FOSDEM 2022, February 5-6, Online
February 05 - 06, 2022
Online
We are co-organizing a Devroom on "SOFTWARE COMPOSITION AND DEPENDENCY MANAGEMENT" at FOSDEM and running an OW2 virtual booth!
About the Devroom
As we all assemble more and more complex software from an ever growing number of free and open source software components, knowing what's in our code is a must for security, legal and operational reasons.
To deal with those new challenges a set of techniques and tools have emerged and are spanning topics from dependency management to software composition analysis (SCA). They should help you to determine which software dependencies are embedded in your project, where and how (directly or indirectly), as well as their origin, licensing, vulnerabilities, quality and other important attributes.
Are you contributing to a FOSS project that aims to make the lives of developers easier? You are looking for what's coming next to help you deal with your project's long list of dependencies? If so, come and join us at FOSDEM 2022 to share your techniques, experiences, and demo your FOSS tools to collaborate towards a better FOSS toolchain.
See the CALL FOR PRESENTATIONS: https://github.com/software-composition-analysis/fosdem-2022-devroom
See the Devroom presentation of FOSDEM website: https://fosdem.org/2022/schedule/track/software_composition_and_dependency_management/
To access to the replays of the presentations, please visit: https://www.fasten-project.eu/view/Events/FOSDEM_2022
Devroom Agenda
| Time | Title | Speaker Name, Company/organization |
|---|---|---|
| 10:00 | Devroom introduction | Antoine Mottier, OW2 |
| 10:05 | Package URL and Version range spec/ Towards mostly universal dependency resolution | Philippe Ombredanne |
| 10:20 | How OSPOs can help secure the software supply chain | Ana Jimenez Santamaria, Linux Foundation |
| 10:40 | Developing an open source license compliance project : our trials, tribulations and achievements | Pierre Marty, Linagora |
| 11:00 | How to manage OSS license obligations and SBoM by SW360's new features | Kouki Hama, Toshiba |
| 11:20 | Panel #1 "Processing Dependencies and Compositions and Software" | Maximilian Huber, TNG Technology (moderator) |
| 12:20 | Scanning for known vulnerabilities in an embedded distribution, A return on experience from the Eclipse Oniro project | Marta Rybczynska, Eclipse Foundation |
| 12:40 | Reporting vulnerabilities within a complex software environment/ Using the CVE-Bin-Tool | Anthony Harrison, Architect and cyber security consultant |
| 13:00 | Commoditising Open Source Risk Management/ First Open Source SCA Platform | Julian Coccia, SCANOSS |
| 13:20 | Panel #2 "Dependencies for Vulnerability Discovery and Tracking" | Diomidis Spinellis, Athens University (moderator) |
| 14:20 | Generating SBOM for your code using OSS Review Toolkit | Thomas Steenbergen, HERE Technologies |
| 14:40 | SBOM Resolver - Generating detailed SBOMs for Alpine | Georg Kunz, Open source advocate |
| 15:00 | FASTEN: Fine-Grained Analysis of Software Ecosystems as Networks | Amir Mir, TUDelft |
| 15:20 | Panel #3 "Creating SBOMs" | Antoine Mottier, OW2 (moderator) |
| 16:20 | On Backporting Practices in Package Dependency Networks | Ahmed Zerouali, Tom Mens, University of Mons, Belgium |
| 16:40 | Operationalize SBOM with OWASP Dependency-Track | Steve Springett, OWASP |
| 17:00 | Tracking Software Dependencies | Kate Stewart, Linux Foundation, & Gary O'Neall, Source Auditor Inc. |
| 17:20 | Panel #4 "Software Compositions and Dependency Tools" | Philippe Ombredanne (moderator) |
Visit us on OW2 virtual booth
Join us on OW2 virtual booth and discuss with OW2 Management Office and with project leaders.