Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source.
Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.
The OpenChain Tooling Work Group holds meetings on a bi-weekly schedule. They allow anyone with an interest in open source tooling for license, security or other compliance matters to learn, share and collaborate. All levels of experience are welcome.
Next Meeting:
Our next meeting takes place on the 16th of July 2025 at 17:00 CEST (15:00 UTC).
The OpenChain Project will hold a webinar on the 29th of July 2025 to provide a case study on how ZF – one of the world’s largest automotive suppliers – collaborated with TIMETOACT to obtain third-party certification for OpenChain ISO/IEC 5230.
2025-07-29 @ 07:00 UTC / 08:00 BST / 09:00 CEST / 15:00 CST / 16:00 KST + JST
This case study is suitable for organizations new to the OpenChain standards, organizations in the process of adopting the standards, or organizations reviewing how others met this milestone in open source process management. It will be structured as a series of short section presentations that provide:
A brief introduction to ISO/IEC 5230
The importance of ISO/IEC in the automotive industry
ZF’s certification journey
Forming an OSPO
Steps taken to accomplish ISO/IEC 5230 certification
Challenges faced
Role of TIMETOACT in the certification process
Gap analysis with TIMETOACT and ZF
How ZF used OpenChain and InnerSource Commons resources
Lessons learned
Closing thoughts
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
Element is a decentralized and flexible communications platform, built on the Matrix open standard, that gives people and organizations the independence to communicate with confidence. Learn more: https://element.io
About the OpenChain Project:
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation:
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Check Out The Publicly Announced Community of Conformance:
Woven by Toyota, a company designed to drive the evolution of mobility to enhance safety, peace of mind, fulfillment and opportunity for all, has completed its periodic re-conformance to the OpenChain ISO/IEC 5230 specification. ISO/IEC 5230 is the international standard for open source license compliance process management, and has seen widespread adoption throughout the mobility industry.
Liaise with OSADL to collaborate / contribute to their work (Shane will reach out): https://www.osadl.org
Discussion Document:
We have created a document to help everyone share ideas (and refine other ideas) about next steps in the country. You can find and add comments to the document here:
Identify where ISO/IEC 5230 and ISO/IEC 18974 can assist
Identify where OpenChain reference material can assist
Discuss if we can create new reference material to assist
Discussion Document:
We have created a document to help everyone share ideas (and refine other ideas) about next steps in the country. You can find and add comments to the document here:
This was a busy meeting. Lead by Chris Wood (Chair, Specification Work Group), and featuring discussions from Martin Yagi (Chair Education Work Group) and Dave Marr (Co-Chair AI Work Group), we worked through the following agenda:
Introducing new Work Group Chairs
Education Work Group next steps
AI Work Group – Draft AI Compliance Guide public comment period
Specification Work Group – Approvals for updates to standards
This webinar covered how the team in VW Group are doing compliance at CARIAD with ORT. Helio Chissini de Castro lead the discussion, and we had some interesting Q&A.
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
The OpenChain AI Work Group has been considering how to manage AI compliance in the supply chain for over a year. During this time the community has collaboratively produced a draft guide to identify key process points for a quality AI compliance program:
With approval from the OpenChain Governing Board, the draft ‘The Artificial Intelligence System Bill of Materials: Compliance Management Guide for the Supply Chain’ is now entering a Public Comment Period.
Participate:
This Public Comment period will follow the OpenChain Project process outlined on our website:
THE DEADLINE FOR SUBMISSION OF PUBLIC COMMENTS IS 2025-08-18 AT 04:00 PDT / 11:00 UTC / 13:00 CEST / 20:00 JST.
—
Please note: THE DRAFT GUIDE IS NOT A PRODUCTION RELEASE OR OFFICIAL RELEASE DOCUMENT FROM THE OPENCHAIN PROJECT. AT THIS JUNCTURE, IT IS WORKING DOCUMENT DESIGNED TO ALLOW INTERESTED PARTIES TO SHARE IDEAS.
ECARX is a global automotive technology provider partnering with OEMs to accelerate the future of software-defined vehicles. As OEMs develop new vehicle platforms from the ground up, ECARX is developing a full-stack solutions to enhance the user experience, while reducing complexity and cost.
To date ECARX products have been integrated into more than 8.7 million cars worldwide. Founded in 2017, and listed on the Nasdaq in 2022, it has more than 1,800 team members across Europe, Asia and the Americas working towards one ambition: to redefine the driving experience by making it safer and more enjoyable for everyone.