OpenChain @ Bitkom Forum Open Source 2022

Shane Coughlan
Shane CoughlanOpenChain Program Manager à The Linux Foundation
The Supply Chain Is Broken. We Can Fix It. Building Trust in Open Source
Our Mental Model Of The Supply Chain
The Actual Supply Chain
67.4% Of managers monitor their supply chain with Excel spreadsheets https://www.zippia.com/advice/supply-chain-statistics/
62% Of additional cost with supply chain disruptions https://www.zippia.com/advice/supply-chain-statistics/
94% Of companies do not have full visibility of their supply chain https://www.zippia.com/advice/supply-chain-statistics/
This Is Weird
57% Of companies see supply chain management as a competitive edge https://www.zippia.com/advice/supply-chain-statistics/
70% Of companies see supply chains as a driver for customer service https://www.zippia.com/advice/supply-chain-statistics/
40% Savings available for industrial suppliers via optimization https://www.zippia.com/advice/supply-chain-statistics/
Conclusion: Talking != Doing
As Usual, Open Source Is Not Special
90+% Of codebases using open source https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/
81% Of codebases have security vulnerabilities https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/
53% Of codebases contain license compliance issues https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/
Don’t Panic
The Secret: Good Processes = Good Supply Chain Know what you are doing Know how you are doing it Use records to make it repeatable Make a plan to fix problems
We Have An ISO/IEC Standard For Licensing OpenChain ISO/IEC 5230:2020 is the International Standard for open source license compliance ● Defines the key requirements of a quality open source license compliance program ● Super short and simple, allowing companies of any size and in any market to adopt it Free self-certification @ www.openchainproject.org
We Have A De-Facto Standard For Security OpenChain Security Assurance Specification 1.0 is the de facto industry standard for open source security compliance ● Defines the key requirements of a quality open source security compliance program ● Super short and simple, allowing companies of any size and in any market to adopt it Learn more @ www.openchainproject.org
The OpenChain Security Assurance Specification ETA as ISO/IEC standard in mid-2023
We Have An ISO/IEC Standard For SBOM SPDX ISO/IEC 5962:2021 is the International Standard for software bill of materials ● A common format for organizations to share license compliance, security compliance and other data ● SPDX Version 2.3 (the community rolling release) just out, includes some useful updates related to security Learn more @ https://spdx.dev
We Have Free Training Courses
We Have Communities To Support You
Join Mailing Lists And Calls https://www.openchainproject.org/participate
Come To Regional Events OpenChain UK Work Group London on October 13th 2022 OSPOlogy.live in Sweden Stockholm on October 19th– 20th 2022 OpenChain Germany Work Group Cologne on November 16th 2022
Talk To Me scoughlan@linuxfoundation.org
OpenChain @ Bitkom Forum Open Source 2022
1 sur 27

OpenChain @ Bitkom Forum Open Source 2022

Télécharger pour lire hors ligne
Logiciels

OpenChain @ Bitkom Forum Open Source 2022

Shane Coughlan
Shane CoughlanOpenChain Program Manager à The Linux Foundation

Recommandé

2023-06-classic par
2023-06-classic2023-06-classic
2023-06-classicShane Coughlan
46 vues47 diapositives
2023-06-corporate par
2023-06-corporate2023-06-corporate
2023-06-corporateShane Coughlan
45 vues47 diapositives
2023-06-cute par
2023-06-cute2023-06-cute
2023-06-cuteShane Coughlan
42 vues47 diapositives
OpenChain Overview Slides - 02-2023 par
OpenChain Overview Slides - 02-2023OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023Shane Coughlan
183 vues42 diapositives
The State of Open Source for Software Alliance Germany 2023-04-14 par
The State of Open Source for Software Alliance Germany 2023-04-14The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14Shane Coughlan
58 vues26 diapositives
Standardizing Open Source Risk - LLW - 2023-04 par
Standardizing Open Source Risk - LLW - 2023-04Standardizing Open Source Risk - LLW - 2023-04
Standardizing Open Source Risk - LLW - 2023-04Shane Coughlan
29 vues14 diapositives

