Skip to main content
Category

Webinar

OpenChain Webinar: DeviceCode – A Crowdsourced Device Data Parser

By automation, News, security, Webinar

When walking into a shop, there’s a lot of choice for electronic devices like WiFi routers, IP cameras, and more. Many devices are identical, or nearly so, as they come from the same manufacturer or use the same chip and code from the chipset manufacturer.

CVEs, however, often focus on individual devices rather than classes of similar devices, leaving many vulnerable ones unreported. For example, CVE-2006-2560 and CVE-2006-2561 describe the same vulnerability on devices from different vendors—likely from the same ODM. Many more devices with the same vulnerabilities are overlooked, possibly giving a false sense that only the listed devices are at risk.

Information about device hardware, such as the ODM or chipset used, isn’t easily accessible, as companies rarely disclose this. Fortunately, a wealth of data has been crowd-sourced globally via various wikis. However, this information is hard to reuse outside those specific platforms.

This is where DeviceCode comes in: it unlocks and cleans data from various wikis (as not all users input data correctly or consistently) and integrates it with other sources. This makes it possible to query by chipset, manufacturer, ODM, and even installed software. It helps answer questions like, “Which other devices are similar to a known vulnerable device?” enabling security researchers to identify additional vulnerable devices.

Watch The Webinar

About Our Speaker

Armijn Hemel, MSc, is the owner of Tjaldur Software Governance Solutions, a consultancy specializing in open-source license compliance engineering and provenance research.

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2024-12-19.

Webinar: CHAOSS Practitioner Guides for Healthy & Sustainable OSS Projects

By automation, community, legal, licensing, News, security, Webinar

We had an insightful session with Dawn Foster on sustaining OSS projects and communities over the long-term. The CHAOSS project has been creating a series of MIT-licensed Practitioner Guides focused on improving the sustainability of our software and communities. The guides are designed to make it easier for people to draw meaningful and actionable insights using community metrics, even when those people do not necessarily have a deep background in data analysis or much experience working within OSS communities.

This talk identified several categories of metrics from the Practitioner Guide Series, including responsiveness, contributor sustainability, organizational participation, and security. It covered not just how to interpret the metrics, but also on providing ideas for improving in areas identified using the metrics. The audience walks away with a better understanding of how to use metrics to proactively improve the long-term sustainability of their OSS projects and communities.

Watch The Recording

About Our Speaker

Dawn leads the data science initiative for the CHAOSS project where she is also a Governing Board member / maintainer. Dawn is an OpenUK board member and co-chair of the CNCF Contributor Strategy Technical Advisory Group.

Dawn has 20+ years of experience working in open source positions at companies like VMware, Intel and Puppet with expertise in managing people, open source strategy, building new communities, and managing existing communities with a particular emphasis on developer and open source communities. She has held a wide range of roles over the years, including UNIX system administrator, researcher, consultant, strategist, director / manager, and more.

Dawn holds a PhD from the University of Greenwich, an MBA from Ashland University, and a BS in Computer Science from Kent State University. Dawn blogs about online communities as the author of the Fast Wonder Blog, and she’s blogged for The New Stack, Linux.com, GigaOM’s WebWorkerDaily, and in various other places.

She has done over a hundred talks at industry events, including many Linux Foundation events, KubeCon, OSCON, SXSW, FOSDEM and more. In her spare time she enjoys reading science fiction, running, and traveling.

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2024-12-05.

Webinar: Enabling SBOMs Across The Linux Foundation

By automation, legal, licensing, News, standards, Webinar

We have been doing source level license scans for Linux Foundation (LF) projects for a long time including generating SPDX formatted files, but what about SBOMs that can meet (and exceed) the government minimum specification? Here at the LF, we are now leveraging our existing scanning capabilities to generate SBOMs for these same critical open source projects.

In the LF spirit, we are using existing open source tools to scan project dependencies to produce an SBOM that meets the minimum spec. We are also producing dependency level license data to complement our source level scans. In the near future we will be combining these to produce a grand unified SBOM that will meet a newly defined LF minimum specification for SBOMs.

