Standardizing Open Source Risk - LLW - 2023-04

Shane Coughlan
Shane CoughlanOpenChain Program Manager à The Linux Foundation
Standardizing Open Source Risk Business Value Also Comes From Resources Saved
Standards Help You To Obtain Value
Things Are Getting Complex
There Are More Rules And Guidelines ● NTIA Minimum Requirements of Software Bill of Materials (SBOM) ● White House Executive Order – SBOM again ● Cyber Resiliency Act (CRA) in the European Union – Reporting and Compliance Requirements
5.5tn Global Cost of Cyber Crime Source – CRA Explanatory Materials
Our Mental Model Of The Supply Chain
The Actual Supply Chain
67.4% of managers monitor their supply chain with Excel spreadsheets https://www.zippia.com/advice/supply-chain-statistics/
94% of companies do not have full visibility of their supply chain https://www.zippia.com/advice/supply-chain-statistics/
https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report/
Some Examples Of Standards To Manage Risk From the OpenChain Project: ISO/IEC 5230, the International Standard for open source license compliance ISO/IEC DIS 18974, the industry standard for open source security assurance From the SPDX Project: ISO/IEC 5962, the International Standard for open source SBOM
People Are Using Standards Right Now ISO/IEC 5230 OpenChain License Compliance Specification ISO/IEC DIS 18974 OpenChain Security Assurance Specification
Get Some Lovely Standards https://www.openchainproject.org/participate
BTW
1 sur 14

Standardizing Open Source Risk - LLW - 2023-04

Télécharger pour lire hors ligne
Logiciels

Standardizing Open Source Risk - LLW - 2023-04

Shane Coughlan
Shane CoughlanOpenChain Program Manager à The Linux Foundation

Recommandé

OpenChain @ Bitkom Forum Open Source 2022 par
OpenChain @ Bitkom Forum Open Source 2022OpenChain @ Bitkom Forum Open Source 2022
OpenChain @ Bitkom Forum Open Source 2022Shane Coughlan
25 vues27 diapositives
The State of Open Source for Software Alliance Germany 2023-04-14 par
The State of Open Source for Software Alliance Germany 2023-04-14The State of Open Source for Software Alliance Germany 2023-04-14
The State of Open Source for Software Alliance Germany 2023-04-14Shane Coughlan
59 vues26 diapositives
2023-06-classic par
2023-06-classic2023-06-classic
2023-06-classicShane Coughlan
46 vues47 diapositives
2023-06-corporate par
2023-06-corporate2023-06-corporate
2023-06-corporateShane Coughlan
45 vues47 diapositives
2023-06-cute par
2023-06-cute2023-06-cute
2023-06-cuteShane Coughlan
42 vues47 diapositives
OpenChain Overview Slides - 02-2023 par
OpenChain Overview Slides - 02-2023OpenChain Overview Slides - 02-2023
OpenChain Overview Slides - 02-2023Shane Coughlan
183 vues42 diapositives

Contenu connexe

Similaire à Standardizing Open Source Risk - LLW - 2023-04

CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t... par
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...Cohesive Networks
1.2K vues45 diapositives
VMworld 2013: How to make most out of your Hybrid Cloud par
VMworld 2013: How to make most out of your Hybrid Cloud VMworld 2013: How to make most out of your Hybrid Cloud
VMworld 2013: How to make most out of your Hybrid Cloud VMworld
479 vues50 diapositives
Software Composition Analysis: The New Armor for Your Cybersecurity par
Software Composition Analysis: The New Armor for Your CybersecuritySoftware Composition Analysis: The New Armor for Your Cybersecurity
Software Composition Analysis: The New Armor for Your CybersecurityAggregage
11 vues16 diapositives
OpenChain Japan Work Group Meeting #28 - 2023-07-11 par
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11Shane Coughlan
50 vues32 diapositives
SOC for Cybersecurity Overview par
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity OverviewBrian Matteson, CISSP CISA
480 vues28 diapositives
Standards in Third Party Risk - DVV Solutions ISACA North May 19 par
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 DVV Solutions Third Party Risk Management
327 vues29 diapositives

Similaire à Standardizing Open Source Risk - LLW - 2023-04(20)

CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t... par Cohesive Networks
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...
Cohesive Networks1.2K vues
VMworld 2013: How to make most out of your Hybrid Cloud par VMworld
VMworld 2013: How to make most out of your Hybrid Cloud VMworld 2013: How to make most out of your Hybrid Cloud
VMworld 2013: How to make most out of your Hybrid Cloud
VMworld479 vues
Software Composition Analysis: The New Armor for Your Cybersecurity par Aggregage
Software Composition Analysis: The New Armor for Your CybersecuritySoftware Composition Analysis: The New Armor for Your Cybersecurity
Software Composition Analysis: The New Armor for Your Cybersecurity
Aggregage11 vues
OpenChain Japan Work Group Meeting #28 - 2023-07-11 par Shane Coughlan
OpenChain Japan Work Group Meeting #28 - 2023-07-11OpenChain Japan Work Group Meeting #28 - 2023-07-11
OpenChain Japan Work Group Meeting #28 - 2023-07-11
Shane Coughlan50 vues
SOC for Cybersecurity Overview par Brian Matteson, CISSP CISA
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity Overview
Brian Matteson, CISSP CISA480 vues
Standards in Third Party Risk - DVV Solutions ISACA North May 19 par DVV Solutions Third Party Risk Management
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
DVV Solutions Third Party Risk Management327 vues
Bfc csp alliance7.2_presentation_2017 par SWIFT
Bfc csp alliance7.2_presentation_2017Bfc csp alliance7.2_presentation_2017
Bfc csp alliance7.2_presentation_2017
SWIFT1.1K vues
Cybersecurity Frameworks for DMZCON23 230905.pdf par Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001673 vues
S nandakumar par IPPAI
S nandakumarS nandakumar
S nandakumar
IPPAI208 vues
S nandakumar_banglore par IPPAI
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
IPPAI813 vues
Building Your Information Security Program: Frameworks & Metrics par Rob Arnold
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & Metrics
Rob Arnold667 vues
Automating security hardening par Ugljesa Novak, CISSP
Automating security hardeningAutomating security hardening
Automating security hardening
Ugljesa Novak, CISSP288 vues
Standards for protection of data on storage device are emerging from both the... par CMG - The Digital Transformation Association
Standards for protection of data on storage device are emerging from both the...Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...
CMG - The Digital Transformation Association306 vues
Ariel Litvin - CCSK par CSAIsrael
Ariel Litvin - CCSKAriel Litvin - CCSK
Ariel Litvin - CCSK
CSAIsrael843 vues
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf par awish11
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
awish11245 vues
Facility Environmental Audit Guidelines par amburyj3c9
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
amburyj3c921 vues
Metholodogies and Security Standards par Conferencias FIST
Metholodogies and Security StandardsMetholodogies and Security Standards
Metholodogies and Security Standards
Conferencias FIST436 vues
Enterprise Spice Scope par espice
Enterprise Spice ScopeEnterprise Spice Scope
Enterprise Spice Scope
espice389 vues
Euro cacs2019 169 par Nigel King
Euro cacs2019 169Euro cacs2019 169
Euro cacs2019 169
Nigel King13 vues
OpenChain Monthly Meeting 2023-02-21 (North America and Asia) par Shane Coughlan
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
Shane Coughlan62 vues

Plus de Shane Coughlan

FOSSLight Community Day 2023-11-30 par
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30Shane Coughlan
5 vues18 diapositives
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx par
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxShane Coughlan
46 vues15 diapositives
OpenChain Legal Work Group - 2023-06-29 par
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29Shane Coughlan
134 vues7 diapositives
OpenChain Webinar #53 – OpenSCA par
OpenChain Webinar #53 – OpenSCAOpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCAShane Coughlan
124 vues19 diapositives
OpenChain Korea Work Group Meeting #18 par
OpenChain Korea Work Group Meeting #18OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18Shane Coughlan
86 vues17 diapositives
legal-work-group-2023-05-25 par
legal-work-group-2023-05-25legal-work-group-2023-05-25
legal-work-group-2023-05-25Shane Coughlan
50 vues7 diapositives

Plus de Shane Coughlan(20)

