2025-09-21 –, Tesla
Across industries, more than half of the software used is now open source (OSS). This includes both OSS in a company's own developed products, and OSS in components provided by suppliers. The shift towards OSS has led to an ever increasing demand for license compliance, security assurance, and software bills of material (SBOMs). To deal with this challenge, organizations can adopt the ISO standards developed within the OpenChain community, namely 5230:2020 for license compliance and 18974:2023 for security assurance. This talk will highlight where to start and how you can get involved in the OpenChain community.
The talk is split into three parts of roughly the same length.
Part 1 will make the case for implementing a program to manage OSS in your organization. It will focus on both the positive effects of establishing such a program, as well as the risks assumed by not having one.
Part 2 will focus on the OpenChain ISO Standards and how they can be used as simple reference documents for upgrading your operations for a secure and compliant software supply chain.
Part 3 will be about the OpenChain community, what it has to offer, and how you can get involved and contribute. Special focus will be placed the on the OpenChain Eastern European chapter we are currently in the process of establishing, with an open invitation to anyone who would like to participate.
I am part of Bosch's Open Source Program Office where I work mostly on Open Source Management.
I have a Master's Degree in Law and experience working on intellectual property and data protection matters. During my legal studies, I became interested in legal technology and the topic of automating legal and compliance work. To pursue this interest, I enrolled in a coding school where I graduated as a Python Web Developer, acquiring skills in Python, JS, databases, and the Django Web Framework.
I am an AWS Certified Solution Architect Associate, an AWS Certified Cloud Practitioner, and an AWS Certified AI Practitioner. I am also a committer on the Eclipse Apoapsis project.
If you wish to learn more about me and my work, please see my:
- blog
- LinkedIn
- GitHub