We will talk about our process to generate these SBOMs, the challenges we faced, our future plans, and share more about how you can make use of these for the projects you care about most.

Watch The Recording

About Our Speakers

Gary O’Neall

Gary is a contributor to the Software Package Data Exchange® (SPDX™) – an open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. Gary has contributed several open source tools. Gary O’Neall is responsible for product development and technology for Source Auditor Inc., a software and service company helping software companies manage the technical and legal risks of open-source software.

Jeff Shapiro

Jeff Shapiro is the Director of License Scanning for The Linux Foundation. He has over 30 years of experience in the software industry, including 10 years in software auditing, open source scanning, and training developers in OSS license compliance.

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2024-12-04.

Webinar: SBOM Visualization – An Alternative Approach to Reviewing SBOMs

By automation, legal, licensing, News, Webinar

When we think about Software Build of Materials, we are looking at what might be a multi-dimensional space consisting of hierarchy, linking, modification, export restrictions, security vulnerabilities, distribution type, versions, etc. Care must be taken when setting up the SBOMs to both list the components used and to show how they are incorporated into your products. This webinar discusses how a visualization of such meta-information was implemented to display the relationships and potential risks in a quick and in easy-to-understand way. It was part of a research project funded by the Federal Ministry for Economic Affairs and Climate Protection (BMWi) and with the Bonn-Rhein-Sieg University of Applied Sciences and Bitsea.

Watch The Recording

About Our Speaker

Dr. Andreas Kotulla is the Founder & CEO of Bitsea GmbH. He is specialized in auditing software systems and identifying hidden risks for companies. We support the technical due diligence and advise operators of critical infrastructure (KRITIS). He advises customers on Open-Source-Strategy, Open-Source-Governance, Open-Source-Processes, toolchains and offers an Open-Source-Program-Office (OSPO) and scanning as a managed service.

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2024-10-23.

Webinar: The Role of Data in the Supply Chain of AI

By ai, legal, licensing, News, Webinar

To help you navigate the complexities of AI, data and the supply chain, Nick Schifano CEO and founder of FastCatalog.ai discussed the intersection of AI innovation and legal frameworks. With years of experience in IP law, standards, and AI/ML legal frameworks, Nick guided us through key considerations for managing the AI supply chain—focusing on how companies can prepare for and comply with new regulatory requirements.

Webinar Highlights:
✔️ Insights into the hidden risks behind model lineage and training data in open-source AI models
✔️ Scenarios where data transparency becomes crucial for AI systems
✔️ Operational strategies to better manage AI and data supply chains
✔️ Preparing for the upcoming EU AI Act and its implications for companies

Watch the Webinar

Review the Slides

About the Speaker:

Nick Schifano is a leading expert in AI and legal frameworks. Before founding FastCatalog.ai, a company dedicated to revolutionizing AI supply chain management, Nick served as Assistant General Counsel at Microsoft, where he led groundbreaking initiatives in open innovation and AI/ML legal practices. With a technical foundation in software engineering and IT consulting, Nick brings a holistic view of both the technical and legal aspects of AI development.

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

https://www.openchainproject.org/webinars

This OpenChain Webinar was broadcast on 2024-10-10.

Webinar: AI – The Current Legal Landscape

By ai, Featured, legal, News, Webinar

This OpenChain webinar focused on the current legal landscape of AI, covering four main topics: (1) open source and AI, (2) current litigation around AI, (3) an overview of current and forthcoming laws and regulations pertaining to AI, and (4) privacy and data protection and AI, including a case study on scraping biometric data for a facial recognition AI system.  It is recommended for all legal, business executive and project management personnel with a remit to engage with open source and/or AI projects and products.

