Webinar on Software Supply Chain Management: Philippe Ombredanne
Philippe Ombredanne on Tooling
Thursday, April 13, 2023. 13.00 - 14.30 CEST
In the second episode of the webinar series Philippe Ombredanne will give a talk on Tooling: Software Supply Chain Management Automation with "open source on open source". Free and open source (FOSS) code is the essence of modern software. Therefore it is imperative to track FOSS across the supply chain(s). For provenance, licensing, composition and dependencies, security and vulnerability, quality, obsolescence and sustainability. And of course, open source demands open source tooling. In this webinar we'll explore the state and trends in open source tooling and automation:
- The range of tooling & automation domains and how they are served by leading FOSS tools
- The key trends and insights for supply chain management tooling and SBOMs
- New and upcoming FOSS tools
- How to leverage these and participate to create better, more secure software more efficiently
This webinar took place on April 13, you can watch the recording here https://bbb.protagio.nl/playback/presentation/2.3/e156bbe10c5967b48f606f4ec5b14e818ba4877e-1681382167830
The talk will be about 45 minutes followed by a Q&A. This talk is part of the webinar series The Ins and Outs of Open Software Supply Chain hosted on Thursdays in April and May.
About Philippe Ombredanne
Philippe Ombredanne is a FOSS hacker on a mission to enable easier and safer to reuse FOSS code. He is the maintainer of ScanCode, the industry standard license detection tool and other open source tools for software composition analysis and license & security compliance at aboutcode.org.
Ombredanne is the project lead of two supply chain projects: FOSS Code Supply Chain Assurance. This project is building a new system to help verify the integrity of deployed code packages and validate their origin with external data sources, with the potential to mitigate attacks on open source packages supply chains such as: detecting if a package in use is matching verified code by matching source and binaries exactly and approximately. The other project is the Free Software Vulnerability Database: a resource to aggregate software updates. Both projects were funded by NGI0.
Webinar series: The Ins and Outs of Open Software Supply Chain
Philippe Ombredanne's talk is the second in a series of webinars about open source supply chain management. The series will explore topics such as the software bill of materials, legal consequences, tooling, and the Cyber Resilience Act.
Other talks in this series:
- April 6: Armijn Hemel. [ watch recording ]
Topic: Open Source in (Consumer) Electronics Supply Chains. - May 4: Carlo Piana & Alberto Pianon. [ watch recording ]
Topic: The importance of a Software Bill of Materials in light of the upcoming Cyber Resilience Act and product liability legislation in Europe. - May 11: Shane Martin Coughlan. [ watch recording ]
Topic: ISO standards and certification.
Acknowledgments
Special thanks to all the people who made and released these excellent free resources:
- Presentation template by SlidesCarnival at https://www.slidescarnival.com/ licensed under CC-BY-4.0 https://www.slidescarnival.com/terms-of-use#templates-license
- Photographs by Unsplash https://unsplash.com/license licensed under the unsplash license https://scancode-licensedb.aboutcode.org/unsplash.html
- All the open source software authors that made VulnerableCode, ScanCode and other AboutCode FOSS projects possible.
Software Bill of Materials
The Software Bill of Materials (SBoM) is a critical component of open source software development. It is a list of all the components that make up a software product and provides important information about the licenses and dependencies of each component. In our webinars, we'll discuss how to create an SBOM and why it's important for your organization.
Tooling
We will also discuss tooling in the open source software supply chain. From automated testing to vulnerability scanning, we'll show you the tools that can help you streamline your development process and ensure that your software is secure.
Cyber Resilience Act
We'll also explore the Cyber Resilience Act, which aims to improve the security and resilience of software and services within the European Union. This Act could be of particular importance for organizations that use open source software in their products.
How to join
The online webinar series will take place on Thursdays on April 6, April 13, May 4 and May 11, 2023 at 13.00 - 14.30 CEST (Amsterdam, Berlin, Rome). Each talk will take about 45 minutes followed by a Q&A. If you don't have time for the Q&A feel free to leave earlier. Join us for these informative webinars to learn from experts in the field and connect with like-minded individuals. Join the webinar on the BigBlueButton platform with the following link https://bbb.protagio.nl/b/ron-qed-tog-gey. The link is valid for all episodes.
We'd appreciate it if you'd register for the webinar by sending an e-mail to webinars@nlnet.nl but it's not necessary.
The series will be in English and will be hosted on BigBlueButton, an open source webconferencing framework which is actively supported by NGI Zero to add end-to-end encrypted chat.
Related NGI projects
- Binary-analysis-ng improvements: BANG is a tool to analyse firmware and other binary files.
- FOSS Code Supply Chain Assurance: Mitigate attacks through software dependencies.
- Free Software Vulnerability Database: A resource to aggregate software updates.