OSHUG 65 — Yanking the Chain: open source software compliance in the supply chain, Thursday 22nd March.
Hello,
We have another 1-day event in March, which this time will be dedicated to the topic of open source software compliance, featuring talks and workshops on topics such as OpenChain, SW360 and FOSSology.
There are additional sessions in the pipeline, but we were keen to get details out sooner rather than later, given this is a full day, now less than 2 months away, and diaries fill up quick.
Further details will be provided in due course!
Cheers,
Andrew
//
OSHUG #65 — Yanking the Chain: open source software compliance in the supply chain
On the 22 March 2018, 09:00 - 17:00 at BCS London, 1st Floor, The Davidson Building, 5 Southampton Street, London, WC2E 7HA.
Registration: http://oshug.org/event/65
With the ever increasing complexity of embedded device software stacks, coupled with the proliferation of new mechanisms for distributing complex server software stacks, open source compliance has never been more important — or indeed more of a challenge.
Fortunately, there are growing number of tools and methods at our disposal to support open source software compliance efforts. This 1-day event will feature talks and hands-on workshops covering a number of these, with insights into practical experiences and lessons learned.
The preliminary programme can be found below and please note that further details will be published in due course as additional sessions are confirmed.
***Talks
— Introducing OpenChain
OpenChain is a scalable, flexible compliance programme, developed by the Linux Foundation. It provides a great foundation for businesses of all sizes to adopt appropriate practices and procedures in place to control development and supply chain risks. Already adopted by companies like Qualcomm, Toyota and ARM, it's equally applicable to SMEs.
* Andrew Katz is a lawyer and former programmer who advises extensively on free and open source software and other opens. He is head of the technology department at Moorcrofts LLP, a boutique technology law firm, which is one of the 5 OpenChain pilot partners in the world, and has been involved in drafting many of the OpenChain materials.
— Eclipse SW360 - Open Source Management with Open Source
SW360 manages software components with their license compliance documentation in SPDX and allows for setting up bills-of-material to provide comprehensive documentation for products and projects.
Organizations can use SW360 as a one-stop shop for sharing component information, tracking their usage in projects or products. This involves the handing of compliance information, but also, as an example, matching for vulnerabilities from data providers.
As an EPL-1.0 licensed Open Source project, it is highly customizable, letting organizations keep their confidential product development data on premises, and prevents them from becoming dependent on a single vendor. This presentation shows briefly features and a walk through the application to demonstrate capabilities and use cases of SW360.
* Michael C. Jaeger is one of the maintainers for the projects, FOSSology and SW360, both of which are in the area of license compliance and component management with open source software. At Siemens Corporate Technology in Munich, Germany, Michael manages the Siemens contributions to SW360 and FOSSology. Michael is a certified software architect and received a German PhD degree from the faculty of electrical engineering and computer science at TU Berlin.
*** Workshops
— Using FOSSology - License Analysis Hands On
FOSSology is an open source license compliance software system and toolkit. As a toolkit, you can run license, copyright and export control scans from the command line. As a system, a database and Web user interface provide you with user interface and functionality to analyse the licensing situation of open source software.
* Hosted by: Michael C. Jaeger.
Note: Please aim to arrive by 08:45 as the workshop will start at 09:00 prompt.
Details incoming for talk #3:
— How License Compliance Engineering Can be Simplified
When people are confronted with license compliance for the first time it feels overwhelming because there are many aspects to it: license scanning of hundreds of thousands of files, complete and corresponding source code, derivative works and code clone detection, and so on. Clients often say that they simply do not know where to start.
However, experience demonstrates that license compliance does not need to be overly complicated, as there are short-cuts that can be taken and have zero risk, but that will vastly speed up compliance processes. This talk will highlight a few best practices learned from compliance work with clients and explain how information from upstream projects can be used to make the license compliance processes quicker, predictable and more standardised.
* Armijn Hemel, MSc, is an expert in open source license compliance engineering. From 2005-2012 he helped enforce the GPL license in Germany several hundred times as part of the coreteam of gpl-violations.org. Since then he has assisted companies to come into compliance (including in recent troll cases in Germany) and is actively involved in advancing the field of compliance by exploring new topics and tooling.
Registration: http://oshug.org/event/65
Best,
Andrew
On 31/01/18 21:28, Andrew Back wrote:
Hello,
We have another 1-day event in March, which this time will be dedicated to the topic of open source software compliance, featuring talks and workshops on topics such as OpenChain, SW360 and FOSSology.
There are additional sessions in the pipeline, but we were keen to get details out sooner rather than later, given this is a full day, now less than 2 months away, and diaries fill up quick.
Further details will be provided in due course!
Cheers,
Andrew
//
OSHUG #65 — Yanking the Chain: open source software compliance in the supply chain
On the 22 March 2018, 09:00 - 17:00 at BCS London, 1st Floor, The Davidson Building, 5 Southampton Street, London, WC2E 7HA.
Registration: http://oshug.org/event/65
With the ever increasing complexity of embedded device software stacks, coupled with the proliferation of new mechanisms for distributing complex server software stacks, open source compliance has never been more important — or indeed more of a challenge.
Fortunately, there are growing number of tools and methods at our disposal to support open source software compliance efforts. This 1-day event will feature talks and hands-on workshops covering a number of these, with insights into practical experiences and lessons learned.
The preliminary programme can be found below and please note that further details will be published in due course as additional sessions are confirmed.
***Talks
— Introducing OpenChain
OpenChain is a scalable, flexible compliance programme, developed by the Linux Foundation. It provides a great foundation for businesses of all sizes to adopt appropriate practices and procedures in place to control development and supply chain risks. Already adopted by companies like Qualcomm, Toyota and ARM, it's equally applicable to SMEs.
- Andrew Katz is a lawyer and former programmer who advises extensively
on free and open source software and other opens. He is head of the technology department at Moorcrofts LLP, a boutique technology law firm, which is one of the 5 OpenChain pilot partners in the world, and has been involved in drafting many of the OpenChain materials.
— Eclipse SW360 - Open Source Management with Open Source
SW360 manages software components with their license compliance documentation in SPDX and allows for setting up bills-of-material to provide comprehensive documentation for products and projects.
Organizations can use SW360 as a one-stop shop for sharing component information, tracking their usage in projects or products. This involves the handing of compliance information, but also, as an example, matching for vulnerabilities from data providers.
As an EPL-1.0 licensed Open Source project, it is highly customizable, letting organizations keep their confidential product development data on premises, and prevents them from becoming dependent on a single vendor. This presentation shows briefly features and a walk through the application to demonstrate capabilities and use cases of SW360.
- Michael C. Jaeger is one of the maintainers for the projects,
FOSSology and SW360, both of which are in the area of license compliance and component management with open source software. At Siemens Corporate Technology in Munich, Germany, Michael manages the Siemens contributions to SW360 and FOSSology. Michael is a certified software architect and received a German PhD degree from the faculty of electrical engineering and computer science at TU Berlin.
*** Workshops
— Using FOSSology - License Analysis Hands On
FOSSology is an open source license compliance software system and toolkit. As a toolkit, you can run license, copyright and export control scans from the command line. As a system, a database and Web user interface provide you with user interface and functionality to analyse the licensing situation of open source software.
- Hosted by: Michael C. Jaeger.
Note: Please aim to arrive by 08:45 as the workshop will start at 09:00 prompt.
-
Andrew Back