Webinar: The OpenChain Project – Industrial Open Source Network

The Industrial Open Source Network invites for two webinars on the theme of the license and security aspects of the intake of Open Source software.

MANAGING LICENSING AND SECURITY ASPECTS OF INTAKE OF OPEN SOURE SOFTWARE

When bringing in Open Source Software there is always that lingering concern about the licenses, what kind of legal risks could be brought in with the intake, and about the software constructs themselves, which security flaws and vulnerabilities could be built in when incorporating Open Source software with your solution. Thankfully, there are ways and means to reduce and handle those potential risks which are being presented in two webinars by members of IOSN.

The first one, on Wednesday June 3rd 10.00 – 11.00 CET, focus on Linux Foundation’s OpenChain Project which defines the key requirements of a quality Open Source Compliance Program:

  • Welcome address by Gabriel Modéus, Secretary General of Swedsoft
  • Introduction on OpenChain, Shane Coughlan, GM OpenChain Project
    OpenChain – Unpacking the Industry Standard for Open Source Compliance
  • Experiences of OpenChain from Scania, Jonas Öberg, Scania
    How OpenChain shaped Scania’s Open Source Program
  • Experiences of OpenChain from Sony Mobile, Carl-Eric Mols, Addalot
    How We Learned to Stop Worrying and Love OpenChain
  • Q&A session on OpenChain

A week later, on Wednesday June 10th, 10.00 – 11.00 CET, we shift the focus to SW Security and Vulnerabilities aspects and how to handle those at the point of an intake and/or a continuous integration inflow of Open Source:

  • Welcome address by Gabriel Modéus, Secretary General of Swedsoft
  • Maturity models and open source security, Martin Hell, LTH and Debricked
    The talk will give a brief overview of some software security maturity models and discuss how the HAVOSS model can be used for open source software security.
  • Security at Axis and thoughts on open source security, Stefan Andersson, Axis
    The talk will give an overview of the software security program at Axis with special emphasis on activities related to open source.
  • Challenges in open source security, Emil Wåreus, Debricked
    The talk presents how Debricked tackle some specific challenges with community generated vulnerabilities using machine learning, as well as a short introduction to dependency vulnerability management.
  • Q&A session on SW Vulnerabilities

Both webinars are free of charge and open for everyone.
Once you have registered, you will get a confirmation email with the link to the livestream.

Presenters June 3rd:

Shane Coughlan is an expert in communication, security, and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. He currently leads the OpenChain community, is an advisor at the United Nationals Technology Innovation Labs and serves on various boards.

Jonas Öberg is the Open Source Officer for Scania CV AB, putting open source in support of his childhood dream of making buses, trucks, marine engines, and other things that go wroom-wroom. For 20 years, he has worked to develop the ecosystem of open source software, focusing on automation of compliance toolchains, and removing obstacles that prevent open source from being employed in new areas. His work includes practical projects such as the REUSE Initiative, Elog.io; and working for important non-profits in the field, such as Creative Commons and the Free Software Foundation Europe, the latter of which he co-founded in 2001.

Carl-Eric Mols is an Open Source Strategy and Management Consultant at Addalot Consulting AB and the former Head of Open Source at Sony Mobile Communications, the latter a position he held for more than a decade. He has as well been engaged in a European research project on scaling up software business, which in turn lead to the structured description of an Open Source Program suited for industrials, called “Industrial Open Source”. In addition, he has co-authored a handful of academic papers about Open Source management.