Watch the Webinar

Review the Slides

Learn More About Our Speakers

Anthony Decicco

Tony is a member in GTC’s IP Strategy, Mergers & Acquisitions, and Business & Technology Transactions groups. He focuses on mergers and acquisitions, strategic development of patent portfolios, valuing and commercializing intellectual property assets, and licensing and other technology-related transactions. In addition, Tony founded and oversees the firm’s Open Source Compliance and Due Diligence practice and has extensive experience advising clients regarding the use of open source software. He has reviewed the results of literally thousands of code scans.

Tony is also the Co-Lead of GTC’s Artificial Intelligence practice and has counseled clients regarding traditional AI/ML (i.e. algorithmic/rules-based) for many years and has more recently focused on generative AI. He specializes in data set licensing and strategies for acquiring and collecting data, developing patent portfolios focused on AI inventions and applications of AI technologies, developing AI-related contract terms, risk assessment and mitigation, and related policies and guidelines, in respect of using AI to generate and test software code and the intersections between open source software and AI.  Tony is the co-chair of the AI & Cloud Computing sector of the Licensing Executives Society.

Tony’s clients range from individual inventors to Fortune 100 companies. Given his extensive experience on both the buy and sell sides of mergers and acquisitions, patent purchases/sales and IP/technology licensing transactions, he is a trusted advisor to clients on all sides of the table. For acquirers, a key strength is his ability to leverage this experience to quickly identify and assess IP-related risks. On the sell side, this experience translates to grooming clients and positioning IP assets to maximize value and minimize issues during rigorous due diligence.

Prior to joining GTC, Tony was a member of the IP & Technology, Internet & E-Commerce and M&A practice groups at Skadden, Arps, Slate, Meagher & Flom. He has research and professional experience in a diverse range of fields, including patent valuation, law and economics, molecular evolution, apoptosis, and lipid biochemistry. Tony holds an Honors B.Sc. in Biochemistry from McMaster University, an M.A. in Economics and a J.D., both from the University of Toronto, where he was a law review editor. He is admitted to practice in Massachusetts, New York, Ontario, and before the United States Patent and Trademark Office (with Limited Recognition).

Shea Leitch

Shea Leitch is a member of GTC’s growing Data Privacy group with over 10 years at the forefront of privacy and data protection law. Shea has served as a trusted advisor to multinational companies in an array of industries who rely on her to provide timely, strategic and practical advice as they build and adapt their global privacy and security programs.

Shea provides strategic guidance to clients regarding a wide array of data protection concerns from the ground-up development of enterprise-wide privacy and security compliance programs and cybersecurity assessments, to targeted guidance on discrete privacy and security issues. With CIPP/US and CIPP/E certifications from the International Association of Privacy Professionals, Shea provides tailored guidance on privacy and cybersecurity issues, including regulatory compliance and risk management, security assessments and remediation, security incident preparation and response, and enforcement matters.

Shea also provides targeted guidance on privacy compliance for clients using emerging technologies, including biometrics, artificial intelligence and AdTech. As a strategic advisor, Shea helps clients bring products to market by identifying practical solutions that facilitate business growth and innovation, while mitigating legal and regulatory risk.

Prior to joining GTC, Shea was Counsel at Squire Patton Boggs, LLP. She holds a B.A. in Political Science and Government from The Ohio State University, and a J.D. from The Ohio State University Moritz College of Law.

Stanislav Zakharenko

Stas Zakharenko practices in GTC’s thriving Technology Transactions and Artificial Intelligence groups and has over 18 years of experience at the forefront of intellectual property, technology and digital media law, including as the General Counsel of Audible, Senior Counsel at Amazon and Director of Product and Tech Legal at Netflix. Stas brings a rare blend of deep legal expertise, demonstrated business experience and executive-level leadership to his clients. Stas’ experience spans providing product development legal counseling, negotiating complex technology and content agreements as well as providing strategic legal and business leadership to clients ranging from startups through Fortune 50 companies.

In his most recent role as the Director of Product and Tech Legal at Netflix, Stas advised engineers and data scientists in navigating the rapidly evolving machine learning landscape and growing artificial intelligence wave. Stas’ demonstrated record of deeply understanding the technical intricacies of emerging technologies, in combination with his legal expertise, allows him to deliver practical, forward-looking legal solutions that support and drive innovation.

