Skip to main content
search
All Posts By

Shane Coughlan

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.

Aug 17
Love0

Bureau Veritas Becomes The First OpenChain Certifier In The Great China Region

By News

Bureau Veritas is now able to assess and certify the open source program conformance to the OpenChain ISO/ IEC 5230 standard

Bureau Veritas, a leading Testing, Inspection and Certification provider for the consumer and electrical/electronic products industry is pleased to announce a partnership with the OpenChain to become the fifth official OpenChain ISO 5230 third party certifier and is now able to assess and certify the open source program conformance to the OpenChain ISO/ IEC 5230 standard.    

In recent times, open source software is broadly used in numerous industries, which extended the compliance obligations to the companies. Hence, it is vital to provide a software supply chain where open source software is delivered with trusted and consistent compliance information. ISO 5230 OpenChain was formulated to allows companies of all sizes and sectors to adopt the key requirements of a quality open source compliance program. After obtained the qualification of OpenChain Certifier, Bureau Veritas has extended its service portfolio to provide “Independent Compliance Assessment” and “Third-Party Certification” to our existed or potential customers in order to assist them in speed-up the process during the product development phase.

Pascal LE-RAY, the General Manager of Bureau Veritas Consumer Products Services Technology Products Taiwan, said, “We are pleased to announce that Bureau Veritas CPS Technology Products Taiwan becomes the first certifier in the Great China region. This partnership also demonstrates the deep expertise and experience of Bureau Veritas’ compliance practice to support our clients in adopting high-quality open source compliance programs. Moreover, OpenChain aids open source transparency by using software bill of material to identify and manage security vulnerabilities that synergize with cybersecurity standards to reduce compliance risks and security risks effectively.”

“OpenChain ISO 5230 provides a compelling solution to quality open source compliance,” says Shane Coughlan, OpenChain General Manager. “OpenChain offers the freedom of choice for companies to conform via self-certification, independent assessment, or third party certification. When it comes to the latter, the key value is to ensure the certifier has impeccable credentials. This is true of Bureau Veritas and we look forward to ongoing collaboration in this space.”

About Bureau Veritas

Bureau Veritas is a world leader in laboratory testing, inspection and certification services. Created in 1828, the Group has 75,000 employees located in more than 1,600 offices and laboratories around the globe. Bureau Veritas helps its clients improve their performance by offering services and innovative solutions, in order to ensure that their assets, products, infrastructure and processes meet standards and regulations in terms of quality, health and safety, environmental protection and social responsibility. Bureau Veritas is listed on Euronext Paris and belongs to the Next 20 index. Compartment A, ISIN code FR 0006174348, stock symbol: BVI. For more information contact Jim CHIU | jim.chiu@bureauveritas.com or visit www.bureauveritas.com.

About OpenChain

The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

For customer questions please contact:

Asia – Taiwan: Jim CHIU | jim.chiu@bureauveritas.com

For media questions please contact:

Bureau Veritas Consumer Products Services
Technology Products Taiwan
Vicky CHEN
Email: vicky.chen@tw.bureauveritas.com

Aug 17
Love0

Huawei Joins The Governing Board Of The OpenChain Project

By Featured

Huawei, a global leader in technology and open source, has joined the board of the OpenChain Project. Alongside 20 other global companies such as Qualcomm, Google, Siemens and Toyota, Huawei will work to align the supply chain behind OpenChain ISO 5230, the International Standard for quality open source compliance.

“Huawei is delighted to join the OpenChain Project . Huawei adheres open collaboration and innovation, has long been committed to establishing a compliance management system that aligns with industry best practices, and incorporating compliance management into end-to-end business activities and processes. ” Wang Yousheng, Director of Open Source & Developer Dept, Huawei. ““Huawei will be an active member in OpenChain Project , hopes through constantly enhancing mutual understanding, cooperation and trust with global developer and open source communities, to build a more secure and trustworthy open source software chain together.“

“China is the center of innovation across many types of technology, including open source,” says Shane Coughlan, OpenChain General Manager. “Huawei’s leadership in this space has helped build bridges across the world. Their decision to join the governing board of the OpenChain Project is  further evidence of this, and will be pivotable in taking OpenChain ISO 5230 to the next level. This will benefit every company using open source, a shared undertaking we approach with both excitement and respect.”

