Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source.
Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.
Famisanar EPS was formed as a strategic alliance between Cafam and Colsubsidio to contribute to improving the health of Colombians in 1995. They currently have 2,277 collaborators and are present in 139 municipalities of 16 departments. They have a total of 58 Administrative and User Service Offices nationwide.
“The OpenChain Project, and the standards we maintain, are a contribution to the health and trustability of the software supply chain,” says Shane Coughlan, OpenChain General Manager. “We are delighted to see that our work is supporting the medical industry in Colombia, and we hope their activity in this space inspires others. The OpenChain community is always ready to help organizations from any geography, and in any industry, make use of our standards and guides to improve open source process management.”
Reflections on our lessons learned in making ISO 18974, and our process of drafting proposed updates to the standards, to try and provide a template for other projects looking at making and maintaining standards.
Education:
A review of the updated Reference Library, updated open source policy template and drafting underway for a new OpenChain Adoption Guide + discussion about and call for engagement with updates to our online training.
And…
The Future:
The OpenChain Project has been very busy with various things in recent months. AI Compliance in the supply chain. SBOM Quality (Telco and Cross-Industry). Country meetings (Germany, Korea, Japan), and so on. However, attendance on the main monthly call has been modest. We discussed how to change that, and also how to address the issue of timezones.
The second point was front-of-mind for our Specification Chair, Chris Wood. When drafting a specification, or considering an update to a presentation, the majority of the work tends to be live-editing on calls. However, with the geographic split between North America, Europe and Asia, our retrospective on the ISO/IEC 5230 and ISO/IEC 18974 proposed updates revealed this to be a concern.
Starting next month, we will explore options to boost interest, engagement and attendance with this primary call, and to improve the ability of people from around the world to live edit, rather than needing to catch-up via mailing lists or on GitHub.
The first step will be adjusted scheduling (watch this space) and the second step will be to invite the various work groups and study groups to join the main call, and to provide briefings and Q&A around their work.
We will be following up on the activities outlined above on the mailing lists, and we will continue our regular series of calls and meetings throughout the year.
OpenAnolis announced that it has met the OpenChain ISO/IEC 5230 standard. The OpenAnolis community is a non-profit open source community formed by enterprises, institutions, universities, scientific research institutions, non-profit organizations, individuals, etc. on the basis of voluntariness, equality, openness, and collaboration.
The OpenAnolis community has always attached great importance to the construction of security and compliance capabilities. In terms of infrastructure, R&D processes and tools, the community has made comprehensive and in-depth investments, including the construction of software supply chain security infrastructure, support for SBOM lists, and the construction of license compliance systems. These capabilities provide solid security guarantees for the community’s open source activities, ensuring that they are carried out smoothly in a safe and compliant environment.
Ma Tao, Chairman of OpenAnolis, said: “We are pleased to announce the OpenChain ISO/IEC 5230 certification. Open source has always been the source of innovation for the OpenAnolis Community. The OpenAnolis Community will firmly embrace open source, contribute to open source, and contribute to the field of operating systems in the AI era. This certification is a very important milestone in the construction of OpenAnolis’s open source compliance capabilities, and it is also a new starting point. The OpenAnolis Community will continue to invest and improve in the direction of security compliance to ensure the community’s security compliance level.”
Liu Dapeng, head of the OpenAnolis Community Standardization SIG, said that the OpenAnolis Community’s OpenChain ISO/IEC 5230 certification is of great significance to the development of the community. Standards and community open source complement each other, promote and enhance each other, and play an important role in building an open, interoperable, prosperous and innovative technology ecosystem. In the future, the Standardization SIG will continue to work with community ecosystem partners to jointly formulate the engineering standards of the OpenAnolis Community and ensure that community products meet relevant standard requirements.
About OpenAnolis
Founded in September 2020, OpenAnolis is an international open-source community and innovation platform for operating systems. It is committed to building a Linux open-source distribution and open-source innovation technology through open community cooperation. Its goal is to promote the prosperity and development of software, hardware, and application ecology, and jointly create new sources and infrastructure for digital development.
The community council consists of 24 leading enterprises from around the world, including Alibaba Cloud, Uniontech, Loongson, Arm, Intel, and more. Nearly 600 partners have participated in ecological co-construction, achieving full coverage of mainstream chip collaborative research and development mechanisms, mainstream middleware/databases, and mainstream OEM manufacturers. Over 100 products have successfully adopted the OpenAnolis operating system (Anolis OS). Currently, OpenAnolis has served over 800,000 users.
OpenAnolis has established about 60 SIG working groups, with an average monthly contribution of 5,000 PR. It has achieved technological innovation in core areas such as chips, kernel, compiler, security, virtualization, and cloud-native, consistently ranking at the top of the Linux community rankings. The community has released several community versions, including Anolis LoongArch GA, Anolis OS 7.9, 8.4, 8.6, and more.
