This webinar will cover the topic of SBOM visualization to provide an alternative approach to review code.
Abstract
In order to comply with the use of open source, when setting up the SBOM, care must be taken not only to list the components, but also to show how they are incorporated into your products (this is a multidimensional space consisting of hierarchy, linking, modification, export restrictions, security vulnerabilities, distribution type, versions, etc.), and how properties may propagate through the dependency tree. Keeping track of these complex relationships based on a text file or tables is extremely difficult.
As part of a research project funded by the Federal Ministry for Economic Affairs and Climate Protection (BMWi) and with the Bonn-Rhein-Sieg University of Applied Sciences and Bitsea, a visualization of the meta information was implemented that displays the relationships and potential risks quickly and in an easy-to-understand way.
Get Dial-In Details Via Our Global Calendar
About the Speaker
Dr Kotulla is the founder and managing director of Bitsea GmbH and specializes in the technical audits of software systems. Bitsea assesses open source compliance and advises clients comprehensively on open source management, open source strategy, open source governance, open source processes, tool chains and offers an Open Source Program Office (OSPO) and scanning as a managed service.
Dr Kotulla is a computer scientist, has been active in IT for more than three decades, leads workshops and gives lectures on open source, software engineering, software quality and worked for 12 years for international telecommunications providers. He is a member of the Linux Foundation’s OpenChain project, is active in Bitkom e.V.’s Open Source working group and is the author of several books and publications.
Learn More: www.bitsea.de
More About Our Webinars:
This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.
