Explore license compliance and security management strategies for embedded systems in this 30-minute talk by Yoshihisa Morizumi. Delve into compliance issues faced by suppliers and product vendors, and examine security concerns in software development. Learn about Software Bill of Materials (SBOM) and its implementation throughout the product lifecycle. Discover tools and systems for generating SPDX files, including integration with Yocto Project. Gain insights into using CodeChecker, PostgreSQL, and FOSSology for effective problem-solving in embedded software development. Understand the importance of SBOM in addressing software development challenges and ensuring compliance with software licenses.
License Compliance and Security Management for Embedded Systems
Overview
Syllabus
Intro
Agenda
Compliance issues Supplier Product vendor
Security issues
Issues in software development Compliance issue Understand all the components used Comply with the software license
What is SBOM? OSBOM : Software Bill of Materials
SBOM in Life Cycle
SBOM Implementation Example
Solution for creating SPDX
Using spdx with Yocto Ometa-spdxscanner Generate a SPDX file by calling FOSSology or ScanCode Toolkit
Systems that solve problems
Example of system use
CodeChecker - Settings
PostgreSQL - Settings
FOSSology - Settings
cve-check & build
CodeChecker - Results
FOSSology - Results
SPDX files
Summary & Future work Summary OSBOM is effective for solving software development problems
Taught by
Linux Foundation
Tags
Related Courses
-
Complete Compliance Toolchain for Yocto Projects - Software Composition Analysis and SBOM Automation
-
Generating SPDX Software Bill of Materials with Yocto Project
-
License Compliance in Embedded Linux with the Yocto Project
-
SBOMs for Embedded Systems - What's Working, What's Not
-
SW360 SBOM - Managing Vulnerability Information, SPDX Documents and Dependency Networks
-
SBOM Implementation Reality: From Crawl to Walk - SPDX Lite Profile for the First Step
