The OpenChain Project ran a series of webinars about using open source tools for open source compliance ran between September and December 2021. They have been re-published in the main webinar series to improve discoverability. This episode explores how a tool called VulnTotal can help with open source security management.
Philippe Ombredanne from nexB lead a technical deep dive into VulnTotal on the 7th of February 2023. It was about an aspect of the AboutCode Project, with VulnerableCode providing tools to collect, aggregate and refine software vulnerability information from more than 20 sources and tools to quickly create new “importers”. Called VulnTotal, it came out of Google Summer of Code 2022:
VulnTotal: Cross-validate vulnerability coverage of VulnerableCode (Keshav Priyadarshi)
VulnerableCode is a unique project that collates and cross-references FOSS vulnerability data from multiple sources. Inspired by the VirusTotal multi-scanner virus scanning service, the VulnTotal project will cross-validate the vulnerability coverage of VulnerableCode against other publicly available vulnerability check tools and databases. For instance, a package may be reported as vulnerable by one tool or database but not by another. We can gradually work with these tool providers to keep each other apprised about newly discovered vulnerabilities, making FOSS more secure.
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
This is OpenChain Webinar #68, released on 2024-02-01. It was originally published as “Automation Case Study #7 – VulnerableCode technical deep dive into VulnTotal” on 2023-02-07.
The OpenChain Project ran a series of webinars about using open source tools for open source compliance ran between September and December 2021. They have been re-published in the main webinar series to improve discoverability. This episode explores how a Software Bill of Materials (SBOM) like SPDX ISO/IEC 5962 can optimize operations in the supply chain by ensuring manual or automated analysis works in a more efficient and effective manner.
Get the Slides
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
The OpenChain Project ran a series of webinars about using open source tools for open source compliance ran between September and December 2021. They have been re-published in the main webinar series to improve discoverability. This webinar explores how SPDX ISO/IEC 5962 works as a Software Bill of Materials (SBOM) in the supply chain through existing open source tooling for open source compliance.
Get the Slides
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
This is OpenChain Webinar #66, released on 2024-02-01. It was originally published as “Automation Case Study #5 – SBOMs in a Virtual Supply Chain” on 2021-11-24.
The OpenChain Project ran a series of webinars about using open source tools for open source compliance ran between September and December 2021. They have been re-published in the main webinar series to improve discoverability. This episode explores how TERN (a container scanner) works both with the graphical tool and when used on its own.
Get the Slides
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
This is OpenChain Webinar #65, released on 2024-02-01. It was originally published as “”Automation Case Study #4 – How The Graphical Interface Can Help With Using TERN” on 2021-10-29.
The OpenChain Project ran a series of webinars about using open source tools for open source compliance ran between September and December 2021. They have been re-published in the main webinar series to improve discoverability. This episode explores how ORT (the Open Source Review Toolkit) works both with the graphical tool and when used on its own.
Get the Slides
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
This is OpenChain Webinar #64, released on 2024-02-01. It was originally published as “Automation Case Study #3 – How The Graphical Interface Can Help With Using Open Source Review Toolkit (ORT)” on 2021-10-15.
The OpenChain Project ran a series of webinars about using open source tools for open source compliance ran between September and December 2021. They have been re-published in the main webinar series to improve discoverability. This episode explores the engineering behind the new graphical tool from Facebook/TNG that makes open source tooling easier to use.
Get the Slides
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
This is OpenChain Webinar #63, released on 2024-02-01. It was originally published as “”Automation Case Study #2 – A New Open Source Graphical Interface For Tooling” on 2021-09-29.
The OpenChain Project ran a series of webinars about using open source tools for open source compliance ran between September and December 2021. They have been re-published in the main webinar series to improve discoverability. This episode explores a new graphical tool from Facebook/TNG to make open source tooling easier to use. Our demo shows ORT calling ScanCode in a clean, simple way. We also discuss how the graphical interface was designed.
Get the Slides
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
This is OpenChain Webinar #62, released on 2024-02-01. It was originally published as “Automation Case Study #1 – Contextualizing Tooling and Analysis” on 2021-09-22.
