Webinar – How we are doing compliance at CARIAD with ORT
This webinar covered how the team in VW Group are doing compliance at CARIAD with ORT. Helio Chissini de Castro lead the discussion, and we had some interesting Q&A. This is an outcome webinar from the OpenChain and Friends event in Stuttgart, Germany during April 2025. This event saw speakers…
Webinar – Project OCCTET.eu – The Why, What and How
This webinar covered an interesting new EU-funded project that brings together various open source tooling for open source security and compliance like Open Source Review Toolkit (ORT) and AboutCode, and other experts in the domain of open source compliance, security and automation. It featured Andreas Kotulla (Bitsea) and Martin von…
Webinar – AboutCode – Practical Compliance in One Stack – Licensing, Vulnerabilities, and More
Our speaker was a good friend of the OpenChain Project, and the founder of AboutCode, Philippe Ombredanne. Our focus was on recent advances in the open source and open data AboutCode stack for licensing and security compliance. This is an outcome webinar from the OpenChain and Friends event in Stuttgart,…
Webinar – First Steps With ORT – An EEF Experience
What We Covered: The OSS Review Toolkit (ORT) is a FOSS policy automation and orchestration toolkit that you can use to manage your (open source) software dependencies in a strategic, safe and efficient manner. This webinar digs into how the Erlang Ecosystem Foundation (EFF) makes use of this tool to…
Webinar: Practical Compliance in One Stack – Licensing, Vulnerabilities, and More
https://youtu.be/MrcfFWcIy6c What We Covered: The Cyber Resiliency Act (CRA) is coming and this European regulation will impact software development worldwide. Organizations (and projects) of all sizes need efficient compliance processes to correctly identify software components and strengthen cybersecurity efforts. The AboutCode stack of 100% open source tools and open data…
Webinar: DeviceCode – A Crowdsourced Device Data Parser
When walking into a shop, there’s a lot of choice for electronic devices like WiFi routers, IP cameras, and more. Many devices are identical, or nearly so, as they come from the same manufacturer or use the same chip and code from the chipset manufacturer. CVEs, however, often focus on…
Webinar: CHAOSS Practitioner Guides for Healthy & Sustainable OSS Projects
We had an insightful session with Dawn Foster on sustaining OSS projects and communities over the long-term. The CHAOSS project has been creating a series of MIT-licensed Practitioner Guides focused on improving the sustainability of our software and communities. The guides are designed to make it easier for people to…
Webinar: Enabling SBOMs Across The Linux Foundation
We have been doing source level license scans for Linux Foundation (LF) projects for a long time including generating SPDX formatted files, but what about SBOMs that can meet (and exceed) the government minimum specification? Here at the LF, we are now leveraging our existing scanning capabilities to generate SBOMs…
Webinar: SBOM Visualization – An Alternative Approach to Reviewing SBOMs
When we think about Software Build of Materials, we are looking at what might be a multi-dimensional space consisting of hierarchy, linking, modification, export restrictions, security vulnerabilities, distribution type, versions, etc. Care must be taken when setting up the SBOMs to both list the components used and to show how…
OpenChain Webinar: AboutCode and Beyond – End-to-End SCA
This OpenChain Webinar digs into open source tooling with open data for open source compliance. https://youtu.be/2vNKUK5ZNMw Full Overview From The Presenters Ensuring software license and security compliance can be difficult. Managing open source components - especially their licensing, provenance, and vulnerability risk - is a critical part of Software Composition…
