This OpenChain Webinar digs into open source tooling with open data for open source compliance.
Full Overview From The Presenters
Ensuring software license and security compliance can be difficult. Managing open source components – especially their licensing, provenance, and vulnerability risk – is a critical part of Software Composition Analysis (SCA), which is now a prerequisite for modern organizations to comply with mandated SBOMs and other regulations.
Expensive, proprietary SCA solutions rely on proprietary data that can be outdated or just wrong. To make using open source easier for everyone, we need FOSS tools and open data for FOSS SCA. Philippe Ombredanne will explain how using 100% open source software and open data, the AboutCode stack offers a new approach for the practical management of open source software for licensing and vulnerability risks for organizations of all sizes.
Philippe will share how modular open source projects like ScanCode, VulnerableCode, and DejaCode fit together to identify components and their license, provenance, and known vulnerabilities, and aggregate this and SBOM data across products, teams, and organizations to address security, legal, and regulatory requirements for software license and security compliance in an integrated solution.
Philippe will also discuss exciting updates on new open source projects for better software supply chain integrity and security like CRAVEX, which delivers modern open source tools for developers to manage, triage, rate, review, and determine exploitability of package vulnerabilities in a package-centric world.
Get The Slides
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
This webinar is a special briefing lead by Ciarán O’Riordan, Senior Policy Advisor at OpenForum Europe (OFE), on European policy matters that impact open source, business processes and risk management. OFE is a not-for-profit, Brussels-based independent think tank which explains the merits of openness in computing to policy makers and communities across Europe. Originally launched in 2002 to accelerate and broaden the use of Open Source Software (OSS) among businesses, consumers and governments, OFE’s focus has since evolved to also cover issues related to Open standards, Cybersecurity, Digital Government, Public Procurement, Intellectual Property, Cloud Computing and Internet Policy.
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
This webinar by Hilary Carter, SVP Research at The Linux Foundation, unpacked LF Management & Best Practices, the digital home where communities of “best practice” converge. Here, you’ll be able to find the standards, reference material, courses, live events and webinars, research, project communities, and the automation tools to help you start your project or organization’s open source journey, and to keep it on track!
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
This time we had a special Webinar from Julian at SCANOSS to show us how they have collected and built solutions around managing open source and export control.
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
For the second year in row, we welcome Philippe Ombredanne to recap the FOSDEM event for us. This is a great way to catch-up on one of the best events in the world discussing open source development, management and (most importantly for us) legal, licensing and automation.
Gary O’Neall of Source Auditor talked about how the new SPDX Services Profile proposal structures information. This profile is likely to have an important on business process management, as it covers topics far beyond open source compliance, with one example being fields for topics like Export Control. Gary’s deep background as a core contributor to the SPDX Project allowed him to contextualize this discussion from a historical perspective.
Stefano Maffulli, Executive Director at the Open Source Initiative, joined us to explain what is happening around the Open Source Definition, AI and more.
Maximizing the Opportunity While Managing the Risks
Generative AI (GAI) provides powerful opportunities for innovation and productivity across all organizational functions – from composing emails and crafting press releases to retouching and refining images and video, all this in seconds. GAI tools can even be used to write, test and improve computer code! This comes with risks that need to be managed within your organization, in order to realize the competitive advantage these GAI tools can provide.
In this webinar, Anthony Decicco and Wael Nackasha, attorneys at GTC Law Group:
Provide an introduction to GAI and its use to generate software code, text, and images
Explain how machines learn, including training data and the resulting models
Cover how developers are using GAI tools (such as GitHub Copilot and ChatGPT) to write and augment source code, with a focus on:
Tony is a member in GTC’s IP Strategy, Mergers & Acquisitions, and Business & Technology Transactions groups. He focuses on mergers and acquisitions, strategic development of patent portfolios, valuing and commercializing intellectual property assets, and licensing and other technology-related transactions. In addition, Tony founded and oversees the firm’s Open Source Compliance and Due Diligence practice and has extensive experience advising clients regarding the use of open source software. He has reviewed the results of literally thousands of code scans.
Tony is also the Co-Lead of GTC’s Artificial Intelligence practice and has counseled clients regarding traditional AI/ML (i.e. algorithmic/rules-based) for many years and has more recently focused on generative AI. He specializes in data set licensing and strategies for acquiring and collecting data, developing patent portfolios focused on AI inventions and applications of AI technologies, developing AI-related contract terms, risk assessment and mitigation, and related policies and guidelines, in respect of using AI to generate and test software code and the intersections between open source software and AI. Tony is the co-chair of the AI & Cloud Computing sector of the Licensing Executives Society.
Tony’s clients range from individual inventors to Fortune 100 companies. Given his extensive experience on both the buy and sell sides of mergers and acquisitions, patent purchases/sales and IP/technology licensing transactions, he is a trusted advisor to clients on all sides of the table. For acquirers, a key strength is his ability to leverage this experience to quickly identify and assess IP-related risks. On the sell side, this experience translates to grooming clients and positioning IP assets to maximize value and minimize issues during rigorous due diligence.
Prior to joining GTC, Tony was a member of the IP & Technology, Internet & E-Commerce and M&A practice groups at Skadden, Arps, Slate, Meagher & Flom. He has research and professional experience in a diverse range of fields, including patent valuation, law and economics, molecular evolution, apoptosis, and lipid biochemistry. Tony holds an Honors B.Sc. in Biochemistry from McMaster University, an M.A. in Economics and a J.D., both from the University of Toronto, where he was a law review editor. He is admitted to practice in Massachusetts, New York, Ontario, and before the United States Patent and Trademark Office (with Limited Recognition).
Wael Louis Nackasha
Wael focuses on M&A due diligence and technology-related transactional matters. Wael specializes in open source software licenses, commercial licenses, strategic and commercially-sensitive NDAs, and IP strategy advice. Wael also has deep technical knowledge in machine learning. Before joining GTC, Wael was an Associate at Ridout and Maybee LLP where he drafted and prosecuted patents for various technologies, including electrical, machine learning, blockchain, telecommunication, and computer-related technology, before both the USPTO and CIPO.
Before becoming a technology attorney, Wael was a research scientist and software programmer for several years. He published scientific papers in conferences and journals in machine learning, biometrics, computer vision, signal and image processing, and statistical signal processing. Wael holds a J.D. from Osgoode Hall Law School, and a Ph.D. in Electrical and Computer Engineering from the University of Toronto with a dissertation focused on artificial intelligence.
This OpenChain Webinar features an overview of GPLv2 licensing fragmentation based on research initiated by Philippe Ombredanne of NexB and continued by Armijn Hemel of Tjaldur Software Governance Solutions. The key takeaway is that a significant number of variations exist (40 “vanilla” copies from the FSF or GNU website, 12 with the Linux kernel linking exception in the Linux kernel), but the impact of these variations is nuanced. The requirements do not change but the variability may throw errors for automation and review. Process awareness is required.
This OpenChain webinar was released as a recording adjacent to the Open Compliance Summit keynotes here in Yokohama, Japan. This time we are having ‘A WebAssembly Fireside Chat with Armijn Hemel,’ unpacking work being done around WebAssembly, compliance and the questions lawyers can usefully ask.
Get the full report Armijn prepared for Linux Foundation here:
