This document contains an agenda for The OpenChain Project Mini-Summit taking place on May 9, 2023 from 14:30-17:00 PDT. The agenda includes introductions on OpenChain license compliance and security assurance standards in 2023, two keynote speeches on SBOMs and open source automation tooling, and three roundtable discussion sessions on process standards, SBOMs, and automation. There will also be two breaks included in the schedule. The summit aims to provide an update on OpenChain initiatives and standards while facilitating discussion on related topics within the open source community.
Great Open Source Compliance For Everyone (Version 3)Shane Coughlan
Great Open Source Compliance For Everyone (Version 3) is a slide deck designed to provide an overview of the OpenChain Project. Our goal is to encourage the adoption of the key requirements for a quality open source compliance program.
Talk given at ISC Cloud'13: HPC and Manufacturing Meet Cloud, held 23-24 Sep 2013 in Heidelberg, Germany.
http://www.isc-events.com/cloud13/Overview.html
Europace is a network-centric organization within a network of organizations (Hypoport). It uses the self-organization framework Holacracy as its operating system---loosely coupled, autonomous teams are working together for a common purpose. But with autonomy also comes a trend towards self-sufficiency. In the years after starting with self-organization we experienced a lot of “reinventing the wheel” instead of company-wide collaboration. In order to find a way out of this dilemma we looked at the open source world, especially on how collaboration works in such a distributed world. What we found was The Apache Way.
Next, a group of people interested and experienced in Open Source founded a community of practise at Europace. Together, we run experiments for applying the patterns of The Apache Way at our teams. As a result of those experiments these patterns can nowadays be found everywhere at Europace, especially when it comes to collaboration between teams. But we did not stop there, we kept on running experiments in order to improve the InnerSource experience at Europace. In this talk you will learn which experiments we run, how we did it and what we discovered on our journey so far.
Presentation of the paper "Primers or Reminders? The Effects of Existing Review Comments on Code Review" published at ICSE 2020.
Authors:
Davide Spadini, Gül Calikli, Alberto Bacchelli
Link to the paper: https://research.tudelft.nl/en/publications/primers-or-reminders-the-effects-of-existing-review-comments-on-c
Open Source Insight: Hub Detect & DevOps, OSS for Cars & 1.8 M Voter Info LeakedBlack Duck by Synopsys
Black Duck releases Hub Detect, a new feature which allows Black Duck Hub to run seamlessly within any DevOps toolchain regardless of the tools used, and shares its growth plans in an exclusive interview with Xconomy.
Black Duck vice president and general manager Phil Odence shares his thoughts on the quietly accelerating adoption of the AGPL. Vice president of security strategy Mike Pittenger argues that auto manufacturers need to step up their game when it comes to software security.
Vice president of product marketing provides an overview of safety, security and open source in the auto industry. Plus, 1.8 Chicago voting records leaked!
Great Open Source Compliance For Everyone (Version 3)Shane Coughlan
Great Open Source Compliance For Everyone (Version 3) is a slide deck designed to provide an overview of the OpenChain Project. Our goal is to encourage the adoption of the key requirements for a quality open source compliance program.
Talk given at ISC Cloud'13: HPC and Manufacturing Meet Cloud, held 23-24 Sep 2013 in Heidelberg, Germany.
http://www.isc-events.com/cloud13/Overview.html
Europace is a network-centric organization within a network of organizations (Hypoport). It uses the self-organization framework Holacracy as its operating system---loosely coupled, autonomous teams are working together for a common purpose. But with autonomy also comes a trend towards self-sufficiency. In the years after starting with self-organization we experienced a lot of “reinventing the wheel” instead of company-wide collaboration. In order to find a way out of this dilemma we looked at the open source world, especially on how collaboration works in such a distributed world. What we found was The Apache Way.
Next, a group of people interested and experienced in Open Source founded a community of practise at Europace. Together, we run experiments for applying the patterns of The Apache Way at our teams. As a result of those experiments these patterns can nowadays be found everywhere at Europace, especially when it comes to collaboration between teams. But we did not stop there, we kept on running experiments in order to improve the InnerSource experience at Europace. In this talk you will learn which experiments we run, how we did it and what we discovered on our journey so far.
Presentation of the paper "Primers or Reminders? The Effects of Existing Review Comments on Code Review" published at ICSE 2020.
Authors:
Davide Spadini, Gül Calikli, Alberto Bacchelli
Link to the paper: https://research.tudelft.nl/en/publications/primers-or-reminders-the-effects-of-existing-review-comments-on-c
Open Source Insight: Hub Detect & DevOps, OSS for Cars & 1.8 M Voter Info LeakedBlack Duck by Synopsys
Black Duck releases Hub Detect, a new feature which allows Black Duck Hub to run seamlessly within any DevOps toolchain regardless of the tools used, and shares its growth plans in an exclusive interview with Xconomy.
Black Duck vice president and general manager Phil Odence shares his thoughts on the quietly accelerating adoption of the AGPL. Vice president of security strategy Mike Pittenger argues that auto manufacturers need to step up their game when it comes to software security.
Vice president of product marketing provides an overview of safety, security and open source in the auto industry. Plus, 1.8 Chicago voting records leaked!
OpenChain Webinar #56: Generative AI and Your CodeShane Coughlan
OpenChain Webinar #56: Generative AI and Your Code
Maximizing the Opportunity While Managing the Risks
This webinar had a poll about areas of interest around AI and law. Click here to access it:
https://forms.office.com/r/MaZFgHuH6v
About This Webinar
Generative AI (GAI) provides powerful opportunities for innovation and productivity across all organizational functions – from composing emails and crafting press releases to retouching and refining images and video, all this in seconds. GAI tools can even be used to write, test and improve computer code! This comes with risks that need to be managed within your organization, in order to realize the competitive advantage these GAI tools can provide.
In this webinar, Anthony Decicco and Wael Nackasha, attorneys at GTC Law Group:
- Provide an introduction to GAI and its use to generate software code, text, and images
- Explain how machines learn, including training data and the resulting models
- Cover how developers are using GAI tools (such as GitHub Copilot and ChatGPT) to write and augment source code, with a focus on:
-- A ‘demo’ of how the tools work
-- The community reactions and recent litigation
-- The benefits and risks of the tools
-- Ways to mitigate the risks
-- Best practices for policies and procedures
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Mobile App Development Company In Noida | Drona InfotechDrona Infotech
Looking for a reliable mobile app development company in Noida? Look no further than Drona Infotech. We specialize in creating customized apps for your business needs.
Visit Us For : https://www.dronainfotech.com/mobile-application-development/
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
AI Genie Review: World’s First Open AI WordPress Website CreatorGoogle
AI Genie Review: World’s First Open AI WordPress Website Creator
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-genie-review
AI Genie Review: Key Features
✅Creates Limitless Real-Time Unique Content, auto-publishing Posts, Pages & Images directly from Chat GPT & Open AI on WordPress in any Niche
✅First & Only Google Bard Approved Software That Publishes 100% Original, SEO Friendly Content using Open AI
✅Publish Automated Posts and Pages using AI Genie directly on Your website
✅50 DFY Websites Included Without Adding Any Images, Content Or Doing Anything Yourself
✅Integrated Chat GPT Bot gives Instant Answers on Your Website to Visitors
✅Just Enter the title, and your Content for Pages and Posts will be ready on your website
✅Automatically insert visually appealing images into posts based on keywords and titles.
✅Choose the temperature of the content and control its randomness.
✅Control the length of the content to be generated.
✅Never Worry About Paying Huge Money Monthly To Top Content Creation Platforms
✅100% Easy-to-Use, Newbie-Friendly Technology
✅30-Days Money-Back Guarantee
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIGenieApp #AIGenieBonus #AIGenieBonuses #AIGenieDemo #AIGenieDownload #AIGenieLegit #AIGenieLiveDemo #AIGenieOTO #AIGeniePreview #AIGenieReview #AIGenieReviewandBonus #AIGenieScamorLegit #AIGenieSoftware #AIGenieUpgrades #AIGenieUpsells #HowDoesAlGenie #HowtoBuyAIGenie #HowtoMakeMoneywithAIGenie #MakeMoneyOnline #MakeMoneywithAIGenie
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
3. AGENDA
• 14:30: Introduction: The OpenChain License Compliance and Security
Assurance Standards in 2023
• 14:50: Keynote: Moving Down The Pyramid - SBOMs in 2023
• 15:10 - Break
• 15:20: Keynote: Moving Down The Pyramid - “State of the Tooling” in
Open Source Automation, Helio Chissini de Castro, CARIAD
• 15:40: Special Keynote: FOSSLight - Next Generation Open Source
Automation for Compliance and Security, Kyoungae Kim and Soim
Kim, LG Electronics
• 16:00 - Break
• 16:10: Roundtable Session - Process Standards
• 16:25: Roundtable Session - SBOMs
• 16:45: Roundtable Session - Automation
• 17:00 - Close
7. Members Represent Over 5.9 Trillion USD In Market Value
https://docs.google.com/spreadsheets/d/1HllBIFRkqiUc-6nnJWRkPd1VmiajeRknDIH6EnWYYLE/edit?usp=sharing
8. Platinum Member / Conformance Pending ISO/IEC 5230 + DIS 18974 Conformant
Platinum Member + ISO/IEC 5230 Conformant
Automotive Banking Cloud Consumer Industrial SaaS Service Silicon Telco
Example Verticals Impacted by OpenChain
This is a snapshot based on membership and select conformant organizations currently listed on our website. Total conformant numbers are far higher.
Example: PwC Survey shows 20% of companies in Germany with over 2,000 employees already used ISO/IEC 5230.
9. Snapshoot Represents Over 7.5 Trillion USD In Market Value
https://docs.google.com/spreadsheets/d/1HllBIFRkqiUc-6nnJWRkPd1VmiajeRknDIH6EnWYYLE/edit?usp=sharing
10. Trillions More In Market Value Touched
(Lockheed co-chairs our spec development)
This is a non-exhaustive list of participants on some of our community lists
17. Overview
● We expect to complete the Draft International Standard (DIS) process via
JTC-1 at the end of June.
● There will be an editorial period after this.
● According to Seth from Joint Development Foundation:
“We will most likely end up passing with edits. We will clean up the editorial
things but nothing technically normative and send it back. They will spend
another month transposing the final version and give us the ISO number.”
Questions?
20. OpenChain Has 98 ISO/IEC 5230 Conformant Orgs
Listed On Our Website (totals are higher)
Total conformant numbers are far higher.
Example: PwC Survey shows 20% of companies in Germany with over 2,000 employees already used ISO/IEC 5230.
33. Licensing and Security Specification Editing
● The editing process is continuing as expected, with solid feedback on issues, and
changes heading in the direction of improved clarity.
● The open and closed issues are tracked via GitHub:
Licensing: https://github.com/OpenChain-Project/License-Compliance-Specification/issues
Security: https://github.com/OpenChain-Project/Security-Assurance-Specification/issues
● The draft next generation specifications are also hosted on GitHub:
Licensing: https://github.com/OpenChain-Project/License-Compliance-
Specification/blob/master/3.0/en/openchain-license-compliance-3.0.md
Security: https://github.com/OpenChain-Project/Security-Assurance-Specification/blob/main/Security-Assurance-
Specification/2.0/en/openchain-security-specification-2.0.md
● As are the slides used for every meeting (two meetings per month):
https://github.com/OpenChain-Project/Meeting-Minutes/tree/main/Slides
34. Model Language For Procurement
● The first meeting of the Legal Work Group took place on the 25th of April 2023.
● We explored model provisions for including OpenChain ISO/IEC 5230 and
OpenChain ISO/IEC DIS 18974 (and potentially other standards) in procurement
contracts or similar material. The goal is to ensure people can understand options.
We will not be prescriptive, and these model provisions will remain part of the
OpenChain reference material. They will not be included in the standards
themselves.
○ The call started by looking at model provisions done before via the Risk Grid.
○ The document, under public domain, has been moved to the OpenChain GitHub for ease of access
and editing.
● Our outcome was to use this basic format to structure our first round of model
provisions, and to have the option of merging the documents in the future.
36. One More Thing…
● Today (2023-05-09) we are releasing the first draft case studies created by
ChatGPT on our GitHub.
● These are not intended to replace our community contributions, but to make it
fast for people to add ideas and adjustments.
● This will specifically address one of the greatest challenges in creating new
material: the initial time spent for drafting. Our community usually enjoys
commenting and adjusting more than drafting.
● It took ChatGPT less than ten minutes to create eight case studies:
https://github.com/OpenChain-Project/Reference-Material/tree/master/Adoption-Case-Studies/Official/en/ChatGPT
39. OpenChain Supports Both NTIA + CISA SBOM
● ISO/IEC 5230 and ISO/IEC DIS 18974 both require the existence of an
SBOM as part of the key requirements of either a quality license compliance
or security assurance program.
● We inherently match the guidance provided by NTIA and CISA.
● We are non-prescriptive on the actual SBOM format used, allowing our
community the freedom to choose SPDX, CycloneDX or SWID as appropriate
to meet their needs.
● We have been positioning the supply chain to meeting The Minimum
Elements For a Software Bill of Materials (SBOM) since our inception.