Tuesday, November 03

The OW2 Market Readiness Levels: is your project market ready?
( Cedric Thomas )
to be completed.
Open Source Governance best practices: an HPE perspective
( Bruno Cornec )
Today time is not to know whether an enterprise should use or not Open Source, but rather when, how and with whom ? More over, in most cases, Open Source is already there, being used with its pervasive capabilities. So the enterprise has to control its use, think to legal aspects, especially in relationship to licenses governing the software, consider the notion of software distribution (or not), think also to the participation to Open Source communities, and more generally to all the questions related to IT Governance such as project management, procurement, even HR, impacted by the use of Open Source and its characteristics. HPE, strong of more than 20 years of experience in that erea, wish to share its knowledge of Open Source Governance, its vision of the issues around it, give tracks to incite other enterprises to use and master Open Source and thus get all the benefits of it.
Round Table: Open Source Governance
( Nicolas Toussaint, Christian Paterson )
to be completed
Dependency Management with fossology and 360
( Michael C. Jaeger )
Eclipse SW360 is a software catalogue system to ease the management of software components - no matter whether FOSS, commercial or internal software - in organizations for their products and projects. It covers three aspects: First, it provides a central place for information and metadata an organisation wants to store and manage. Second, it enables sharing of such information between groups of the organisation, reducing duplicate work and increasing transparency. Third, SW360 supports typical processes for releasing software, such as license clearing or implementation of quality checks. For access and sharing, SW360 provides a Web UI and a REST API. The central part of SW360 is about managing a software bill-of-material (SBOM). The organisation assigns the software components to its products and thus can maintain their SBOMs. This SBOM is not only the required basis for license compliance tasks, but also for example for checking trade compliance of software vulnerabilities.
Next Generation Dependency Management
( Antoine Mottier )
A popular form of software reuse involves linking open source software (OSS) libraries hosted on centralized code repositories, such as Maven or PyPI. The size of such repositories keeps increasing at an astonishing speed, and the network of dependencies among the libraries they host is only a very crude way to reflect the real impact of those dependencies, especially for what concerns bugs and vulnerabilities. It is becoming more and more urgent to develop techniques that aim at analyzing dependencies at a finer level (i.e., at call level). This is precisely the goal of the EU project FASTEN. The purpose is to be able to perform a more sophisticated analysis of security-vulnerability propagation, licensing compliance, and dependency risk profiles (among others) by relying on the call-level dependency network of the whole software ecosystem.
Round Table: Software Dependency Management
( Michael C. Jaeger, Clément Oudot, Ammar Johar, Bruno Cornec )
to be completed
OW2 2020 Best Project Awards Ceremony
( Cedric Thomas )