Hello,
We have another 1-day event in March, which this time will be dedicated to the topic of open source software compliance, featuring talks and workshops on topics such as OpenChain, SW360 and FOSSology.
There are additional sessions in the pipeline, but we were keen to get details out sooner rather than later, given this is a full day, now less than 2 months away, and diaries fill up quick.
Further details will be provided in due course!
Cheers,
Andrew
//
OSHUG #65 — Yanking the Chain: open source software compliance in the supply chain
On the 22 March 2018, 09:00 - 17:00 at BCS London, 1st Floor, The Davidson Building, 5 Southampton Street, London, WC2E 7HA.
Registration: http://oshug.org/event/65
With the ever increasing complexity of embedded device software stacks, coupled with the proliferation of new mechanisms for distributing complex server software stacks, open source compliance has never been more important — or indeed more of a challenge.
Fortunately, there are growing number of tools and methods at our disposal to support open source software compliance efforts. This 1-day event will feature talks and hands-on workshops covering a number of these, with insights into practical experiences and lessons learned.
The preliminary programme can be found below and please note that further details will be published in due course as additional sessions are confirmed.
***Talks
— Introducing OpenChain
OpenChain is a scalable, flexible compliance programme, developed by the Linux Foundation. It provides a great foundation for businesses of all sizes to adopt appropriate practices and procedures in place to control development and supply chain risks. Already adopted by companies like Qualcomm, Toyota and ARM, it's equally applicable to SMEs.
* Andrew Katz is a lawyer and former programmer who advises extensively on free and open source software and other opens. He is head of the technology department at Moorcrofts LLP, a boutique technology law firm, which is one of the 5 OpenChain pilot partners in the world, and has been involved in drafting many of the OpenChain materials.
— Eclipse SW360 - Open Source Management with Open Source
SW360 manages software components with their license compliance documentation in SPDX and allows for setting up bills-of-material to provide comprehensive documentation for products and projects.
Organizations can use SW360 as a one-stop shop for sharing component information, tracking their usage in projects or products. This involves the handing of compliance information, but also, as an example, matching for vulnerabilities from data providers.
As an EPL-1.0 licensed Open Source project, it is highly customizable, letting organizations keep their confidential product development data on premises, and prevents them from becoming dependent on a single vendor. This presentation shows briefly features and a walk through the application to demonstrate capabilities and use cases of SW360.
* Michael C. Jaeger is one of the maintainers for the projects, FOSSology and SW360, both of which are in the area of license compliance and component management with open source software. At Siemens Corporate Technology in Munich, Germany, Michael manages the Siemens contributions to SW360 and FOSSology. Michael is a certified software architect and received a German PhD degree from the faculty of electrical engineering and computer science at TU Berlin.
*** Workshops
— Using FOSSology - License Analysis Hands On
FOSSology is an open source license compliance software system and toolkit. As a toolkit, you can run license, copyright and export control scans from the command line. As a system, a database and Web user interface provide you with user interface and functionality to analyse the licensing situation of open source software.
* Hosted by: Michael C. Jaeger.
Note: Please aim to arrive by 08:45 as the workshop will start at 09:00 prompt.