Skip to main content
All Posts By

Shane Coughlan

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.

OpenChain SBOM Study Group Kick-Off Call – 2024-07-30 at 09:00 CEST / 15:00 CST / 16:00 KST + JST

By News

OpenChain SBOM Study Group Kick-Off Call

2024-07-30 at 09:00 CEST / 15:00 CST / 16:00 KST + JST

The OpenChain Governing Board recently approved the creation of a new study group to discuss SBOM use in the supply chain. With a focus on “how to use,” this study group will consider practical ways to increase trust in the supply chain and satisfy regulatory requirements. It builds on previous work by the OpenChain Project around lightweight SBOM profiles (SPDX Lite), defining quality SBOM (Telco SBOM Guide) and local work group activities.

Join here up to ten minutes before we start, no registration required:

This kick-off call will:

  • Introduce the practical considerations of using SBOMs in supply chains
  • Discuss who these considerations apply to
  • Talk about existing market solutions: Case Study SPDX Lite
  • Have an open discussion on next steps

Everyone with an interest in SBOMs, the use of SBOMs in the supply chain, and in increasing trust in the supply chain is invited. Kobota San from Sony is the chair of this study group in 2024. Kobota San, thank you for stepping forward to start this activity!

We have a dedicated mailing list:

We have a dedicated Slack Channel:

We have a dedicated GitHub Repo:

OpenChain Explainer for Sales and Marketing – Beta

By News

One of the most innovative people in the OpenChain community has to be Martin Yagi of the UK Work Group. He kicked off an initiative to create and publish tons of bite-sized videos around OpenChain training courses and more. Not satisfied with that, he has also created a beta video for some work underway in the Education Work Group around “explainers” for different departments in companies.

Let’s explore how we can explain OpenChain to Sales and Marketing departments (beta, because the explainer is still in draft development).

Want to be part of helping with the development of the explainer series?

Be part of this:

You can get involved with the Education Work Group through their dedicated mailing list. At this link, you will also find connections to other study and working groups around the world:

OpenChain AI Study Group Call – Asia Sync Call – 2024-07-11 – Full Recording

By News

The OpenChain AI Study Group held its regular Asia sync on the 11th of July. This focused on a recap of the earlier monthly workshop, including an overview of outcomes from the recent OpenChain Governing Board meeting regarding the AI Study Group, flagging a presentation by Laurie Grant @ Qualcomm on ISO/IEC 42001, and other discussion around shared concerns regarding AI compliance in the supply chain.

Be part of this:

You can get involved with this study or work group through their dedicated mailing list. At this link, you will also find connections to other study and working groups around the world:

OpenChain Education Work Group – 2024-07-03 – Full Recording

By News

On the 3rd of July we held our regular meeting of the OpenChain Education Work Group. As part of the outreach activities of the OpenChain Project, it focuses on help to make it easier to understand and adopt OpenChain ISO/IEC 5230:2020 for license compliance and OpenChain ISO/IEC 18974:2023 for security assurance. Discussion ranges from handouts to education leaflets to training slides to case studies and guides. Editing is normally done on GitHub. All are welcome.

Exciting stuff this time:

  • Explainers for different parts of companies
  • Maturity modeling
  • More about upcoming PDF versions of documents
  • And a discussion about our update training slides

Be part of this:

You can get involved with the OpenChain Education Work Group through their dedicated mailing list. At this link, you will also find connections to other working groups around the world:

OpenChain Telco Work Group Meetings – 2024-07-04 – Full Recording

By News

As usual, this was a very practical meeting, and it covered topics like TR-03183 – Cyber Resilience Requirements for Manufacturers and Products. Full recording below.

Be part of this:

You can get involved with the OpenChain Telco Work Group through their dedicated mailing list. At this link, you will also find connections to other working groups around the world:

Please note: you do not have to be an expert in telecommunications or work for a telecommunications company to join the group. Work on subjects like the Telco SBOM Quality Guide is intended to also help other market sectors.

OpenChain Japan All Member Meeting #30 – 2024-02-28

By News

An oldie but a goodie. If you want to see what a longer community event is like, check out the OpenChain Japan All Member Meeting #30 from February.