Welcome to another OpenChain Webinar. This time our speakers are Alberto Pianon and Carlo Piana from ARRAY. They are presenting the Open Source Management concept of Eclipse Oniro and explaining how deeper insights on the identification of the FOSS components and their respective license metadata can be uncovered via the audit policies for Oniro. This webinar is part of a series by the OpenChain Automation Workgroup to provide insight into good practices for community-based IP audits. These good practices will be used to align on a community-wide approach for metadata curation as base for sharing FOSS License Management Data.
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
Stefano Maffulli, Executive Director at the Open Source Initiative, joined us to explain what is happening around the Open Source Definition, AI and more.
Maximizing the Opportunity While Managing the Risks
Generative AI (GAI) provides powerful opportunities for innovation and productivity across all organizational functions – from composing emails and crafting press releases to retouching and refining images and video, all this in seconds. GAI tools can even be used to write, test and improve computer code! This comes with risks that need to be managed within your organization, in order to realize the competitive advantage these GAI tools can provide.
In this webinar, Anthony Decicco and Wael Nackasha, attorneys at GTC Law Group:
Provide an introduction to GAI and its use to generate software code, text, and images
Explain how machines learn, including training data and the resulting models
Cover how developers are using GAI tools (such as GitHub Copilot and ChatGPT) to write and augment source code, with a focus on:
Tony is a member in GTC’s IP Strategy, Mergers & Acquisitions, and Business & Technology Transactions groups. He focuses on mergers and acquisitions, strategic development of patent portfolios, valuing and commercializing intellectual property assets, and licensing and other technology-related transactions. In addition, Tony founded and oversees the firm’s Open Source Compliance and Due Diligence practice and has extensive experience advising clients regarding the use of open source software. He has reviewed the results of literally thousands of code scans.
Tony is also the Co-Lead of GTC’s Artificial Intelligence practice and has counseled clients regarding traditional AI/ML (i.e. algorithmic/rules-based) for many years and has more recently focused on generative AI. He specializes in data set licensing and strategies for acquiring and collecting data, developing patent portfolios focused on AI inventions and applications of AI technologies, developing AI-related contract terms, risk assessment and mitigation, and related policies and guidelines, in respect of using AI to generate and test software code and the intersections between open source software and AI. Tony is the co-chair of the AI & Cloud Computing sector of the Licensing Executives Society.
Tony’s clients range from individual inventors to Fortune 100 companies. Given his extensive experience on both the buy and sell sides of mergers and acquisitions, patent purchases/sales and IP/technology licensing transactions, he is a trusted advisor to clients on all sides of the table. For acquirers, a key strength is his ability to leverage this experience to quickly identify and assess IP-related risks. On the sell side, this experience translates to grooming clients and positioning IP assets to maximize value and minimize issues during rigorous due diligence.
Prior to joining GTC, Tony was a member of the IP & Technology, Internet & E-Commerce and M&A practice groups at Skadden, Arps, Slate, Meagher & Flom. He has research and professional experience in a diverse range of fields, including patent valuation, law and economics, molecular evolution, apoptosis, and lipid biochemistry. Tony holds an Honors B.Sc. in Biochemistry from McMaster University, an M.A. in Economics and a J.D., both from the University of Toronto, where he was a law review editor. He is admitted to practice in Massachusetts, New York, Ontario, and before the United States Patent and Trademark Office (with Limited Recognition).
Wael Louis Nackasha
Wael focuses on M&A due diligence and technology-related transactional matters. Wael specializes in open source software licenses, commercial licenses, strategic and commercially-sensitive NDAs, and IP strategy advice. Wael also has deep technical knowledge in machine learning. Before joining GTC, Wael was an Associate at Ridout and Maybee LLP where he drafted and prosecuted patents for various technologies, including electrical, machine learning, blockchain, telecommunication, and computer-related technology, before both the USPTO and CIPO.
Before becoming a technology attorney, Wael was a research scientist and software programmer for several years. He published scientific papers in conferences and journals in machine learning, biometrics, computer vision, signal and image processing, and statistical signal processing. Wael holds a J.D. from Osgoode Hall Law School, and a Ph.D. in Electrical and Computer Engineering from the University of Toronto with a dissertation focused on artificial intelligence.