SlideShare a Scribd company logo

OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Composition Analysis

FINOS
FINOS

The scale of modern software systems is growing beyond the capability of individuals and teams to keep track of them. This is caused by new software development and deployment technologies, DevOps automation, increasingly powerful hardware and massive use of open source. Traditional proprietary Software Composition Analysis (SCA) products, which were developed to help mitigate Open Source licensing and vulnerability risks, and ensure software is within company policy and industry compliant, have struggled to keep up with this new scale and its modern methods like continuous integration, continuous package updates and agile releases. Because proprietary solutions are unable to keep up, companies are working to build their own internal systems to plug the gaps, which takes away from their core business needs.   The Eclipse Foundation recently announced a new project, OSCAR, to solve the problem of scaling SCA to modern needs with an Open Source approach. OSCAR, which stands for Open Software Composition Analysis Reinvented, aims to integrate the new building blocks into a complete installable SCA solution and act as an industry forum to coordinate coherent further development.   Different from other “community driven” OSS projects, OSCAR is built around an industry consortium of supporters, which fund and contribute to the project, in an Eclipse Working Group (OpenSCA). Foundation of a Steering Committee, decision meetings on first milestone goals to build as well as first contributions are underway. The talk will explain why SCA is vital for any organization who works with Open Source, the OSCAR’s “hybrid” approach, and give an outlook on what to expect from OSCAR

