Skip to main content
search
All Posts By

Shane Coughlan

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.

Oct 10
Love0

Webinar: The Role of Data in the Supply Chain of AI

By ai, legal, licensing, News, Webinar

To help you navigate the complexities of AI, data and the supply chain, Nick Schifano CEO and founder of FastCatalog.ai discussed the intersection of AI innovation and legal frameworks. With years of experience in IP law, standards, and AI/ML legal frameworks, Nick guided us through key considerations for managing the AI supply chain—focusing on how companies can prepare for and comply with new regulatory requirements.

Webinar Highlights:
✔️ Insights into the hidden risks behind model lineage and training data in open-source AI models
✔️ Scenarios where data transparency becomes crucial for AI systems
✔️ Operational strategies to better manage AI and data supply chains
✔️ Preparing for the upcoming EU AI Act and its implications for companies

Watch the Webinar

Review the Slides

About the Speaker:

Nick Schifano is a leading expert in AI and legal frameworks. Before founding FastCatalog.ai, a company dedicated to revolutionizing AI supply chain management, Nick served as Assistant General Counsel at Microsoft, where he led groundbreaking initiatives in open innovation and AI/ML legal practices. With a technical foundation in software engineering and IT consulting, Nick brings a holistic view of both the technical and legal aspects of AI development.

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

https://www.openchainproject.org/webinars

This OpenChain Webinar was broadcast on 2024-10-10.

Oct 09
Love0

OpenChain Automotive Work Group – 2024-10-08 – Full Recording

By News

The OpenChain Automotive Work Group held an online meeting to discuss a recent face-to-face in Stuttgart, Germany, Over-The-Air (OTA) update concepts and Software Bill of Materials. The meeting was hosted by Marcel Kurzmann of Bosch.

Watch the Recording

Review the Agenda

  • Re-Cap of the OpenChain Automotive F2F Workgroup-meeting from September 10th
  • Presentation of OTA concepts in automotive – maybe by eSync Alliance
  • Updates from the SBOM-study-group and discussion about potential automotive specific requirement
Oct 03
Love0

SBOM Implementation Reality – From Crawl to Walk, the SPDX Lite Profile for the First Step

By News

During the Operations Management Summit at Open Source Summit Europe in Vienna, Kobota San (Sony) and Ninjouji San (Toshiba) from the OpenChain Project gave a deep-dive into some of the original and current market realities behind the creation and use of the SPDX Lite SBOM format.

Their slides contain a wealth of information that is useful for anyone working in this field.

Review The Slides:

More About The Speakers:

Oct 02
Love0

Korea Telecom (KT) Announces an OpenChain ISO/IEC 18974 Conformant Program

By Featured, News

Korea Telecom (KT), South Korea’s largest telecommunications operator, has announced an OpenChain ISO/IEC 18974 Conformant Program. With 50,000 employees group-wide, KT has a long history in open source engagement, and has operated a dedicated team for its management since 2012.

KT’s decision to adopt OpenChain ISO/IEC 18974 continues their strategic interest in aligning with international standards for managing the supply chain, and builds on their previous adoption of OpenChain ISO/IEC 5230 for open source license compliance. [See note 1 below]

The adoption of OpenChain ISO/IEC 18974 further enhances KT’s contribution to open source security and enable them to take a more proactive and systematic approach to open source security activities.

“Today’s announcement is another milestone for both KT and the OpenChain Project,” says Shane Coughlan, OpenChain General Manager. “KT has demonstrated continued leadership in open source best practices with certification to OpenChain ISO/IEC 18974, and their activity coincides with deeper telecommunication adoption of OpenChain standards in recent months. Great credit is due to the open source and the management team of KT for driving this forward, and for the inspiration it provides to many other companies in the ecosystem.”

About KT Corporation (KRX: 030200; NYSE: KT)

KT Corp., Korea’s largest telecommunications service provider, is leading the new era of innovations in one of the world’s most connected countries with 5G, Big Data, Cloud, IoT, Blockchain and other transformative technologies. KT launched the world’s first nationwide commercial 5G network in April 2019, after showcasing the first trial 5G services at the PyeongChang Winter Olympic Games in February 2018. To help cope with COVID-19, KT is staging a social campaign, dubbed “Ma-Eum:TACT (Heart to Heart),” providing technology supports for people and businesses in need. KT will deliver most essential and innovative services and solutions to its customers around the world as the first frontier in the next technology revolution and number one Global ICT Company.

About the OpenChain Project

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs

About The Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Notes

[1] KT’s announcement of OpenChain ISO/IEC 5230 adoption in November 2023: https://openchainproject.org/featured/2023/11/07/korea-telecom-kt-announces-an-openchain-iso-iec-5230-conformant-program

Oct 01
Love0

OpenChain AI Study Group – Monthly Workshop for North America and Europe – 2024-10-01 – Recording

By News

The OpenChain AI Study Group held its regular workshop on the 1st of October. Karen Bennet from SPDX provided a briefing on AI BOM. Work also progressed on the draft scratchpad for management of AI BOMs.

Watch the Recording

Track This Work

You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:

Attend Future Meetings

You can find and get the dial-in details for all future AI Study Group meetings from our participate page here:

Oct 01
Love0

OpenChain Project – Main Monthly North America and Europe Call – 2024-10-01 – Full Recording

By News

We held our regular Monthly North America and Europe Call on the 1st of October. The focus was on discussing the Public Comment period for our draft proposed updates to the licensing and security specifications, and on the outcomes of the recent Steering Committee meeting.

