Skip to main content
All Posts By

Shane Coughlan

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.

OpenChain Project Meetings This Week (all times UTC)

By News

This week we have the following international meetings:

Tuesday 20th February:

– OpenChain Monthly North America / Asia Call @ 01:00 UTC

– OpenChain AI Study Group (North America / Europe) @ 16:00 UTC

Wednesday 21st February:

– OpenChain Webinar #71 – FOSS License Management: meta-osselot project for integrating OSSelot-Data in OpenEmbedded @ 09:00 UTC

– OpenChain Automation Work Group Meeting (European Afternoon) @ 16:00 UTC

Thursday 22nd February:

– OpenChain Webinar #60 – SPDX 3.1 – Services Profile Overview @ 01:00 UTC

– OpenChain Education Work Group Meeting @ 17:00 UTC

You can check out all our international meetings and get instructions on adding our calendar to your client here: https://www.openchainproject.org/participate

OpenChain AI Study Group (North America / Europe) 2024-02-06 – Recording

By Featured, News

Agenda:

   • Recap of discussion so far
   • Scope – how to build trust in the open source AI supply chain
       • What are the “compliance artifacts”?
       • How do we know they can be trusted?
   • Discuss use cases
       • Inbound
       • Deployment internally
       • Hosting externally
       • Distributing externally

Get The Slides

Learn more about the activities of this study group via their dedicated mailing list:

A Spotlight on Security Efforts at the Linux Foundation

By News

“Security has continued to be a focus across all our project communities at the Linux Foundation. In today’s blog, we highlight the recent efforts and impact of four Linux Foundation project communities: OpenSSF, FINOS Common Cloud Controls Project, OpenChain, and SPDX. Each community addresses aspects of security from a different perspective and helps contribute to our shared goal of having a more secure software ecosystem for everyone.”

Read the blog: 
https://www.linuxfoundation.org/blog/a-spotlight-on-security-efforts-at-the-linux-foundation

OpenChain Webinar #68 – VulnerableCode technical deep dive into VulnTotal

By Automation, News, Webinar

This was originally published as “Automation Case Study #7 – VulnerableCode technical deep dive into VulnTotal” on 2023-02-07. It has been re-published in the main webinar series to improve discoverability.

Philippe Ombredanne from nexB lead a technical deep dive into VulnTotal on the 7th of February 2023. It was about an aspect of the AboutCode Project, with VulnerableCode providing tools to collect, aggregate and refine software vulnerability information from more than 20 sources and tools to quickly create new “importers”. Called VulnTotal, it came out of Google Summer of Code 2022:

VulnTotal: Cross-validate vulnerability coverage of VulnerableCode (Keshav Priyadarshi)

VulnerableCode is a unique project that collates and cross-references FOSS vulnerability data from multiple sources. Inspired by the VirusTotal multi-scanner virus scanning service, the VulnTotal project will cross-validate the vulnerability coverage of VulnerableCode against other publicly available vulnerability check tools and databases. For instance, a package may be reported as vulnerable by one tool or database but not by another. We can gradually work with these tool providers to keep each other apprised about newly discovered vulnerabilities, making FOSS more secure.

OpenChain Webinar #67 – Digging Further Into The Supply Chain

By Automation, News, Webinar

This was originally published as “Automation Case Study #6 – Digging Further Into The Supply Chain” on 2021-12-09. It has been re-published in the main webinar series to improve discoverability.

The OpenChain automation case study about using open source tools for open source compliance runs between September and December 2021. It is the largest case study ever undertaken in this space. The outcome of attending will include better knowledge of options for automation around open source compliance, a better understanding of interoperability in the space, and an awareness of how to engage with the field in a turn-key manner.

Part #6 digs further into how a Software Bill of Materials like SPDX ISO/IEC 5962 can optimize operations in the supply chain by ensuring manual or automated analysis works in a more efficient and effective manner.

Coming Next:

  • December 16th, a recap of the whole open source tooling eco-system at Open Compliance Summit 2021.

Available to Watch Now:

Learn More:

OpenChain Webinar #66 – SBOMs in a Virtual Supply Chain

By Automation, News, Webinar

This was originally published as “Automation Case Study #5 – SBOMs in a Virtual Supply Chain” on 2021-11-24. It has been re-published in the main webinar series to improve discoverability.

The OpenChain automation case study about using open source tools for open source compliance runs between September and December 2021. It is the largest case study ever undertaken in this space. The outcome of attending will include better knowledge of options for automation around open source compliance, a better understanding of interoperability in the space, and an awareness of how to engage with the field in a turn-key manner.

Part #5 explores how SPDX ISO/IEC 5962 works as a Software Bill of Materials (SBOM) in the supply chain through existing open source tooling for open source compliance.

Coming Next:

  • December 8th, expanding on the Supply Chain and SBOMs.
  • December 16th, a recap of the whole open source tooling eco-system at Open Compliance Summit 2021.

Available to Watch Now:

Learn More:

OpenChain Webinar #65 – How The Graphical Interface Can Help With Using TERN

By Automation, News, Webinar

This was originally published as “Automation Case Study #4 – How The Graphical Interface Can Help With Using TERN” on 2021-10-29. It has been re-published in the main webinar series to improve discoverability.

The OpenChain automation case study about using open source tools for open source compliance runs between September and December 2021. It is the largest case study ever undertaken in this space. The outcome of attending will include better knowledge of options for automation around open source compliance, a better understanding of interoperability in the space, and an awareness of how to engage with the field in a turn-key manner.

Part #4 explores how TERN (a container scanner) works both with the graphical tool and when used on its own.

Coming Next:

  • November 24th, we do a “fake supply chain” showing code going through multiple scanners and maintaining SPDX Lite integrity.
  • December 8th, expanding on the Supply Chain and SBOMs.
  • December 16th, a recap of the whole open source tooling eco-system at Open Compliance Summit 2021.

Available to Watch Now:

Learn More:

OpenChain Webinar #64 – How The Graphical Interface Can Help With Using Open Source Review Toolkit (ORT)

By Automation, News, Webinar

This was originally published as “Automation Case Study #3 – How The Graphical Interface Can Help With Using Open Source Review Toolkit (ORT)” on 2021-10-15. It has been re-published in the main webinar series to improve discoverability.

The OpenChain automation case study about using open source tools for open source compliance runs between September and December 2021. It is the largest case study ever undertaken in this space. The outcome of attending will include better knowledge of options for automation around open source compliance, a better understanding of interoperability in the space, and an awareness of how to engage with the field in a turn-key manner.

Part #3 explores how ORT (the Open Source Review Toolkit) works both with the graphical tool and when used on its own.

Coming Next:

  • October 27th, we do a deep dive on using TERN via the tool + deep dive into TERN internals engineering.
  • November 24th, we do a “fake supply chain” showing code going through multiple scanners and maintaining SPDX Lite integrity.
  • December 8th, expanding on the Supply Chain and SBOMs.
  • December 16th, a recap of the whole open source tooling eco-system at Open Compliance Summit 2021.

Available to Watch Now:

Learn More: