BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//program.foss-backstage.de//fossback23//speaker//BYQLVB BEGIN:VTIMEZONE TZID:CET BEGIN:STANDARD DTSTART:20001029T040000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-fossback23-9MF8TW@program.foss-backstage.de DTSTART;TZID=CET:20230314T120000 DTEND;TZID=CET:20230314T121000 DESCRIPTION:We’re all moving fast and in order to do so we’re relying o n a lot of dependencies to give us that commercial edge. In doing so we’ re trusting the work of strangers on the internet\, and also that of vendo rs who may change their mind on who can benefit from their software. \n\nT he 2022 OSSRA (Open Source Security and Risk) report\, examines the result s of more than 2\,400 audits of commercial codebases\, of which 97% contai ned open source. Four of the 17 industry sectors represented in the report —Computer Hardware and Semiconductors\, Cybersecurity\, Energy and Clean Tech\, and IoT—contained open source in 100% of their audited codebases . \n\nIf you install Electron and have to add 87 packages — that means 8 7 license dependencies. Every single package is likely to have its own dep endencies\, and therefore\, another license you need to comply with. As yo u can imagine license management can’t be done manually and when done in correctly can create a technical debt. \n\nLicense litigation may end up f orcing you to release your code under the same license as the package depe ndency you used. Other potential problems include being sued for financial liability by the creator of the component\, and/or losing reputation and getting negative press coverage.\n\nFind out how to do a software composit ion analysis to create an SBOM (Software Bill of Materials)\, and how to m onitor changes in your components’ licenses every time you deploy. DTSTAMP:20260606T043212Z LOCATION:Stage 2 SUMMARY:Build license management into your pipelines - Floor Drees URL:https://program.foss-backstage.de/fossback23/talk/9MF8TW/ END:VEVENT END:VCALENDAR