January 2, 2020

192 words 1 min read

Automating Open Source License Compliance - Filling in the Missing Pieces

Automating Open Source License Compliance - Filling in the Missing Pieces

From upstreams through the supply chain to consumer products, open source sharing of code has enabled an unprecedented rate of innovation and new products. Complying with the respective open source li …
Talk Title Automating Open Source License Compliance - Filling in the Missing Pieces
Speakers Kate Stewart (Senior Director of Strategic Programs, Linux Foundation)
Conference Open Source Summit Europe
Conf Tag
Location Prague, Czech Republic
Date Oct 21-27, 2017
URL Talk Page
Slides Talk Slides
Video

From upstreams through the supply chain to consumer products, open source sharing of code has enabled an unprecedented rate of innovation and new products. Complying with the respective open source licenses in the code is not always as easy as picking up the code and integrating it though. All to often, the licensing information for key software is overlooked, inaccurate or hard to find. Significant progress has been made in the last year to improving this, but there are some gaps still remaining. This talk will review the open source solutions available (and missing) for helping to make licensing compliance and security information more transparent, and able to keep up with the pace of innovation.

automating code security open source supply chain
comments powered by Disqus
How JupyterHub tamed big science: Experiences deploying Jupyter at a supercomputing center

How JupyterHub tamed big science: Experiences deploying Jupyter at a supercomputing center

December 22, 2019

Shreyas Cholia, Rollin Thomas, and Shane Canon share their experience leveraging JupyterHub to enable notebook services for data-intensive supercomputing on the Cray XC40 Cori system at the National Energy Research Scientific Computing Center (NERSC).
Replace Your Exploit-Ridden Firmware with Linux - Ronald Minnich, Google

Replace Your Exploit-Ridden Firmware with Linux - Ronald Minnich, Google

December 19, 2019

With the WikiLeaks release of the vault7 material, the security of the UEFI (Unified Extensible Firmware Interface) firmware used in most PCs and laptops is once again a concern. UEFI is a proprietary …
Automating peace of mind with accessibility testing and CI

Automating peace of mind with accessibility testing and CI

December 11, 2019

Marcy Sutton discusses open source web development tools and testing practices that can help your team develop a pragmatic and sustainable approach to accessible software, benefiting many people with disabilities.
Groovy, There's a Docker in My Application Pipeline [B]

Groovy, There's a Docker in My Application Pipeline [B]

November 23, 2019

In the era of Infrastructure as Code we strive to automate everything, this talk will discuss our experiences in automating the deployment of building of continuous delivery pipelines and solving test …
Software supply chains and the illusion of control

Software supply chains and the illusion of control

November 20, 2019

Derek Weeks shares the results of a three-year study of open source development practices across 3,000 organizations, exploring the vast software supply chains these organizations employ that are simultaneously improving development productivity and undermining quality and security practices. Derek then outlines DevOps practices that support building in quality and security from the beginning.
Paint the landscape and secure your data center with Apache Spot

Paint the landscape and secure your data center with Apache Spot

November 4, 2019

Cesar Berho and Alan Ross offer an overview of open source project Apache Spot (incubating), which delivers next-generation cybersecurity analytics architecture through unsupervised learning using machine-learning techniques at cloud scale for anomaly detection.