NLnet is hosting a series of webinars on Open Software Supply Chain management.
The first episode with Armijn Hemel took place on April 6th, with the topic of Open Source in (Consumer) Electronics Supply Chains:
Next up was Philippe Ombredanne (a.o. https://aboutcode.org), who gave a talk on April 13th 2023 on automated tooling to understand dependencies, handle vulnerabilities in an open and transparent manner:
Forthcoming webinars in the series are:
Thursday May 4th 2023 // 13.00 – 14.30 CEST (Amsterdam, Berlin, Rome)
– Speakers: Carlo Piana & Alberto Pianon.
– Topic: The importance of a Software Bill of Materials in light of the upcoming Cyber Resilience Act and product liability legislation in Europe.
– More info:
Thursday May 11th 2023 // 13.00 – 14.30 CEST (Amsterdam, Berlin, Rome)
– Speaker: Shane Martin Coughlan
– Topic: ISO standards and certification. (This talk was previously scheduled for April 27).
– More info:
About These Webinars (from NLnet)
As the dependency of society on technology continues to increase in every possible direction, it is of the utmost importance to understand the dynamic life cycle of the free and open source building blocks that form the basis of pretty much all technology we use today – and how these can be kept safe and available.
Not only do we need to improve our understanding of how and where software is developed, maintained, built and deprecated at macro scale – but we also need to create mechanisms to ensure that building blocks are kept up to date, that different versions don’t collide, FOSS packages from public repositories have not “bit-rotted” or even worse: have been tampered with by malicious actors as part of a “supply chain attack”. There has been an increasing attention to the fact that with software “eating the world”, a healthy and robust software ecosystem should be a key societal (and thus political) priority. But at the same time, we should do so with full understanding of the highly specific nature of “digital commons” – as the controversy surrounding the upcoming Cyber Resilience Act clearly proves.
In this series of webinars by leading experts such as Armijn Hemel (Tjaldur), Shane Coughlan (OpenChain), Carlo Piana (OSI), Alberto Pianon (Eclipse Compliance Toolchain Project Lead) and Philippe Ombredanne (AboutCode) we look at software supply chains from different angles. What do modern electronics supply chains look like, how is provenance handled – and how *should* it be handled? What mechanisms do we have to verify the integrity of deployed code packages and detect abnormal code changes that may be signs of malicious modifications and possible attacks? Where do “Software Bill of Materials” come into play? And what is being done, and perhaps should be done from a legislative and governance point of view?
The entire webinar series is available free of charge, and will allow you a deep dive into the hidden world behind the software and hardware we use – and will help you get a clear understanding of how open source supply chains work, and a grasp of what the policy challenges are.