In addition to holding a J.D. from Boston University, Stas holds a B.A. in Music from Stony Brook University and is an avid musician in community jazz and classical groups.

Wael Nackasha

Wael Louis Nackasha focuses on M&A due diligence and technology-related transactional matters. Wael specializes in open source and commercial software licensing, agreements for the sharing of strategic and commercially sensitive technology, and IP strategy advice, as well as artificial intelligence and generative artificial intelligence related matters, including risk management, policies, and assessment of training datasets.

Wael drafts and prosecutes patent applications covering a wide range of technologies, including machine learning, blockchain, electrical, telecommunications, and computer-related technology. Before joining GTC, Wael was an Associate at Ridout and Maybee LLP where he practiced before both the USPTO and CIPO.

Prior to becoming an attorney, Wael spent several years as a research scientist and software developer. He has published scientific papers in conferences and journals on machine learning, biometrics, computer vision, signal and image processing, and statistical signal processing. Wael holds a J.D. from Osgoode Hall Law School, a Ph.D. and a Master of Applied Science in Electrical and Computer Engineering from the University of Toronto with dissertations focused on artificial intelligence, and a Bachelor of Engineering in Electrical Engineering from Ryerson University (renamed as Toronto Metropolitan University).

In his Ph.D. dissertation titled “Online and Continuous Electrocardiogram (ECG) Biometric System” (2017), Wael proposed a biometric system for continuously monitoring the identity of subjects using their electrocardiogram signals. The dissertation includes proposing novel feature extraction and detecting and removing abnormal electrocardiogram signals using statistical models.

In his Master of Applied Science dissertation titled “Weakly Trained Parallel Classifier and CoLBP Features for Frontal Face Detection in Surveillance Applications” (2010), Wael developed a computer vision system for face detection using novel discriminative features.

Check Out Our Previous Generative AI Webinar From GTC Law:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2024-09-24.

Webinar: Implementing OpenChain ISO/IEC 5230 at endjin + Further Research on OpenChain ISO/IEC 18974

By community, licensing, News, security, standards, Webinar

Recent computer science graduate Charlotte Gayton shared her journey of implementing the OpenChain standard during her Year in Industry (ISO/IEC 5230) and her dissertation project (ISO/IEC 18974). She discussed the challenges she faced and the solutions she developed to achieve compliance. The session will provide a unique perspective on navigating OpenChain from the viewpoint of someone early in their career. Her work lead to the detailed case study recently published regarding OpenChain ISO/IEC 5230 adoption by endjin.

Watch the Recording:

View the Slides:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2024-08-08.

Webinar: Update on the OSI Definition for Open Source AI

By ai, community, News, Webinar

This webinar featured Stefano Maffulli, Executive Director of the Open Source Initiative (OSI), on the current status of the OSI Definition for Open Source AI. It covered their efforts to build community consensus around the topic, and included insights around both progress and challenges.

Watch the Webinar:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2024-08-01.

Webinar: IAV, TimeToAct and ISO/IEC 5230 – Third-Party Certification Case Study

By legal, licensing, News, standards, Webinar

IAV GmbH has announced adoption of ISO/IEC 5230:2020 via third-party certification provided by TimeToAct. Adjacent to this, IAV and TimeToAct has collaborated with the OpenChain Project on a webinar and case study about the certification rationale and process. This webinar digs into details on how, why and when decisions were made in the IAV adoption and use of ISO/IEC 5230.

Get the Slides

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2024-07-16.

OpenChain Webinar: Open Source Due Diligence for M&A

By legal, licensing, News, Webinar

This webinar features a speaker who has “been there” as we discuss best practices before, during, and after the due diligence phase to ensure post-close success. We cover:
(a) Why open source due diligence is key in tech transactions,
(b) Lessons learned on how to perform open source due diligence,
(c) How to leverage diligence findings in post-close integration.

Watch The Recording

Check Out The Slides

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2024-06-17.