Contenu connexe

Similaire à OpenChain @ Bitkom Forum Open Source 2022

Cisco & Open Source par
Cisco & Open SourceCisco & Open Source
Cisco & Open SourceLauren Cooney
664 vues20 diapositives
Free and Open Source Software - Challenges for the Automotive Supply Chain par
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply ChainShane Coughlan
207 vues40 diapositives
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li... par
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...Paris Open Source Summit
79 vues18 diapositives
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World par
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven WorldWSO2
278 vues19 diapositives
API Monetization par
API MonetizationAPI Monetization
API MonetizationCapgemini
942 vues12 diapositives
Success with APIs: A Checklist par
Success with APIs: A ChecklistSuccess with APIs: A Checklist
Success with APIs: A ChecklistCA Technologies
7.4K vues12 diapositives

Similaire à OpenChain @ Bitkom Forum Open Source 2022(20)

Cisco & Open Source par Lauren Cooney
Cisco & Open SourceCisco & Open Source
Cisco & Open Source
Lauren Cooney664 vues
Free and Open Source Software - Challenges for the Automotive Supply Chain par Shane Coughlan
Free and Open Source Software - Challenges for the Automotive Supply ChainFree and Open Source Software - Challenges for the Automotive Supply Chain
Free and Open Source Software - Challenges for the Automotive Supply Chain
Shane Coughlan207 vues
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li... par Paris Open Source Summit
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
Paris Open Source Summit 79 vues
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World par WSO2
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
WSO2278 vues
API Monetization par Capgemini
API MonetizationAPI Monetization
API Monetization
Capgemini942 vues
Success with APIs: A Checklist par CA Technologies
Success with APIs: A ChecklistSuccess with APIs: A Checklist
Success with APIs: A Checklist
CA Technologies7.4K vues
OpenChain Germany Work Group Meeting 2022-11-16 par Shane Coughlan
OpenChain Germany Work Group Meeting 2022-11-16OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16
Shane Coughlan4 vues
OpenChain-Monthly-Meeting-2022-11-15 par Shane Coughlan
OpenChain-Monthly-Meeting-2022-11-15OpenChain-Monthly-Meeting-2022-11-15
OpenChain-Monthly-Meeting-2022-11-15
Shane Coughlan60 vues
OpenChain Japan Work Group - Meeting 27 par Shane Coughlan
OpenChain Japan Work Group - Meeting 27OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27
Shane Coughlan109 vues
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S... par Synopsys Software Integrity Group
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Software Integrity Group105 vues
OpenChain Monthly Meeting 2022-11-01 par Shane Coughlan
OpenChain Monthly Meeting 2022-11-01OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01
Shane Coughlan33 vues
João Emilio Santos Bento da Silva - Estratégia de APIs par DevCamp Campinas
João Emilio Santos Bento da Silva - Estratégia de APIsJoão Emilio Santos Bento da Silva - Estratégia de APIs
João Emilio Santos Bento da Silva - Estratégia de APIs
DevCamp Campinas130 vues
Sergio Juarez, Elemica – “From Big Data to Value: The Power of Master Data Ma... par Elemica
Sergio Juarez, Elemica – “From Big Data to Value: The Power of Master Data Ma...Sergio Juarez, Elemica – “From Big Data to Value: The Power of Master Data Ma...
Sergio Juarez, Elemica – “From Big Data to Value: The Power of Master Data Ma...
Elemica887 vues
Build an api eco-system you can be proud of par Cisco DevNet
Build an api eco-system you can be proud ofBuild an api eco-system you can be proud of
Build an api eco-system you can be proud of
Cisco DevNet1.7K vues
HP EnterpriseView v1.5 Deployment Guide par Protect724gopi
HP EnterpriseView v1.5 Deployment GuideHP EnterpriseView v1.5 Deployment Guide
HP EnterpriseView v1.5 Deployment Guide
Protect724gopi311 vues
ArcSight Enterprise View Deployment Guide par Protect724gopi
ArcSight Enterprise View Deployment GuideArcSight Enterprise View Deployment Guide
ArcSight Enterprise View Deployment Guide
Protect724gopi195 vues
HP ArcSight EnterpriseView Deployment Guide par Protect724gopi
HP ArcSight EnterpriseView Deployment GuideHP ArcSight EnterpriseView Deployment Guide
HP ArcSight EnterpriseView Deployment Guide
Protect724gopi842 vues
EnterpriseView 2.0 Deployment Guide par Protect724gopi
EnterpriseView 2.0 Deployment GuideEnterpriseView 2.0 Deployment Guide
EnterpriseView 2.0 Deployment Guide
Protect724gopi171 vues
HP EnterpriseView v1.5 Deployment Guide par Protect724gopi
HP EnterpriseView v1.5 Deployment GuideHP EnterpriseView v1.5 Deployment Guide
HP EnterpriseView v1.5 Deployment Guide
Protect724gopi164 vues
HP ArcSight EnterpriseView v1.6 Deployment Guide par Protect724gopi
HP ArcSight EnterpriseView v1.6 Deployment GuideHP ArcSight EnterpriseView v1.6 Deployment Guide
HP ArcSight EnterpriseView v1.6 Deployment Guide
Protect724gopi299 vues

