SlideShare a Scribd company logo

OWF14 - Open Source & Software Supply Chain

Paris Open Source Summit
Paris Open Source Summit

Claus-Peter WIEDEMANN

Data & Analytics
1 of 26
Download to read offline
Supply Chains with Built-In License Compliance Claus-Peter Wiedemann Sr. Manager, FOSS Management, BearingPoint Phil Odence VP/General Manager, Black Duck Chair, SPDX Workgroup Open World Forum Paris, October 31, 2014
Warm up questions (head) • Who delivers software to other suppliers or end customers? • Who provides license information with that? In which format • How is this license information created? • Who just copies the license information provided by suppliers? Supply Chains with Built-In License Compliance 2
Warm up questions (tail) • Who receives software from suppliers? • Who receives license information from suppliers? In which format? • Who is verifying the received license information? How? Supply Chains with Built-In License Compliance 3
• Different formats • Unpredictable quality • Duplicate efforts • No trust Inefficient, ineffective High Risk Today Supply Chains with Built-In License Compliance 4 Compliant?
The Fantec Case • GPL violation discovered • Source code was made available, but not the “corresponding” version • Fantec argues • Chinese supplier asserted that delivered source code was complete • Effective verification of completeness only possible by copyright holder • Source code assessments are costly but no warranty that results are complete and correct • The Court says • Fantec was required to ensure the GPL obligations are fulfilled for their delivery • Fantec acted negligently by relying on its suppliers • Fantec was required to assess, the software by themselves or by a competent 3rd party, even if this meant additional cost Supply Chains with Built-In License Compliance 5
Creating/verifying the same information over and over again is not an (efficient) option But… Supply Chains with Built-In License Compliance 7
What do we need to fix this? Standardization (Format and Process) + Trust (Process and Capabilities) Supply Chains with Built-In License Compliance 8
Good news: we already have a standard format • File based license data • Information about a composition (a.k.a. hierarchy) • Information about architecture (linking, communication, etc.) • Composition license data -> concluded licenses • Information about how the data was created Supply Chains with Built-In License Compliance 9
Software Package Data Exchange® (SPDX®) A standard format for communicating the components, licenses and copyrights associated with a software package. Key pillar in Linux Foundation’s Open Compliance Program which comprises: Tools, Self-Assessment, SPDX, Rapid Alert System, Training, Community V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 11
The Need Our suppliers aren’t giving us complete licensing information for open source packages. software in Every customer wants a bill of materials in a different form. I don’t mind vetting our code, but I’m sure this imported package has been analyzed a dozen times before. software out V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 12
How much of a problem is it? How important is an industry standard for exchanging software BOMs? V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 13
The SPDX License List SPDX® license repo • List of most common licenses (300+) • Include common exceptions • Standardized license names • Exact text of licenses • Available on SPDX® website – URLs won’t change • License Matching Guidelines used for the purposes of matching licenses against those included on the SPDX License List • License Templates • denote license text which is optional or replaceable per the license matching guidelines V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 14
The SPDX Document SPDX Version and Licensing How and when created Package identification, copyright and licensing File by file identification, copyright and licensing Text of licenses that are not in SPDX License List Log of 3rd party reviews File is in RDF/XML or tag value form and can be converted to/from spreadsheets. Document Information Creation Information Package Information File Information Licensing Information Review Information V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 15
Support Forms: RDF Tag Value Spreadsheet thru translation V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 16
Status Version 1.1– August 2012 Version 1.2– October 2013 Version 2.0– RC1 next month, release Feb 2015 http://www.spdx.org V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 17