FOSSLight Community Day 2023-11-30 par Shane Coughlan
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
Shane Coughlan5 vues
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx par Shane Coughlan
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptxFrom One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
From One Standard to a Family - Taiwan Work Group - 2023-08-15.pptx
Shane Coughlan46 vues
OpenChain Legal Work Group - 2023-06-29 par Shane Coughlan
OpenChain Legal Work Group - 2023-06-29OpenChain Legal Work Group - 2023-06-29
OpenChain Legal Work Group - 2023-06-29
Shane Coughlan134 vues
OpenChain Webinar #53 – OpenSCA par Shane Coughlan
OpenChain Webinar #53 – OpenSCAOpenChain Webinar #53 – OpenSCA
OpenChain Webinar #53 – OpenSCA
Shane Coughlan124 vues
OpenChain Korea Work Group Meeting #18 par Shane Coughlan
OpenChain Korea Work Group Meeting #18OpenChain Korea Work Group Meeting #18
OpenChain Korea Work Group Meeting #18
Shane Coughlan86 vues
legal-work-group-2023-05-25 par Shane Coughlan
legal-work-group-2023-05-25legal-work-group-2023-05-25
legal-work-group-2023-05-25
Shane Coughlan50 vues
OpenChain Japan Work Group - Meeting 27 par Shane Coughlan
OpenChain Japan Work Group - Meeting 27OpenChain Japan Work Group - Meeting 27
OpenChain Japan Work Group - Meeting 27
Shane Coughlan109 vues
FOSSLight at the OpenChain Mini-Summit May 2023 par Shane Coughlan
FOSSLight at the OpenChain Mini-Summit May 2023FOSSLight at the OpenChain Mini-Summit May 2023
FOSSLight at the OpenChain Mini-Summit May 2023
Shane Coughlan232 vues
OpenChain Mini-Summit 2023 - State of Tooling in Open Source Automation par Shane Coughlan
OpenChain Mini-Summit 2023 - State of Tooling in Open Source AutomationOpenChain Mini-Summit 2023 - State of Tooling in Open Source Automation
OpenChain Mini-Summit 2023 - State of Tooling in Open Source Automation
Shane Coughlan245 vues
OpenChain Mini-Summit May 2023 par Shane Coughlan
OpenChain Mini-Summit May 2023OpenChain Mini-Summit May 2023
OpenChain Mini-Summit May 2023
Shane Coughlan252 vues
How the Linux Foundation Standards for Compliance and Security will Fix Your ... par Shane Coughlan
How the Linux Foundation Standards for Compliance and Security will Fix Your ...How the Linux Foundation Standards for Compliance and Security will Fix Your ...
How the Linux Foundation Standards for Compliance and Security will Fix Your ...
Shane Coughlan51 vues
OpenChain Education Work Group - 2023-04-13 par Shane Coughlan
OpenChain Education Work Group - 2023-04-13OpenChain Education Work Group - 2023-04-13
OpenChain Education Work Group - 2023-04-13
Shane Coughlan33 vues
OpenChain North America and Europe Meeting - 2023-04-04 par Shane Coughlan
OpenChain North America and Europe Meeting - 2023-04-04OpenChain North America and Europe Meeting - 2023-04-04
OpenChain North America and Europe Meeting - 2023-04-04
Shane Coughlan24 vues
OpenChain Webinar #50 - An Overview of SPDX 3.0 par Shane Coughlan
OpenChain Webinar #50 - An Overview of SPDX 3.0OpenChain Webinar #50 - An Overview of SPDX 3.0
OpenChain Webinar #50 - An Overview of SPDX 3.0
Shane Coughlan391 vues
“State of the Tooling” in Open Source Automation par Shane Coughlan
“State of the Tooling” in Open Source Automation“State of the Tooling” in Open Source Automation
“State of the Tooling” in Open Source Automation
Shane Coughlan44 vues
OpenChain Monthly Meeting - North America / Asia - 2023-03-21 par Shane Coughlan
OpenChain Monthly Meeting - North America / Asia - 2023-03-21OpenChain Monthly Meeting - North America / Asia - 2023-03-21
OpenChain Monthly Meeting - North America / Asia - 2023-03-21
Shane Coughlan72 vues
OpenChain Monthly Meeting North America - Europe - 2023-02-07 par Shane Coughlan
OpenChain Monthly Meeting North America - Europe - 2023-02-07OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07
Shane Coughlan100 vues
OpenChain-Monthly-Meeting-2023-01-17 par Shane Coughlan
OpenChain-Monthly-Meeting-2023-01-17OpenChain-Monthly-Meeting-2023-01-17
OpenChain-Monthly-Meeting-2023-01-17
Shane Coughlan46 vues
OpenChain Monthly Meeting (US / Europe) 2023-01-03 par Shane Coughlan
OpenChain Monthly Meeting (US / Europe) 2023-01-03OpenChain Monthly Meeting (US / Europe) 2023-01-03
OpenChain Monthly Meeting (US / Europe) 2023-01-03
Shane Coughlan76 vues
Open Compliance Summit - Export Control Informal Discussion par Shane Coughlan
Open Compliance Summit - Export Control Informal DiscussionOpen Compliance Summit - Export Control Informal Discussion
Open Compliance Summit - Export Control Informal Discussion
Shane Coughlan45 vues

Dernier

Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI... par
Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI...Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI...
Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI...Marc Müller
42 vues83 diapositives
Unleash The Monkeys par
Unleash The MonkeysUnleash The Monkeys
Unleash The MonkeysJacob Duijzer
8 vues28 diapositives
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated... par
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...TomHalpin9
6 vues29 diapositives
Generic or specific? Making sensible software design decisions par
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsBert Jan Schrijver
6 vues60 diapositives
AI and Ml presentation .pptx par
AI and Ml presentation .pptxAI and Ml presentation .pptx
AI and Ml presentation .pptxFayazAli87
12 vues15 diapositives
Unlocking the Power of AI in Product Management - A Comprehensive Guide for P... par
Unlocking the Power of AI in Product Management - A Comprehensive Guide for P...Unlocking the Power of AI in Product Management - A Comprehensive Guide for P...
Unlocking the Power of AI in Product Management - A Comprehensive Guide for P...NimaTorabi2
15 vues17 diapositives

Dernier(20)

Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI... par Marc Müller
Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI...Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI...
Dev-Cloud Conference 2023 - Continuous Deployment Showdown: Traditionelles CI...
Marc Müller42 vues
Unleash The Monkeys par Jacob Duijzer
Unleash The MonkeysUnleash The Monkeys
Unleash The Monkeys
Jacob Duijzer8 vues
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated... par TomHalpin9
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...
TomHalpin96 vues
Generic or specific? Making sensible software design decisions par Bert Jan Schrijver
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
Bert Jan Schrijver6 vues
AI and Ml presentation .pptx par FayazAli87
AI and Ml presentation .pptxAI and Ml presentation .pptx
AI and Ml presentation .pptx
FayazAli8712 vues
Unlocking the Power of AI in Product Management - A Comprehensive Guide for P... par NimaTorabi2
Unlocking the Power of AI in Product Management - A Comprehensive Guide for P...Unlocking the Power of AI in Product Management - A Comprehensive Guide for P...
Unlocking the Power of AI in Product Management - A Comprehensive Guide for P...
NimaTorabi215 vues
Ports-and-Adapters Architecture for Embedded HMI par Burkhard Stubert
Ports-and-Adapters Architecture for Embedded HMIPorts-and-Adapters Architecture for Embedded HMI
Ports-and-Adapters Architecture for Embedded HMI
Burkhard Stubert21 vues
WebAssembly par Jens Siebert
WebAssemblyWebAssembly
WebAssembly
Jens Siebert52 vues
Dapr Unleashed: Accelerating Microservice Development par Miroslav Janeski
Dapr Unleashed: Accelerating Microservice DevelopmentDapr Unleashed: Accelerating Microservice Development
Dapr Unleashed: Accelerating Microservice Development
Miroslav Janeski12 vues
Advanced API Mocking Techniques par Dimpy Adhikary
Advanced API Mocking TechniquesAdvanced API Mocking Techniques
Advanced API Mocking Techniques
Dimpy Adhikary23 vues
Quality Engineer: A Day in the Life par John Valentino
Quality Engineer: A Day in the LifeQuality Engineer: A Day in the Life
Quality Engineer: A Day in the Life
John Valentino6 vues
Navigating container technology for enhanced security by Niklas Saari par Metosin Oy
Navigating container technology for enhanced security by Niklas SaariNavigating container technology for enhanced security by Niklas Saari
Navigating container technology for enhanced security by Niklas Saari
Metosin Oy14 vues
Short_Story_PPT.pdf par utkarshsatishkumarsh
Short_Story_PPT.pdfShort_Story_PPT.pdf
Short_Story_PPT.pdf
utkarshsatishkumarsh6 vues
JioEngage_Presentation.pptx par admin125455
JioEngage_Presentation.pptxJioEngage_Presentation.pptx
JioEngage_Presentation.pptx
admin1254556 vues
Software evolution understanding: Automatic extraction of software identifier... par Ra'Fat Al-Msie'deen
Software evolution understanding: Automatic extraction of software identifier...Software evolution understanding: Automatic extraction of software identifier...
Software evolution understanding: Automatic extraction of software identifier...
Ra'Fat Al-Msie'deen10 vues
SAP FOR TYRE INDUSTRY.pdf par Virendra Rai, PMP
SAP FOR TYRE INDUSTRY.pdfSAP FOR TYRE INDUSTRY.pdf
SAP FOR TYRE INDUSTRY.pdf
Virendra Rai, PMP27 vues
ShortStory_qlora.pptx par pranathikrishna22
ShortStory_qlora.pptxShortStory_qlora.pptx
ShortStory_qlora.pptx
pranathikrishna225 vues
2023-November-Schneider Electric-Meetup-BCN Admin Group.pptx par animuscrm
2023-November-Schneider Electric-Meetup-BCN Admin Group.pptx2023-November-Schneider Electric-Meetup-BCN Admin Group.pptx
2023-November-Schneider Electric-Meetup-BCN Admin Group.pptx
animuscrm15 vues
predicting-m3-devopsconMunich-2023.pptx par Tier1 app
predicting-m3-devopsconMunich-2023.pptxpredicting-m3-devopsconMunich-2023.pptx
predicting-m3-devopsconMunich-2023.pptx
Tier1 app7 vues
Programming Field par thehardtechnology
Programming FieldProgramming Field
Programming Field
thehardtechnology5 vues

Standardizing Open Source Risk - LLW - 2023-04