Online / 5 & 6 February 2022

visit

Software composition and dependency management devroom

Room: D.dependency
Calendar: iCal, xCal
Video with Q&A: D.dependency
Video only: D.dependency
Chat: Join the conversation!


09 10 11 12 13 14 15 16 17
Sunday Devroom introduction Package URL and Version range spec
Towards mostly universal dependency resolution		 How OSPOs can help secure the software supply chain Developing an open source license compliance project : our trials, tribulations and achievements How to manage OSS license obligations and SBoM by SW360's new features Panel 1: Processing Dependencies and Compositions and Software Break Scanning for known vulnerabilities in an embedded distribution
A return on experience from the Eclipse Oniro project		 Reporting vulnerabilities within a complex software environment
Using the CVE-Bin-Tool		 Commoditising Open Source Risk Management
First Open Source SCA Platform		 Panel 2: Dependencies for Vulnerability Discovery and Tracking Lunch Break Generating SBOM for your code using OSS Review Toolkit SBOM Resolver - Generating detailed SBOMs for Alpine FASTEN: Fine-Grained Analysis of Software Ecosystems as Networks Panel 3: Creating SBOMs On Backporting Practices in Package Dependency Networks Operationalize SBOM with OWASP Dependency-Track Tracking Software Dependencies Panel 4: Software Compositions and Dependency Tools

Read the Call for Papers at https://github.com/software-composition-analysis/fosdem-2022-devroom/.

Event Speakers Start End

Sunday
  Devroom introduction Kate Stewart, Philippe Ombredanne, Antoine Mottier, Michael C. Jaeger 10:00 10:05
  Package URL and Version range spec
Towards mostly universal dependency resolution		 Philippe Ombredanne 10:05 10:20
  How OSPOs can help secure the software supply chain Ana Jimenez Santamaria 10:20 10:40
  Developing an open source license compliance project : our trials, tribulations and achievements Pierre Marty 10:40 11:00
  How to manage OSS license obligations and SBoM by SW360's new features Kouki Hama 11:00 11:20
  Panel 1: Processing Dependencies and Compositions and Software Maximilian Huber 11:20 12:00
  Break 12:00 12:20
  Scanning for known vulnerabilities in an embedded distribution
A return on experience from the Eclipse Oniro project		 Marta Rybczynska 12:20 12:40
  Reporting vulnerabilities within a complex software environment
Using the CVE-Bin-Tool		 Anthony Harrison 12:40 13:00
  Commoditising Open Source Risk Management
First Open Source SCA Platform		 Julian Coccia 13:00 13:20
  Panel 2: Dependencies for Vulnerability Discovery and Tracking Diomidis Spinellis 13:20 14:00
  Lunch Break 14:00 14:20
  Generating SBOM for your code using OSS Review Toolkit Thomas Steenbergen 14:20 14:40
  SBOM Resolver - Generating detailed SBOMs for Alpine Georg Kunz 14:40 15:00
  FASTEN: Fine-Grained Analysis of Software Ecosystems as Networks Amir Mir 15:00 15:20
  Panel 3: Creating SBOMs Antoine Mottier 15:20 16:00
  On Backporting Practices in Package Dependency Networks Ahmed Zerouali, Tom Mens 16:20 16:40
  Operationalize SBOM with OWASP Dependency-Track Steve Springett 16:40 17:00
  Tracking Software Dependencies Kate Stewart, Gary O'Neall 17:00 17:20
  Panel 4: Software Compositions and Dependency Tools Philippe Ombredanne 17:20 18:00