Technology
1 of 24
Download to read offline
New approach to Software Composition Analysis Stefan Just Codescoop Oy
Hello! Stefan Just, heading the Europe Codescoop branch Codescoop is a team of enthusiasts with strong roots in the Open Source ecosystem, that joined forces on a mission to ease working with Open Source (and Inner Source, that is…)
Agenda topics ● What is SCA? ● Who asks questions around SCA? And why? ● What does exist ? What is missing ? ● OSCAR ? Anybody said OSCAR ?
What is SCA? Why does it matter? ● Software Composition Analysis ○ Tools around understanding what is in your stack ○ Mainly Open Source in your stacks, but not only ● Topic areas addressed by SCA ○ Compliance (can I use this ?) ○ Security (Will I be at risk ?) ○ Quality (Is this stuff better than alternatives ?) ○ Costs (of Review, Maintenance, Support, Mgmt, …) ○ …
Agreed common denominator License Compliance Security Management
But is that all that SCA is ?Export Restrictions SupplyChain M anagem ent Quality Functional Analysis Effort/ Com plexity Architecture /Re-Use Obligations Contribution/ Distribution Support License Compliance Security Management
Holistic viewpoint Business Model FunctionalityGovernance Purpose Sourcing Organization Process Architecture Features Technology Environment
This is what companies do to manage their OSS utilization All slides taken from the material of the 2018 BITKOM OpenSource conference, © with their respective owners
Big spending, little re-use Everyone we interviewed in last 9-12 months said…. ● We use (often 2+) commercial SCA tools. “None fits all” ● Spend on custom development what we spend for tool license fees (or more) ● Have scanned available Open Source tools, and found good islands of fuctionality Duplicated (or more) spend for commercial SCA tools and DIY.
What else did we hear ? ● “Tool vendors Consolidation comes with risk” ● “Data needs to be open and bi-directional” ● “SCA must exit the Ivory Tower” ● “OSS Management is more than license scan” ● “Existing OSS offers promising but small” ● “Tired of big $$/y invoices - feel like hostages”
Re-Thinking necessary... OSCAR stands for Open SCA ● Re-Loaded ● Re-Invented ● Re-Thought
What is OSCAR today? <<empty>>
Well, actually a bit more...
Capabilities heard from supporters IDE integration CLI Tools Source access Messaging Plugins Snippet scanner & data OSS Obligations License risk policy Component vulnerability data Scan data interface Metadata interface Analytics interface Top 1M components Public data service at scale External pre-scan data Continuous inbound to outbound review at scale Policy driven automation Curations Remediation automation QA on compliance artifacts QA of supplementing docs Binary identification Repo accessibility Container analysis (hierarchical BOM) ID mapping (mapping results of various SCA tools) CI integration Tool integration (CI, Central Hub, data sources…) 10 min for responses Accuracy of scan returns Dependency detection support over technologies
What will OSCAR be? 1. Open Source solution for large-scale continuous software composition analysis starting with compliance and security 2. An installable software distribution – For workstation, server or cloud – Assembled out of existing and new OSS building blocks 3. An architecture and application bus – Specification of interfaces between open source and vendor building blocks of SCA software 4. An industry coordination forum to define and drive the up-to- date SCA as open source 5. A software production setup organized as an open source project
OSCAR with existing OSS solutions “Pieces of the puzzle” already supported partly by: • Continuous scan engine – ORT (Here) – Grafeas (Google) – Quartermaster (Endocode) • Scanners – Fossology (Siemens/HP) – Scancode (NexB) • Inventory: sw360 (Siemens & Bosch) • Interfaces: SPDX (Linux Foundation) • Data sources – ClearlyDefined (Microsoft, Qualcomm, Amazon) – ClearlySecured – Software Heritage • Analytics: CHAOSS (Bitergia, Intel, RedHat) …. growing by the month New 2017 New 2018 New 2018 Coming 2018 New 2017 New 2017
OSCAR Distro Enterprise directories and authentication Legend OSCAR DATA: Pre-scanned public OSS component data Potential OSCAR Architecture Security Continuous stack scan Scan results Enterprise OSS Inventory SW AnalyticsMeta data Snippets © & License Operation State and data Component identity mapping Reports Interface OSS Obligations Publish LDAPActive Directory Source access Enterprise stack sources Source version control Source & binary archives Legacy scan data archives Legacy BOM Fossology Developer Experience CLI CI IDE Issue Tracker Policy driven automation Deployments Fallbacks Remediations... Reports Compliance policy
Industry Backup & Support • Already existing OSS Building Blocks supported by Here, HP, Siemens, Bosch, Google, Microsoft, Qualcomm, Amazon, Linux Foundation, ... • Industry Consortium in the process of being built by SAP, Bosch, Siemens, Cisco, Here, Ericsson and Codescoop to fund and advance OSCAR • Stakeholders will influence road map
No Green Field project
Eclipse OSCAR & OpenSCA • OSCAR: technical project – Setup on Eclipse is complete – Anyone can contribute to OSCAR – Possibly embrace existing projects like ORT, sw360, … • OpenSCA: Working Group to manage OSCAR – Finalizing of Charter in progress – Charter members vote functionality / priorities – Fees ensure tangible results / timelines
Where in the process is OSCAR Think “Delivery Room” - Announced OSCAR and OpenSCA @ EclipseCon in Oct. - Initial industry consortium meeting end of Oct. - Legal paperwork (and Charter) signed Nov. / Dec. - Next: Kick Off meeting - 2H of January - List of work items/priorities - Chair & Committees set - Bi-weekly calls / slack / Google Docs / … - Open for a few additional Companies - suggestions? OSCAR release Map 0.1 1.00.2 1.1 1.2
Summary, why OSCAR Answers to concerns and questions include ● Open SCA addresses vendor lock-in (and lagging behaviour) ● Open Source and Data creates transparency and “crowd QA” ● SCA starts where code is being produced - the developer ● Less need to build “custom patches” for dev shops ● Strengthen (small) SCA solutions within OSCAR context ○ more trust - because of larger supporter base ○ less risk - continuation within OSCAR “granted” ● Does not have to stop at compliance & security ● Free for consumers, alternative sourcing path for drivers
Join the Eclipse OSCAR project! Help define the SCA technology you need & build the Organization that delivers
Thanks

Recommended

Searching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done RightSearching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done Right
Skyhigh Networks
 
Empower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic StackEmpower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic Stack
Elasticsearch
 
Standard Provenance Reporting and Scientific Software Management in Virtual L...
Standard Provenance Reporting and Scientific Software Management in Virtual L...Standard Provenance Reporting and Scientific Software Management in Virtual L...
Standard Provenance Reporting and Scientific Software Management in Virtual L...
njcar
 
OpenStack for VMware Administrators
OpenStack for VMware AdministratorsOpenStack for VMware Administrators
OpenStack for VMware Administrators
Trevor Roberts Jr.
 
