THE LINUX FOUNDATION PROJECTS
search
All Posts By

Shane Coughlan

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.

Sep 11

RECORDING: OpenChain AI Work Group – Asia Sync – 2025-09-11

By News

We held our regular OpenChain AI Work Group Asia Sync on the 11th of September. This meeting focused on reviewing comments around the AI Compliance Guide, which recently completed its public comment period and approval by the Governing Board.

The specific comments addressed were:

  1. https://github.com/OpenChain-Project/Reference-Material/issues/101
  2. https://github.com/OpenChain-Project/Reference-Material/issues/102
  3. https://github.com/OpenChain-Project/Reference-Material/issues/107
  4. https://github.com/OpenChain-Project/Reference-Material/issues/108
  5. https://github.com/OpenChain-Project/Reference-Material/issues/109

Watch the Recording:

Get Involved:

Everyone is welcome to be part of this activity! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list for the AI Work Group: https://lists.openchainproject.org/g/ai

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here: https://www.openchainproject.org/participate

Sep 11

RECORDING: OpenChain Telco Work Group – September – 2025-09-04

By News

This Meeting Had A Packed Agenda:

Watch the Recording:

Be part of this:

Everyone is welcome to be part of this study group! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list:
https://lists.openchainproject.org/g/telco

💻 We have a dedicated GitHub Repo:
https://github.com/OpenChain-Project/Telco-WG

You are also welcome to participate in any of our other working groups around the world:

Sep 11

OpenChain in the CEN CENELEC CRA Discussion

By News

Thanks to the advocacy of SZ Lin, OpenChain ISO/IEC 18974 has been officially referenced in the EU Cyber Resilience Act (CRA) harmonized standards discussion.

You will find OpenChain ISO/IEC 18974 cited in Slide 67 of the “CRA Standards Unlocked: Unlocking CRA Security Controls: preparation for UNE Event” from CEN CENELEC:
https://www.cencenelec.eu/media/CEN-CENELEC/Events/Webinars/2025/2025-09-08_webinar_unlocking_cra_security_controls_preparation_for_une_event.pdf

We are referenced alongside:
• ISO/EC TR 5895:2022 – Cybersecurity – Multi-party coordinated vulnerability disclosure and handling
• SO/EC 30111:2019 – Information technology – Security techniques – Vulnerability handling processes
• ISO/IEC 29147:2018 – Information technology – Security techniques – Vulnerability disclosure

What this means:

The value of our security standard has been positively recognized by the parties bringing together the official CRA standards / requirements portfolio.

It provides a door to both continue and expand our collaboration in this space. The precise next steps will be determined in collaboration with our community and the governing board.

Ideas welcome!

Sep 09

OpenChain Webinar: Introduction to the Cyber Resilience Act (CRA) @ 17:00 EDT 2025-09-11

By News

Our next webinar will be entitled ‘Introduction to the Cyber Resilience Act (CRA)’ and will be delivered by our very own David A. Wheeler, Director of Open Source Supply Chain Security at the Linux Foundation. This will be a great starting point for people getting up-to-speed around the current situation.

About This Webinar:

The European Union (EU) Cyber Resilience Act (CRA) is a new law that covers almost all “products with digital elements”, including software, released in the EU. Enforcement will begin in 2026, even on organizations who aren’t based in the EU. This presentation will briefly explain the scope and requirements of the CRA. This webinar will be lead by David A. Wheeler, Director of Open Source Supply Chain Security at the Linux Foundation.

We start at 17:00 EDT 2025-09-11. All welcome, no registration needed.

Join here at the start time:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

Sep 09

OpenChain Webinar: Compliant containers with the OSADL Base Image @ 09:00 CEST 2025-09-10

By News

Our next webinar will be entitled ‘Compliant containers with the OSADL Base Image’ and will be delivered by Caren Kresse of OSADL. This will address one of the hottest topics in compliance: “how do you make containers compliant?”

About This Webinar:

While containers certainly simplify deploying software, fulfilling FOSS license obligations for containers is made difficult by their layered structure and the lack of compliance material in public repositories. Although every container is customized for its particular use and therefore comprises different software components, many are built on a base image that provides essential system components. It seems obvious to apply the Open Source principle of sharing development of non-differentiating technologies and services to license obligations of container base images. Therefore, OSADL offers the so called OSADL Base Images that are provided together with all required legal information and material needed to be distributed compliantly. A company may build their individual container images on top of the OSADL Docker Base Image and use the provided instructions to fulfill license obligations for the additional software to achieve license compliant container distribution. This presentation will explain how the base images and in particular the license compliance material are created, list what flavors, versions and variants are available and show how they can be used to facilitate licensing of individual containers.

Project page: https://www.osadl.org/base-image
Docker Hub: https://hub.docker.com/r/osadl/

We start at 09:00 CEST 2025-09-10. All welcome, no registration needed.

Join here at the start time:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

Sep 04

SBOM Study Group > Developing a New Guide to SBOM Quality – What’s Next?

