Industrial Open Source Network: Webinar – SW Security and Vulnerabilities

The Industrial Open Source Network invites for two webinars on the theme of the license and security aspects of the intake of Open Source software.

MANAGING LICENSING AND SECURITY ASPECTS OF INTAKE OF OPEN SOURE SOFTWARE

When bringing in Open Source Software there is always that lingering concern about the licenses, what kind of legal risks could be brought in with the intake, and about the software constructs themselves, which security flaws and vulnerabilities could be built in when incorporating Open Source software with your solution. Thankfully, there are ways and means to reduce and handle those potential risks which are being presented in two webinars by members of IOSN.

On Wednesday June 10th, 10.00 – 11.00 CET, the focus is on SW Security and Vulnerabilities aspects and how to handle those at the point of an intake and/or a continuous integration inflow of Open Source:

  • Welcome address by Gabriel Modéus, Secretary General of Swedsoft
  • Maturity models and open source security, Martin Hell, LTH and Debricked
    The talk will give a brief overview of some software security maturity models and discuss how the HAVOSS model can be used for open source software security.
  • Security at Axis and thoughts on open source security, Stefan Andersson, Axis
    The talk will give an overview of the software security program at Axis with special emphasis on activities related to open source.
  • Challenges in open source security, Emil Wåreus, Debricked
    The talk presents how Debricked tackle some specific challenges with community generated vulnerabilities using machine learning, as well as a short introduction to dependency vulnerability management.
  • Q&A session on SW Vulnerabilities

The first seminar is, on Wednesday June 3rd 10.00 – 11.00 CET, focus on Linux Foundation’s OpenChain Project which defines the key requirements of a quality Open Source Compliance Program:

  • Welcome address by Gabriel Modéus, Secretary General of Swedsoft
  • Introduction on OpenChain, Shane Coughlan, GM OpenChain Project
    OpenChain – Unpacking the Industry Standard for Open Source Compliance
  • Experiences of OpenChain from Scania, Jonas Öberg, Scania
    How OpenChain shaped Scania’s Open Source Program
  • Experiences of OpenChain from Sony Mobile, Carl-Eric Mols, Addalot
    How We Learned to Stop Worrying and Love OpenChain
  • Q&A session on OpenChain

Both webinars are free of charge and open for everyone!
Once you have registered, you will get a confirmation email with the link to the livestream.

Presenters June 10th:

Martin Hell is associate professor at the Department of Electrical and Information Technology, Lund University and co-founder and senior advisor at Debricked AB. His research interest is software security, vulnerability assessment and cryptography. He is co-author of the Grain family of stream ciphers where one version is now a standard (ISO/IEC DIS 29167-13). He has published more than 60 papers in journals and peer-reviewed conferences and holds 5 patents.

Stefan Andersson works as a security architect in the software security group at Axis. Prior to Axis Stefan had similar roles at Qlik and Sony Mobile.

Emil Wåreus works as head of data science at Debricked, as well as a research assistant under Martin Hell at the Department of Electrical and Information Technology, Lund University. Emil is currently the holder of two state-of-the-art machine learning algorithms and 3 patents