Developing on OpenStack Startup Edmonton
Developing on OpenStack Startup EdmontonDeveloping on OpenStack Startup Edmonton
Developing on OpenStack Startup Edmonton
serverascode
 
Oracle OpenWorld 2016 Review - High Level Overview of major themes and grand ...
Oracle OpenWorld 2016 Review - High Level Overview of major themes and grand ...Oracle OpenWorld 2016 Review - High Level Overview of major themes and grand ...
Oracle OpenWorld 2016 Review - High Level Overview of major themes and grand ...
Lucas Jellema
 
Oow2016 review-13th october 2016
Oow2016 review-13th october 2016Oow2016 review-13th october 2016
Oow2016 review-13th october 2016
Getting value from IoT, Integration and Data Analytics
 
OpenStack - What is it and why you should know about it!
OpenStack - What is it and why you should know about it!OpenStack - What is it and why you should know about it!
OpenStack - What is it and why you should know about it!
OpenStack
 

Recommended

Searching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done RightSearching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done Right
Skyhigh Networks
 
Empower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic StackEmpower your security practitioners with the Elastic Stack
Empower your security practitioners with the Elastic Stack
Elasticsearch
 
Standard Provenance Reporting and Scientific Software Management in Virtual L...
Standard Provenance Reporting and Scientific Software Management in Virtual L...Standard Provenance Reporting and Scientific Software Management in Virtual L...
Standard Provenance Reporting and Scientific Software Management in Virtual L...
njcar
 
OpenStack for VMware Administrators
OpenStack for VMware AdministratorsOpenStack for VMware Administrators
OpenStack for VMware Administrators
Trevor Roberts Jr.
 
Developing on OpenStack Startup Edmonton
Developing on OpenStack Startup EdmontonDeveloping on OpenStack Startup Edmonton
Developing on OpenStack Startup Edmonton
serverascode
 
Oracle OpenWorld 2016 Review - High Level Overview of major themes and grand ...
Oracle OpenWorld 2016 Review - High Level Overview of major themes and grand ...Oracle OpenWorld 2016 Review - High Level Overview of major themes and grand ...
Oracle OpenWorld 2016 Review - High Level Overview of major themes and grand ...
Lucas Jellema
 
Oow2016 review-13th october 2016
Oow2016 review-13th october 2016Oow2016 review-13th october 2016
Oow2016 review-13th october 2016
Getting value from IoT, Integration and Data Analytics
 
OpenStack - What is it and why you should know about it!
OpenStack - What is it and why you should know about it!OpenStack - What is it and why you should know about it!
OpenStack - What is it and why you should know about it!
OpenStack
 
Octo and the DevSecOps Evolution at Oracle by Ian Van Hoven
Octo and the DevSecOps Evolution at Oracle by Ian Van HovenOcto and the DevSecOps Evolution at Oracle by Ian Van Hoven
Octo and the DevSecOps Evolution at Oracle by Ian Van Hoven
InfluxData
 
stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...
stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...
stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...
NETWAYS
 
stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...
stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...
stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...
NETWAYS
 
Elastic-Engineering
Elastic-EngineeringElastic-Engineering
Elastic-Engineering
Araf Karsh Hamid
 
OCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platform
OCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platformOCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platform
OCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platform
Marc Dutoo
 
ICIC 2013 Conference Proceedings Andreas Pesenhofer max.recall
ICIC 2013 Conference Proceedings Andreas Pesenhofer max.recallICIC 2013 Conference Proceedings Andreas Pesenhofer max.recall
ICIC 2013 Conference Proceedings Andreas Pesenhofer max.recall
Dr. Haxel Consult
 
OpenStack Workshop - WECode Harvard Conference
OpenStack Workshop - WECode Harvard ConferenceOpenStack Workshop - WECode Harvard Conference
OpenStack Workshop - WECode Harvard ConferenceIccha Sethi
 
OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...
OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...
OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...
OW2
 
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
OCCIware
 
OpenStack 101
OpenStack 101OpenStack 101
OpenStack 101
All Things Open
 
OpenStack 101 - All Things Open 2015
OpenStack 101 - All Things Open 2015OpenStack 101 - All Things Open 2015
OpenStack 101 - All Things Open 2015
Mark Voelker
 
OpenStack Introduction
OpenStack IntroductionOpenStack Introduction
OpenStack Introduction
Roy Gilad
 
OCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, Smile
OCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, SmileOCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, Smile
OCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, Smile
OCCIware
 
Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017
Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017
Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017
Marc Dutoo
 
201708 OpenStack Seminar in Myanmar
201708 OpenStack Seminar in Myanmar201708 OpenStack Seminar in Myanmar
201708 OpenStack Seminar in Myanmar
Takashi Torii
 
