Level: Low tech
Abstract:
Across industries, more than half of the software used is now open source (OSS). This includes both OSS in a company’s own developed products, and OSS in components provided by suppliers. The shift towards OSS has led to an ever increasing demand for license compliance, security assurance, and software bills of material (SBOMs). In addition to that, the need for supply chain visibility required to address security issues will only become more crucial with the introduction of the EU’s Cyber Resilience Act. To deal with these challenges, organizations can adopt the ISO standards developed within the OpenChain community, namely 5230:2020 for license compliance and 18974:2023 for security assurance. This talk will highlight where to start and how you can get involved in the OpenChain community.
Part 1 of the talk will make the case for implementing a program to manage OSS in your organization. It will focus on both the positive effects of establishing such a program, as well as the risks assumed by not having one.
Part 2 will focus on the OpenChain ISO Standards and how they can be used as simple reference documents for upgrading your operations for a secure and compliant software supply chain.
Part 3 will be about the OpenChain community, what it has to offer, and how you can get involved and contribute. Special focus will be placed the on the OpenChain Meridian 22 Chapter* which we recently created for central and eastern Europe, with an open invitation to anyone who would like to participate.
Bio:
Vladimir Slavov is a lawyer and a programmer. He works at Bosch’s Open Source Program Office, focusing on open source management and compliance. He is an AWS Certified Solutions Architect Associate, an AWS Certified AI Practitioner, and an AWS Certified Cloud Practitioner. He is also a committer on the Eclipse Apoapsis Project. His recent obsession is messing around with Claude Code.