[opensource-wg] RV: Webinars on software supply chain

All,

attached some info on a series of webinars on the supply chain management
organized by the NLnet colleagues, which I think could be of interest to the
wg. Recordings of the two past webinars are available online (s. link
further down). Also further down you'll details on the two upcoming ones.

Enjoy and have a nice weekend!
Marcos

> NLnet and NGI Zero/NGI Assure are organising a series of webinars on
> *Open Software Supply Chain management*. As the dependency of society
> on technology continues to increase in every possible direction, it is of
the
> utmost importance to understand the dynamic life cycle of the free and
open
> source building blocks that form the basis of pretty much all technology
we
> use today - and how these can be kept safe and available.
> 
> Not only do we need to improve our understanding of how and where
> software is developed, maintained, built and deprecated at macro scale -
but
> we also need to create mechanisms to ensure that building blocks are kept
> up to date, that different versions don't collide, FOSS packages from
public
> repositories have not "bit-rotted" or even worse: have been tampered with
> by malicious actors as part of a "supply chain attack". There has been an
> increasing attention to the fact that with software "eating the world", a
> healthy and robust software ecosystem should be a key societal (and thus
> political) priority. But at the same time, we should do so with full
> understanding of the highly specific nature of "digital commons" - as the
> controversy surrounding the upcoming Cyber Resilience Act clearly proves.
> 
> In this series of webinars by leading experts such as Armijn Hemel
(Tjaldur),
> Shane Coughlan (OpenChain), Carlo Piana (OSI), Alberto Pianon (FSFE) and
> Philippe Ombredanne (AboutCode) we look at software supply chains from
> different angles. What do modern electronics supply chains look like, how
is
> provenance handled - and how *should* it be handled? What mechanisms
> do we have to verify the integrity of deployed code packages and detect
> abnormal code changes that may be signs of malicious modifications and
> possible attacks? Where do "Software Bill of Materials" come into play?
And
> what is being done, and perhaps should be done from a legislative and
> governance point of view?
> 
> The entire webinar series is available free of charge, and will allow you
a
> deep dive into the hidden world behind the software and hardware we use -
> and will help you get a clear understanding of how open source supply
chains
> work, and a grasp of what the policy challenges are.
> 
> You can join the webinars via this BigBlueButton link:
> 
> https://bbb.protagio.nl/b/ron-qed-tog-gey

--

> The other episodes in the webinar series on Open Software Supply Chain
> management are:
> 
> * Thursday May 4th 2023 // 13.00 - 14.30 CEST (Amsterdam, Berlin, Rome)
> 
>    - Speakers: Carlo Piana & Alberto Pianon.
>    - Topic: The importance of a Software Bill of Materials in light of the
> upcoming Cyber Resilience Act and product liability legislation in Europe.
>    - More info:
> https://nlnet.nl/events/20230504/WebinarSoftwareSupplyChain-ep3
> 
> * Thursday May 11th 2023 // 13.00 - 14.30 CEST (Amsterdam, Berlin, Rome)
> 
>    - Speaker: Shane Martin Coughlan
>    - Topic: ISO standards and certification. (This talk was previously
scheduled
> for April 27).
>    - More info:
> https://nlnet.nl/events/20230511/WebinarSoftwareSupplyChain-
> ep4/index.html
> 
> The first episode with Armijn Hemel already took place on April 6th, with
the
> topic of Open Source in (Consumer) Electronics Supply Chains. You can find
> the link to the recording here:
> 
> https://nlnet.nl/events/20230406/WebinarSoftwareSupplyChain/index.html
> 
> Looking forward to see you there!
> 
> the NLnet team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7804 bytes
Desc: not available
URL: </ripe/mail/archives/opensource-wg/attachments/20230421/41df33fb/attachment.p7s>