Speakers and Talks

Software Heritage is an international project, supported by UNESCO, whose ambition is to collect, preserve, and share all software that is publicly available in source code form. On this foundation, a wealth of applications can be built, ranging from cultural heritage to industry and research.

This reference archive and knowledge base for open source software constitute a worldwide development history, permanently archived in a uniform data model, including over 17 billion unique source files from over 270 million software projects, ~1.5PB (compressed) blobs, ~35 B nodes and ~500 B edges... that can be widely accessed by anyone.

Storing and providing access to such a large amount of software represents a challenge that has required intensive research and innovation performed by SwH.

Agustin, is a Software Heritage Ambassador and will introduce the project during this talk. He will also describe the most relevant innovations associated with the archive, how to access and work with the storage information as well as how to contribute to this common cause.

Everybody is doing infrastructure as code in some form these days. Some of us get more benefits out of it than others. This talk will document 15+ years of patterns in Infrastructure as Code, clearly explaining what patterns come with what results.

We'll cover basic concepts such as Desired Stated, Idempodency , and Single Source of truth, and how they are important for your strategy.

We'll use multiple existing open source tools as examples.

We will guide you trough deciding what functionality you want or need and what benefits you will get.

SCANOSS operates in the Software Composition Analysis market, having a knowledge base related with all the published open source software as core product. It is a data company.

Since its foundation, this organization had as key goal becoming an open source software company. Today, every software SCANOSS develops is published under open source licenses, including the software used by the company to build, enrich and maintain its knowledge base.

Back in 2021, SCANOSS decided to start a journey towards open data. The first relevant action was to provide free (gratis) access to the subset of the knowledge base related with license compliance. They achieved it via the Software Transparency Foundation, helping license compliance engineers and lawyers all over the world to identify, analyse and curate open source software and their licenses, using SCANOSS or third party tools.

Recognizing the growing demand from users to scrutinize their projects for known vulnerabilities, SCANOSS took a second step, publishing as open data its purl2cpe data-set, which today is becoming increasingly popular among security experts and release managers.

This talk will describe these contributions as well as the lessons learned throughout this journey, going from open source software towards open data. SCANOSS's journey is far from done though. The company is taking further steps.

A few weeks ago, a cryptography algorithm definitions data set was released as open data, aiming to improve and reach consensus around how companies perceive and manage the cryptography composition of their products. This new contribution, if collaboration around it flourish, has the potential to impact critical challenges that we have as industry in areas like Export Control (ECCN), product security, and quantum-readiness.

During this talk, the speaker will also describe the lessons learned from this third step so far, the motivations to release this data set and next steps.

The automotive industry is a huge user of open source software, from silicon to pixels, but has very little presence in the FOSS community.

Join Magnus Feuer, Volvo Cars, as he gives you the current state of affairs in automotive open source, what the the industry can contribute with, and what the industry needs from the community.

Creating and processing SBOMs at scale based on Open Source solutions: Intro to the new Eclipse Foundation Project Apoapsis providing a server concept to run continuous Software Composition Analysis for a large number of heterogeneous repositories. The talk will show the general setup how you can continuously generate your SBOMs and reports and provide the status of the published reference implementation the "ORT-Server" interacting with the OSS Review Toolkit."

This talk delves into how Public Sector Organizations (PSOs) and the public sector at large facilitate software reuse, specifically through Open Source Software (OSS) as an instrument. The talk draws from a recently published report commissioned by the Danish Agency for Digital Government (Digitaliseringsstyrelsen ) and Local Government Denmark (KL ), which provide input on how Danish PSOs can specifically improve at reaping benefits by reusing existing software and creating value by developing software in a way that can be reused.

A qualitative survey was conducted on a sample of 16 countries considered mature in their digital practices, as indicated through a set of digital maturity indicators. These countries were surveyed in terms of government policies, rationales, support mechanisms, means of promotion, and success stories related to software reuse. The surveyed countries exhibit diverse policies, emphasizing interoperability, digital sovereignty, transparency, and cost efficiency. Economic arguments, interoperability, and transparency are prominent goals, while digital sovereignty varies. Security concerns are discussed, acknowledging both risks and benefits of OSS.

Several emerging support structures were identified, including Open Source Program Offices (OSPOs), crucial for institutional capacity. Success stories highlight the transformation to sustainable governance enabled through the use of neutral proxy organizations acting as stewards for public sector OSS projects. The talk provides recommendations that focus on fostering software reuse through OSS adoption, aiming to guide policy- and decisionmakers at national, regional, and local government levels. The talk contributes valuable insights for countries, like Denmark and others, seeking to leverage software reuse through OSS in their digital transformations.

In today's complex IT environments, it is more important than ever to automate tasks and processes. Event-Driven Ansible is a new feature of Ansible that allows you to automate IT tasks based on events that occur in your IT environment. This session will provide an introduction to Event-Driven Ansible, including what it is, how it works, and the benefits of using it. We will also discuss some examples of how Event-Driven Ansible can be used in real-world scenarios.

R itself remains part of the GNU project, licensed under the GNU General Public License, and capable of running on many free operating systems, but it is increasingly becoming popular to include non-free software and services-as-software-substitutes in R environments. Moreover, these unethical practices are often obscured from useRs, and some users may not realize that they are running non-free software. I will introduce R and some of the common ways people use it, demonstrate the recent trends towards unethical practices in R, and comment on the dangers of such practices, for the individual and for society. Finally, I will inform of what we can do about these trends, both as individuals to protect ourselves, and as a group to further a free society.

As this audience well knows, open source software offers immense potential for innovation. However, managing it effectively within a sizable organization requires a structured approach. This talk explores the practical aspects of setting up an Open Source Program Office (OSPO), focusing on its benefits and key considerations.

This presentation outlines the role of an OSPO in driving open source initiatives within organizations, emphasizing its role in managing licenses, mitigating risks, and fostering collaboration. Attendees will gain insights into securing leadership support, structuring the office, and implementing effective policies.

By providing actionable strategies and real-world examples, this session will equip attendees to establish their own OSPO, enabling them to leverage open source for organizational success.

In the context of AI, we face a plethora of challenges that extend beyond the widely discussed performance scalability required to meet the growing demands of compute and storage in the latest models. These challenges encompass sustainability, pervasiveness, agility, and diversity, all of which are needed to cater to a constantly evolving range of applications and algorithms from endpoint to edge and cloud. In this talk, we explore how adaptive devices and agile compiler stacks can provide solutions by delivering post-production hardware specialization and co-designed algorithms. This results in highly optimized AI systems which not only provide the necessary performance scalability but also bring a reduction in carbon footprint while addressing the needs of a broad range of diverse applications with the necessary agility.

This talk delves into how Public Sector Organizations (PSOs) and the public sector at large facilitate software reuse, specifically through Open Source Software (OSS) as an instrument. The talk draws from a recently published report commissioned by the Danish Agency for Digital Government (Digitaliseringsstyrelsen ) and Local Government Denmark (KL ), which provide input on how Danish PSOs can specifically improve at reaping benefits by reusing existing software and creating value by developing software in a way that can be reused.

A qualitative survey was conducted on a sample of 16 countries considered mature in their digital practices, as indicated through a set of digital maturity indicators. These countries were surveyed in terms of government policies, rationales, support mechanisms, means of promotion, and success stories related to software reuse. The surveyed countries exhibit diverse policies, emphasizing interoperability, digital sovereignty, transparency, and cost efficiency. Economic arguments, interoperability, and transparency are prominent goals, while digital sovereignty varies. Security concerns are discussed, acknowledging both risks and benefits of OSS.

Several emerging support structures were identified, including Open Source Program Offices (OSPOs), crucial for institutional capacity. Success stories highlight the transformation to sustainable governance enabled through the use of neutral proxy organizations acting as stewards for public sector OSS projects. The talk provides recommendations that focus on fostering software reuse through OSS adoption, aiming to guide policy- and decisionmakers at national, regional, and local government levels. The talk contributes valuable insights for countries, like Denmark and others, seeking to leverage software reuse through OSS in their digital transformations.

The current approach to resolving dependencies (in package managers used by FOSS users) and handling vulnerable packages (in vulnerability management teams) is complex, tedious, and time-consuming. It's also a disconnected process when the development and security teams are not in sync. We can either determine if a package version is vulnerable, or we can resolve package versions for functional dependency requirements but without consideration for vulnerabilities - we cannot do both, and crossing both tools and organizational boundaries is difficult. We express dependency constraints as acceptable package version ranges, and vulnerabilities affect certain package version ranges. What if we resolve package dependencies by taking into consideration the vulnerable version ranges at the same time?

In this talk, Philippe will share how non-vulnerable FOSS dependency resolution can resolve software package vulnerable version ranges and dependency version constraints at the same time. Developers can obtain a resolved package version graph matching the blended functional and vulnerability version constraints and get both non-vulnerable and up-to-date software code in a single resolution pass.

Culture is not built, it emerges. How do we support an environment and community where people are volunteers with limited time and commitment?

Using the Open Decision Framework to support the creation of engagement and making decisions that we can all stick to is key in a community.

In this talk I will introduce the Open Decision Framework and share examples and learnings from how we used the ODF in our company to co-create our vision statement in an organisation of over 5000 people. How we collaborated remotely, the benefits and pitfalls, and how an open decision set us up for success.

The Software Bill of Materials (SBOM) is a comprehensive list of components in a piece of software. It is a crucial tool for understanding the composition of software, which is particularly important in the context of managing security risks and licensing compliance. Recent regulatory efforts like US's EO or EU's CRA explicitly move towards requiring SBOM for each software delivery. The System Package Data Exchange (SPDX) is a freely available ISO standard that provides a set of specifications for communicating SBOM information. It offers a common format for companies and organizations to share important data accurately and efficiently. This presentation will delve into the intricacies of SBOMs and the latest developments of SPDX, providing a comprehensive understanding of their importance in the software industry.

Benefits for attending the presentation:

• Gain a comprehensive understanding of SBOM and SPDX and their importance in the software industry.
• Learn how to effectively manage security risks and licensing compliance using SBOM.
• Understand the benefits of using SPDX as a standard format for sharing SBOM information.
• Get insights into the latest trends and best practices in software management.