OpenChain
OpenChain
  • 301
  • 9 720

วีดีโอ

Webinar: Implementing OpenChain ISO 5230 at endjin + Further Research on OpenChain ISO 18974
มุมมอง 4114 วันที่ผ่านมา
OpenChain Webinar: Implementing OpenChain ISO 5230 at endjin Further Research on OpenChain ISO 18974
OpenChain Webinar - Update on the OSI Definition for Open Source AI - 2024-08-01
มุมมอง 12214 วันที่ผ่านมา
OpenChain Webinar - Update on the OSI Definition for Open Source AI - 2024-08-01
OpenChain India Work Group - 2024-08-01
มุมมอง 3014 วันที่ผ่านมา
OpenChain India Work Group - 2024-08-01
OpenChain SBOM Study Group Kick-Off Call - 2024-07-30
มุมมอง 3521 วันที่ผ่านมา
OpenChain SBOM Study Group Kick-Off Call - 2024-07-30
OpenChain Japan Work Group All Member Meeting #31 - 2024-06-27
มุมมอง 4221 วันที่ผ่านมา
OpenChain Japan Work Group All Member Meeting #31 - 2024-06-27
Education Sync Call for Asia - Deep Dive into Maturity Models 2024-07-25
มุมมอง 1928 วันที่ผ่านมา
Education Sync Call for Asia - Deep Dive into Maturity Models 2024-07-25
OpenChain Explainer for Sales and Marketing - Beta
มุมมอง 29หลายเดือนก่อน
OpenChain Explainer for Sales and Marketing - Beta
OpenChain Webinar: IAV, TimeToAct + ISO-IEC 5230 - 3rd-Party Certification Case Study - 2024-07-16
มุมมอง 39หลายเดือนก่อน
OpenChain Webinar: IAV, TimeToAct and ISO-IEC 5230 - Third-Party Certification Case Study - 2024-07-16
OpenChain Education Work Group - 2024-07-03
มุมมอง 26หลายเดือนก่อน
OpenChain Education Work Group - 2024-07-03
OpenChain AI Study Group Call - Asia Sync Call - 2024-07-11
มุมมอง 30หลายเดือนก่อน
OpenChain AI Study Group Call - Asia Sync Call - 2024-07-11
OpenChain Project - Main Monthly North America and Asia Call - 2024-07-16
มุมมอง 12หลายเดือนก่อน
OpenChain Project - Main Monthly North America and Asia Call - 2024-07-16
OpenChain Telco Work Group Meetings - 2024-07-04
มุมมอง 49หลายเดือนก่อน
OpenChain Telco Work Group Meetings - 2024-07-04
OpenChain Japan All Member Meeting 30 - 2024-02-28
มุมมอง 52หลายเดือนก่อน
OpenChain Japan All Member Meeting 30 - 2024-02-28
OpenChain October 5: Quiz 2 - A brief test of open source compliance knowledge.
มุมมอง 2หลายเดือนก่อน
OpenChain October 5: Quiz 2 - A brief test of open source compliance knowledge. Let's look at open source license grants. What do they cover?
OpenChain October 4: Learn more about the OpenChain UK Work Group with Andrew Katz, Chair.
มุมมอง 16หลายเดือนก่อน
OpenChain October 4: Learn more about the OpenChain UK Work Group with Andrew Katz, Chair.
OpenChain October 3: Quiz 1 - A brief test of open source compliance knowledge
มุมมอง 5หลายเดือนก่อน
OpenChain October 3: Quiz 1 - A brief test of open source compliance knowledge
OpenChain October 2: Welcome by Shane Coughlan, General Manager of the OpenChain Project
มุมมอง 8หลายเดือนก่อน
OpenChain October 2: Welcome by Shane Coughlan, General Manager of the OpenChain Project
OpenChain October 1: Welcome by Andrew Katz, Chair of the OpenChain UK Work Group
มุมมอง 2หลายเดือนก่อน
OpenChain October 1: Welcome by Andrew Katz, Chair of the OpenChain UK Work Group
LFC193 - Chapter 5: Bringing it all Together
มุมมอง 26หลายเดือนก่อน
LFC193 - Chapter 5: Bringing it all Together
LFC193 - Chapter 4: Codebuilding and Distribution
มุมมอง 10หลายเดือนก่อน
LFC193 - Chapter 4: Codebuilding and Distribution
LFC193 - Chapter 3 Part 2: Introduction to Open Source Compliance
มุมมอง 8หลายเดือนก่อน
LFC193 - Chapter 3 Part 2: Introduction to Open Source Compliance
LFC193 - Chapter 3 Part 1: Introduction to Open Source Compliance
มุมมอง 5หลายเดือนก่อน
LFC193 - Chapter 3 Part 1: Introduction to Open Source Compliance
LFC193 - Chapter 2 Part 2: Introduction to Open Source Licenses
มุมมอง 6หลายเดือนก่อน
LFC193 - Chapter 2 Part 2: Introduction to Open Source Licenses
LFC193 - Chapter 2 Part 1: Introduction to Open Source Licenses
มุมมอง 7หลายเดือนก่อน
LFC193 - Chapter 2 Part 1: Introduction to Open Source Licenses
LFC193 - Chapter 1: Rights and Licensing
มุมมอง 13หลายเดือนก่อน
LFC193 - Chapter 1: Rights and Licensing
LFC193 - Chapter 0: Introduction
มุมมอง 29หลายเดือนก่อน
LFC193 - Chapter 0: Introduction
OpenChain_UK_WG_Welcome__Andrew_Katz_1080p
มุมมอง 8หลายเดือนก่อน
OpenChain_UK_WG_Welcome Andrew_Katz_1080p
Martin_Yagi_OpenChain_Testimonial
มุมมอง 11หลายเดือนก่อน
Martin_Yagi_OpenChain_Testimonial
OpenChain AI Study Group - Monthly Workshop for North America and Europe - 2024-07-02
มุมมอง 42หลายเดือนก่อน
OpenChain AI Study Group - Monthly Workshop for North America and Europe - 2024-07-02