How to Maximize Effectiveness of Developers Contributing to Free Software
How to Maximize Effectiveness of Developers Contributing to Free SoftwareHow to Maximize Effectiveness of Developers Contributing to Free Software
How to Maximize Effectiveness of Developers Contributing to Free Software
Stefano Maffulli
 
EBSCO Digital Transformation with AWS
EBSCO Digital Transformation with AWS EBSCO Digital Transformation with AWS
EBSCO Digital Transformation with AWS
Kenzan
 
Why OpenStack on UCS? An Introduction to Red Hat and Cisco OpenStack Solution
Why OpenStack on UCS? An Introduction to Red Hat and Cisco OpenStack SolutionWhy OpenStack on UCS? An Introduction to Red Hat and Cisco OpenStack Solution
Why OpenStack on UCS? An Introduction to Red Hat and Cisco OpenStack Solution
Elizabeth Sale
 
The Battle of the distros - OS Summit Atlanta2014
The Battle of the distros - OS Summit Atlanta2014The Battle of the distros - OS Summit Atlanta2014
The Battle of the distros - OS Summit Atlanta2014
Edgar Magana
 
Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...
Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...
Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...
Data Con LA
 
2019-03 - An introduction to FINOS
2019-03 - An introduction to FINOS2019-03 - An introduction to FINOS
2019-03 - An introduction to FINOS
FINOS
 
OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...
OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...
OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...
FINOS
 

More Related Content

Similar to OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Composition Analysis

Octo and the DevSecOps Evolution at Oracle by Ian Van Hoven
Octo and the DevSecOps Evolution at Oracle by Ian Van HovenOcto and the DevSecOps Evolution at Oracle by Ian Van Hoven
Octo and the DevSecOps Evolution at Oracle by Ian Van Hoven
InfluxData
 
stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...
stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...
stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...
NETWAYS
 
stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...
stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...
stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...
NETWAYS
 
Elastic-Engineering
Elastic-EngineeringElastic-Engineering
Elastic-Engineering
Araf Karsh Hamid
 
OCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platform
OCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platformOCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platform
OCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platform
Marc Dutoo
 
ICIC 2013 Conference Proceedings Andreas Pesenhofer max.recall
ICIC 2013 Conference Proceedings Andreas Pesenhofer max.recallICIC 2013 Conference Proceedings Andreas Pesenhofer max.recall
ICIC 2013 Conference Proceedings Andreas Pesenhofer max.recall
Dr. Haxel Consult
 
OpenStack Workshop - WECode Harvard Conference
OpenStack Workshop - WECode Harvard ConferenceOpenStack Workshop - WECode Harvard Conference
OpenStack Workshop - WECode Harvard ConferenceIccha Sethi
 
OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...
OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...
OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...
OW2
 
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
OCCIware
 
OpenStack 101
OpenStack 101OpenStack 101
OpenStack 101
All Things Open
 
OpenStack 101 - All Things Open 2015
OpenStack 101 - All Things Open 2015OpenStack 101 - All Things Open 2015
OpenStack 101 - All Things Open 2015
Mark Voelker
 
OpenStack Introduction
OpenStack IntroductionOpenStack Introduction
OpenStack Introduction
Roy Gilad
 
OCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, Smile
OCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, SmileOCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, Smile
OCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, Smile
OCCIware
 
Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017
Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017
Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017
Marc Dutoo
 
201708 OpenStack Seminar in Myanmar
201708 OpenStack Seminar in Myanmar201708 OpenStack Seminar in Myanmar
201708 OpenStack Seminar in Myanmar
Takashi Torii
 
How to Maximize Effectiveness of Developers Contributing to Free Software
How to Maximize Effectiveness of Developers Contributing to Free SoftwareHow to Maximize Effectiveness of Developers Contributing to Free Software
How to Maximize Effectiveness of Developers Contributing to Free Software
Stefano Maffulli
 
EBSCO Digital Transformation with AWS
EBSCO Digital Transformation with AWS EBSCO Digital Transformation with AWS
EBSCO Digital Transformation with AWS
Kenzan
 
Why OpenStack on UCS? An Introduction to Red Hat and Cisco OpenStack Solution
Why OpenStack on UCS? An Introduction to Red Hat and Cisco OpenStack SolutionWhy OpenStack on UCS? An Introduction to Red Hat and Cisco OpenStack Solution
Why OpenStack on UCS? An Introduction to Red Hat and Cisco OpenStack Solution
Elizabeth Sale
 