New in 2.0 Referencing Other SPDX Files Each SPDX Document has a unique identifier Elements within a document may have an identifier unique to the SPDX document (e.g. File, License, Package) Elements in external documents are referenced using the document unique ID:Ref SPDX Document A …. SPDXDocumentId XYZ… … File abc/def SdxRef- 201 … SPDX Document B …. SPDXDocumentId ABC… … ReferencesDoc docA I d: XYZ… … SdxRef-12 File: zzz/yyy ReferencesFile docA:SpdxRef-201 … V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 18
Adoption License List Internal: TI, Wind River, MicroFocus, HP, Siemens Tools: Black Duck, FOSSology, nexB, Protecode Community: OSI, Debian, Composer, Bower, NPM Format TI, Wind River, Alcatel Lucent, Siemens, OpenChain? Tagging Files U-Boot, Wind River Tooling Wind River, Black Duck, Source Auditor, FOSSology/UNO, Yocto, TripleCheck, SPDX OSS V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 19
Participants Open Source Organizations End-Users Integration Services Device OEMs Applications OS Distributions Systems Semiconductor Vendors …and others Participation is from a range of organizations and across various roles V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 20
Getting involved… See: http://www.spdx.org Mailing lists, meetings, wiki Contact: Phil Odence (Chair) - podence@blackducksoftware.com Kate Stewart (Tech Team Chair) - stewart@linux.com Jilayne Lovejoy (Legal Team Co-Chair) - opensource@jilayne.com Paul Maddick, (Legal Team Co-Chair) - paul.madick@hp.com Jack Manbeck (Business Team Co-Chair) - j-manbeck2@ti.com Mikael Söderberg (Business Team Co-Chair) - mikael.soderberg@pelagicore.com V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 21
SPDX is (almost) perfect – but is it enough? • No quality standards for the license data • Defined creation process and rules • Verification requirements • No standardization of license obligations fulfillment • Who does what when and how • No/limited collaboration • Qualified FOSS management experts rarely work together beyond company boundaries • License data is not developed and maintained the “Open Source way” What works for code can also work for license data… Supply Chains with Built-In License Compliance 27
No Legal Advise Only the data Supply Chains with Built-In License Compliance 28
What about a Community of Trusted Suppliers • All members maintain a sufficient FOSS management maturity • Adequate policies, processes, tools • FOSS supplier management Sufficient maturity level is a prerequisite for community membership • Members jointly create a growing pool of reliable and reusable license data • Members share the license data they have created for their deliveries (source or binary, components or complete works) by uploading it to the community repository • License data provided AS-IS, no warranty, liability • Whenever any code delivered by a member is reused in the supply chain, the associated license data is retrieved from the repository and is reused, too • Duplicate efforts can be avoided Supply Chains with Built-In License Compliance 29
What about having license data managed independently? • License data is created and actively managed by an independent party • Operational license compliance tasks are available as a service, e.g. • Upload license text receive a permanent URI for use in file headers, etc. • Upload source code receive a permanent URI pointing to file based license and copyright data (Bill of Materials) in SPDX format, and permanent URI(s) for the uploaded source files • Creation of FOSS disclosure documentation for source code • Provision of corresponding source code • Certified/trusted provider, full transparency • Economy of scale • Certification, indemnification options License compliance becomes built into the supply chain Supply Chains with Built-In License Compliance 30
License data travels seamlessly with the code Supply Chains with Built-In License Compliance 31 License Data Cloud Compliant!
Contact Claus-Peter Wiedemann Senior Manager BearingPoint Erika-Mann-Str. 9 80636 München Germany T +49 89 54033 6367 F +49 89 54033 7940 M +49 172 2757415 www.bearingpoint.com claus-peter.wiedemann@bearingpoint.com Supply Chains with Built-In License Compliance 33 L. Philip Odence Vice President and General Manager Black Duck 8 New England Executive Park Burlington, MA 01803 USA podence@blackducksoftware.com T +1 781 810 1819 M +1 781 258 9502 www.bearingpoint.com
OWF14 - Open Source & Software Supply Chain

Recommended

nexB - Software audit for product release
nexB - Software audit for product releasenexB - Software audit for product release
nexB - Software audit for product releasenexB Inc.
 
Extinct, endangered and threaten dogs4 students project...organic cop
Extinct, endangered and threaten dogs4 students project...organic copExtinct, endangered and threaten dogs4 students project...organic cop
Extinct, endangered and threaten dogs4 students project...organic copisamae27
 
Advertising sales-kit-2016-3
Advertising sales-kit-2016-3Advertising sales-kit-2016-3
Advertising sales-kit-2016-3alam jahangir
 
45 Pitch lesappawards 2014
45 Pitch lesappawards 201445 Pitch lesappawards 2014
45 Pitch lesappawards 2014servicesmobiles.fr
 
Managing Open Source Software Supply Chains
Managing Open Source Software Supply ChainsManaging Open Source Software Supply Chains
Managing Open Source Software Supply ChainsnexB Inc.
 
OpenChain, SPDX and FOSSology
OpenChain, SPDX and FOSSologyOpenChain, SPDX and FOSSology
OpenChain, SPDX and FOSSologyShane Coughlan
 
Optimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software ManagementOptimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software ManagementProtecode
 
Managing Software Inventories & Automating Open Source Software Compliance
Managing Software Inventories & Automating Open Source Software ComplianceManaging Software Inventories & Automating Open Source Software Compliance
Managing Software Inventories & Automating Open Source Software CompliancenexB Inc.
 

Recommended

nexB - Software audit for product release
nexB - Software audit for product releasenexB - Software audit for product release
nexB - Software audit for product releasenexB Inc.
 
Extinct, endangered and threaten dogs4 students project...organic cop
Extinct, endangered and threaten dogs4 students project...organic copExtinct, endangered and threaten dogs4 students project...organic cop
Extinct, endangered and threaten dogs4 students project...organic copisamae27
 
Advertising sales-kit-2016-3
Advertising sales-kit-2016-3Advertising sales-kit-2016-3
Advertising sales-kit-2016-3alam jahangir
 
45 Pitch lesappawards 2014
45 Pitch lesappawards 201445 Pitch lesappawards 2014
45 Pitch lesappawards 2014servicesmobiles.fr
 
Managing Open Source Software Supply Chains
Managing Open Source Software Supply ChainsManaging Open Source Software Supply Chains
Managing Open Source Software Supply ChainsnexB Inc.
 
OpenChain, SPDX and FOSSology
OpenChain, SPDX and FOSSologyOpenChain, SPDX and FOSSology
OpenChain, SPDX and FOSSologyShane Coughlan
 
Optimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software ManagementOptimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software ManagementProtecode
 
Managing Software Inventories & Automating Open Source Software Compliance
Managing Software Inventories & Automating Open Source Software ComplianceManaging Software Inventories & Automating Open Source Software Compliance
Managing Software Inventories & Automating Open Source Software CompliancenexB Inc.
 
SFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdf
SFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdfSFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdf
SFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdfSouth Tyrol Free Software Conference
 
OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0Shane Coughlan
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumShane Coughlan
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationnexB Inc.
 
Licensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsLicensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsProtecode
 
Best practices for simplifying software audits
Best practices for simplifying software auditsBest practices for simplifying software audits
Best practices for simplifying software auditsTiberius Forrester
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskProtecode
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Source Code Control Limited
 
Licensing in Composite Projects
Licensing in Composite ProjectsLicensing in Composite Projects
Licensing in Composite ProjectsTiberius Forrester
 
Managing OSS license obligations
Managing OSS license obligationsManaging OSS license obligations
Managing OSS license obligationsnexB Inc.
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskSource Code Control Limited
 
Welcome to the FOSS4G Community
Welcome to the FOSS4G CommunityWelcome to the FOSS4G Community
Welcome to the FOSS4G CommunityJody Garnett
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suitejeff cheng
 
Open Source ETL
Open Source ETLOpen Source ETL
Open Source ETLDavid Morris
 
Open Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingOpen Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingAll Things Open
 
The Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data ChallengesThe Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data ChallengesCompuware
 
Open Source Compliance Automation Capability Map
Open Source Compliance Automation Capability MapOpen Source Compliance Automation Capability Map
Open Source Compliance Automation Capability MapShane Coughlan
 
Project department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursProject department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursSAHIL781034
 
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...Black Duck by Synopsys
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...FINOS
 
#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...
#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...
#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...Paris Open Source Summit
 
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...Paris Open Source Summit
 

More Related Content

Similar to OWF14 - Open Source & Software Supply Chain

SFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdf
SFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdfSFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdf
SFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdfSouth Tyrol Free Software Conference
 
OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0Shane Coughlan
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumShane Coughlan
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationnexB Inc.
 
Licensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsLicensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsProtecode
 
Best practices for simplifying software audits
Best practices for simplifying software auditsBest practices for simplifying software audits
Best practices for simplifying software auditsTiberius Forrester
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskProtecode
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Source Code Control Limited
 
Licensing in Composite Projects
Licensing in Composite ProjectsLicensing in Composite Projects
Licensing in Composite ProjectsTiberius Forrester
 
Managing OSS license obligations
Managing OSS license obligationsManaging OSS license obligations
Managing OSS license obligationsnexB Inc.
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskSource Code Control Limited
 
Welcome to the FOSS4G Community
Welcome to the FOSS4G CommunityWelcome to the FOSS4G Community
Welcome to the FOSS4G CommunityJody Garnett
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suitejeff cheng
 
Open Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingOpen Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingAll Things Open
 
The Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data ChallengesThe Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data ChallengesCompuware
 
Open Source Compliance Automation Capability Map
Open Source Compliance Automation Capability MapOpen Source Compliance Automation Capability Map
Open Source Compliance Automation Capability MapShane Coughlan
 
Project department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursProject department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursSAHIL781034
 
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...Black Duck by Synopsys
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...FINOS
 

Similar to OWF14 - Open Source & Software Supply Chain (20)

SFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdf
SFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdfSFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdf
SFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdf
 
OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software Identification
 
Licensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsLicensing in Composite Open Source Projects
Licensing in Composite Open Source Projects
 
Best practices for simplifying software audits
Best practices for simplifying software auditsBest practices for simplifying software audits
Best practices for simplifying software audits
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the Risk
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations?
 
Licensing in Composite Projects
Licensing in Composite ProjectsLicensing in Composite Projects
Licensing in Composite Projects
 
Managing OSS license obligations
Managing OSS license obligationsManaging OSS license obligations
Managing OSS license obligations
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the Risk
 
Welcome to the FOSS4G Community
Welcome to the FOSS4G CommunityWelcome to the FOSS4G Community
Welcome to the FOSS4G Community
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suite
 
Open Source ETL
Open Source ETLOpen Source ETL
Open Source ETL
 
Open Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingOpen Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are using
 
The Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data ChallengesThe Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
 
Open Source Compliance Automation Capability Map
Open Source Compliance Automation Capability MapOpen Source Compliance Automation Capability Map
Open Source Compliance Automation Capability Map
 
Project department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursProject department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis cours
 
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
 

More from Paris Open Source Summit

#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...
#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...
#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...Paris Open Source Summit
 
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...Paris Open Source Summit
 
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...Paris Open Source Summit
 
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, ArduinoParis Open Source Summit
 
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...Paris Open Source Summit
 
#OSSPARIS19 : Detecter des anomalies de séries temporelles à la volée avec Wa...
#OSSPARIS19 : Detecter des anomalies de séries temporelles à la volée avec Wa...#OSSPARIS19 : Detecter des anomalies de séries temporelles à la volée avec Wa...
#OSSPARIS19 : Detecter des anomalies de séries temporelles à la volée avec Wa...Paris Open Source Summit
 
#OSSPARIS19 : Supervision d'objets connectés industriels - Eric DOANE, Zabbix
#OSSPARIS19 : Supervision d'objets connectés industriels - Eric DOANE, Zabbix#OSSPARIS19 : Supervision d'objets connectés industriels - Eric DOANE, Zabbix
#OSSPARIS19 : Supervision d'objets connectés industriels - Eric DOANE, ZabbixParis Open Source Summit
 
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, InriaParis Open Source Summit
 
#OSSPARIS19 - Fostering disruptive innovation in AI with JEDI - André Loesekr...
#OSSPARIS19 - Fostering disruptive innovation in AI with JEDI - André Loesekr...#OSSPARIS19 - Fostering disruptive innovation in AI with JEDI - André Loesekr...
#OSSPARIS19 - Fostering disruptive innovation in AI with JEDI - André Loesekr...Paris Open Source Summit
 
#OSSPARIS19 : Comment ONLYOFFICE aide à organiser les travaux de recherches ...
#OSSPARIS19 : Comment ONLYOFFICE aide à organiser les travaux de recherches ...#OSSPARIS19 : Comment ONLYOFFICE aide à organiser les travaux de recherches ...
#OSSPARIS19 : Comment ONLYOFFICE aide à organiser les travaux de recherches ...Paris Open Source Summit
 
