In this episode of The Verifa Podcast, Andreas chats with Lars Geyer-Blaumeiser, Senior Expert Open Source Program Office at Bosch. Lars shares his insights on why open source compliance is vital for managing license risk and security risk, how you can effectively manage these risks and the tools required to do so.
During this episode we discuss:
Why is open source compliance important? [02:55]
Managing OSS License risk [03:23]
Managing OSS Security risk [09:30]
How do you manage risk when using open source software? [14:31]
Scan, Evaluate, Monitor
Challenges for IoT and embedded systems [24:58]
What open source compliance tools are available? [27:44]
Evolution of open source compliance tooling
OSS Review Toolkit (ORT) [34:21]
How to manage OSS compliance technical debt [41:29]
How to build a database of OSS License data [46:16]
Standards for OSS Component Metadata [48:11]
Lars’ ideal OSS management tool chain [50:40]
Mentioned in the podcast:
Lars’ talk at EclipseCon2020 - Automated Open Source Compliance in Action
Lars’ talk at EclipseCon2019 - Automating Open Source Compliance with OSS Tooling
OSS-Review-Toolkit
SW360
Open Source Reference Tooling Work Group
SPDX
CycloneDX
About Lars Geyer-Blaumeiser:
Lars is working in the central department for IoT and Digitalization at Bosch. He is responsible for strategic Open Source projects in the Open Source Program Office within Bosch, supporting Open Source projects throughout the company. In his previous role he was project lead for Eclipse SW360 and an active participant in the definition of an Open Source based methodology to automate Open Source Compliance activities within the Open Chain Reference Tooling Group. He got his PhD from the university of Kaiserslautern.
Connect with today’s podcast team on Linkedin:
Andreas Lärfors
Lars Geyer-Blaumeiser
Anoop Vijayan