Plus de Shane Coughlan

FOSSLight Community Day 2023-11-30 par
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30Shane Coughlan
4 vues18 diapositives
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx par
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxShane Coughlan
46 vues15 diapositives
OpenChain Legal Work Group - 2023-06-29 par
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29Shane Coughlan
134 vues7 diapositives
OpenChain Webinar #53 – OpenSCA par
OpenChain Webinar #53 – OpenSCAOpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCAShane Coughlan
124 vues19 diapositives
OpenChain Korea Work Group Meeting #18 par
OpenChain Korea Work Group Meeting #18OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18Shane Coughlan
86 vues17 diapositives
legal-work-group-2023-05-25 par
legal-work-group-2023-05-25legal-work-group-2023-05-25
legal-work-group-2023-05-25Shane Coughlan
50 vues7 diapositives

Plus de Shane Coughlan(20)

FOSSLight Community Day 2023-11-30 par Shane Coughlan
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
Shane Coughlan4 vues
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx par Shane Coughlan
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
Shane Coughlan46 vues
OpenChain Legal Work Group - 2023-06-29 par Shane Coughlan
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29
Shane Coughlan134 vues
OpenChain Webinar #53 – OpenSCA par Shane Coughlan
OpenChain Webinar #53 – OpenSCAOpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCA
Shane Coughlan124 vues
OpenChain Korea Work Group Meeting #18 par Shane Coughlan
OpenChain Korea Work Group Meeting #18OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18
Shane Coughlan86 vues
legal-work-group-2023-05-25 par Shane Coughlan
legal-work-group-2023-05-25legal-work-group-2023-05-25
legal-work-group-2023-05-25
Shane Coughlan50 vues
FOSSLight at the OpenChain Mini-Summit May 2023 par Shane Coughlan
FOSSLight at the OpenChain Mini-Summit May 2023FOSSLight at the OpenChain Mini-Summit May 2023
FOSSLight at the OpenChain Mini-Summit May 2023
Shane Coughlan231 vues
OpenChain Mini-Summit 2023 - State of Tooling in Open Source Automation par Shane Coughlan
OpenChain Mini-Summit 2023 - State of Tooling in Open Source AutomationOpenChain Mini-Summit 2023 - State of Tooling in Open Source Automation
OpenChain Mini-Summit 2023 - State of Tooling in Open Source Automation
Shane Coughlan244 vues
OpenChain Mini-Summit May 2023 par Shane Coughlan
OpenChain Mini-Summit May 2023OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023
Shane Coughlan251 vues
How the Linux Foundation Standards for Compliance and Security will Fix Your ... par Shane Coughlan
How the Linux Foundation Standards for Compliance and Security will Fix Your ...How the Linux Foundation Standards for Compliance and Security will Fix Your ...
How the Linux Foundation Standards for Compliance and Security will Fix Your ...
Shane Coughlan51 vues
OpenChain Education Work Group - 2023-04-13 par Shane Coughlan
OpenChain Education Work Group - 2023-04-13OpenChain Education Work Group - 2023-04-13
OpenChain Education Work Group - 2023-04-13
Shane Coughlan33 vues
OpenChain North America and Europe Meeting - 2023-04-04 par Shane Coughlan
OpenChain North America and Europe Meeting - 2023-04-04OpenChain North America and Europe Meeting - 2023-04-04
OpenChain North America and Europe Meeting - 2023-04-04
Shane Coughlan24 vues
OpenChain Webinar #50 - An Overview of SPDX 3.0 par Shane Coughlan
OpenChain Webinar #50 - An Overview of SPDX 3.0OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0
Shane Coughlan391 vues
“State of the Tooling” in Open Source Automation par Shane Coughlan
“State of the Tooling” in Open Source Automation“State of the Tooling” in Open Source Automation
“State of the Tooling” in Open Source Automation
Shane Coughlan44 vues
OpenChain Monthly Meeting - North America / Asia - 2023-03-21 par Shane Coughlan
OpenChain Monthly Meeting - North America / Asia - 2023-03-21OpenChain Monthly Meeting - North America / Asia - 2023-03-21
OpenChain Monthly Meeting - North America / Asia - 2023-03-21
Shane Coughlan72 vues
OpenChain Monthly Meeting 2023-02-21 (North America and Asia) par Shane Coughlan
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
Shane Coughlan62 vues
OpenChain Monthly Meeting North America - Europe - 2023-02-07 par Shane Coughlan
OpenChain Monthly Meeting North America - Europe - 2023-02-07OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07
Shane Coughlan100 vues
OpenChain-Monthly-Meeting-2023-01-17 par Shane Coughlan
OpenChain-Monthly-Meeting-2023-01-17OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17
Shane Coughlan46 vues
OpenChain Monthly Meeting (US / Europe) 2023-01-03 par Shane Coughlan
OpenChain Monthly Meeting (US / Europe) 2023-01-03OpenChain Monthly Meeting (US / Europe) 2023-01-03
OpenChain Monthly Meeting (US / Europe) 2023-01-03
Shane Coughlan76 vues
Open Compliance Summit - Export Control Informal Discussion par Shane Coughlan
Open Compliance Summit - Export Control Informal DiscussionOpen Compliance Summit - Export Control Informal Discussion
Open Compliance Summit - Export Control Informal Discussion
Shane Coughlan45 vues

Dernier

ict act 1.pptx par
ict act 1.pptxict act 1.pptx
ict act 1.pptxsanjaniarun08
13 vues17 diapositives
Programming Field par
Programming FieldProgramming Field
Programming Fieldthehardtechnology
5 vues9 diapositives
DSD-INT 2023 Machine learning in hydraulic engineering - Exploring unseen fut... par
DSD-INT 2023 Machine learning in hydraulic engineering - Exploring unseen fut...DSD-INT 2023 Machine learning in hydraulic engineering - Exploring unseen fut...
DSD-INT 2023 Machine learning in hydraulic engineering - Exploring unseen fut...Deltares
7 vues28 diapositives
Advanced API Mocking Techniques par
Advanced API Mocking TechniquesAdvanced API Mocking Techniques
Advanced API Mocking TechniquesDimpy Adhikary
19 vues11 diapositives
Unleash The Monkeys par
Unleash The MonkeysUnleash The Monkeys
Unleash The MonkeysJacob Duijzer
7 vues28 diapositives
A first look at MariaDB 11.x features and ideas on how to use them par
A first look at MariaDB 11.x features and ideas on how to use themA first look at MariaDB 11.x features and ideas on how to use them
A first look at MariaDB 11.x features and ideas on how to use themFederico Razzoli
45 vues36 diapositives

Dernier(20)

ict act 1.pptx par sanjaniarun08
ict act 1.pptxict act 1.pptx
ict act 1.pptx
sanjaniarun0813 vues
Programming Field par thehardtechnology
Programming FieldProgramming Field
Programming Field
thehardtechnology5 vues
DSD-INT 2023 Machine learning in hydraulic engineering - Exploring unseen fut... par Deltares
DSD-INT 2023 Machine learning in hydraulic engineering - Exploring unseen fut...DSD-INT 2023 Machine learning in hydraulic engineering - Exploring unseen fut...
DSD-INT 2023 Machine learning in hydraulic engineering - Exploring unseen fut...
Deltares7 vues
Advanced API Mocking Techniques par Dimpy Adhikary
Advanced API Mocking TechniquesAdvanced API Mocking Techniques
Advanced API Mocking Techniques
Dimpy Adhikary19 vues
Unleash The Monkeys par Jacob Duijzer
Unleash The MonkeysUnleash The Monkeys
Unleash The Monkeys
Jacob Duijzer7 vues
A first look at MariaDB 11.x features and ideas on how to use them par Federico Razzoli
A first look at MariaDB 11.x features and ideas on how to use themA first look at MariaDB 11.x features and ideas on how to use them
A first look at MariaDB 11.x features and ideas on how to use them
Federico Razzoli45 vues
Software evolution understanding: Automatic extraction of software identifier... par Ra'Fat Al-Msie'deen
Software evolution understanding: Automatic extraction of software identifier...Software evolution understanding: Automatic extraction of software identifier...
Software evolution understanding: Automatic extraction of software identifier...
Ra'Fat Al-Msie'deen7 vues
DSD-INT 2023 Leveraging the results of a 3D hydrodynamic model to improve the... par Deltares
DSD-INT 2023 Leveraging the results of a 3D hydrodynamic model to improve the...DSD-INT 2023 Leveraging the results of a 3D hydrodynamic model to improve the...
DSD-INT 2023 Leveraging the results of a 3D hydrodynamic model to improve the...
Deltares6 vues
DSD-INT 2023 Simulating a falling apron in Delft3D 4 - Engineering Practice -... par Deltares
DSD-INT 2023 Simulating a falling apron in Delft3D 4 - Engineering Practice -...DSD-INT 2023 Simulating a falling apron in Delft3D 4 - Engineering Practice -...
DSD-INT 2023 Simulating a falling apron in Delft3D 4 - Engineering Practice -...
Deltares6 vues
Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI... par Marc Müller
Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI...Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI...
Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI...
Marc Müller37 vues
Gen Apps on Google Cloud PaLM2 and Codey APIs in Action par Márton Kodok
Gen Apps on Google Cloud PaLM2 and Codey APIs in ActionGen Apps on Google Cloud PaLM2 and Codey APIs in Action
Gen Apps on Google Cloud PaLM2 and Codey APIs in Action
Márton Kodok5 vues
MariaDB stored procedures and why they should be improved par Federico Razzoli
MariaDB stored procedures and why they should be improvedMariaDB stored procedures and why they should be improved
MariaDB stored procedures and why they should be improved
Federico Razzoli8 vues
FIMA 2023 Neo4j & FS - Entity Resolution.pptx par Neo4j
FIMA 2023 Neo4j & FS - Entity Resolution.pptxFIMA 2023 Neo4j & FS - Entity Resolution.pptx
FIMA 2023 Neo4j & FS - Entity Resolution.pptx
Neo4j6 vues
HarshithAkkapelli_Presentation.pdf par harshithakkapelli
HarshithAkkapelli_Presentation.pdfHarshithAkkapelli_Presentation.pdf
HarshithAkkapelli_Presentation.pdf
harshithakkapelli11 vues
DSD-INT 2023 The Danube Hazardous Substances Model - Kovacs par Deltares
DSD-INT 2023 The Danube Hazardous Substances Model - KovacsDSD-INT 2023 The Danube Hazardous Substances Model - Kovacs
DSD-INT 2023 The Danube Hazardous Substances Model - Kovacs
Deltares8 vues
Keep par Geniusee
KeepKeep
Keep
Geniusee75 vues
SUGCON ANZ Presentation V2.1 Final.pptx par Jack Spektor
SUGCON ANZ Presentation V2.1 Final.pptxSUGCON ANZ Presentation V2.1 Final.pptx
SUGCON ANZ Presentation V2.1 Final.pptx
Jack Spektor22 vues
AI and Ml presentation .pptx par FayazAli87
AI and Ml presentation .pptxAI and Ml presentation .pptx
AI and Ml presentation .pptx
FayazAli8711 vues
Dapr Unleashed: Accelerating Microservice Development par Miroslav Janeski
Dapr Unleashed: Accelerating Microservice DevelopmentDapr Unleashed: Accelerating Microservice Development
Dapr Unleashed: Accelerating Microservice Development
Miroslav Janeski10 vues
DSD-INT 2023 Simulation of Coastal Hydrodynamics and Water Quality in Hong Ko... par Deltares
DSD-INT 2023 Simulation of Coastal Hydrodynamics and Water Quality in Hong Ko...DSD-INT 2023 Simulation of Coastal Hydrodynamics and Water Quality in Hong Ko...
DSD-INT 2023 Simulation of Coastal Hydrodynamics and Water Quality in Hong Ko...
Deltares14 vues

OpenChain @ Bitkom Forum Open Source 2022

  • 1. The Supply Chain Is Broken. We Can Fix It. Building Trust in Open Source
  • 2. Our Mental Model Of The Supply Chain
  • 4. 67.4% Of managers monitor their supply chain with Excel spreadsheets https://www.zippia.com/advice/supply-chain-statistics/
  • 5. 62% Of additional cost with supply chain disruptions https://www.zippia.com/advice/supply-chain-statistics/
  • 6. 94% Of companies do not have full visibility of their supply chain https://www.zippia.com/advice/supply-chain-statistics/
  • 8. 57% Of companies see supply chain management as a competitive edge https://www.zippia.com/advice/supply-chain-statistics/
  • 9. 70% Of companies see supply chains as a driver for customer service https://www.zippia.com/advice/supply-chain-statistics/
  • 10. 40% Savings available for industrial suppliers via optimization https://www.zippia.com/advice/supply-chain-statistics/
  • 12. As Usual, Open Source Is Not Special
  • 13. 90+% Of codebases using open source https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/
  • 14. 81% Of codebases have security vulnerabilities https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/
  • 15. 53% Of codebases contain license compliance issues https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/
  • 17. The Secret: Good Processes = Good Supply Chain Know what you are doing Know how you are doing it Use records to make it repeatable Make a plan to fix problems
  • 18. We Have An ISO/IEC Standard For Licensing OpenChain ISO/IEC 5230:2020 is the International Standard for open source license compliance ● Defines the key requirements of a quality open source license compliance program ● Super short and simple, allowing companies of any size and in any market to adopt it Free self-certification @ www.openchainproject.org
  • 19. We Have A De-Facto Standard For Security OpenChain Security Assurance Specification 1.0 is the de facto industry standard for open source security compliance ● Defines the key requirements of a quality open source security compliance program ● Super short and simple, allowing companies of any size and in any market to adopt it Learn more @ www.openchainproject.org
  • 20. The OpenChain Security Assurance Specification ETA as ISO/IEC standard in mid-2023
  • 21. We Have An ISO/IEC Standard For SBOM SPDX ISO/IEC 5962:2021 is the International Standard for software bill of materials ● A common format for organizations to share license compliance, security compliance and other data ● SPDX Version 2.3 (the community rolling release) just out, includes some useful updates related to security Learn more @ https://spdx.dev
  • 22. We Have Free Training Courses
  • 23. We Have Communities To Support You
  • 24. Join Mailing Lists And Calls https://www.openchainproject.org/participate
  • 25. Come To Regional Events OpenChain UK Work Group London on October 13th 2022 OSPOlogy.live in Sweden Stockholm on October 19th– 20th 2022 OpenChain Germany Work Group Cologne on November 16th 2022