#OSSPARIS19 : MDPH : une solution collaborative open source pour l'instructio...
#OSSPARIS19 : MDPH : une solution collaborative open source pour l'instructio...#OSSPARIS19 : MDPH : une solution collaborative open source pour l'instructio...
#OSSPARIS19 : MDPH : une solution collaborative open source pour l'instructio...Paris Open Source Summit
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...Paris Open Source Summit
 
#OSSPARIS19 : Publier du code Open Source dans une banque : Mission impossibl...
#OSSPARIS19 : Publier du code Open Source dans une banque : Mission impossibl...#OSSPARIS19 : Publier du code Open Source dans une banque : Mission impossibl...
#OSSPARIS19 : Publier du code Open Source dans une banque : Mission impossibl...Paris Open Source Summit
 
#OSSPARIS19 : Libre à vous ! Raconter les libertés informatiques à la radio -...
#OSSPARIS19 : Libre à vous ! Raconter les libertés informatiques à la radio -...#OSSPARIS19 : Libre à vous ! Raconter les libertés informatiques à la radio -...
#OSSPARIS19 : Libre à vous ! Raconter les libertés informatiques à la radio -...Paris Open Source Summit
 
#OSSPARIS19 - Le logiciel libre : un enjeu politique et social - Etienne Gonn...
#OSSPARIS19 - Le logiciel libre : un enjeu politique et social - Etienne Gonn...#OSSPARIS19 - Le logiciel libre : un enjeu politique et social - Etienne Gonn...
#OSSPARIS19 - Le logiciel libre : un enjeu politique et social - Etienne Gonn...Paris Open Source Summit
 
#OSSPARIS19 - Conflits d’intérêt & concurrence : la place de l’éditeur dans l...
#OSSPARIS19 - Conflits d’intérêt & concurrence : la place de l’éditeur dans l...#OSSPARIS19 - Conflits d’intérêt & concurrence : la place de l’éditeur dans l...
#OSSPARIS19 - Conflits d’intérêt & concurrence : la place de l’éditeur dans l...Paris Open Source Summit
 
#OSSPARIS19 - Table ronde : souveraineté des données
#OSSPARIS19 - Table ronde : souveraineté des données #OSSPARIS19 - Table ronde : souveraineté des données
#OSSPARIS19 - Table ronde : souveraineté des données Paris Open Source Summit
 
#OSSPARIS19 - Comment financer un projet de logiciel libre - LUDOVIC DUBOST, ...
#OSSPARIS19 - Comment financer un projet de logiciel libre - LUDOVIC DUBOST, ...#OSSPARIS19 - Comment financer un projet de logiciel libre - LUDOVIC DUBOST, ...
#OSSPARIS19 - Comment financer un projet de logiciel libre - LUDOVIC DUBOST, ...Paris Open Source Summit
 
#OSSPARIS19 - BlueMind v4 : les dessous technologiques de 10 ans de travail p...
#OSSPARIS19 - BlueMind v4 : les dessous technologiques de 10 ans de travail p...#OSSPARIS19 - BlueMind v4 : les dessous technologiques de 10 ans de travail p...
#OSSPARIS19 - BlueMind v4 : les dessous technologiques de 10 ans de travail p...Paris Open Source Summit
 
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...Paris Open Source Summit
 

More from Paris Open Source Summit (20)

#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...
#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...
#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...
 
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...
 
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
 
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
 
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
 
#OSSPARIS19 : Detecter des anomalies de séries temporelles à la volée avec Wa...
#OSSPARIS19 : Detecter des anomalies de séries temporelles à la volée avec Wa...#OSSPARIS19 : Detecter des anomalies de séries temporelles à la volée avec Wa...
#OSSPARIS19 : Detecter des anomalies de séries temporelles à la volée avec Wa...
 
#OSSPARIS19 : Supervision d'objets connectés industriels - Eric DOANE, Zabbix
#OSSPARIS19 : Supervision d'objets connectés industriels - Eric DOANE, Zabbix#OSSPARIS19 : Supervision d'objets connectés industriels - Eric DOANE, Zabbix
#OSSPARIS19 : Supervision d'objets connectés industriels - Eric DOANE, Zabbix
 
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria
 
#OSSPARIS19 - Fostering disruptive innovation in AI with JEDI - André Loesekr...
#OSSPARIS19 - Fostering disruptive innovation in AI with JEDI - André Loesekr...#OSSPARIS19 - Fostering disruptive innovation in AI with JEDI - André Loesekr...
#OSSPARIS19 - Fostering disruptive innovation in AI with JEDI - André Loesekr...
 
#OSSPARIS19 : Comment ONLYOFFICE aide à organiser les travaux de recherches ...
#OSSPARIS19 : Comment ONLYOFFICE aide à organiser les travaux de recherches ...#OSSPARIS19 : Comment ONLYOFFICE aide à organiser les travaux de recherches ...
#OSSPARIS19 : Comment ONLYOFFICE aide à organiser les travaux de recherches ...
 
#OSSPARIS19 : MDPH : une solution collaborative open source pour l'instructio...
#OSSPARIS19 : MDPH : une solution collaborative open source pour l'instructio...#OSSPARIS19 : MDPH : une solution collaborative open source pour l'instructio...
#OSSPARIS19 : MDPH : une solution collaborative open source pour l'instructio...
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
 
#OSSPARIS19 : Publier du code Open Source dans une banque : Mission impossibl...
#OSSPARIS19 : Publier du code Open Source dans une banque : Mission impossibl...#OSSPARIS19 : Publier du code Open Source dans une banque : Mission impossibl...
#OSSPARIS19 : Publier du code Open Source dans une banque : Mission impossibl...
 
#OSSPARIS19 : Libre à vous ! Raconter les libertés informatiques à la radio -...
#OSSPARIS19 : Libre à vous ! Raconter les libertés informatiques à la radio -...#OSSPARIS19 : Libre à vous ! Raconter les libertés informatiques à la radio -...
#OSSPARIS19 : Libre à vous ! Raconter les libertés informatiques à la radio -...
 
#OSSPARIS19 - Le logiciel libre : un enjeu politique et social - Etienne Gonn...
#OSSPARIS19 - Le logiciel libre : un enjeu politique et social - Etienne Gonn...#OSSPARIS19 - Le logiciel libre : un enjeu politique et social - Etienne Gonn...
#OSSPARIS19 - Le logiciel libre : un enjeu politique et social - Etienne Gonn...
 
#OSSPARIS19 - Conflits d’intérêt & concurrence : la place de l’éditeur dans l...
#OSSPARIS19 - Conflits d’intérêt & concurrence : la place de l’éditeur dans l...#OSSPARIS19 - Conflits d’intérêt & concurrence : la place de l’éditeur dans l...
#OSSPARIS19 - Conflits d’intérêt & concurrence : la place de l’éditeur dans l...
 
#OSSPARIS19 - Table ronde : souveraineté des données
#OSSPARIS19 - Table ronde : souveraineté des données #OSSPARIS19 - Table ronde : souveraineté des données
#OSSPARIS19 - Table ronde : souveraineté des données
 
#OSSPARIS19 - Comment financer un projet de logiciel libre - LUDOVIC DUBOST, ...
#OSSPARIS19 - Comment financer un projet de logiciel libre - LUDOVIC DUBOST, ...#OSSPARIS19 - Comment financer un projet de logiciel libre - LUDOVIC DUBOST, ...
#OSSPARIS19 - Comment financer un projet de logiciel libre - LUDOVIC DUBOST, ...
 
#OSSPARIS19 - BlueMind v4 : les dessous technologiques de 10 ans de travail p...
#OSSPARIS19 - BlueMind v4 : les dessous technologiques de 10 ans de travail p...#OSSPARIS19 - BlueMind v4 : les dessous technologiques de 10 ans de travail p...
#OSSPARIS19 - BlueMind v4 : les dessous technologiques de 10 ans de travail p...
 
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...
 

Recently uploaded

Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...nirzagarg
 
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...HyderabadDolls
 
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...kumargunjan9515
 
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样wsppdmt
 
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteedamy56318795
 
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...Health
 
Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...gajnagarg
 
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...kumargunjan9515
 
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...gajnagarg
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Researchmichael115558
 
Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1ranjankumarbehera14
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Klinik kandungan
 
Statistics notes ,it includes mean to index numbers
Statistics notes ,it includes mean to index numbersStatistics notes ,it includes mean to index numbers
Statistics notes ,it includes mean to index numberssuginr1
 
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...nirzagarg
 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKTimothy Spann
 
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...gajnagarg
 
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptx
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptxRESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptx
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptxronsairoathenadugay
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...nirzagarg
 

Recently uploaded (20)

Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
 
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
Charbagh + Female Escorts Service in Lucknow | Starting ₹,5K To @25k with A/C...
 
