Tools for developers to ensure legal integrity of their code - Antelink OWF

•

2 recomendaciones•672 vistas

Antelink

Tecnología

The problem
are you sure that you In your product
know everything…?
???
compile
test
analysis
integration test
package Product

Build Engineer Final product

???
In your BoM
license?
version?
project? are you sure that you
are license compliant?
3

Available compliance tools
(non-exhaustive list)

Antepedia Antepedia
Antepedia
Notifier Notifier
Reporter

Source code Binary package

Source http://www.linuxfoundation.org/programs/legal/compliance/tools
4

Antepedia Tool Suit
Antepedia 940 000 projects
Knowledge
210 000 000 files
Base

Public API

Antepedia* Antepedia*
Notifier Reporter

Antepedia**
Search
** free public access 6
* free for non-profit projects and organizations

Antepedia Search

Single
file Cloud service
Web-browser report

Original project
License information
Release date and location
7

Antepedia Reporter
my.antepedia.com Antepedia — the world’s
Largest Knowledge Base of
open source projects

1. HTML file

Export
Antepedia Reporter 2. CSV File
Analysis

Automated On-demand Detection of Open
Source Components
8

Antepedia Notifier
Antepedia, the world’s
my.antepedia.com largest database of
open source projects

Continuous detection
1. By MAIL

Notification
2. Through
Antepedia Notifier
Atlassian JIRA

Automated Continuos Detection of
Open Source Components
10

FOSSology - Goal
FOSS-ology : The study of FOSS

The goal of the FOSSology project is create
tools and a framework to reduce fear,
uncertainty, and doubt in the use,
development, and distribution of open source
software.
FOSSology is a static analysis framework to
learn what we can by scanning FOSS itself.
Analyze the code, save the results in a
database, report results through a Web (or
scripted) interface.

A Simple FOSSology Process Flow

o Scan every single file in a package (or distro, or …)
o Fuzzy match against a library of > 400 known
licenses.
o Examine the non-matching portions looking for text
that could be an unknown license.
o Nomos, the now GPLed license analysis tool, is
the result of 10+ years of scanning @HP

Web Resources
FOSSOlogy main site
http://www.fossology.org
Mailing Lists, contacts
http://fossology.org/contact_us
Plume details
http://www.projet-plume.org/fiche/fossology
Project-Builder
http://trac.project-builder.org
Open Source at HP
http://opensource.hp.com
ProLiant & Linux
http://www.hp.com/go/proliantlinux
FOSSology users: HP, ALU, Siemens, “The evolution of FLOSS
INRIA, OW2 and the Internet are
tightly coupled”

SPDX: Handling Heterogeneous
Licenses

20

Inconsistent
License
Information (1/2)
http://sourceforge.net/projects/jwebmail/

http://jwebmail.sourceforge.net/about.html

http://jwebmail.sourceforge.net/news.html
22

Inconsistent
Source http://sourceforge.net/projects/winpenpack/
License
Information (2/2)

Source http://www.winpenpack.com/en/page.php?5
23

SPDX: Standardization

SPDX™ - A standard format for
communicating the components,
licenses and copyrights
associated with a software
package.
25

Más contenido relacionado

Similar a Tools for developers to ensure legal integrity of their code - Antelink OWF

51 etna

AEGIS-ACCESSIBLE Projects

Open Source Software is at the heart of our digital society and embodies a growing part of our technical and organisational knowledge, and this raises many questions: how to comply with the obligations of Open Source licenses? how to be sure that the source code of a key module we use will be still there when we need it in the future? do we really know what source code we are using, and where it comes from? how can we adress cybersecurity if we do not know? how do we share this information across the software supply chain? Answering these questions and answering them well is quite a challenge. In this presentation, you will discover Software Heritage, an open non-profit initiative, in partnership with Unesco, and supported by major IT players, and how the revolutionary infrastructure it is building changes the way we adress these issues. Keynote presentation by Roberto Di Cosmo, Inria. Abstract: With 8 billions unique source files from 120 million repositories, it is the largest archive of source code ever built.

Software Heritage, a revolutionary infrastructure for software source code, O...

OW2

Aegis ETNA NTU

AEGIS-ACCESSIBLE Projects

ETNA – European Thematic Network on Assistive Information and Communication T...

AEGIS-ACCESSIBLE Projects

Open Source, Sourceforge Projects, & Apache Foundation

Mohammad Kotb

Open Source In Education

Dominique Cimafranca

Open Source, Sourceforge Projects, & Apache Foundation

Mohammad Kotb

Presented August 11, 2016 by Michael Right, Senior Product Manager, HPE Security Fortify; Mike Pittenger, VP of Security Strategy, Black Duck. Open source software is an integral part of today’s technology ecosystem, powering everything from enterprise and mobile applications to cloud computing, containers and the Internet of Things. While open source offers attractive economic and productivity benefits for application development, it also presents organizations with significant security challenges. Every year, thousands of new open source security vulnerabilities – such as Heartbleed, Venom and Shellshock – are reported. Unfortunately, many organizations lack visibility into and control of their open source. Addressing this challenge is vital for ensuring security in applications and containers. Whether you’re building software for customers or for internal use, the majority of the code is likely open source and securing it is no easy task. In this session, you’ll learn about: • The evolving DevOps and software security assurance lifecycle in the age of open source • The software security considerations CISOs, security, and development teams must address when using open source • An automated approach to identifying vulnerabilities and managing software security assurance for custom and open source code.

Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck

Black Duck by Synopsys

OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...

Shane Coughlan

Free/Open Source Software for Science & Engineering

Kinshuk Sunil

In recent years, the number of open-source components used by developers to build software has seen immense growth. Millions of open-source libraries are distributed through centralised systems like Maven Central (Java), NPM (JavaScript), and GitHub (Go), and their widespread use means that bugs and vulnerabilities impact large numbers of downstream applications. In this talk, I will introduce the common security problems facing enterprises using open source code. We will also talk about how to manage the open source software risks using people, process and tools.

Securing Open Source Code in Enterprise

Asankhaya Sharma

Assingment 5 - ENSA

Jeewanthi Fernando

Using Open Source for Enterprise

Eric Fesler

ppt_template for EDA.pptx

AnshumanDwivedi14

GoOpen 2010: Sandro D'Elia

Friprogsenteret

This talk "What is the secure software supply chain and the current state of the PHP ecosystem" discusses the current state of the software supply chain, the big global recent events (SolarWinds, log4shell, codecov, packagist) and the state of the PHP and Drupal ecosystem, the threats and the mitigations that can be applied using tools like Sigstore, Syft, and Grype for digital signatures, SBOM generation, and automatic vulnerability scanning and how to use them for real-world projects to gain unprecedented levels of knowledge of your digital artifacts.

Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...

sparkfabrik

OpenNTF Overview DanNotes 11/23/11

Niklas Heidloff

Open Source Software: A Study

Iqbal Ahmad Ansari

Open Source and Accesssiblity - t12t meetup 181122

Erik Zetterström

IT Vulnerability & Tools Watch 2011

WASecurity

Similar a Tools for developers to ensure legal integrity of their code - Antelink OWF (20)

51 etna

Software Heritage, a revolutionary infrastructure for software source code, O...

Aegis ETNA NTU

ETNA – European Thematic Network on Assistive Information and Communication T...

Open Source, Sourceforge Projects, & Apache Foundation

Open Source In Education

Open Source, Sourceforge Projects, & Apache Foundation

Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck

OpenChain Webinar #58 - FOSS License Management through aliens4friends in Ecl...

Free/Open Source Software for Science & Engineering

Securing Open Source Code in Enterprise

Assingment 5 - ENSA

Using Open Source for Enterprise

ppt_template for EDA.pptx

GoOpen 2010: Sandro D'Elia

Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...

OpenNTF Overview DanNotes 11/23/11

Open Source Software: A Study

Open Source and Accesssiblity - t12t meetup 181122

IT Vulnerability & Tools Watch 2011

Último

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

CNv6 Instructor Chapter 6 Quality of Service

giselly40

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

The Raspberry Pi 5 was announced on October 2023. This new version of the popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU platform, and was released with a fully open source driver stack, developed by Igalia. The presentation will discuss some of the major changes required to support this new Video Core iteration, the challenges we faced in the process and the solutions we provided in order to deliver conformant OpenGL ES and Vulkan drivers. The talk will also cover the next steps for the open source Raspberry Pi 5 graphics stack. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://eoss24.sched.com/event/1aBEx

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Igalia

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Civil Lines Women Seeking Men

Delhi Call girls

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Histor y of HAM Radio presentation slide

vu2urc

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Tools for developers to ensure legal integrity of their code - Antelink OWF

1. Tools for developers to ensure legal integrity of their code Freddy Munoz, PhD freddy.munoz@antelink.com Product Manager, Antelink. @drfmunoz Bruno Cornec Open Source & Linux Profession Bruno.Cornec@hp.com Lead EMEA, HPIntelCo.

2. The context

3. The problem are you sure that you In your product know everything…? ??? compile test analysis integration test package Product Build Engineer Final product ??? In your BoM license? version? project? are you sure that you are license compliant? 3

4. Available compliance tools (non-exhaustive list) Antepedia Antepedia Antepedia Notifier Notifier Reporter Source code Binary package Source http://www.linuxfoundation.org/programs/legal/compliance/tools 4

5. Antepedia Tool Suite 5

6. Antepedia Tool Suit Antepedia 940 000 projects Knowledge 210 000 000 files Base Public API Antepedia* Antepedia* Notifier Reporter Antepedia** Search ** free public access 6 * free for non-profit projects and organizations

7. Antepedia Search Single file Cloud service Web-browser report Original project License information Release date and location 7

8. Antepedia Reporter my.antepedia.com Antepedia — the world’s Largest Knowledge Base of open source projects 1. HTML file Export Antepedia Reporter 2. CSV File Analysis Automated On-demand Detection of Open Source Components 8

9. 9

10. Antepedia Notifier Antepedia, the world’s my.antepedia.com largest database of open source projects Continuous detection 1. By MAIL Notification 2. Through Antepedia Notifier Atlassian JIRA Automated Continuos Detection of Open Source Components 10

11. FOSSology - Goal FOSS-ology : The study of FOSS The goal of the FOSSology project is create tools and a framework to reduce fear, uncertainty, and doubt in the use, development, and distribution of open source software. FOSSology is a static analysis framework to learn what we can by scanning FOSS itself. Analyze the code, save the results in a database, report results through a Web (or scripted) interface.

12. A Simple FOSSology Process Flow o Scan every single file in a package (or distro, or …) o Fuzzy match against a library of > 400 known licenses. o Examine the non-matching portions looking for text that could be an unknown license. o Nomos, the now GPLed license analysis tool, is the result of 10+ years of scanning @HP

13. File upload screenshot

14. Queue management screenshot

15. License analysis screenshot

16. Meta data analysis screenshot

17. Bucket browser screenshot

18. Architecture

19. Web Resources FOSSOlogy main site http://www.fossology.org Mailing Lists, contacts http://fossology.org/contact_us Plume details http://www.projet-plume.org/fiche/fossology Project-Builder http://trac.project-builder.org Open Source at HP http://opensource.hp.com ProLiant & Linux http://www.hp.com/go/proliantlinux FOSSology users: HP, ALU, Siemens, “The evolution of FLOSS INRIA, OW2 and the Internet are tightly coupled”

20. SPDX: Handling Heterogeneous Licenses 20

21. 21

22. Inconsistent License Information (1/2) http://sourceforge.net/projects/jwebmail/ http://jwebmail.sourceforge.net/about.html http://jwebmail.sourceforge.net/news.html 22

23. Inconsistent Source http://sourceforge.net/projects/winpenpack/ License Information (2/2) Source http://www.winpenpack.com/en/page.php?5 23

24. 24

25. SPDX: Standardization SPDX™ - A standard format for communicating the components, licenses and copyrights associated with a software package. 25

26. 26

27. ??? 27

Tools for developers to ensure legal integrity of their code - Antelink OWF

Recomendados

Recomendados

Más contenido relacionado

Similar a Tools for developers to ensure legal integrity of their code - Antelink OWF

Similar a Tools for developers to ensure legal integrity of their code - Antelink OWF (20)

Último

Último (20)

Tools for developers to ensure legal integrity of their code - Antelink OWF