Play all

Intro

Agenda

Compliance issues Supplier Product vendor

Security issues

Issues in software development Compliance issue Understand all the components used Comply with the software license

What is SBOM? OSBOM : Software Bill of Materials

SBOM in Life Cycle

SBOM Implementation Example

Solution for creating SPDX

Using spdx with Yocto Ometa-spdxscanner Generate a SPDX file by calling FOSSology or ScanCode Toolkit

Systems that solve problems

Example of system use

CodeChecker - Settings

PostgreSQL - Settings

FOSSology - Settings

cve-check & build

CodeChecker - Results

FOSSology - Results

SPDX files

Summary & Future work Summary OSBOM is effective for solving software development problems

Description:

Explore license compliance and security management strategies for embedded systems in this 30-minute talk by Yoshihisa Morizumi. Delve into compliance issues faced by suppliers and product vendors, and examine security concerns in software development. Learn about Software Bill of Materials (SBOM) and its implementation throughout the product lifecycle. Discover tools and systems for generating SPDX files, including integration with Yocto Project. Gain insights into using CodeChecker, PostgreSQL, and FOSSology for effective problem-solving in embedded software development. Understand the importance of SBOM in addressing software development challenges and ensuring compliance with software licenses.

License Compliance and Security Management for Embedded Systems

Linux Foundation

Add to list

#Engineering #Electrical Engineering #Embedded Systems #Programming #Software Development #Yocto Project #Information Security (InfoSec) #Cybersecurity #Security Management #Software Bill of Materials #Software Licensing #SPDX

0:00 / 0:00