FOSDEM 2024 Fringe: FOSS license and security compliance tools

Interested in open source license and security compliance? Join us for a one-day workshop for developers and users of open source compliance tools on Friday, February 2nd, 2024 in Brussels just before FOSDEM 2024.

Our goal is for open source developers, users, and contributors to exchange requirements, plans, and collaboration opportunities around FOSS tools for software provenance detection, license detection and compliance, code scanning, package dependency analysis, container analysis, SBOM creation and consumption, and license or vulnerability databases - basically, all the tools you need to figure out which FOSS code you use, where it is from, what is its license, how to comply with the license, and whether it contains vulnerable code.

Previous attendees include developers from ORT, ScanCode, ClearlyDefined, FOSSology, Tern, FSFE REUSE, SW360, BANG, Hermine, Opossum, SPDX tools, DoubleOpen, OpenChain, and AboutCode projects along with users from leading technology and industrial companies, open source foundations, and government institutions worldwide. Whether you are a developer or user interested in the tools for Software Supply Chain and SBOMs, a FOSS license-savvy lawyer, a compliance or security analyst, or an OSPO member: you will be warmly welcomed.

The day will be split in two:

• The morning will focus on tool developers to announce and share their plans, and discuss opportunities for collaboration across projects.    

• The afternoon will focus on tool users to share their concerns, problems and requirements, and address these in the represented projects.    

Schedule (All times CET (UTC+1))

8:30 Registration with coffee and light breakfast

9:00 Welcome and introductions

9:30 FOSS compliance tool developers, present your plans!
Each open source project will present their plans for releases and upcoming features with a 5 minute lightning talk.
We likely already know what your tool does, though a short intro is OK. We will use flip charts, big post-its, and markers to support the presentations and discussions – there may not be a projector/beamer, so do not plan for it.

11:15 Discuss collaboration opportunities
How can we work together to overcome shared challenges, and make tools interoperable and compatible so we can deliver better value to all our users?

12:15 Lunch break
This is funded by attendees and our generous sponsors!

13:15 FOSS compliance tool users, give us your requirements!
Each user presents their concerns, problems and requirements

15:00 Coffee break

15:30 Discuss collaboration and joint development opportunities

16:30 Workshop conclusion and recap

17:00 Drinks at rooftop bar (inside)

Location

Hotel Bedford
Rue du Midi 135
1000 Bruxelles, Belgium

TRAIN: Gare Central (11 minute walk) or Gare de Bruxelles-Midi (15 minute walk)
TRAM: 3-4 - "Anneessens" stop (a short walk to Hotel Bedford)

Join Us

Register to save your spot! We're asking attendees to contribute to help fund the workshop expenses but we want to include everyone from the community so you can also sign up for free.

Join us on this chat/IRC channel at https://matrix.to/#/%23aboutcode-org-fosdem-2024-fringe:gitter.im

Tool developer?
You MUST (or should) send us a one-pager with your FOSS tool's name, homepage, and contact information, along with a description of the features and your roadmap. This is essential because this will be an "offline" conference (no projectors or computer presentations - everything will be shared using these one-pagers, flip charts, and markers). We will print and distribute these one-pagers to the workshop participants. The one-pager must be in A4 .PDF format and will be printed in black-and-white. The deadline to send this is Thursday, February 1, 2024 at 13:00pm CET via email to [email protected].

User?
You are welcome to send us a one-pager to highlight your problems, concerns, and requirements. We will also print these and share with workshop participants. The one-pager must be in A4 .PDF format and will be printed in black-and-white. The deadline to send this is Thursday, February 1, 2024 at 13:00pm CET via email to [email protected]. 

Thank you to our financial supporters!

bloomberg.com/company/values/tech-at-bloomberg/

cyclonedx.org/

doubleopen.org

opensource.google

liferay.com

osadl.org

osselot.org

siemens-healthineers.com

spdx.dev 

tngtech.com/en

 

nexb.com