FOSDEM
February 5-6, 2022
Online
More information: https://fosdem.org/2022/
FASTEN Co-organizes the Devroom "Software Composition Analysis and Dependency Management"
We are please to co-organize this year again a Devroom at FOSDEM.
Following the previous success of the Dependency management and Software Composition Analysis devrooms, we have decided to merge our efforts and organize a joint event to leverage synergies between both topics.
Call for Presentations
Are you contributing to a FOSS project that aims to make the lives of developers easier? You are looking for what's coming next to help you deal with your project's long list of dependencies? If so, come and join us at FOSDEM 2022 to share your techniques, experiences, and demo your FOSS tools to collaborate towards a better FOSS toolchain.
Please see the details of the Call for Presentations and send your proposal now!
Link to submit: https://github.com/software-composition-analysis/fosdem-2022-devroom/
Visit the Devroom page on FOSDEM website: https://fosdem.org/2022/schedule/track/software_composition_and_dependency_management/
The detailed agenda is presented below. Click on the titles to access to videos.
Devroom Agenda
| Time | Title | Speaker/Moderator Name, Organization |
|---|---|---|
| 10:00 - 10:05 | Devroom introduction | Antoine Mottier, OW2 |
| 10:05 - 10:20 | Package URL and Version range spec/ Towards mostly universal dependency resolution | Philippe Ombredanne |
| 10:20 - 10:40 | How OSPOs can help secure the software supply chain | Ana Jimenez Santamaria, Linux Foundation |
| 10:40 - 11:00 | Developing an open source license compliance project : our trials, tribulations and achievements | Pierre Marty, Linagora- |
| 11:00 - 11:20 | How to manage OSS license obligations and SBoM by SW360's new features | Kouki Hama, Toshiba |
| 11:20 - 12:00 | PANEL #1 : Processing Dependencies and Compositions and Software | Maximilian Huber, TNG Technology |
| 12:20 - 12:40 | Scanning for known vulnerabilities in an embedded distribution, A return on experience from the Eclipse Oniro project | Marta Rybczynska, Eclipse Foundation |
| 12:40 - 13:00 | Reporting vulnerabilities within a complex software environment/ Using the CVE-Bin-Tool | Anthony Harrison, Architect and cyber security consultant |
| 13:00 - 13:20 | Commoditising Open Source Risk Management/ First Open Source SCA Platform | Julian Coccia, SCANOSS |
| 13:20 - 14:00 | PANEL #2 : Dependencies for Vulnerability Discovery and Tracking | Diomidis Spinellis, Athens University |
| 14:20 - 14:40 | Generating SBOM for your code using OSS Review Toolkit | Thomas Steenbergen, HERE Technologies |
| 14:40 - 15:00 | SBOM Resolver - Generating detailed SBOMs for Alpine | Georg Kunz, Open source advocate |
| 15:00 - 15:20 | FASTEN: Fine-Grained Analysis of Software Ecosystems as Networks | Amir Mir, TUDelft- |
| 15:20 - 16:00 | PANEL #3 : Creating SBOMs | Antoine Mottier, OW2 |
| 16:20 - 16:40 | On Backporting Practices in Package Dependency Networks | Ahmed Zerouali, Tom Mens, University of Mons, Belgium |
| 16:40 - 17:00 | Operationalize SBOM with OWASP Dependency-Track | Steve Springett, OWASP- |
| 17:00 - 17:20 | Tracking Software Dependencies | Kate Stewart, Linux Foundation, & Gary O'Neall, Source Auditor Inc.- |
| 17:20 - 18:00 | PANEL #4 : Software Compositions and Dependency Tools | Philippe Ombredanne |