About Huawei

Founded in 1987, Huawei is a leading global provider of information and communications technology (ICT) infrastructure and smart devices. We have approximately 197,000 employees and we operate in over 170 countries and regions, serving more than three billion people around the world.
Huawei’s mission is to bring digital to every person, home and organization for a fully connected, intelligent world. To this end, we will: drive ubiquitous connectivity and promote equal access to networks to lay the foundation for the intelligent world; provide the ultimate computing power to deliver ubiquitous cloud and intelligence; build powerful digital platforms to help all industries and organizations become more agile, efficient, and dynamic; redefine user experience with AI, offering consumers more personalized and intelligent experiences across all scenarios, including home, travel, office, entertainment, and fitness & health.

About OpenChain

The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

Aug 17
Love0

华为加入OpenChain项目董事会

By Featured

华为,作为全球信息技术和开源领域的领导者之一,加入了OpenChain项目的董事会。华为将同高通、谷歌、西门、丰田等其它20个全球企业一起努力协调开源软件供应链,以支持为高质量的开源软件合规而制定的 “OpenChain ISO 5230”国际标准。

“华为很高兴加入OpenChain 项目。华为坚持开放式合作与创新,同时长期致力于建立符合业界最佳实践的合规管理体系,并坚持将合规管理端到端地落实到业务活动及流程中。”华为开源与开发者部部长王有生说到:“华为将积极参与OpenChain项目,希望与全球开发者、开源社区一起,持续增强彼此的理解与互信合作,共建更加安全可信的开源软件供应链。”

“中国如今已是包括开源技术在内的多种技术的创新中心。”OpenChain的总经理Shane Coughlan说到:“华为在开源领域的领导地位,已帮助这一领域在全球范围内建立起了桥梁。他们加入OpenChain项目的董事会的决定进一步证明了这点,并将在把OpenChain ISO 5230标准提升到一个更高的水平的过程中发挥重要作用。这将使每家使用开源的公司都受益,这是我们既兴奋又尊重的共同事业。”

关于华为

华为创立于1987年,是全球领先的ICT(信息与通信)基础设施和智能终端提供商。目前华为约有19.7万员工,业务遍及170多个国家和地区,服务全球30多亿人口。
华为致力于把数字世界带入每个人、每个家庭、每个组织,构建万物互联的智能世界:让无处不在的联接,成为人人平等的权利,成为智能世界的前提和基础;为世界提供最强算力,让云无处不在,让智能无所不及;所有的行业和组织,因强大的数字平台而变得敏捷、高效、生机勃勃;通过AI重新定义体验,让消费者在家居、出行、办公、影音娱乐、运动健康等全场景获得极致的个性化智慧体验。

Aug 12
Love0

OpenChain ISO 5230 – Security Assurance Reference Guide Now Available

By Featured

The OpenChain Project has a mission to establish trust in the Open Source from which Software Solutions are built. The International Standard OpenChain ISO 5230 addresses this matter from the perspective around open source license compliance. Many of the same processes are equally applicable to open source security and for this reason we are providing guidance regarding how they can be applied.

The OpenChain Security Assurance Reference Guide 1.0 has a similar format to OpenChain ISO 5230. It can be regarded as a map enabling a user to transpose the proven processes of ISO 5230 to the security domain. This first iteration of the reference guide focuses on the core process of identifying and addressing “known vulnerabilities.” Over time we will evolve the guide to refine its effectiveness.

The OpenChain Security Assurance Reference Guide should be understood as a method to complement rather than compete with security specific standards. It is quite possible that an organization is compliant with another given standard will automatically meet all the processes outlined in the OpenChain Security Assurance Reference Guide. This is by design.

As the OpenChain Project adds additional reference guides over time (e.g., quality, export compliance, malware and functional safety) the value of OpenChain ISO 5230 will grow. This work – as with all activity inside the OpenChain Project – will be undertaken by the community of user companies for the benefit of the community.

