategic advice around the highest level of planning for open source in legislation and business.
  4. The dormant Conformance Work Group will be wound down and discussions regarding self-certification moved to Education Work Group, with discussions about the nuance of conformance parameters moved to our Steering Committee.
  5. Finally (if there are no objections), we will re-brand the Reference Tooling Work Group to the Automation Work Group to help guide people hearing about automation to the right solutions.

Feedback?

Your feedback – as always – is most welcome. Please provide comments to our main mailing list:
https://lists.openchainproject.org/g/main

Please provide feedback by Close of Business UTC (17:00 UTC) on the 18th of October 2022.