The draw for financial services' use of open source in today's competitive environment is certainly built on the need to manage costs, but equally as important, to innovate and help solve business challenges. Implementing open source policies, processes and tools the right way could mean the difference between being a leader in the industry and costly mistakes that impact your reputation and bottom-line. In this session, Jeff Luszcz, Vice President of Product Management at Flexera, takes a deep dive into some of the common--and not so common--concerns and best practices surrounding using open source. Jeff will discuss the needs of the different open source culture types including compliance and security, how to manage commercial suppliers and compliance artifacts (third party notices, 'About' boxes, source bundles, etc.), and industry standards such as OpenChain and SPDX.
Jeff will address lessons learned from deploying software composition analysis (SCA) scanning tools across the enterprise, the importance of developing processes that enhance the value of engineers and developers versus making their jobs harder, and how legal, engineering, and security work together to develop remediation policies that make sense. Jeff will also discuss how to work best with Open Source projects in order to give back to the community. Join Jeff for this talk if you are involved in open source use, compliance and security and want an in-depth look at both the expected and unexpected issues you could face in your open source efforts.