In this episode of The Verifa Podcast, Andreas chats with Lars Geyer-Blaumeiser, Senior Expert Open Source Program Office at Bosch. Lars shares his insights on why open source compliance is vital for managing license risk and security risk, how you can effectively manage these risks and the tools required to do so.
During this episode we discuss:
Why is open source compliance important? [02:55]
Managing OSS License risk [03:23]
Managing OSS Security risk [09:30]
How do you manage risk when using open source software? [14:31]
Scan, Evaluate, Monitor
Challenges for IoT and embedded systems [24:58]
What open source compliance tools are available? [27:44]
Evolution of open source compliance tooling
OSS Review Toolkit (ORT) [34:21]
How to manage OSS compliance technical debt [41:29]
How to build a database of OSS License data [46:16]
Standards for OSS Component Metadata [48:11]
Lars is working in the central department for IoT and Digitalization at Bosch. He is responsible for strategic Open Source projects in the Open Source Program Office within Bosch, supporting Open Source projects throughout the company. In his previous role he was project lead for Eclipse SW360 and an active participant in the definition of an Open Source based methodology to automate Open Source Compliance activities within the Open Chain Reference Tooling Group. He got his PhD from the university of Kaiserslautern.
Podden och tillhörande omslagsbild på den här sidan tillhör
Verifa. Innehållet i podden är skapat av Verifa och inte av,
eller tillsammans med, Poddtoppen.