The Battle of the distros - OS Summit Atlanta2014
The Battle of the distros - OS Summit Atlanta2014The Battle of the distros - OS Summit Atlanta2014
The Battle of the distros - OS Summit Atlanta2014
Edgar Magana
 
Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...
Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...
Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...
Data Con LA
 

Similar to OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Composition Analysis (20)

Octo and the DevSecOps Evolution at Oracle by Ian Van Hoven
Octo and the DevSecOps Evolution at Oracle by Ian Van HovenOcto and the DevSecOps Evolution at Oracle by Ian Van Hoven
Octo and the DevSecOps Evolution at Oracle by Ian Van Hoven
 
stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...
stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...
stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...
 
stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...
stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...
stackconf 2023 | SCS: Buildig Open Source Cloud and Container Infrastructure ...
 
Elastic-Engineering
Elastic-EngineeringElastic-Engineering
Elastic-Engineering
 
OCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platform
OCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platformOCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platform
OCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platform
 
ICIC 2013 Conference Proceedings Andreas Pesenhofer max.recall
ICIC 2013 Conference Proceedings Andreas Pesenhofer max.recallICIC 2013 Conference Proceedings Andreas Pesenhofer max.recall
ICIC 2013 Conference Proceedings Andreas Pesenhofer max.recall
 
OpenStack Workshop - WECode Harvard Conference
OpenStack Workshop - WECode Harvard ConferenceOpenStack Workshop - WECode Harvard Conference
OpenStack Workshop - WECode Harvard Conference
 
OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...
OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...
OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...
 
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
 
OpenStack 101
OpenStack 101OpenStack 101
OpenStack 101
 
OpenStack 101 - All Things Open 2015
OpenStack 101 - All Things Open 2015OpenStack 101 - All Things Open 2015
OpenStack 101 - All Things Open 2015
 
OpenStack Introduction
OpenStack IntroductionOpenStack Introduction
OpenStack Introduction
 
OCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, Smile
OCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, SmileOCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, Smile
OCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, Smile
 
Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017
Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017
Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017
 
201708 OpenStack Seminar in Myanmar
201708 OpenStack Seminar in Myanmar201708 OpenStack Seminar in Myanmar
201708 OpenStack Seminar in Myanmar
 
How to Maximize Effectiveness of Developers Contributing to Free Software
How to Maximize Effectiveness of Developers Contributing to Free SoftwareHow to Maximize Effectiveness of Developers Contributing to Free Software
How to Maximize Effectiveness of Developers Contributing to Free Software
 
EBSCO Digital Transformation with AWS
EBSCO Digital Transformation with AWS EBSCO Digital Transformation with AWS
EBSCO Digital Transformation with AWS
 
Why OpenStack on UCS? An Introduction to Red Hat and Cisco OpenStack Solution
Why OpenStack on UCS? An Introduction to Red Hat and Cisco OpenStack SolutionWhy OpenStack on UCS? An Introduction to Red Hat and Cisco OpenStack Solution
Why OpenStack on UCS? An Introduction to Red Hat and Cisco OpenStack Solution
 
The Battle of the distros - OS Summit Atlanta2014
The Battle of the distros - OS Summit Atlanta2014The Battle of the distros - OS Summit Atlanta2014
The Battle of the distros - OS Summit Atlanta2014
 
Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...
Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...
Data Con LA 2022-Open Source or Open Core in Your Data Layer? What Needs to B...
 

More from FINOS

2019-03 - An introduction to FINOS
2019-03 - An introduction to FINOS2019-03 - An introduction to FINOS
2019-03 - An introduction to FINOS
FINOS
 
OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...
OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...
OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...
FINOS
 
OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...
OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...
OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...
FINOS
 
OSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web Intents
OSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web IntentsOSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web Intents
OSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web Intents
FINOS
 
OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...
OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...
OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...
FINOS
 
OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...
OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...
OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...
FINOS
 
OSSF 2018 - Jilayne Lovejoy - Training: Intro to Open Source
OSSF 2018 - Jilayne Lovejoy - Training: Intro to Open SourceOSSF 2018 - Jilayne Lovejoy - Training: Intro to Open Source
OSSF 2018 - Jilayne Lovejoy - Training: Intro to Open Source
FINOS
 
OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...
OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...
OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...
FINOS
 
OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...
OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...
OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...
FINOS
 
OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...
OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...
OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...
FINOS
 
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
FINOS
 
OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...
OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...
OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...
FINOS
 
OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...
OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...
OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...
FINOS
 
OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...
OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...
OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...
FINOS
 
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
FINOS
 
OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...
OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...
OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...
FINOS
 
OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...
OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...
OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...
FINOS
 
OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...
OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...
OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...
FINOS
 
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
FINOS
 
OSSF 2018 - Amanda Brock of The Open Invention Network - Open Source Audits
OSSF 2018 - Amanda Brock of The Open Invention Network - Open Source AuditsOSSF 2018 - Amanda Brock of The Open Invention Network - Open Source Audits
OSSF 2018 - Amanda Brock of The Open Invention Network - Open Source Audits
FINOS
 

More from FINOS (20)

2019-03 - An introduction to FINOS
2019-03 - An introduction to FINOS2019-03 - An introduction to FINOS
2019-03 - An introduction to FINOS
 
OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...
OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...
OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...
 
OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...
OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...
OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...
 
OSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web Intents
OSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web IntentsOSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web Intents
OSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web Intents
 
OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...
OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...
OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...
 
OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...
OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...
OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...
 
OSSF 2018 - Jilayne Lovejoy - Training: Intro to Open Source
OSSF 2018 - Jilayne Lovejoy - Training: Intro to Open SourceOSSF 2018 - Jilayne Lovejoy - Training: Intro to Open Source
OSSF 2018 - Jilayne Lovejoy - Training: Intro to Open Source
 
OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...
OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...
OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...
 
OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...
OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...
OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...
 
OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...
OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...
OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...
 
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
 
OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...
OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...
OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...
 
OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...
OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...
OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...
 
OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...
OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...
OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...
 
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
 
OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...
OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...
OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...
 
OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...
OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...
OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...
 
OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...
OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...
OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...
 
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
 
OSSF 2018 - Amanda Brock of The Open Invention Network - Open Source Audits
OSSF 2018 - Amanda Brock of The Open Invention Network - Open Source AuditsOSSF 2018 - Amanda Brock of The Open Invention Network - Open Source Audits
OSSF 2018 - Amanda Brock of The Open Invention Network - Open Source Audits
 

Recently uploaded

Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
Globus
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..
UiPathCommunity
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
Jen Stirrup
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 

Recently uploaded (20)

Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 

OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Composition Analysis

  • 1. New approach to Software Composition Analysis Stefan Just Codescoop Oy
  • 2. Hello! Stefan Just, heading the Europe Codescoop branch Codescoop is a team of enthusiasts with strong roots in the Open Source ecosystem, that joined forces on a mission to ease working with Open Source (and Inner Source, that is…)
  • 3. Agenda topics ● What is SCA? ● Who asks questions around SCA? And why? ● What does exist ? What is missing ? ● OSCAR ? Anybody said OSCAR ?
  • 4. What is SCA? Why does it matter? ● Software Composition Analysis ○ Tools around understanding what is in your stack ○ Mainly Open Source in your stacks, but not only ● Topic areas addressed by SCA ○ Compliance (can I use this ?) ○ Security (Will I be at risk ?) ○ Quality (Is this stuff better than alternatives ?) ○ Costs (of Review, Maintenance, Support, Mgmt, …) ○ …
  • 5. Agreed common denominator License Compliance Security Management
  • 6. But is that all that SCA is ?Export Restrictions SupplyChain M anagem ent Quality Functional Analysis Effort/ Com plexity Architecture /Re-Use Obligations Contribution/ Distribution Support License Compliance Security Management
  • 7. Holistic viewpoint Business Model FunctionalityGovernance Purpose Sourcing Organization Process Architecture Features Technology Environment
  • 8. This is what companies do to manage their OSS utilization All slides taken from the material of the 2018 BITKOM OpenSource conference, © with their respective owners
  • 9. Big spending, little re-use Everyone we interviewed in last 9-12 months said…. ● We use (often 2+) commercial SCA tools. “None fits all” ● Spend on custom development what we spend for tool license fees (or more) ● Have scanned available Open Source tools, and found good islands of fuctionality Duplicated (or more) spend for commercial SCA tools and DIY.
  • 10. What else did we hear ? ● “Tool vendors Consolidation comes with risk” ● “Data needs to be open and bi-directional” ● “SCA must exit the Ivory Tower” ● “OSS Management is more than license scan” ● “Existing OSS offers promising but small” ● “Tired of big $$/y invoices - feel like hostages”
  • 11. Re-Thinking necessary... OSCAR stands for Open SCA ● Re-Loaded ● Re-Invented ● Re-Thought
  • 12. What is OSCAR today? <<empty>>
  • 13. Well, actually a bit more...
  • 14. Capabilities heard from supporters IDE integration CLI Tools Source access Messaging Plugins Snippet scanner & data OSS Obligations License risk policy Component vulnerability data Scan data interface Metadata interface Analytics interface Top 1M components Public data service at scale External pre-scan data Continuous inbound to outbound review at scale Policy driven automation Curations Remediation automation QA on compliance artifacts QA of supplementing docs Binary identification Repo accessibility Container analysis (hierarchical BOM) ID mapping (mapping results of various SCA tools) CI integration Tool integration (CI, Central Hub, data sources…) 10 min for responses Accuracy of scan returns Dependency detection support over technologies
  • 15. What will OSCAR be? 1. Open Source solution for large-scale continuous software composition analysis starting with compliance and security 2. An installable software distribution – For workstation, server or cloud – Assembled out of existing and new OSS building blocks 3. An architecture and application bus – Specification of interfaces between open source and vendor building blocks of SCA software 4. An industry coordination forum to define and drive the up-to- date SCA as open source 5. A software production setup organized as an open source project
  • 16. OSCAR with existing OSS solutions “Pieces of the puzzle” already supported partly by: • Continuous scan engine – ORT (Here) – Grafeas (Google) – Quartermaster (Endocode) • Scanners – Fossology (Siemens/HP) – Scancode (NexB) • Inventory: sw360 (Siemens & Bosch) • Interfaces: SPDX (Linux Foundation) • Data sources – ClearlyDefined (Microsoft, Qualcomm, Amazon) – ClearlySecured – Software Heritage • Analytics: CHAOSS (Bitergia, Intel, RedHat) …. growing by the month New 2017 New 2018 New 2018 Coming 2018 New 2017 New 2017
  • 17. OSCAR Distro Enterprise directories and authentication Legend OSCAR DATA: Pre-scanned public OSS component data Potential OSCAR Architecture Security Continuous stack scan Scan results Enterprise OSS Inventory SW AnalyticsMeta data Snippets © & License Operation State and data Component identity mapping Reports Interface OSS Obligations Publish LDAPActive Directory Source access Enterprise stack sources Source version control Source & binary archives Legacy scan data archives Legacy BOM Fossology Developer Experience CLI CI IDE Issue Tracker Policy driven automation Deployments Fallbacks Remediations... Reports Compliance policy
  • 18. Industry Backup & Support • Already existing OSS Building Blocks supported by Here, HP, Siemens, Bosch, Google, Microsoft, Qualcomm, Amazon, Linux Foundation, ... • Industry Consortium in the process of being built by SAP, Bosch, Siemens, Cisco, Here, Ericsson and Codescoop to fund and advance OSCAR • Stakeholders will influence road map
  • 19. No Green Field project
  • 20. Eclipse OSCAR & OpenSCA • OSCAR: technical project – Setup on Eclipse is complete – Anyone can contribute to OSCAR – Possibly embrace existing projects like ORT, sw360, … • OpenSCA: Working Group to manage OSCAR – Finalizing of Charter in progress – Charter members vote functionality / priorities – Fees ensure tangible results / timelines
  • 21. Where in the process is OSCAR Think “Delivery Room” - Announced OSCAR and OpenSCA @ EclipseCon in Oct. - Initial industry consortium meeting end of Oct. - Legal paperwork (and Charter) signed Nov. / Dec. - Next: Kick Off meeting - 2H of January - List of work items/priorities - Chair & Committees set - Bi-weekly calls / slack / Google Docs / … - Open for a few additional Companies - suggestions? OSCAR release Map 0.1 1.00.2 1.1 1.2
  • 22. Summary, why OSCAR Answers to concerns and questions include ● Open SCA addresses vendor lock-in (and lagging behaviour) ● Open Source and Data creates transparency and “crowd QA” ● SCA starts where code is being produced - the developer ● Less need to build “custom patches” for dev shops ● Strengthen (small) SCA solutions within OSCAR context ○ more trust - because of larger supporter base ○ less risk - continuation within OSCAR “granted” ● Does not have to stop at compliance & security ● Free for consumers, alternative sourcing path for drivers
  • 23. Join the Eclipse OSCAR project! Help define the SCA technology you need & build the Organization that delivers