Recording of Armijn Hemel on Open Source in Electronics Supply Chains

The recording of Armijn Hemel's webinar on Open Source in (Consumer) Electronics Supply Chains is now available online. He gives a high level overview of how electronics supply chains work and explains where these can fail in the context of software provenance. After having mapped out the problems, Hemel discusses solutions around the 27-minute mark. Solutions may come from the governance side such as the Cyber Resilience Act, as well as tooling and better information sharing.

About Armijn Hemel

Armijn Hemel, MSc, is the owner of Tjaldur Software Governance Solutions. Mr Hemel studied computer science at Utrecht University, where he explored reproducible builds by building the first prototype of NixOS, a Linux distribution built around the Nix build system, where reproducibility and provenance is central. Since 2005 he has been focusing on open source license compliance and supply chain management in the (consumer) electronics industry, first on the license enforcement side as part of gpl-violations.org, but later (more effectively) as a consultant helping companies come into compliance, fight off copyright trolls and help improve processes. Mr Hemel has co-written academic research papers (MSR 2011, WCRE 2012, ASE 2014), made various open source tools for firmware reverse engineering and license compliance, and frequently talks at (industry) conferences about supply chain management in the (consumer) electronics industry. In the past he has served on the boards of NLUUG, as well as NixOS Foundation.

Webinar series: The Ins and Outs of Open Software Supply Chain

Armijn Hemel's talk is the first in a series of webinars about open source supply chain management. The series will explore topics such as the software bill of materials, legal consequences, tooling, and the Cyber Resilience Act.

Other talks in this series:

• April 6: Armijn Hemel. [ watch recording ]
  Topic: Open Source in (Consumer) Electronics Supply Chains.
• April 13: Philippe Ombredanne. [ watch recording ]
  Topic: Tooling.
• May 4: Carlo Piana & Alberto Pianon. [ watch recording ]
  Topic: The importance of a Software Bill of Materials in light of the upcoming Cyber Resilience Act and product liability legislation in Europe.
• May 11: Shane Martin Coughlan. [ watch recording ]
  Topic: ISO standards and certification.

All episodes start at 13.00 at CEST (Amsterdam, Berlin, Rome).

Related NGI projects

• Binary-analysis-ng improvements: BANG is a tool to analyse firmware and other binary files.
• FOSS Code Supply Chain Assurance: Mitigate attacks through software dependencies.
• Free Software Vulnerability Database: A resource to aggregate software updates.