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
龙蜥社区理事长马涛说:“我们很高兴宣布获得 OpenChain ISO/IEC 5230 认证。开源一直是龙蜥社区创新的源泉。龙蜥社区将会坚定地拥抱开源,贡献开源,为 AI 时代的操作系统领域贡献龙蜥力量。这次认证通过是龙蜥在开源合规能力建设上的一个非常重要的里程碑,也是一个新的起点。龙蜥社区会持续在安全合规方向进行投入和提升,保证社区的安全合规水平。”
龙蜥社区标准化 SIG 负责人刘大鹏表示,龙蜥社区获得OpenChain5230认证,对社区的发展具有重要意义,标准和社区开源形成互补,互相促进和增强,共同为构建开放、互通、繁荣、创新的技术生态发挥重要作用。未来标准化 SIG 将继续联合社区生态伙伴共同制定龙蜥社区的工程标准,并确保社区产品符合相关标准要求。
关于OpenAnolis(龙蜥社区):
龙蜥社区成立于 2020 年 9 月,立足云计算打造数字创新基石,聚拢产业生态力量,共创数字化发展开源新基建。汇聚企事业单位、高等院校、科研单位、个人开发者等多元角色,作为面向国际的 Linux 服务器操作系统开源根社区及创新平台,龙蜥社区持续推动软、硬件及应用生态繁荣发展。
Socionext, a semiconductor and System on a Chip (SOC) company based in Japan, has completed recertification of OpenChain ISO/IEC 5230. This is an important part of the 18 month review cycle required by the specification to ensure processes are current.
“ISO standard periodic recertification is a critical building block in creating trust,” says Shane Coughlan, OpenChain General Manager. “As companies evolve and markets change, it is important to use clear, unambiguous processes like those outlined in OpenChain ISO/IEC 5230, the International Standard for open source license compliance. This is key to managing the open source software supply chain, and Socionext has long been a leader in this area.”
About Socionext Inc.
Socionext Inc., a leading global System-on-Chip (SoC) supplier, is a pioneer of the ‘Solution SoC’ business model. This innovative approach encompasses Socionext’s ‘Entire Design’ capabilities and offering of ‘Complete Service’. As a trusted silicon partner, Socionext fuels global innovation, providing superior features, performance, and quality that set its customers’ products and services apart in diverse domains ranging from automotive and data centers to networking, smart devices, and industrial equipment.
Socionext Inc., based in Yokohama, operates offices across Japan, Asia, the United States, and Europe for development and sales. For more information, visit https://www.socionext.com/en/.
About the OpenChain Project
The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Reflections on our lessons learned in making ISO 18974, and our process of drafting proposed updates to the standards, to try and provide a template for other projects looking at making and maintaining standards.
Education:
A review of the updated Reference Library, updated open source policy template and drafting underway for a new OpenChain Adoption Guide + discussion about and call for engagement with updates to our online training.
And…
The Future:
The OpenChain Project has been very busy with various things in recent months. AI Compliance in the supply chain. SBOM Quality (Telco and Cross-Industry). Country meetings (Germany, Korea, Japan), and so on. However, attendance on the main monthly call has been modest. We discussed how to change that, and also how to address the issue of timezones.
The second point was front-of-mind for our Specification Chair, Chris Wood. When drafting a specification, or considering an update to a presentation, the majority of the work tends to be live-editing on calls. However, with the geographic split between North America, Europe and Asia, our retrospective on the ISO/IEC 5230 and ISO/IEC 18974 proposed updates revealed this to be a concern.
Starting next month, we will explore options to boost interest, engagement and attendance with this primary call, and to improve the ability of people from around the world to live edit, rather than needing to catch-up via mailing lists or on GitHub.
The first step will be adjusted scheduling (watch this space) and the second step will be to invite the various work groups and study groups to join the main call, and to provide briefings and Q&A around their work.
We will be following up on the activities outlined above on the mailing lists, and we will continue our regular series of calls and meetings throughout the year.
To round off a successful run of Open Source Software Masterclasses, Bristows are pleased to announce that the final session, ‘Tech in focus: navigating legal and commercial challenges in an increasingly open source world’,has been expanded to include additional topics, offering even greater value. Please find the full programme below.
Register now to secure your in-person place. Attendance is available for the full day, or for either the morning or afternoon sessions. Don’t miss this excellent opportunity to discuss the latest Open Source insights and network with peers in the tech law community.
OpenChain will feature prominently, and many familiar faces from our UK community will be present.
Open Source in transactions: M&A and commercial agreements Toby Crick, Partner, Bristows
4:15 pm
Panel discussion: open source and risk management Lewis Parle, Head of Intellectual Property Risk, Lockton, Stephen Pollard, Director Open Source Advisory, Orcro, Andrew Katz, Consultant, Bristows & CEO, Orcro, Toby Crick, Partner, Bristows
The OpenChain Project has begun a new guide designed to expand on options for small, medium and large companies adopting one or the other of our existing ISO standards. The goal is to outline some of the implementation choices an organization can make when filling out process points for open source business management. It is also going to link more deeply into our Reference Library for further examples and resources.
This guide is in early days, and we are putting out a call for ideas, suggestions and contributions.
Expand on the options available for each topic covered
Include better references to open source tooling for open source compliance matters
Note:
One thing that is noteworthy is that this guide is human-drafted but it is being developed in conjunction with a locally-installed LLM (Gemma3 12b). The LLM prompts and original output are at the bottom of the guide itself. There is no intention to replace human review and development, but rather to test to what extent current LLMs are providing accurate or useful information around our standards. This will help us develop guidance on LLM use for OpenChain and other compliance initiatives later in the year.
The OpenChain Project publishes a template for making open source policies. This is a non-prescriptive document that provides plenty of options for policy development for organizations of all sizes.
With huge thanks to Gary Armstrong over at FOSSID (and to Andrew Katz, Education Chair, for the merge), please find below a new version of the OpenChain open source policy template:
(You can also find the old version at the same link)
The updated policy template improves the content, formatting and fixes bugs, and it a recommended upgrade for anyone using our template to help develop or refine open source policy in organizations.
Interested in Helping?
The OpenChain Policy Template is a living document (just like all our reference library). We activity welcome feedback and suggestions for improvement from everyone involved in open source and open innovation.
You can be part of the process by joining our Education Work Group mailing list: