Antepedia Reporter and Fossology: Updates and new challenges toward software tracking throught the whole software life cycle, Guillaume Rousseau, Antelink.
During this talk we will describe how tools dedicated to open source components and source code scanning like Fossology or Antepedia Reporter help development tools to enforce open source licensing policies. A particular scope will be provided on new trends and challenges regarding Software tracking issues which no longer focus on open source component tracking, but tracking of all artifacts produced over the whole software life cycle including source code items and build artifacts.
Ähnlich wie Antepedia Reporter and Fossology: Updates and new challenges toward software tracking throught the whole software life cycle, Guillaume Rousseau, Antelink.
Ähnlich wie Antepedia Reporter and Fossology: Updates and new challenges toward software tracking throught the whole software life cycle, Guillaume Rousseau, Antelink. (20)
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Antepedia Reporter and Fossology: Updates and new challenges toward software tracking throught the whole software life cycle, Guillaume Rousseau, Antelink.
1. Panel: Benefits and challenges
of integrating open source
components.
Copyright Antelink 2013 CC BY-NC-ND 3.0
How technical solutions can help to
reach legal quality
Co-‐author
/
IPR
Tracking:
A
methodology
for
Component
Based
and
Collabora@vely
Developed
soCware
(QualiPSo
A1)
Assistant
professor
at
INRIA/Univ.
Paris
Diderot
Co-‐founder
of
Antelink,
INRIA
spinoff,
single
EU
player
developing
tools
Guillaume ROUSSEAU
2. Copyright Antelink 2013 CC BY-NC-ND 3.0
When
can
you
talk
about
Legal
Quality
issue
?
Lack of contradictory
evidences in the event of
a litigation through the
software supply chain.
3. Copyright Antelink 2013 CC BY-NC-ND 3.0
When
can
you
talk
about
Legal
Quality
issue
?
Spend too much time to
maintain qualified bill of
materials from design to
delivery over the whole
software factory.
4. Copyright Antelink 2013 CC BY-NC-ND 3.0
When
can
you
talk
about
Legal
Quality
issue
?
Choose the right components
as soon as the design phase,
with very few information
about the components and
their alternatives available.
5. Copyright Antelink 2013 CC BY-NC-ND 3.0
When
can
you
talk
about
Legal
Quality
issue
?
Do not get full benefit of
open source and proprietary
reusable components because
of missing third party
components’ licenses
compliance policy.
6. Copyright Antelink 2013 CC BY-NC-ND 3.0
Why
do
you
need
Tools
?
Produc@vity
(reduce
@me)
Integrity
(quality
of
the
informa@on)
7. Copyright Antelink 2013 CC BY-NC-ND 3.0
When
do
you
have
to
use
state
of
art
tools
to
increase
legal
quality
?
• Audit
your
soCware
asset
(your
first
BoM
J)
• Set
up
Compliance
Policy
• Provide
BoM
with
accurate
third
par@es
license
and
aSribu@on
informa@on.
• Check
your
ability
to
answer
support
request
?
• Check
copyright
(who
developed/owned
your
soCware)
• Scanner
for
informa@on
discovery
(Author
metrics,
copyright,
license,
vulnerability,
…)
8. Why
do
you
have
to
use
tools
?
• This
is
the
state
of
art,
do
it
at
your
own
risk
if
your
are
not
using
them
• Some
of
them
are
free
(fossology,
Oslc,
Reporter
free
edi@on,
…)
Copyright Antelink 2013 CC BY-NC-ND 3.0
• Standard
like
SPDX
are
making
your
life
much
easier
(see
for
instance
compliance
table
comparing
policies
from
FSF,
Eclipse,
Apache
found.
9. Contact
www.antelink.com
contact@antelink.com
+33
(0)1
42
39
30
78
Copyright Antelink 2013 – Do not distribute without prior written agreement