SlideShare a Scribd company logo

OWF14 - Open Source & Software Supply Chain

Paris Open Source Summit
Paris Open Source Summit

Claus-Peter WIEDEMANN

Data & Analytics
1 of 26
Download to read offline
Supply Chains with Built-In License Compliance Claus-Peter Wiedemann Sr. Manager, FOSS Management, BearingPoint Phil Odence VP/General Manager, Black Duck Chair, SPDX Workgroup Open World Forum Paris, October 31, 2014
Warm up questions (head) • Who delivers software to other suppliers or end customers? • Who provides license information with that? In which format • How is this license information created? • Who just copies the license information provided by suppliers? Supply Chains with Built-In License Compliance 2
Warm up questions (tail) • Who receives software from suppliers? • Who receives license information from suppliers? In which format? • Who is verifying the received license information? How? Supply Chains with Built-In License Compliance 3
• Different formats • Unpredictable quality • Duplicate efforts • No trust Inefficient, ineffective High Risk Today Supply Chains with Built-In License Compliance 4 Compliant?
The Fantec Case • GPL violation discovered • Source code was made available, but not the “corresponding” version • Fantec argues • Chinese supplier asserted that delivered source code was complete • Effective verification of completeness only possible by copyright holder • Source code assessments are costly but no warranty that results are complete and correct • The Court says • Fantec was required to ensure the GPL obligations are fulfilled for their delivery • Fantec acted negligently by relying on its suppliers • Fantec was required to assess, the software by themselves or by a competent 3rd party, even if this meant additional cost Supply Chains with Built-In License Compliance 5
Creating/verifying the same information over and over again is not an (efficient) option But… Supply Chains with Built-In License Compliance 7
What do we need to fix this? Standardization (Format and Process) + Trust (Process and Capabilities) Supply Chains with Built-In License Compliance 8
Good news: we already have a standard format • File based license data • Information about a composition (a.k.a. hierarchy) • Information about architecture (linking, communication, etc.) • Composition license data -> concluded licenses • Information about how the data was created Supply Chains with Built-In License Compliance 9
Software Package Data Exchange® (SPDX®) A standard format for communicating the components, licenses and copyrights associated with a software package. Key pillar in Linux Foundation’s Open Compliance Program which comprises: Tools, Self-Assessment, SPDX, Rapid Alert System, Training, Community V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 11
The Need Our suppliers aren’t giving us complete licensing information for open source packages. software in Every customer wants a bill of materials in a different form. I don’t mind vetting our code, but I’m sure this imported package has been analyzed a dozen times before. software out V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 12
How much of a problem is it? How important is an industry standard for exchanging software BOMs? V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 13
The SPDX License List SPDX® license repo • List of most common licenses (300+) • Include common exceptions • Standardized license names • Exact text of licenses • Available on SPDX® website – URLs won’t change • License Matching Guidelines used for the purposes of matching licenses against those included on the SPDX License List • License Templates • denote license text which is optional or replaceable per the license matching guidelines V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 14
The SPDX Document SPDX Version and Licensing How and when created Package identification, copyright and licensing File by file identification, copyright and licensing Text of licenses that are not in SPDX License List Log of 3rd party reviews File is in RDF/XML or tag value form and can be converted to/from spreadsheets. Document Information Creation Information Package Information File Information Licensing Information Review Information V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 15
Support Forms: RDF Tag Value Spreadsheet thru translation V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 16
Status Version 1.1– August 2012 Version 1.2– October 2013 Version 2.0– RC1 next month, release Feb 2015 http://www.spdx.org V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 17
New in 2.0 Referencing Other SPDX Files Each SPDX Document has a unique identifier Elements within a document may have an identifier unique to the SPDX document (e.g. File, License, Package) Elements in external documents are referenced using the document unique ID:Ref SPDX Document A …. SPDXDocumentId XYZ… … File abc/def SdxRef- 201 … SPDX Document B …. SPDXDocumentId ABC… … ReferencesDoc docA I d: XYZ… … SdxRef-12 File: zzz/yyy ReferencesFile docA:SpdxRef-201 … V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 18
Adoption License List Internal: TI, Wind River, MicroFocus, HP, Siemens Tools: Black Duck, FOSSology, nexB, Protecode Community: OSI, Debian, Composer, Bower, NPM Format TI, Wind River, Alcatel Lucent, Siemens, OpenChain? Tagging Files U-Boot, Wind River Tooling Wind River, Black Duck, Source Auditor, FOSSology/UNO, Yocto, TripleCheck, SPDX OSS V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 19
Participants Open Source Organizations End-Users Integration Services Device OEMs Applications OS Distributions Systems Semiconductor Vendors …and others Participation is from a range of organizations and across various roles V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 20
Getting involved… See: http://www.spdx.org Mailing lists, meetings, wiki Contact: Phil Odence (Chair) - podence@blackducksoftware.com Kate Stewart (Tech Team Chair) - stewart@linux.com Jilayne Lovejoy (Legal Team Co-Chair) - opensource@jilayne.com Paul Maddick, (Legal Team Co-Chair) - paul.madick@hp.com Jack Manbeck (Business Team Co-Chair) - j-manbeck2@ti.com Mikael Söderberg (Business Team Co-Chair) - mikael.soderberg@pelagicore.com V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 21
SPDX is (almost) perfect – but is it enough? • No quality standards for the license data • Defined creation process and rules • Verification requirements • No standardization of license obligations fulfillment • Who does what when and how • No/limited collaboration • Qualified FOSS management experts rarely work together beyond company boundaries • License data is not developed and maintained the “Open Source way” What works for code can also work for license data… Supply Chains with Built-In License Compliance 27
No Legal Advise Only the data Supply Chains with Built-In License Compliance 28
What about a Community of Trusted Suppliers • All members maintain a sufficient FOSS management maturity • Adequate policies, processes, tools • FOSS supplier management Sufficient maturity level is a prerequisite for community membership • Members jointly create a growing pool of reliable and reusable license data • Members share the license data they have created for their deliveries (source or binary, components or complete works) by uploading it to the community repository • License data provided AS-IS, no warranty, liability • Whenever any code delivered by a member is reused in the supply chain, the associated license data is retrieved from the repository and is reused, too • Duplicate efforts can be avoided Supply Chains with Built-In License Compliance 29
What about having license data managed independently? • License data is created and actively managed by an independent party • Operational license compliance tasks are available as a service, e.g. • Upload license text receive a permanent URI for use in file headers, etc. • Upload source code receive a permanent URI pointing to file based license and copyright data (Bill of Materials) in SPDX format, and permanent URI(s) for the uploaded source files • Creation of FOSS disclosure documentation for source code • Provision of corresponding source code • Certified/trusted provider, full transparency • Economy of scale • Certification, indemnification options License compliance becomes built into the supply chain Supply Chains with Built-In License Compliance 30
License data travels seamlessly with the code Supply Chains with Built-In License Compliance 31 License Data Cloud Compliant!
Contact Claus-Peter Wiedemann Senior Manager BearingPoint Erika-Mann-Str. 9 80636 München Germany T +49 89 54033 6367 F +49 89 54033 7940 M +49 172 2757415 www.bearingpoint.com claus-peter.wiedemann@bearingpoint.com Supply Chains with Built-In License Compliance 33 L. Philip Odence Vice President and General Manager Black Duck 8 New England Executive Park Burlington, MA 01803 USA podence@blackducksoftware.com T +1 781 810 1819 M +1 781 258 9502 www.bearingpoint.com
OWF14 - Open Source & Software Supply Chain

Recommended

nexB - Software audit for product release
nexB - Software audit for product releasenexB - Software audit for product release
nexB - Software audit for product releasenexB Inc.
 
Extinct, endangered and threaten dogs4 students project...organic cop
Extinct, endangered and threaten dogs4 students project...organic copExtinct, endangered and threaten dogs4 students project...organic cop
Extinct, endangered and threaten dogs4 students project...organic copisamae27
 
Advertising sales-kit-2016-3
Advertising sales-kit-2016-3Advertising sales-kit-2016-3
Advertising sales-kit-2016-3alam jahangir
 
45 Pitch lesappawards 2014
45 Pitch lesappawards 201445 Pitch lesappawards 2014
45 Pitch lesappawards 2014servicesmobiles.fr
 
Managing Open Source Software Supply Chains
Managing Open Source Software Supply ChainsManaging Open Source Software Supply Chains
Managing Open Source Software Supply ChainsnexB Inc.
 
OpenChain, SPDX and FOSSology
OpenChain, SPDX and FOSSologyOpenChain, SPDX and FOSSology
OpenChain, SPDX and FOSSologyShane Coughlan
 
Optimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software ManagementOptimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software ManagementProtecode
 
Managing Software Inventories & Automating Open Source Software Compliance
Managing Software Inventories & Automating Open Source Software ComplianceManaging Software Inventories & Automating Open Source Software Compliance
Managing Software Inventories & Automating Open Source Software CompliancenexB Inc.
 

Recommended

nexB - Software audit for product release
nexB - Software audit for product releasenexB - Software audit for product release
nexB - Software audit for product releasenexB Inc.
 
Extinct, endangered and threaten dogs4 students project...organic cop
Extinct, endangered and threaten dogs4 students project...organic copExtinct, endangered and threaten dogs4 students project...organic cop
Extinct, endangered and threaten dogs4 students project...organic copisamae27
 
Advertising sales-kit-2016-3
Advertising sales-kit-2016-3Advertising sales-kit-2016-3
Advertising sales-kit-2016-3alam jahangir
 
45 Pitch lesappawards 2014
45 Pitch lesappawards 201445 Pitch lesappawards 2014
45 Pitch lesappawards 2014servicesmobiles.fr
 
Managing Open Source Software Supply Chains
Managing Open Source Software Supply ChainsManaging Open Source Software Supply Chains
Managing Open Source Software Supply ChainsnexB Inc.
 
OpenChain, SPDX and FOSSology
OpenChain, SPDX and FOSSologyOpenChain, SPDX and FOSSology
OpenChain, SPDX and FOSSologyShane Coughlan
 
Optimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software ManagementOptimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software ManagementProtecode
 
Managing Software Inventories & Automating Open Source Software Compliance
Managing Software Inventories & Automating Open Source Software ComplianceManaging Software Inventories & Automating Open Source Software Compliance
Managing Software Inventories & Automating Open Source Software CompliancenexB Inc.
 
SFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdf
SFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdfSFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdf
SFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdfSouth Tyrol Free Software Conference
 
OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0Shane Coughlan
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumShane Coughlan
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationnexB Inc.
 
Licensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsLicensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsProtecode
 
Best practices for simplifying software audits
Best practices for simplifying software auditsBest practices for simplifying software audits
Best practices for simplifying software auditsTiberius Forrester
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskProtecode
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Source Code Control Limited
 
Licensing in Composite Projects
Licensing in Composite ProjectsLicensing in Composite Projects
Licensing in Composite ProjectsTiberius Forrester
 
Managing OSS license obligations
Managing OSS license obligationsManaging OSS license obligations
Managing OSS license obligationsnexB Inc.
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskSource Code Control Limited
 
Welcome to the FOSS4G Community
Welcome to the FOSS4G CommunityWelcome to the FOSS4G Community
Welcome to the FOSS4G CommunityJody Garnett
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suitejeff cheng
 
Open Source ETL
Open Source ETLOpen Source ETL
Open Source ETLDavid Morris
 
Open Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingOpen Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingAll Things Open
 
The Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data ChallengesThe Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data ChallengesCompuware
 
Open Source Compliance Automation Capability Map
Open Source Compliance Automation Capability MapOpen Source Compliance Automation Capability Map
Open Source Compliance Automation Capability MapShane Coughlan
 
Project department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursProject department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursSAHIL781034
 
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...Black Duck by Synopsys
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...FINOS
 
#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...
#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...
#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...Paris Open Source Summit
 
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...Paris Open Source Summit
 

More Related Content

Similar to OWF14 - Open Source & Software Supply Chain

SFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdf
SFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdfSFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdf
SFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdfSouth Tyrol Free Software Conference
 
OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0Shane Coughlan
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumShane Coughlan
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationnexB Inc.
 
Licensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsLicensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsProtecode
 
Best practices for simplifying software audits
Best practices for simplifying software auditsBest practices for simplifying software audits
Best practices for simplifying software auditsTiberius Forrester
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskProtecode
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Source Code Control Limited
 
Licensing in Composite Projects
Licensing in Composite ProjectsLicensing in Composite Projects
Licensing in Composite ProjectsTiberius Forrester
 
Managing OSS license obligations
Managing OSS license obligationsManaging OSS license obligations
Managing OSS license obligationsnexB Inc.
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskSource Code Control Limited
 
Welcome to the FOSS4G Community
Welcome to the FOSS4G CommunityWelcome to the FOSS4G Community
Welcome to the FOSS4G CommunityJody Garnett
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suitejeff cheng
 
Open Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingOpen Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingAll Things Open
 
The Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data ChallengesThe Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data ChallengesCompuware
 
Open Source Compliance Automation Capability Map
Open Source Compliance Automation Capability MapOpen Source Compliance Automation Capability Map
Open Source Compliance Automation Capability MapShane Coughlan
 
Project department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursProject department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursSAHIL781034
 
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...Black Duck by Synopsys
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...FINOS
 

Similar to OWF14 - Open Source & Software Supply Chain (20)

SFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdf
SFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdfSFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdf
SFScon 22 - Alexios Zavras - Software Bills of Materials (SBOM).pdf
 
OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0
 
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain CurriculumGiving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
Giving Everyone Access To Open Source Best Practices: The OpenChain Curriculum
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software Identification
 
Licensing in Composite Open Source Projects
Licensing in Composite Open Source ProjectsLicensing in Composite Open Source Projects
Licensing in Composite Open Source Projects
 
Best practices for simplifying software audits
Best practices for simplifying software auditsBest practices for simplifying software audits
Best practices for simplifying software audits
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the Risk
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations?
 
Licensing in Composite Projects
Licensing in Composite ProjectsLicensing in Composite Projects
Licensing in Composite Projects
 
Managing OSS license obligations
Managing OSS license obligationsManaging OSS license obligations
Managing OSS license obligations
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the Risk
 
Welcome to the FOSS4G Community
Welcome to the FOSS4G CommunityWelcome to the FOSS4G Community
Welcome to the FOSS4G Community
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suite
 
Open Source ETL
Open Source ETLOpen Source ETL
Open Source ETL
 
Open Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingOpen Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are using
 
The Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data ChallengesThe Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
 
Open Source Compliance Automation Capability Map
Open Source Compliance Automation Capability MapOpen Source Compliance Automation Capability Map
Open Source Compliance Automation Capability Map
 
Project department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursProject department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis cours
 
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
Technical Due Diligence for M&A: A Perspective from Corporate Development at ...
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
 

More from Paris Open Source Summit

#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...
#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...
#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...Paris Open Source Summit
 
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...Paris Open Source Summit
 
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...Paris Open Source Summit
 
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, ArduinoParis Open Source Summit
 
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...Paris Open Source Summit
 
#OSSPARIS19 : Detecter des anomalies de séries temporelles à la volée avec Wa...
#OSSPARIS19 : Detecter des anomalies de séries temporelles à la volée avec Wa...#OSSPARIS19 : Detecter des anomalies de séries temporelles à la volée avec Wa...
#OSSPARIS19 : Detecter des anomalies de séries temporelles à la volée avec Wa...Paris Open Source Summit
 
#OSSPARIS19 : Supervision d'objets connectés industriels - Eric DOANE, Zabbix
#OSSPARIS19 : Supervision d'objets connectés industriels - Eric DOANE, Zabbix#OSSPARIS19 : Supervision d'objets connectés industriels - Eric DOANE, Zabbix
#OSSPARIS19 : Supervision d'objets connectés industriels - Eric DOANE, ZabbixParis Open Source Summit
 
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, InriaParis Open Source Summit
 
#OSSPARIS19 - Fostering disruptive innovation in AI with JEDI - André Loesekr...
#OSSPARIS19 - Fostering disruptive innovation in AI with JEDI - André Loesekr...#OSSPARIS19 - Fostering disruptive innovation in AI with JEDI - André Loesekr...
#OSSPARIS19 - Fostering disruptive innovation in AI with JEDI - André Loesekr...Paris Open Source Summit
 
#OSSPARIS19 : Comment ONLYOFFICE aide à organiser les travaux de recherches ...
#OSSPARIS19 : Comment ONLYOFFICE aide à organiser les travaux de recherches ...#OSSPARIS19 : Comment ONLYOFFICE aide à organiser les travaux de recherches ...
#OSSPARIS19 : Comment ONLYOFFICE aide à organiser les travaux de recherches ...Paris Open Source Summit
 
#OSSPARIS19 : MDPH : une solution collaborative open source pour l'instructio...
#OSSPARIS19 : MDPH : une solution collaborative open source pour l'instructio...#OSSPARIS19 : MDPH : une solution collaborative open source pour l'instructio...
#OSSPARIS19 : MDPH : une solution collaborative open source pour l'instructio...Paris Open Source Summit
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...Paris Open Source Summit
 
#OSSPARIS19 : Publier du code Open Source dans une banque : Mission impossibl...
#OSSPARIS19 : Publier du code Open Source dans une banque : Mission impossibl...#OSSPARIS19 : Publier du code Open Source dans une banque : Mission impossibl...
#OSSPARIS19 : Publier du code Open Source dans une banque : Mission impossibl...Paris Open Source Summit
 
#OSSPARIS19 : Libre à vous ! Raconter les libertés informatiques à la radio -...
#OSSPARIS19 : Libre à vous ! Raconter les libertés informatiques à la radio -...#OSSPARIS19 : Libre à vous ! Raconter les libertés informatiques à la radio -...
#OSSPARIS19 : Libre à vous ! Raconter les libertés informatiques à la radio -...Paris Open Source Summit
 
#OSSPARIS19 - Le logiciel libre : un enjeu politique et social - Etienne Gonn...
#OSSPARIS19 - Le logiciel libre : un enjeu politique et social - Etienne Gonn...#OSSPARIS19 - Le logiciel libre : un enjeu politique et social - Etienne Gonn...
#OSSPARIS19 - Le logiciel libre : un enjeu politique et social - Etienne Gonn...Paris Open Source Summit
 
#OSSPARIS19 - Conflits d’intérêt & concurrence : la place de l’éditeur dans l...
#OSSPARIS19 - Conflits d’intérêt & concurrence : la place de l’éditeur dans l...#OSSPARIS19 - Conflits d’intérêt & concurrence : la place de l’éditeur dans l...
#OSSPARIS19 - Conflits d’intérêt & concurrence : la place de l’éditeur dans l...Paris Open Source Summit
 
#OSSPARIS19 - Table ronde : souveraineté des données
#OSSPARIS19 - Table ronde : souveraineté des données #OSSPARIS19 - Table ronde : souveraineté des données
#OSSPARIS19 - Table ronde : souveraineté des données Paris Open Source Summit
 
#OSSPARIS19 - Comment financer un projet de logiciel libre - LUDOVIC DUBOST, ...
#OSSPARIS19 - Comment financer un projet de logiciel libre - LUDOVIC DUBOST, ...#OSSPARIS19 - Comment financer un projet de logiciel libre - LUDOVIC DUBOST, ...
#OSSPARIS19 - Comment financer un projet de logiciel libre - LUDOVIC DUBOST, ...Paris Open Source Summit
 
#OSSPARIS19 - BlueMind v4 : les dessous technologiques de 10 ans de travail p...
#OSSPARIS19 - BlueMind v4 : les dessous technologiques de 10 ans de travail p...#OSSPARIS19 - BlueMind v4 : les dessous technologiques de 10 ans de travail p...
#OSSPARIS19 - BlueMind v4 : les dessous technologiques de 10 ans de travail p...Paris Open Source Summit
 
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...Paris Open Source Summit
 

More from Paris Open Source Summit (20)

#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...
#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...
#OSSPARIS19 : Control your Embedded Linux remotely by using WebSockets - Gian...
 
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...
 
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
 
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
#OSSPARIS19 : The evolving (IoT) security landscape - Gianluca Varisco, Arduino
 
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
 
#OSSPARIS19 : Detecter des anomalies de séries temporelles à la volée avec Wa...
#OSSPARIS19 : Detecter des anomalies de séries temporelles à la volée avec Wa...#OSSPARIS19 : Detecter des anomalies de séries temporelles à la volée avec Wa...
#OSSPARIS19 : Detecter des anomalies de séries temporelles à la volée avec Wa...
 
#OSSPARIS19 : Supervision d'objets connectés industriels - Eric DOANE, Zabbix
#OSSPARIS19 : Supervision d'objets connectés industriels - Eric DOANE, Zabbix#OSSPARIS19 : Supervision d'objets connectés industriels - Eric DOANE, Zabbix
#OSSPARIS19 : Supervision d'objets connectés industriels - Eric DOANE, Zabbix
 
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria
 
#OSSPARIS19 - Fostering disruptive innovation in AI with JEDI - André Loesekr...
#OSSPARIS19 - Fostering disruptive innovation in AI with JEDI - André Loesekr...#OSSPARIS19 - Fostering disruptive innovation in AI with JEDI - André Loesekr...
#OSSPARIS19 - Fostering disruptive innovation in AI with JEDI - André Loesekr...
 
#OSSPARIS19 : Comment ONLYOFFICE aide à organiser les travaux de recherches ...
#OSSPARIS19 : Comment ONLYOFFICE aide à organiser les travaux de recherches ...#OSSPARIS19 : Comment ONLYOFFICE aide à organiser les travaux de recherches ...
#OSSPARIS19 : Comment ONLYOFFICE aide à organiser les travaux de recherches ...
 
#OSSPARIS19 : MDPH : une solution collaborative open source pour l'instructio...
#OSSPARIS19 : MDPH : une solution collaborative open source pour l'instructio...#OSSPARIS19 : MDPH : une solution collaborative open source pour l'instructio...
#OSSPARIS19 : MDPH : une solution collaborative open source pour l'instructio...
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
 
#OSSPARIS19 : Publier du code Open Source dans une banque : Mission impossibl...
#OSSPARIS19 : Publier du code Open Source dans une banque : Mission impossibl...#OSSPARIS19 : Publier du code Open Source dans une banque : Mission impossibl...
#OSSPARIS19 : Publier du code Open Source dans une banque : Mission impossibl...
 
#OSSPARIS19 : Libre à vous ! Raconter les libertés informatiques à la radio -...
#OSSPARIS19 : Libre à vous ! Raconter les libertés informatiques à la radio -...#OSSPARIS19 : Libre à vous ! Raconter les libertés informatiques à la radio -...
#OSSPARIS19 : Libre à vous ! Raconter les libertés informatiques à la radio -...
 
#OSSPARIS19 - Le logiciel libre : un enjeu politique et social - Etienne Gonn...
#OSSPARIS19 - Le logiciel libre : un enjeu politique et social - Etienne Gonn...#OSSPARIS19 - Le logiciel libre : un enjeu politique et social - Etienne Gonn...
#OSSPARIS19 - Le logiciel libre : un enjeu politique et social - Etienne Gonn...
 
#OSSPARIS19 - Conflits d’intérêt & concurrence : la place de l’éditeur dans l...
#OSSPARIS19 - Conflits d’intérêt & concurrence : la place de l’éditeur dans l...#OSSPARIS19 - Conflits d’intérêt & concurrence : la place de l’éditeur dans l...
#OSSPARIS19 - Conflits d’intérêt & concurrence : la place de l’éditeur dans l...
 
#OSSPARIS19 - Table ronde : souveraineté des données
#OSSPARIS19 - Table ronde : souveraineté des données #OSSPARIS19 - Table ronde : souveraineté des données
#OSSPARIS19 - Table ronde : souveraineté des données
 
#OSSPARIS19 - Comment financer un projet de logiciel libre - LUDOVIC DUBOST, ...
#OSSPARIS19 - Comment financer un projet de logiciel libre - LUDOVIC DUBOST, ...#OSSPARIS19 - Comment financer un projet de logiciel libre - LUDOVIC DUBOST, ...
#OSSPARIS19 - Comment financer un projet de logiciel libre - LUDOVIC DUBOST, ...
 
#OSSPARIS19 - BlueMind v4 : les dessous technologiques de 10 ans de travail p...
#OSSPARIS19 - BlueMind v4 : les dessous technologiques de 10 ans de travail p...#OSSPARIS19 - BlueMind v4 : les dessous technologiques de 10 ans de travail p...
#OSSPARIS19 - BlueMind v4 : les dessous technologiques de 10 ans de travail p...
 
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...
 

Recently uploaded

原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档208367051
 
How we prevented account sharing with MFA
How we prevented account sharing with MFAHow we prevented account sharing with MFA
How we prevented account sharing with MFAAndrei Kaleshka
 
Student profile product demonstration on grades, ability, well-being and mind...
Student profile product demonstration on grades, ability, well-being and mind...Student profile product demonstration on grades, ability, well-being and mind...
Student profile product demonstration on grades, ability, well-being and mind...Seán Kennedy
 
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改yuu sss
 
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一F La
 
Semantic Shed - Squashing and Squeezing.pptx
Semantic Shed - Squashing and Squeezing.pptxSemantic Shed - Squashing and Squeezing.pptx
Semantic Shed - Squashing and Squeezing.pptxMike Bennett
 
Identifying Appropriate Test Statistics Involving Population Mean
Identifying Appropriate Test Statistics Involving Population MeanIdentifying Appropriate Test Statistics Involving Population Mean
Identifying Appropriate Test Statistics Involving Population MeanMYRABACSAFRA2
 
Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...
Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...
Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...Boston Institute of Analytics
 
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...Boston Institute of Analytics
 
GA4 Without Cookies [Measure Camp AMS]
GA4 Without Cookies [Measure Camp AMS]GA4 Without Cookies [Measure Camp AMS]
GA4 Without Cookies [Measure Camp AMS]📊 Markus Baersch
 
办美国阿肯色大学小石城分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
办美国阿肯色大学小石城分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree办美国阿肯色大学小石城分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
办美国阿肯色大学小石城分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degreeyuu sss
 
科罗拉多大学波尔得分校毕业证学位证成绩单-可办理
科罗拉多大学波尔得分校毕业证学位证成绩单-可办理科罗拉多大学波尔得分校毕业证学位证成绩单-可办理
科罗拉多大学波尔得分校毕业证学位证成绩单-可办理e4aez8ss
 
Multiple time frame trading analysis -brianshannon.pdf
Multiple time frame trading analysis -brianshannon.pdfMultiple time frame trading analysis -brianshannon.pdf
Multiple time frame trading analysis -brianshannon.pdfchwongval
 
Data Factory in Microsoft Fabric (MsBIP #82)
Data Factory in Microsoft Fabric (MsBIP #82)Data Factory in Microsoft Fabric (MsBIP #82)
Data Factory in Microsoft Fabric (MsBIP #82)Cathrine Wilhelmsen
 
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPTPredictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPTBoston Institute of Analytics
 
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一F sss
 
Advanced Machine Learning for Business Professionals
Advanced Machine Learning for Business ProfessionalsAdvanced Machine Learning for Business Professionals
Advanced Machine Learning for Business ProfessionalsVICTOR MAESTRE RAMIREZ
 
Real-Time AI Streaming - AI Max Princeton
Real-Time AI Streaming - AI Max PrincetonReal-Time AI Streaming - AI Max Princeton
Real-Time AI Streaming - AI Max PrincetonTimothy Spann
 
Thiophen Mechanism khhjjjjjjjhhhhhhhhhhh
Thiophen Mechanism khhjjjjjjjhhhhhhhhhhhThiophen Mechanism khhjjjjjjjhhhhhhhhhhh
Thiophen Mechanism khhjjjjjjjhhhhhhhhhhhYasamin16
 
Predicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdfPredicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdfBoston Institute of Analytics
 

Recently uploaded (20)

原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
 
How we prevented account sharing with MFA
How we prevented account sharing with MFAHow we prevented account sharing with MFA
How we prevented account sharing with MFA
 
Student profile product demonstration on grades, ability, well-being and mind...
Student profile product demonstration on grades, ability, well-being and mind...Student profile product demonstration on grades, ability, well-being and mind...
Student profile product demonstration on grades, ability, well-being and mind...
 
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
 
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
 
Semantic Shed - Squashing and Squeezing.pptx
Semantic Shed - Squashing and Squeezing.pptxSemantic Shed - Squashing and Squeezing.pptx
Semantic Shed - Squashing and Squeezing.pptx
 
Identifying Appropriate Test Statistics Involving Population Mean
Identifying Appropriate Test Statistics Involving Population MeanIdentifying Appropriate Test Statistics Involving Population Mean
Identifying Appropriate Test Statistics Involving Population Mean
 
Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...
Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...
Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...
 
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
 
GA4 Without Cookies [Measure Camp AMS]
GA4 Without Cookies [Measure Camp AMS]GA4 Without Cookies [Measure Camp AMS]
GA4 Without Cookies [Measure Camp AMS]
 
办美国阿肯色大学小石城分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
办美国阿肯色大学小石城分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree办美国阿肯色大学小石城分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
办美国阿肯色大学小石城分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
 
科罗拉多大学波尔得分校毕业证学位证成绩单-可办理
科罗拉多大学波尔得分校毕业证学位证成绩单-可办理科罗拉多大学波尔得分校毕业证学位证成绩单-可办理
科罗拉多大学波尔得分校毕业证学位证成绩单-可办理
 
Multiple time frame trading analysis -brianshannon.pdf
Multiple time frame trading analysis -brianshannon.pdfMultiple time frame trading analysis -brianshannon.pdf
Multiple time frame trading analysis -brianshannon.pdf
 
Data Factory in Microsoft Fabric (MsBIP #82)
Data Factory in Microsoft Fabric (MsBIP #82)Data Factory in Microsoft Fabric (MsBIP #82)
Data Factory in Microsoft Fabric (MsBIP #82)
 
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPTPredictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPT
 
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
 
Advanced Machine Learning for Business Professionals
Advanced Machine Learning for Business ProfessionalsAdvanced Machine Learning for Business Professionals
Advanced Machine Learning for Business Professionals
 
Real-Time AI Streaming - AI Max Princeton
Real-Time AI Streaming - AI Max PrincetonReal-Time AI Streaming - AI Max Princeton
Real-Time AI Streaming - AI Max Princeton
 
Thiophen Mechanism khhjjjjjjjhhhhhhhhhhh
Thiophen Mechanism khhjjjjjjjhhhhhhhhhhhThiophen Mechanism khhjjjjjjjhhhhhhhhhhh
Thiophen Mechanism khhjjjjjjjhhhhhhhhhhh
 
Predicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdfPredicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdf
 

OWF14 - Open Source & Software Supply Chain

  • 1. Supply Chains with Built-In License Compliance Claus-Peter Wiedemann Sr. Manager, FOSS Management, BearingPoint Phil Odence VP/General Manager, Black Duck Chair, SPDX Workgroup Open World Forum Paris, October 31, 2014
  • 2. Warm up questions (head) • Who delivers software to other suppliers or end customers? • Who provides license information with that? In which format • How is this license information created? • Who just copies the license information provided by suppliers? Supply Chains with Built-In License Compliance 2
  • 3. Warm up questions (tail) • Who receives software from suppliers? • Who receives license information from suppliers? In which format? • Who is verifying the received license information? How? Supply Chains with Built-In License Compliance 3
  • 4. • Different formats • Unpredictable quality • Duplicate efforts • No trust Inefficient, ineffective High Risk Today Supply Chains with Built-In License Compliance 4 Compliant?
  • 5. The Fantec Case • GPL violation discovered • Source code was made available, but not the “corresponding” version • Fantec argues • Chinese supplier asserted that delivered source code was complete • Effective verification of completeness only possible by copyright holder • Source code assessments are costly but no warranty that results are complete and correct • The Court says • Fantec was required to ensure the GPL obligations are fulfilled for their delivery • Fantec acted negligently by relying on its suppliers • Fantec was required to assess, the software by themselves or by a competent 3rd party, even if this meant additional cost Supply Chains with Built-In License Compliance 5
  • 6. Creating/verifying the same information over and over again is not an (efficient) option But… Supply Chains with Built-In License Compliance 7
  • 7. What do we need to fix this? Standardization (Format and Process) + Trust (Process and Capabilities) Supply Chains with Built-In License Compliance 8
  • 8. Good news: we already have a standard format • File based license data • Information about a composition (a.k.a. hierarchy) • Information about architecture (linking, communication, etc.) • Composition license data -> concluded licenses • Information about how the data was created Supply Chains with Built-In License Compliance 9
  • 9. Software Package Data Exchange® (SPDX®) A standard format for communicating the components, licenses and copyrights associated with a software package. Key pillar in Linux Foundation’s Open Compliance Program which comprises: Tools, Self-Assessment, SPDX, Rapid Alert System, Training, Community V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 11
  • 10. The Need Our suppliers aren’t giving us complete licensing information for open source packages. software in Every customer wants a bill of materials in a different form. I don’t mind vetting our code, but I’m sure this imported package has been analyzed a dozen times before. software out V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 12
  • 11. How much of a problem is it? How important is an industry standard for exchanging software BOMs? V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 13
  • 12. The SPDX License List SPDX® license repo • List of most common licenses (300+) • Include common exceptions • Standardized license names • Exact text of licenses • Available on SPDX® website – URLs won’t change • License Matching Guidelines used for the purposes of matching licenses against those included on the SPDX License List • License Templates • denote license text which is optional or replaceable per the license matching guidelines V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 14
  • 13. The SPDX Document SPDX Version and Licensing How and when created Package identification, copyright and licensing File by file identification, copyright and licensing Text of licenses that are not in SPDX License List Log of 3rd party reviews File is in RDF/XML or tag value form and can be converted to/from spreadsheets. Document Information Creation Information Package Information File Information Licensing Information Review Information V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 15
  • 14. Support Forms: RDF Tag Value Spreadsheet thru translation V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 16
  • 15. Status Version 1.1– August 2012 Version 1.2– October 2013 Version 2.0– RC1 next month, release Feb 2015 http://www.spdx.org V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 17
  • 16. New in 2.0 Referencing Other SPDX Files Each SPDX Document has a unique identifier Elements within a document may have an identifier unique to the SPDX document (e.g. File, License, Package) Elements in external documents are referenced using the document unique ID:Ref SPDX Document A …. SPDXDocumentId XYZ… … File abc/def SdxRef- 201 … SPDX Document B …. SPDXDocumentId ABC… … ReferencesDoc docA I d: XYZ… … SdxRef-12 File: zzz/yyy ReferencesFile docA:SpdxRef-201 … V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 18
  • 17. Adoption License List Internal: TI, Wind River, MicroFocus, HP, Siemens Tools: Black Duck, FOSSology, nexB, Protecode Community: OSI, Debian, Composer, Bower, NPM Format TI, Wind River, Alcatel Lucent, Siemens, OpenChain? Tagging Files U-Boot, Wind River Tooling Wind River, Black Duck, Source Auditor, FOSSology/UNO, Yocto, TripleCheck, SPDX OSS V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 19
  • 18. Participants Open Source Organizations End-Users Integration Services Device OEMs Applications OS Distributions Systems Semiconductor Vendors …and others Participation is from a range of organizations and across various roles V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 20
  • 19. Getting involved… See: http://www.spdx.org Mailing lists, meetings, wiki Contact: Phil Odence (Chair) - podence@blackducksoftware.com Kate Stewart (Tech Team Chair) - stewart@linux.com Jilayne Lovejoy (Legal Team Co-Chair) - opensource@jilayne.com Paul Maddick, (Legal Team Co-Chair) - paul.madick@hp.com Jack Manbeck (Business Team Co-Chair) - j-manbeck2@ti.com Mikael Söderberg (Business Team Co-Chair) - mikael.soderberg@pelagicore.com V2.13 [spec v1.2] Copyright Linux Foundation 2014 (CC-BY-3.0) 21
  • 20. SPDX is (almost) perfect – but is it enough? • No quality standards for the license data • Defined creation process and rules • Verification requirements • No standardization of license obligations fulfillment • Who does what when and how • No/limited collaboration • Qualified FOSS management experts rarely work together beyond company boundaries • License data is not developed and maintained the “Open Source way” What works for code can also work for license data… Supply Chains with Built-In License Compliance 27
  • 21. No Legal Advise Only the data Supply Chains with Built-In License Compliance 28
  • 22. What about a Community of Trusted Suppliers • All members maintain a sufficient FOSS management maturity • Adequate policies, processes, tools • FOSS supplier management Sufficient maturity level is a prerequisite for community membership • Members jointly create a growing pool of reliable and reusable license data • Members share the license data they have created for their deliveries (source or binary, components or complete works) by uploading it to the community repository • License data provided AS-IS, no warranty, liability • Whenever any code delivered by a member is reused in the supply chain, the associated license data is retrieved from the repository and is reused, too • Duplicate efforts can be avoided Supply Chains with Built-In License Compliance 29
  • 23. What about having license data managed independently? • License data is created and actively managed by an independent party • Operational license compliance tasks are available as a service, e.g. • Upload license text receive a permanent URI for use in file headers, etc. • Upload source code receive a permanent URI pointing to file based license and copyright data (Bill of Materials) in SPDX format, and permanent URI(s) for the uploaded source files • Creation of FOSS disclosure documentation for source code • Provision of corresponding source code • Certified/trusted provider, full transparency • Economy of scale • Certification, indemnification options License compliance becomes built into the supply chain Supply Chains with Built-In License Compliance 30
  • 24. License data travels seamlessly with the code Supply Chains with Built-In License Compliance 31 License Data Cloud Compliant!
  • 25. Contact Claus-Peter Wiedemann Senior Manager BearingPoint Erika-Mann-Str. 9 80636 München Germany T +49 89 54033 6367 F +49 89 54033 7940 M +49 172 2757415 www.bearingpoint.com claus-peter.wiedemann@bearingpoint.com Supply Chains with Built-In License Compliance 33 L. Philip Odence Vice President and General Manager Black Duck 8 New England Executive Park Burlington, MA 01803 USA podence@blackducksoftware.com T +1 781 810 1819 M +1 781 258 9502 www.bearingpoint.com