Gehören Sie zu den Ersten, denen das gefällt!
Jeff Luszcz on Open Source Compliance
Compliance is still a personality driven process
When influencers leave, a company’s compliance process often falls apart
Bus Factor=<1 at many companies
Experience levels vary greatly across the industry
BOM Inventory depends on who performed or what process was followed. Same project could report 10 or 1000 libraries depending on tool or person.
Analysis Paralysis is a double edged sword
First reviews lead to either NO reviews or MORE reviews
Remediation is an ART not a Science
The number of packages in a BOM has moved past where humans can easily monitor using spreadsheets
The build environment and tool chain are being ignored by compliance teams at the same time targeted Supply Chain Attacks are increasing
We need to start requiring accurate BOMS in contracts with real teeth
“Internal Audit” is waking up to OSS issues
Pressure building for new FOSS licenses / models
OpenChain has a bright future! Well respected and outside knowledge is growing