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
 
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
 
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
 
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
 
Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...
 
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
 
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 
Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
 
Statistics notes ,it includes mean to index numbers
Statistics notes ,it includes mean to index numbersStatistics notes ,it includes mean to index numbers
Statistics notes ,it includes mean to index numbers
 
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
 
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
 
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptx
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptxRESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptx
RESEARCH-FINAL-DEFENSE-PPT-TEMPLATE.pptx
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
 
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get CytotecAbortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get Cytotec
 

OWF14 - Open Source & Software Supply Chain

  • 1. Supply Chains with Built-In License Compliance Claus-Peter Wiedemann Sr. Manager, FOSS Management, BearingPoint Phil Odence VP/General Manager, Black Duck Chair, SPDX Workgroup Open World Forum Paris, October 31, 2014
  • 2. Warm up questions (head) • Who delivers software to other suppliers or end customers? • Who provides license information with that? In which format • How is this license information created? • Who just copies the license information provided by suppliers? Supply Chains with Built-In License Compliance 2
  • 3. Warm up questions (tail) • Who receives software from suppliers? • Who receives license information from suppliers? In which format? • Who is verifying the received license information? How? Supply Chains with Built-In License Compliance 3
  • 4. • Different formats • Unpredictable quality • Duplicate efforts • No trust Inefficient, ineffective High Risk Today Supply Chains with Built-In License Compliance 4 Compliant?
  • 5. The Fantec Case • GPL violation discovered • Source code was made available, but not the “corresponding” version • Fantec argues • Chinese supplier asserted that delivered source code was complete • Effective verification of completeness only possible by copyright holder • Source code assessments are costly but no warranty that results are complete and correct • The Court says • Fantec was required to ensure the GPL obligations are fulfilled for their delivery • Fantec acted negligently by relying on its suppliers • Fantec was required to assess, the software by themselves or by a competent 3rd party, even if this meant additional cost Supply Chains with Built-In License Compliance 5
  • 6. Creating/verifying the same information over and over again is not an (efficient) option But… Supply Chains with Built-In License Compliance 7
  • 7. What do we need to fix this? Standardization (Format and Process) + Trust (Process and Capabilities) Supply Chains with Built-In License Compliance 8
  • 8. Good news: we already have a standard format • File based license data • Information about a composition (a.k.a. hierarchy) • Information about architecture (linking, communication, etc.) • Composition license data -> concluded licenses • Information about how the data was created Supply Chains with Built-In License Compliance 9
  • 9. Software Package Data Exchange® (SPDX®) A standard format for communicating the components, licenses and copyrights associated with a software package. Key pillar in Linux Foundation’s Open Compliance Program which comprises: Tools, Self-Assessment, SPDX, Rapid Alert System, Training, Community V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 11
  • 10. The Need Our suppliers aren’t giving us complete licensing information for open source packages. software in Every customer wants a bill of materials in a different form. I don’t mind vetting our code, but I’m sure this imported package has been analyzed a dozen times before. software out V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 12
  • 11. How much of a problem is it? How important is an industry standard for exchanging software BOMs? V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 13
  • 12. The SPDX License List SPDX® license repo • List of most common licenses (300+) • Include common exceptions • Standardized license names • Exact text of licenses • Available on SPDX® website – URLs won’t change • License Matching Guidelines used for the purposes of matching licenses against those included on the SPDX License List • License Templates • denote license text which is optional or replaceable per the license matching guidelines V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 14