Owada San, our ever-dedicated community contributor, is currently preparing the 31st meeting for release, so watch this space!

You can get involved with the OpenChain Japan Work Group through their dedicated mailing list. At this link, you will also find connections to other working groups around the world:

IAV Announces Adoption of ISO/IEC 5230:2020

By Featured, News

IAV GmbH has announced adoption of ISO/IEC 5230:2020 via third-party certification provided by TimeToAct. Adjacent to this, IAV and TimeToAct are collaborating with the OpenChain Project on a webinar and case study about the certification rationale and process.

“The exceptional progress of OpenChain ISO/IEC 5230 in improving trust in the open source supply chain has been felt in many industries,” says Shane Coughlan, OpenChain Project General Manager. “However, automotive is perhaps where we have had the largest and broadest impact. In a sector with a high degree of regulation, our ISO standard for open source license compliance offers a clear, effective and efficient method of containing risk. We are delighted to welcome IAV GmbH to our community of conformance, and to have had the opportunity to collaborate with our official partner TimeToAct on sharing this news with others. Our forthcoming webinar and case study adjacent to the certification provides a useful tool for other companies seeking to align behind international standards for open source business process management.”

The case study will be released and the webinar will take place at 10:00 CEST on the 16th of July. Learn more about this from the OpenChain Global Calendar on our participation page.


There is no need to register for this webinar. Simply follow the Zoom link in the OpenChain Global Calendar.

About IAV GmbH

IAV Automotive Engineering is a developer of computer app systems for the automotive industry. The company offers services in the areas of light vehicles, such as chassis, cockpit, combustion engine, E-Traction, exterior, gaseous-fuel vehicle, hybrid, interior, mobility, powertrain concept and integration, powertrain electronic, product life cycle,transmission, vehicle electronic, vehicle function, and vehicle safety services; commercial vehicles and work machines, including cabin, CO2 efficiency, driver assistance, functional architecture, powertrain, transportation and logistics, and work and agricultural machines; energy supply aspects; and methods and test facilities.

About TimeToAct

TIMETOACT GROUP modernises and integrates IT applications for upper midmarket companies, fortune 500 enterprises and the public sector, with the goal of increasing their agility, efficiency, and transparency and to reduce costs and risks. In addition, TIMETOACT GROUP designs and implements digital business models, opening up new market opportunities for its innovative customers. Its services include consulting and cloud transformation as well as data, software and system engineering in the fields of employee experience, business applications, and customer experience.

About the OpenChain Project

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs

About The Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Introduction to Open Source License Compliance Management (LFC193) – The Bite-Sized Videos

By Featured, News

The OpenChain Project collaborated with LF Training on Introduction to Open Source License Compliance Management (LFC193), a free online training course intended to help people build the basic knowledge needed to get started in open source licensing management. Martin Yagi from the OpenChain UK Work Group has created a series of bite-sized videos to help summarise key points from the course. You can view them all below.



Chapter 0: Introduction

Chapter 1: Rights and Licensing

Chapter 2 Part 1: Introduction to Open Source Licenses

Chapter 2 Part 2: Introduction to Open Source Licenses

Chapter 3 Part 1: Introduction to Open Source Compliance

Chapter 3 Part 2: Introduction to Open Source Compliance

Chapter 4: Codebuilding and Distribution

Chapter 5: Bringing it all Together

Huge thanks for Martin for all his hard work!



The OpenChain Project also has a more advanced course created in collaboration with LF Training called Implementing Open Source License Compliance Management (LFC194).


OpenChain AI Study Group – Monthly Workshop for North America and Europe – 2024-07-02 – Recording

By Featured, News

The OpenChain AI Study Group held its regular monthly workshop on the 2nd of July. This workshop included an overview of outcomes from the recent OpenChain Governing Board meeting regarding the AI Study Group, a presentation by Laurie Grant @ Qualcomm on ISO/IEC 42001, as well as other discussions to narrow down areas of shared concern and interest regarding AI compliance in the supply chain.

Track This Work

You can follow and contribute to the work of the OpenChain AI Study Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:

Attend Future Meetings

You can find and get the dial-in details for all future AI Study Group meetings from our participate page here: