Industry Insights Common Pitfalls and Key Considerations in Using Software Bi...SZ Lin
Modern regulations and cybersecurity standards globally now require a Software Bill of Materials (SBOM) with specific details. As a result, many companies are adopting SBOMs. Yet, compliance isn't merely technical. It involves process, inter-departmental, and supply chain communication challenges. This session explores these SBOM challenges and provides insights for effective use. Many perceive the SBOM simply as an inventory, neglecting its significance in software management, component tracking, vulnerability assessments, and compliance assurance. While automation streamlines processes, an over-reliance can miss software intricacies; thus, manual reviews remain indispensable. Assuming an SBOM alone ensures a secure software supply chain is a misconception. Though pivotal in risk identification, SBOMs form just a facet of an overarching security strategy, demanding consistent updates to counteract emerging threats. By sidestepping common missteps and adopting best practices, SBOMs can evolve from simple documentation to indispensable tools for software governance and safeguarding.
Industry Insights Common Pitfalls and Key Considerations in Using Software Bi...SZ Lin
Modern regulations and cybersecurity standards globally now require a Software Bill of Materials (SBOM) with specific details. As a result, many companies are adopting SBOMs. Yet, compliance isn't merely technical. It involves process, inter-departmental, and supply chain communication challenges. This session explores these SBOM challenges and provides insights for effective use. Many perceive the SBOM simply as an inventory, neglecting its significance in software management, component tracking, vulnerability assessments, and compliance assurance. While automation streamlines processes, an over-reliance can miss software intricacies; thus, manual reviews remain indispensable. Assuming an SBOM alone ensures a secure software supply chain is a misconception. Though pivotal in risk identification, SBOMs form just a facet of an overarching security strategy, demanding consistent updates to counteract emerging threats. By sidestepping common missteps and adopting best practices, SBOMs can evolve from simple documentation to indispensable tools for software governance and safeguarding.
Manage kernel vulnerabilities in the software development lifecycleSZ Lin
This slide deck aims to introduce the methodology in managing the Linux kernel vulnerabilities in the software development lifecycle (SLDC) to reduce the maintenance effort.
OpenChain, the ISO standard, defines effective open source compliance. This slide deck aims to let people get familiar with OpenChain specification from scratch.
OpenChain - The Industry Standard for Open Source ComplianceSZ Lin
OpenChain is a legal compliance process and standard for the implementation of open source software in the enterprise supply chain. It enables the upstream and downstream of the software supply to follow and share the open source compliance obligations accordingly; moreover, it can also help the enterprises to collaborate with the open source communities positively.
Design, Build,and Maintain the Embedded Linux PlatformSZ Lin
Using open source software to build an embedded Linux platform from scratch.
Building an embedded Linux platform is like a puzzle; placing the suitable software components in the right positions will constitute an optimal platform. However, selecting suitable components is difficult since it depends on different application scenarios. The essential components of an embedded Linux platform include the bootloader, Linux kernel, toolchain, root filesystem; it also needs the tools for image generation, upgrades, and testing. There are abundant resources in the Linux ecosystem with these components and tools; however, selecting the suitable modules and tools is still a key challenge for system designers.
Using open source software to build an industrial grade embedded linux platfo...SZ Lin
Building an embedded Linux platform is like a puzzle; placing the suitable software components in the right positions will constitute an optimal platform. However, selecting suitable components is difficult since it depends on different application scenarios. The essential components of an embedded Linux platform include the bootloader, Linux kernel, toolchain, root filesystem; it also needs the tools for image generation, upgrades, and testing. There are abundant resources in the Linux ecosystem with these components and tools; however, selecting the suitable modules and tools is still a key challenge for system designers.
Take a step forward from user to maintainer or developer in open source secur...SZ Lin
There are a variety of high-quality open source security-related tools available in penetration testing tools, forensics tools, hardening tools, fuzz tools, and network monitoring tools. These tools could be used freely; however, we might face some issues while using it. Therefore, it is essential to have the ability to maintain or develop these tools. In this slide, SZ Lin introduces Security Tools Packaging Team in Debian; this team aims to maintain collaboratively many security tools and merge back tools packaged by security-oriented Debian derivatives (e.g., Kali). Also, SZ shares the experience in discussing and collaborating with open source maintainers and developers in open source security-related tools.
It's a pivotal challenge to update the software in embedded systems due to many restrictions such as unreliable network and power supply, limited bandwidth, harsh environment, etc. This slide aims to provide the background knowledge and the open source tool to achieve the software update in embedded systems.
Introduction to Civil Infrastructure PlatformSZ Lin
CIP is target to establish an open source base layer of industrial grade software to enable the use and implementation of software. This slide will introduce the current status and road map in CIP
Long-term Maintenance Model of Embedded Industrial Linux DistributionSZ Lin
To introduce a robust, secure and reliable platform for the industrial environments is a key challenge; moreover, the platform needs to survive for a long time (more than 10+ years). There are many good solutions aiming to meet these requirements, such as LTSI (Long Term Support Initiative) and CIP (Civil Infrastructure Platform). However, it still needs a high amount of maintenance and development costs in handling SoC/ hardware board in-house patch, non-upstream driver and keep source code consistent with different SoC and platform afterwards.
In this presentation, SZ Lin will introduce how to operate long-term maintenance model of embedded industrial Linux distribution. In addition, he will also address the building, deploying and testing architecture and workflow for producing a robust, secure and reliable platform.
Building, deploying and testing an industrial linux platform @ Open source su...SZ Lin
To introduce a robust, secure and reliable platform for the industrial environments is a key challenge. Therefore, running with the industrial-grade Linux distribution to fulfill the requirements mentioned above is imperative. The Linux distribution includes the Linux kernel and user space. Based on this testing design, the distribution will be built, deployed and tested in the device under automatic test by using continuous integration development practice to withstand the harsh industrial environments. In this presentation, SZ Lin will introduce how the industrial-grade Linux distribution is built, deployed and tested without human intervention, and review the test scope in both Linux kernel and user space. In addition, he will also address the design architecture of 24/7 long-term automated testing in all device under test with each release of new update.