ความคิดเห็น

  • @VictorSalendu
    @VictorSalendu หลายเดือนก่อน

    The visuals complement the content nicely.

  • @GabaSaminu
    @GabaSaminu หลายเดือนก่อน

    I never really watched yt that much until I found your channel

  • @jbmaillet
    @jbmaillet 4 หลายเดือนก่อน

    25:00 end of the FOSDEM context intro 40:20 about "confusion" 51:05 "two competing standards for SBOM... everybody hates that".

  • @jbmaillet
    @jbmaillet 6 หลายเดือนก่อน

    Great talk, as expected. Thank you *so much* for taking the time to explain the difficulty of addressing non-packaged software, typically C/C++ in embedded context. I am one of those cave-men in this primitive ecosystem, and I have the outermost difficulties of *convincing* my discussion partners that this is a very real, unsolved problem. Now I have one more "see? don't take my words for granted" example, and from a highly respected industry leader. (Explaining _why_ this is a problem compared to the "easy" use cases is even more difficult, especially when discussing with non deeply technical people.) (BTW, I have _my_ own solution, inspired by a Debian idea, that works well in _my_ C/C++ embedded contexts, but cannot be generalized. So ad-hoc solution *yes*, general *no*.) It starts with the question at 46:27. I took the liberty to transcribe it all: Question about benchmarking the quality of SCA and SBOM tools... especially in the case without a package management toolchain, such as C, C++? Philippe answer: Yes, there was a big discussion on the topic. I didn't bring that as an insight but more as a cultural action, we'll look at that in a second. But generally speaking... yes, there is a problem... which is: when you have packages which are not on main package repositories and registries, and the practical is "everything you put in an embedded device, and whenever you do C/C++ development... these packages are not there. So most of the effort today on the SBOM bench-marking and review that I've seen are really comparing the somewhat *easy stuff* which is the mist of known package managers so... Javascript, npm, maven java, PyPI... these... I'm not saying these are _easy_, but these are not _super hard_ to get right. And, there is a void, for everything that's off these package registries. So did we discuss that? Yes. Is there a solution? At the moment no. And... one way... is... to... workaround things like curation format where these would become somehow a missing manifest for these packages that are not... that don't have a manifest basically. I know... I for instance curated package URL (pURL), and it's a recurring theme of concern: how do we reference a package that doesn't have a package repository and an ecosystem behind it. So I'm just raising questions, I don't have the solution. I think in the end the solution there is to evolve a convention, probably around using pURL as an identifier may be useful for generic identifiers. And the only way you can really do something that works for these, in term of recognizing the package, is either you put something that is explicit, so say a small file that we do like the do with "about code", "about file" which says "ho! this directory the lib 1.2.13, and it's been patched with this and this modifications" (as an example) *OR* you do code matching where you have a tool that can do the matching against a knowledge base, and it will be accurately recognized that this directory contains the lib 1.2.13 and it's been patched. Today, you don't really have a good solution for the latter. Most of the tools that do matching are not really answering this question. They're raising more questions and returning tons of false positives. I have a side project on that, we could discuss that separately, but.... that's an unsolved problem. And if we... if you think there's a... it's important enough to discuss that separately then let's have a discussion on that. OK. Next one...

  • @daryllawrence9398
    @daryllawrence9398 ปีที่แล้ว

    𝓹𝓻𝓸𝓶𝓸𝓼𝓶

  • @arjakstodio2341
    @arjakstodio2341 2 ปีที่แล้ว

    sorry , don't have coin openchain ?