  • 13. The SPDX Document SPDX Version and Licensing How and when created Package identification, copyright and licensing File by file identification, copyright and licensing Text of licenses that are not in SPDX License List Log of 3rd party reviews File is in RDF/XML or tag value form and can be converted to/from spreadsheets. Document Information Creation Information Package Information File Information Licensing Information Review Information V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 15
  • 14. Support Forms: RDF Tag Value Spreadsheet thru translation V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 16
  • 15. Status Version 1.1– August 2012 Version 1.2– October 2013 Version 2.0– RC1 next month, release Feb 2015 http://www.spdx.org V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 17
  • 16. New in 2.0 Referencing Other SPDX Files Each SPDX Document has a unique identifier Elements within a document may have an identifier unique to the SPDX document (e.g. File, License, Package) Elements in external documents are referenced using the document unique ID:Ref SPDX Document A …. SPDXDocumentId XYZ… … File abc/def SdxRef- 201 … SPDX Document B …. SPDXDocumentId ABC… … ReferencesDoc docA I d: XYZ… … SdxRef-12 File: zzz/yyy ReferencesFile docA:SpdxRef-201 … V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 18
  • 17. Adoption License List Internal: TI, Wind River, MicroFocus, HP, Siemens Tools: Black Duck, FOSSology, nexB, Protecode Community: OSI, Debian, Composer, Bower, NPM Format TI, Wind River, Alcatel Lucent, Siemens, OpenChain? Tagging Files U-Boot, Wind River Tooling Wind River, Black Duck, Source Auditor, FOSSology/UNO, Yocto, TripleCheck, SPDX OSS V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 19
  • 18. Participants Open Source Organizations End-Users Integration Services Device OEMs Applications OS Distributions Systems Semiconductor Vendors …and others Participation is from a range of organizations and across various roles V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 20
  • 19. Getting involved… See: http://www.spdx.org Mailing lists, meetings, wiki Contact: Phil Odence (Chair) - podence@blackducksoftware.com Kate Stewart (Tech Team Chair) - stewart@linux.com Jilayne Lovejoy (Legal Team Co-Chair) - opensource@jilayne.com Paul Maddick, (Legal Team Co-Chair) - paul.madick@hp.com Jack Manbeck (Business Team Co-Chair) - j-manbeck2@ti.com Mikael Söderberg (Business Team Co-Chair) - mikael.soderberg@pelagicore.com V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 21
  • 20. SPDX is (almost) perfect – but is it enough? • No quality standards for the license data • Defined creation process and rules • Verification requirements • No standardization of license obligations fulfillment • Who does what when and how • No/limited collaboration • Qualified FOSS management experts rarely work together beyond company boundaries • License data is not developed and maintained the “Open Source way” What works for code can also work for license data… Supply Chains with Built-In License Compliance 27
  • 21. No Legal Advise Only the data Supply Chains with Built-In License Compliance 28
  • 22. What about a Community of Trusted Suppliers • All members maintain a sufficient FOSS management maturity • Adequate policies, processes, tools • FOSS supplier management Sufficient maturity level is a prerequisite for community membership • Members jointly create a growing pool of reliable and reusable license data • Members share the license data they have created for their deliveries (source or binary, components or complete works) by uploading it to the community repository • License data provided AS-IS, no warranty, liability • Whenever any code delivered by a member is reused in the supply chain, the associated license data is retrieved from the repository and is reused, too • Duplicate efforts can be avoided Supply Chains with Built-In License Compliance 29
  • 23. What about having license data managed independently? • License data is created and actively managed by an independent party • Operational license compliance tasks are available as a service, e.g. • Upload license text receive a permanent URI for use in file headers, etc. • Upload source code receive a permanent URI pointing to file based license and copyright data (Bill of Materials) in SPDX format, and permanent URI(s) for the uploaded source files • Creation of FOSS disclosure documentation for source code • Provision of corresponding source code • Certified/trusted provider, full transparency • Economy of scale • Certification, indemnification options License compliance becomes built into the supply chain Supply Chains with Built-In License Compliance 30
  • 24. License data travels seamlessly with the code Supply Chains with Built-In License Compliance 31 License Data Cloud Compliant!
  • 25. Contact Claus-Peter Wiedemann Senior Manager BearingPoint Erika-Mann-Str. 9 80636 München Germany T +49 89 54033 6367 F +49 89 54033 7940 M +49 172 2757415 www.bearingpoint.com claus-peter.wiedemann@bearingpoint.com Supply Chains with Built-In License Compliance 33 L. Philip Odence Vice President and General Manager Black Duck 8 New England Executive Park Burlington, MA 01803 USA podence@blackducksoftware.com T +1 781 810 1819 M +1 781 258 9502 www.bearingpoint.com