Overview
Explore the intersection of open source software, encryption, and export regulations in this 43-minute conference talk by Mark Gisi of Wind River Systems. Delve into the growing importance of software export compliance, particularly concerning encryption in open source components. Learn best practices for identifying encryption in software and discover open source tools that can assist with this task. Gain insights into managing open source policies, processes, and programs to maximize ROI and mitigate risks. Examine topics such as export clearance workflows, crypto detection methods, and the challenges of the "silo effect" in compliance. Understand the role of projects like SPDX and OpenChain in addressing these issues. Benefit from Gisi's extensive experience in managing open source software usage and its impact on innovation, code sharing, product adoption, and talent retention.
Syllabus
Introduction
Disclaimer
Open Source
Busybox
Export Compliance
Export Clearance Workflow
The Chasm
Plan A
Plan B
Plan C
Tooling
Crypto Detector Demo
The Silo Effect
TeeD
Faceology
API Matching
Output File
Demo
Analysis
Delivery
Executive Summary
Report
Summary
Open Chain
Encryption Evidence
Export Trade Groups
New Methods
Multiple Methods
Database
SPDX
The Real Problem
Taught by
Linux Foundation