-
Be the first to like this
Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Published on
Jeff Luszcz on Open Source Compliance
Compliance is still a personality driven process
When influencers leave, a company’s compliance process often falls apart
Bus Factor=<1 at many companies
Experience levels vary greatly across the industry
BOM Inventory depends on who performed or what process was followed. Same project could report 10 or 1000 libraries depending on tool or person.
Analysis Paralysis is a double edged sword
First reviews lead to either NO reviews or MORE reviews
Remediation is an ART not a Science
The number of packages in a BOM has moved past where humans can easily monitor using spreadsheets
The build environment and tool chain are being ignored by compliance teams at the same time targeted Supply Chain Attacks are increasing
We need to start requiring accurate BOMS in contracts with real teeth
“Internal Audit” is waking up to OSS issues
Pressure building for new FOSS licenses / models
OpenChain has a bright future! Well respected and outside knowledge is growing
Be the first to like this
Be the first to comment