FOSDEM 2022, February 5-6, Online

February 05 - 06, 2022



We are co-organizing a Devroom on "SOFTWARE COMPOSITION AND DEPENDENCY MANAGEMENT" at FOSDEM and running an OW2 virtual booth! 


About the Devroom

As we all assemble more and more complex software from an ever growing number of free and open source software components, knowing what's in our code is a must for security, legal and operational reasons.

To deal with those new challenges a set of techniques and tools have emerged and are spanning topics from dependency management to software composition analysis (SCA). They should help you to determine which software dependencies are embedded in your project, where and how (directly or indirectly), as well as their origin, licensing, vulnerabilities, quality and other important attributes.

Are you contributing to a FOSS project that aims to make the lives of developers easier? You are looking for what's coming next to help you deal with your project's long list of dependencies? If so, come and join us at FOSDEM 2022 to share your techniques, experiences, and demo your FOSS tools to collaborate towards a better FOSS toolchain.


See the Devroom presentation of FOSDEM website:

To access to the replays of the presentations, please visit:

Devroom Agenda


TimeTitleSpeaker Name, Company/organization
10:00 Devroom introductionAntoine Mottier, OW2
10:05 Package URL and Version range spec/ Towards mostly universal dependency resolution Philippe Ombredanne
10:20 How OSPOs can help secure the software supply chain Ana Jimenez Santamaria, Linux Foundation
10:40 Developing an open source license compliance project : our trials, tribulations and achievements Pierre Marty, Linagora 
11:00 How to manage OSS license obligations and SBoM by SW360's new features Kouki Hama, Toshiba
11:20 Panel #1 "Processing Dependencies and Compositions and Software" Maximilian Huber, TNG Technology (moderator)
12:20 Scanning for known vulnerabilities in an embedded distribution, A return on experience from the Eclipse Oniro project Marta Rybczynska, Eclipse Foundation
12:40 Reporting vulnerabilities within a complex software environment/ Using the CVE-Bin-Tool Anthony Harrison, Architect and cyber security consultant
13:00 Commoditising Open Source Risk Management/ First Open Source SCA PlatformJulian Coccia, SCANOSS
13:20Panel #2 "Dependencies for Vulnerability Discovery and Tracking" Diomidis Spinellis, Athens University (moderator)
14:20 Generating SBOM for your code using OSS Review Toolkit Thomas Steenbergen, HERE Technologies
14:40 SBOM Resolver - Generating detailed SBOMs for Alpine Georg Kunz, Open source advocate
15:00 FASTEN: Fine-Grained Analysis of Software Ecosystems as Networks Amir Mir, TUDelft
15:20 Panel #3  "Creating SBOMs" Antoine Mottier, OW2 (moderator)
16:20 On Backporting Practices in Package Dependency Networks Ahmed Zerouali, Tom Mens, University of Mons, Belgium
16:40 Operationalize SBOM with OWASP Dependency-Track Steve Springett, OWASP 
17:00 Tracking Software Dependencies Kate Stewart, Linux Foundation, & Gary O'Neall, Source Auditor Inc. 
17:20 Panel #4 "Software Compositions and Dependency Tools" Philippe Ombredanne (moderator)

Visit us on OW2 virtual booth

Join us on OW2 virtual booth and discuss with OW2 Management Office and with project leaders.