Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Open Source at Scania
1. open source at scania
JONAS ÖBERG, chair of scania open source program
2. Jonas Öberg / Open Source at Scania
Always
46%
Sometimes
42%
Rarely
10%
Never
2%
How often do you try to find
open source alternatives?When we ask how often our
developers try to find open source
options over other kinds of software,
we see that 88% of our developers
sometimes or always try to use open
source.
That’s interesting, considering 43%
felt there was no policy for open
source, it was not permitted, or they
didn’t know.
Regardless of guidelines and whether
open source is encouraged or not, it
seems our developers still give some
preference to open source.
WE’re on the way, but the road is long!
3. Jonas Öberg / Open Source at Scania
26%
51%
18%
5%
0%
10%
20%
30%
40%
50%
60%
Very interested Somewhat interested Not too interested Not interested at all
how interested are you in contributing to open source?
Finally, we asked whether our developers
have an interest in contributing to open
source in the future. 77% are somewhat or
very interested in contributing to open
source.
This gives us some reassurance that if we
provide our developers with clear
guidelines for contributing to open source,
many will take us up on the opportunity to
do so.
5. confidence in supply chain
SPDX Bill-of-
Material
Mandatory Delivery
of Required
Compliance
Artifacts
OpenChain™ or
TÜV SÜD TPS
Standard PPP
15001A certification
Q1 2020
7. Export control is regulations that
limit release of software,
technology, services, knowledge
to foreign countries: limiting our
freedom to operate.
Economic sanctions, trade
restrictions, barriers, tariffs,
embargoes.
Designed to protect national
security, foreign policy or
domestic economic interests.
confidence in freedom to operate
8. • Sensitive goods; software, technology and technical data, both physical items
and transfer of software and technology (e.g. offering as download from a
website)
− Any goods transferred to a party with the intent of being used for military purposes,
− Or, any goods which is part of the product control lists, which may be Dual Use items, i.e.
items which can have both a civilian and military purpose.
• Both require a license to export – unless they meet an exception
• Applies regardless of how it’s transferred: electronically, post, on laptop when
visiting foreign country, etc..
• Also apply to transfers within a group, e.g. Scania in Sweden to Scania in Brazil.
What is affected by Export Control?
9. Self classify
.. and then there are exceptions.. and exceptions to the exceptions.
Quotation marks means the word is separately defined.
10.
11. Contains Encryption? (Yes/No)
Is encryption used for User Authentication? (Yes/No)
Open-Source Encryption? (Yes/No)
Generally available to the public by being sold without restriction from
stock at retail points? (Yes/No)
Encryption Type Used? (Symmetric/Asymmetric/Elliptic-Curve)
Key-length used for the Encryption
…
Encryption Questionnaire
12. • The answers represent a statement of the capabilities of the software, easily
understood by the developers.
• Different organisations may interpret the answers differently.
• No need for developers to make ECCN decisions.
• Provides a way for developers to speak to export control groups.
Interpretation
13. Introducing EXPORT.md
Export-Declaration File v1.0
Contains-encryption: [Yes/No]
Crypto-for-user-authentication: [Yes/No]
...
Declared-ECCN: x-us:5D002
At least between Scania and FNC, we ask the same questions! And
the answers can be shared.
Export Control of Open Source Working
Group – ECOS WG
16. Open source / 3pp
libraries/code
Qualification
Evidence that the software development
process for the component is based on an
appropriate national or international
standard (e.g. ISO/IEC/IEEE 12207.
Evidence that the software complies
with its requirements, reactions to and
description of anomalities etc.
Complete code coverage including MC/DC
(ASIL-D)
26262 Requirements Abridged
No or almost no open source
fulfilling this today.
17. tools TCL3
Confidence from use
Evaluation of the tool
development process
Validation of the software
tool
Development according to a
safety standard
26262 Requirements
Highly recommends
“For open source developments, some of the
standards used by those communities can also be
appropriate.”
C,D
C,D
A,B
A,B
No or almost no open source fulfilling this
today.
18. No or almost no open source
fulfilling this today.
Tomorrow?