By News

There was a significant market impact with the release of Version 1.1 of the Telco SBOM Quality Guide:
https://openchainproject.org/featured/2025/05/09/openchain-telco-sbom-guide-version-1-1-now-available

This lead to discussions about how we can make an explicitly cross-industry guide covering the topics of *how* we determine what is quality, and *how* we manage this across multiple industries. This lead to the development of a ”thinking” document considering how a cross-industry, cross-format SBOM quality could be structured:
https://github.com/OpenChain-Project/SBOM-sg/blob/main/Cross-Industry-SBOM-Quality-Guide/en/Cross-Industry-SBOM-Quality-Guide.md

As of last week, permission was given by the OpenChain Governing Board for the SBOM Study Group to turn into a full OpenChain Work Group, and to explicitly work on turning the thinking document into an official OpenChain guide for everyone. The formal announcement regarding the SBOM Study Group evolution will be made later this week, and meanwhile, you can check out a detailed presentation on the topic of a cross-industry SBOM Quality Guide in the slides below.

Check Out The Slides:

Learn More About This Study (and soon Work) Group:

Our SBOM Study Group brings all our various SBOM-related activities together and helps answer the question of “how do we use SBOMs in production, large-scale and complex supply chains?” Our original kick-off call has all the details.

Get Involved:

Everyone is welcome to be part of this study group! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list:
https://lists.openchainproject.org/g/sbom

💻 We have a dedicated GitHub Repo:
https://github.com/OpenChain-Project/SBOM-sg

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here:
https://www.openchainproject.org/participate

Sep 04

RECORDING: OpenChain AI Work Group – Monthly Workshop for North America and Europe – 2025-09-02

By News

We held our regular OpenChain AI Work Group meeting for North America and Europe on the 2nd of September. This meeting focused on reviewing comments around the AI Compliance Guide, which recently completed its public comment period and approval by the Governing Board.

The specific comments addressed were:

  1. https://github.com/OpenChain-Project/Reference-Material/issues/101
  2. https://github.com/OpenChain-Project/Reference-Material/issues/102
  3. https://github.com/OpenChain-Project/Reference-Material/issues/107
  4. https://github.com/OpenChain-Project/Reference-Material/issues/108
  5. https://github.com/OpenChain-Project/Reference-Material/issues/109

Watch the Recording:

Get Involved:

Everyone is welcome to be part of this activity! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.

✉️ We have a dedicated mailing list for the AI Work Group: https://lists.openchainproject.org/g/ai

Attend Future Meetings:

You can find and get the dial-in details for all future meetings from our participate page here: https://www.openchainproject.org/participate

Sep 03

OpenChain @ OSS NA – International Community, Language and Cognitive Load

By News

It is a bit of a “community week” here at the OpenChain Project, and you will see various things from Open Source Summit Europe appearing across our news and social media. However, there is another item we wanted to flag from Open Source Summit North America recently.

OpenChain is a totally global project, with contributors from three continents (we are open to every other continent contributing as well), and that means we operate in a lot of languages. That means far more than translation. It means cognitive load, and other challenges.

There was a wonderful talk from Naomichi Shima and Norio Kobota at Sony Group Corporation (voting alternate and board members of OpenChain respectively) on this topic at OSS NA. It was called “Empowering Asian Contributions: The Rise of Regional User Groups in Open Source Communities”

There is something really important contained in this presentation about how much effort is needed to communicate across language barriers. While the OpenChain Project has always tried to pay attention to this, and we have developed various workflows and methods over the last nine years, we want to (a) make sure we keep doing that effectively and (b) make sure every other project has access to our lessons learned.

You can view the full presentation here:

Aug 25

RECORDING: OpenChain Japan Community Day #34 at Mitsubishi Electric

By News

About:

The OpenChain Japan Work Group held a two-day event on the 31st July ~ 1st August 2025, kindly hosted by Mitsubishi Electric at their innovation hub in Yokohama. We are delighted to share recordings of both days with you, with great thanks to Owada San for preparing the edits.

Our Agenda:

【DAY 1 – 7月31日(木)-】
13:00-13:30 (30分) : 三菱電機 Serendie Street(共創空間) ガイドツアー
★希望者のみ。現地参加登録の際に一緒にお申し込みください。
13:30-14:05 (35分) : House Keeping、OpenChain紹介、Shane GMによるKeynote
14:05-14:25 (20分) : 三菱電機のOSPO活動紹介
14:25-15:15 (50分) : オープンソースライセンス研究所 うっかりミス防止研究会の活動紹介
15:15-15:45 (30分) : 休憩&ネットワーキング
15:45-16:20 (35分) : FAQ-sgより、うっかりミス関連FAQ紹介
16:20-16:50 (30分) : イベントリキャップ OSS Summit NA 2025
16:50-17:00 (10分) : クロージング
17:30-19:00 (90分) : 同会場にてネットワーキング(懇親会)

【DAY 2 – 8月1日(金)-】
9:30-11:30 (120分) : Education-sg紹介、初学者向け OSSコンプライアンス教育
11:30-11:45 (15分) : 教育資料オープンレビュー

The Recording of Day 1:

The Recording of Day 2: