Online / 5 & 6 February 2022

visit

Software composition and dependency management devroom


09 10 11 12 13 14 15 16 17
Sunday Devroom introduction Package URL and Version range spec
Towards mostly universal dependency resolution
How OSPOs can help secure the software supply chain Developing an open source license compliance project : our trials, tribulations and achievements How to manage OSS license obligations and SBoM by SW360's new features Panel 1: Processing Dependencies and Compositions and Software Break Scanning for known vulnerabilities in an embedded distribution
A return on experience from the Eclipse Oniro project
Reporting vulnerabilities within a complex software environment
Using the CVE-Bin-Tool
Commoditising Open Source Risk Management
First Open Source SCA Platform
Panel 2: Dependencies for Vulnerability Discovery and Tracking Lunch Break Generating SBOM for your code using OSS Review Toolkit SBOM Resolver - Generating detailed SBOMs for Alpine FASTEN: Fine-Grained Analysis of Software Ecosystems as Networks Panel 3: Creating SBOMs On Backporting Practices in Package Dependency Networks Operationalize SBOM with OWASP Dependency-Track Tracking Software Dependencies Panel 4: Software Compositions and Dependency Tools

Read the Call for Papers at https://github.com/software-composition-analysis/fosdem-2022-devroom/.

Event Speakers Start End

Sunday

  Devroom introduction Antoine Mottier 10:00 10:05
  Package URL and Version range spec
Towards mostly universal dependency resolution
Philippe Ombredanne 10:05 10:20
  How OSPOs can help secure the software supply chain Ana Jimenez Santamaria 10:20 10:40
  Developing an open source license compliance project : our trials, tribulations and achievements Pierre Marty 10:40 11:00
  How to manage OSS license obligations and SBoM by SW360's new features Kouki Hama 11:00 11:20
  Panel 1: Processing Dependencies and Compositions and Software Maximilian Huber 11:20 12:00
  Break 12:00 12:20
  Scanning for known vulnerabilities in an embedded distribution
A return on experience from the Eclipse Oniro project
Marta Rybczynska 12:20 12:40
  Reporting vulnerabilities within a complex software environment
Using the CVE-Bin-Tool
Anthony Harrison 12:40 13:00
  Commoditising Open Source Risk Management
First Open Source SCA Platform
Julian Coccia 13:00 13:20
  Panel 2: Dependencies for Vulnerability Discovery and Tracking Diomidis Spinellis 13:20 14:00
  Lunch Break 14:00 14:20
  Generating SBOM for your code using OSS Review Toolkit Thomas Steenbergen 14:20 14:40
  SBOM Resolver - Generating detailed SBOMs for Alpine Georg Kunz 14:40 15:00
  FASTEN: Fine-Grained Analysis of Software Ecosystems as Networks Amir Mir 15:00 15:20
  Panel 3: Creating SBOMs Antoine Mottier 15:20 16:00
  On Backporting Practices in Package Dependency Networks Ahmed Zerouali, Tom Mens 16:20 16:40
  Operationalize SBOM with OWASP Dependency-Track Steve Springett 16:40 17:00
  Tracking Software Dependencies Kate Stewart, Gary O'Neall 17:00 17:20
  Panel 4: Software Compositions and Dependency Tools Philippe Ombredanne 17:20 18:00