Get The Reference Guide

Send Feedback To The Specification Team

Aug 09
Love0

Sony Semiconductor Announces An OpenChain Conformant Program

By Featured

Sony Semiconductor Solutions, a global leader in advanced technologies of image sensor, has announced an OpenChain ISO 5230 conformant program.

“As a global leader of imaging & sensing technology, Sony Semiconductor Solutions Corporation adopted the OpenChain standard early in the lifecycle in 2019. We have operated a quality management system including OSS license compliance so that our customers can use our products and services with confidence,” says Dai Sugimoto, Quality Officer of Sony Semiconductor Solutions Corporation. “We are delighted to continue our engagement by announcing conformance to OpenChain ISO/IEC 5230. This International Standard offers a clear signal that a company uses industry best practices in managing open source license compliance. We believe it is important for our company and our supply chain.”

“Sony Semiconductor is a prime example of the very heart of the supply chain,” Shane Coughlan, OpenChain General Manager. “They play a critical part in ensuring advanced products get to market, and they do so with a continuing commitment to excellence. OpenChain ISO 5230 conformance is another step in this process, ensuring the highest quality of open source compliance program. We look forward to collaborating deeply in the months and years to come.”

About Sony Semiconductor Solutions Corporation

Sony Semiconductor Solutions Corporation is the global leader in image sensors. Our semiconductor business also includes a variety of other parts including microdisplays, LSIs, and laser diodes. We strive to provide advanced imaging technologies that bring greater convenience and fun to people’s lives. In addition, we also work to develop and bring to market new kinds of sensing technologies with the aim of offering various solutions that will take the visual and recognition capabilities of both human and machines to greater heights. For more information, please visit: https://www.sony-semicon.co.jp/e/

About OpenChain

The OpenChain Project maintains the International Standard for open source license compliance. This allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. This is an open standard and all parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standard.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage

Linux is a registered trademark of Linus Torvalds.

Aug 04
Love0

OpenChain Welcomes Cybellum As An Official Partner

By Featured

Cybellum, a leader in embedded product security and license compliance management for mission critical industries, is the latest vendor to join the OpenChain Project partner program. 

Their engagement will focus on raising awareness among user companies regarding open-source license compliance and security, while ensuring they have freedom of choice when considering commercial automation solutions around ISO/IEC 5230 conformance activities. ISO/IEC 5230 is the International Standard for open-source license compliance.

“Cybellum has been actively supporting automotive, medical-device and industrial IoT manufacturers with automation around security and compliance of their products,” says Shane Coughlan, OpenChain General Manager. “We look forward to collaborating with Cybellum in raising awareness and in providing support as companies around the world integrate ISO/IEC 5230 into their supply chains. We also invite companies to engage with the OpenChain Project directly via our regular calls, mailing list and events.”

“With the current software supply chain security challenges, organizations like OpenChain are a key for proper collaboration across the value chain, especially when representing a software bill of materials. We’re thrilled to join OpenChain, which is widely adopted by the industry and will be the driving force for creating a quality open-source compliance program within organizations” says Slava Bronfman, CEO of Cybellum.

About Cybellum

Cybellum empowers connected device manufacturers and their suppliers to identify and remediate security risks at scale, throughout the entire product life cycle. Our agentless solution scans embedded software components without needing access to their source code, exposing all cyber vulnerabilities. Manufacturers can then take immediate actions and eliminate any cyber risk in the development and production process, before any harm is done, while continuously monitoring for emerging threats impacting product in operational use. Read more at www.cybellum.com

About the OpenChain Project

OpenChain began when a group of open-source compliance professionals met in a conference lounge and chatted about how so much duplicative, redundant open-source license compliance work was being done inefficiently in the software supply chain simply. They realized that while each company did the same work behind the scenes in a different manner the output for downstream recipients could not realistically be relied on because there was no visibility into the process that generated the output.

The answer the early principles of this discussion arrived at was to standardize open-source compliance, make it transparent and build trust across the ecosystem. The project began as outreach to the community with the idea of a new standard for open-source license compliance with slides titled, “When Conformity is Innovative.” A growing community quickly recognized the value of this approach and contributed to the nascent collaboration soon named The OpenChain Project.

Close Menu