Special Presentation and SPDX Thurs General Meeting Reminder
|
Phil Odence
Please join us for a very interesting presentation to kick off the meeting:
Preview of LF Study on SBOM Readiness by Steve Hendrick Abstract: The State of Software Bill of Materials (SBOM) and Cybersecurity Readiness, produced in partnership with SPDX, OpenChain, and OpenSSF, reports on the extent of organizational SBOM readiness and adoption and its significance to improving cybersecurity throughout the open source ecosystem. The study comes on the heels of the US Administration’s Executive Order on Improving the Nation’s Cybersecurity, and the disclosure of the most recent and far-reaching log4j security vulnerability. Its timing coincides with increasing recognition across the globe of the importance of identifying software components and helping accelerate widespread implementation of cybersecurity best practices to mitigate the impact of software vulnerabilities. Steve: Steve Hendrick, who authored the SBOM readiness report, is a Vice President of research for the Linux Foundation and well traveled in application development and deployment software. Prior to his current role at the Linux Foundation, Steve spent 30 years as an industry analyst working for IDC, ESG, and EMA driving application development and deployment research. Steve has authored over 1,000 research reports and served as primary investigator on over 100 surveys.
GENERAL MEETING
Meeting Time: Thurs, Feb3, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Join the meeting:
Etherpad for minutes: https://spdx.swinslow.net/p/spdx-general-minutes
Administrative Agenda Attendance Minutes Approval https://github.com/spdx/meetings/blob/master/general/2022-01-06.md
Special Presentation – SteveH
Technical Team Report – Kate/Gary/Others
Legal Team Report – Jilayne/Paul/Steve
Outreach/Website Team Report – Jack
|
|
|
|
Phil Odence
REMINDER: Encourage your LF member company to join SPDX https://enrollment.lfx.linuxfoundation.org/?project=spdx . Companies that join by April 1 may nominate a candidate for Steering Committee this year.
PRESENTATION: Please join us for a very interesting presentation to kick off the meeting.
How RKVST Uses SPDX for Software Transparency by Jon Geater, CTO Jitsuin Abstract: One crucial aspect to deriving Trust in connected systems is software transparency, and SBOM (AKA “what’s in the box?”) is a crucial part of this, so SPDX is a very interesting place for Jon and RKVST to engage. We’ll be briefly exploring the deeper requirements of software transparency for context and look forward to a discussion on how best to apply and assist the SPDX community in meeting these. Jon: Jon Geater is chair of the Security and Trustworthiness Working Group in the Digital Twin Consortium and lead author of the Security Maturity Model for Digital Twins in the Industry Internet Consortium. In both of these forums, and with his company’s SaaS platform RKVST, he works to press forward the state of the art in Dynamic Resilience: a practical approach to security and safety in today’s fast-changing, highly connected world based on contextual decision-making and Zero Trust principles. As a co-founder of OASIS KMIP, former governing board member of Linux Foundation’s Hyperledger project, and former board member and chair of the Security Task Force at GlobalPlatform, Jon has a strong and dedicated commitment to open standards in cyber security.
GENERAL MEETING
Meeting Time: Thurs, Mar3, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Join the meeting:
Etherpad for minutes: https://spdx.swinslow.net/p/spdx-general-minutes
Administrative Agenda Attendance Minutes Approval https://github.com/spdx/meetings/blob/master/general/2022-02-03.md
Special Presentation – SteveH
Technical Team Report – Kate/Gary/Others
Legal Team Report – Jilayne/Paul/Steve
Outreach/Website Team Report – Jack
|
|
|
|
Phil Odence
NOTE: I am a little behind and have not posted the minutes from the March meeting in GH. In advance of that, I have included that minutes in roughg form at the bottom of this email.
PRESENTATION: Please join us for this presentation to kick off the meeting. Yocto have been very supportive of SPDX and active in incorporating the technology.
SPDX in the Yocto Project – Joshua Watt Abstract: As Software Bills of Material (SBoMs) become more important in the software industry, the generation of high quality SBoMs from the beginning of the Software Supply Chain has also become more important. The Yocto Project is designed to build up software images from source, and such is a prime candidate to generate these SBoMs at the point where software packages are compiled and assembled into customer images. Joshua will talk about how the Yocto Project is able to do this, and some of the interesting quirks encountered when implementing this feature.
Joshua Watt is a Software Engineer for Garmin, where he has been working for the past 13 years. He has been a developer with OpenEmebedded and the Yocto Project for the past 7 years, and is a member of the OpenEmbedded Technical Steering Committee.
GENERAL MEETING
Meeting Time: Thurs, April 7, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html
Join the meeting:
Etherpad for minutes: https://spdx.swinslow.net/p/spdx-general-minutes
Administrative Agenda Attendance Minutes Approval https://github.com/spdx/meetings/blob/master/general/2022-02-03.md
Special Presentation
Technical Team Report – Kate/Gary/Others
Legal Team Report – Jilayne/Paul/Steve
Outreach/Website Team Report – Jack/Sebastian
|
|
|