Check Out The Recording

Link to the Steering Committee Meeting Recording:

We keep all the slides from our monthly calls online and they can be a useful way to access direct links and more details:

Join Our Work

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate

Oct 01
Love0

Coming Soon: OpenChain Webinar on SBOM Visualization – An Alternative Approach to Reviewing SBOMs – 2024-10-23 @ 07:00 UTC

By News

This webinar will cover the topic of SBOM visualization to provide an alternative approach to review code.

Abstract

In order to comply with the use of open source, when setting up the SBOM, care must be taken not only to list the components, but also to show how they are incorporated into your products (this is a multidimensional space consisting of hierarchy, linking, modification, export restrictions, security vulnerabilities, distribution type, versions, etc.), and how properties may propagate through the dependency tree. Keeping track of these complex relationships based on a text file or tables is extremely difficult.

As part of a research project funded by the Federal Ministry for Economic Affairs and Climate Protection (BMWi) and with the Bonn-Rhein-Sieg University of Applied Sciences and Bitsea, a visualization of the meta information was implemented that displays the relationships and potential risks quickly and in an easy-to-understand way.

Get Dial-In Details Via Our Global Calendar

About the Speaker

Dr Kotulla is the founder and managing director of Bitsea GmbH and specializes in the technical audits of software systems. Bitsea assesses open source compliance and advises clients comprehensively on open source management, open source strategy, open source governance, open source processes, tool chains and offers an Open Source Program Office (OSPO) and scanning as a managed service.

Dr Kotulla is a computer scientist, has been active in IT for more than three decades, leads workshops and gives lectures on open source, software engineering, software quality and worked for 12 years for international telecommunications providers. He is a member of the Linux Foundation’s OpenChain project, is active in Bitkom e.V.’s Open Source working group and is the author of several books and publications.

Learn More: www.bitsea.de

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

Sep 30
Love0

OpenChain Monthly North America – Europe Meeting – 2024-09-03 – Full Recording

By News

We held our regular Monthly North America and Europe Call on the 3rd of September. The focus was on discussing the Public Comment period for our draft proposed updates to the licensing and security specifications.

Check Out The Recording

We keep all the slides from our monthly calls online and they can be a useful way to access direct links and more details:

What We Did On This Call:

Update openchain-license-compliance-3.0.md #76

Changed:

 A process shall exist for creating the set of compliance artifacts for the supplied software.

Verification material(s):

  • 3.4.1.1 – A documented procedure that describes the process under which the compliance artifacts are prepared and distributed with the supplied software as required by the identified licenses.
  • 3.4.1.2 – A documented procedure for archiving copies of the compliance artifacts of the supplied software – where the archive is planned to exist for a reasonable period of time (Determined by domain, legal jurisdiction and/or customer contracts) since the last offer of the supplied software; or as required by the identified licenses (whichever is longer). Records exist that demonstrate the procedure has been properly followed.

To:

A process shall exist for creating the set of compliance artifacts for the supplied software.

Verification material(s):

  • 3.4.1.1 – A documented procedure that describes the process under which the compliance artifacts are prepared and distributed with the supplied software as required by the identified licenses.
  • 3.4.1.2 – A documented procedure for archiving copies of the compliance artifacts of the supplied software – where the archive is planned to exist for a reasonable period of time (determined by domain, legal jurisdiction and/or customer contracts) since the last offer of the supplied software, or as required by the identified licenses (whichever is longer). Records exist that demonstrate the procedure has been properly followed.

Improved 2.7 #75

Changed:

a “Software Bill of Materials” (SBOM) is a inventory for software, a list of ingredients that make up software components. An example is the (Software Package Data Exchange) SPDX specification created by the Linux Foundation’s SPDX Project to exchange bill of materials for a given software package (see spdx.org). Regardless of the SBOM specification used, it should follow a complete profile for the intended use case.

To:

a “Software Bill of Materials” (SBOM) is an inventory for software, a list of ingredients that make up software components. An example is the Software Package Data Exchange (SPDX) specification created by the Linux Foundation’s SPDX Project to exchange bill of materials for a given software package (see spdx.org). Regardless of the SBOM specification used, it should follow a complete profile for the intended use case.

Update openchain-license-compliance-3.0.md #74

Changed:

a set of open source software licenses identified as a result of following an appropriate method of identifying open source components from which the supplied software is may contain

To:

a set of open source software licenses identified as a result of following an appropriate method of identifying open source components which the supplied software may contain

Terms and definitions sub-headings to same level openchain-license-co… #66

Fixed formatting:

“Under Terms and definitions there were some sub-headings with ## and some with ### so changed them all to be ### level sub-headings.”

Update openchain-security-specification-2.0.md #37

Changed:

3.3.2 – Security Assurance

A process shall exist to detect, identify, and document the existence of Known Vulnerabilities in each Open Source Software component on the Software Bill of Materials (SBOM) for the Supplied Software.

To:

3.3.2 – Security Assurance

A process shall exist to detect, identify, and document the existence of Known Vulnerabilities in each Open Source Software component in the Software Bill of Materials (SBOM) for the Supplied Software.

Overview of the Public Comment Period

OpenChain Project Announces Public Comment Period for Draft Updates to Compliance and Security Specifications

Starting 2024-06-19 ~ Ending 2024-12-19

The OpenChain Project has announced the beginning of its six month Public Comment Period for proposed draft updates to the open source license compliance (ISO/IEC 5230:2020) and open source security assurance (ISO/IEC 18974:2023) specifications.

As per our specification development process outlined in the project FAQ, this Public Comment Period will run for six months, and it will be followed by a three month Freeze Period.

During the Public Comment Period everyone is invited to review and comment on the specifications. As an open project developing open standards, we host the draft documents on our GitHub repositories.

Learn More:

You can comment on this process by joining our monthly calls or via our Specification Mailing list. You can also leave comments via GitHub issues as detailed below.

Close Menu