Скачать или смотреть Max Mehl – The Burden of Knowledge: Dealing With Open Source Risks

Max Mehl – The Burden of Knowledge: Dealing With Open Source Risks

Скачать Max Mehl – The Burden of Knowledge: Dealing With Open Source Risks бесплатно в качестве 4к (2к / 1080p)

У нас вы можете скачать бесплатно Max Mehl – The Burden of Knowledge: Dealing With Open Source Risks или посмотреть видео с ютуба в максимальном доступном качестве.

Для скачивания выберите вариант из формы ниже:

Информация по загрузке:

Cкачать музыку Max Mehl – The Burden of Knowledge: Dealing With Open Source Risks бесплатно в формате MP3:

Если иконки загрузки не отобразились, ПОЖАЛУЙСТА, НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если у вас возникли трудности с загрузкой, пожалуйста, свяжитесь с нами по контактам, указанным в нижней части страницы.
Спасибо за использование сервиса video2dn.com

Описание к видео Max Mehl – The Burden of Knowledge: Dealing With Open Source Risks

More: https://25.foss-backstage.de/sessions...

Speaker: Max Mehl

As we increase analysis of our software supply chains, tools and scorecards reveal potential risks in Open Source projects like low maintenance, lack of community, or poor security practices. How should we handle this? Manual reviews? Questionnaires? Funding? Let's explore options to address these challenges strategically without ignorance or fear.

Open Source is essential to modern software supply chains, and each used software package may hold risks. We have access to more information than ever about the projects we rely on – through metrics, security reports, or community analysis. Yet this data alone doesn't help if it merely points out potential problems - for which we often don't know whether they will actually have a negative effect - without offering solutions.

This session focuses on the strategic decisions OSPOs and development teams need to make: How do we assess risk in Open Source? How do we decide whether to use a project, invest our own resources to support it, or move away from a dependency? When does it make sense to actively engage with or withdraw from an Open Source project?

This talk cannot provide all answers but gives an overview of feasible options and the foundation for a more informed discussion. It enters an ongoing discussion between "Let's measure everything", "Let's avoid all risky Open Source, which probably is everything but Linux, curl and Kubernetes", and "Let's not look at the data because it might scare off our management".

Coming from an organisation using a 6-digit number of Open Source packages and progressing in understanding its full software supply chain, I will also share some practical insights and learnings.

###

Follow us on Social Media and join the Community!

Mastodon: https://floss.social/@FOSSBackstage
LinkedIn: / foss-backstage
Website: https://foss-backstage.de
Mail: [email protected]

FOSS Backstage is an event by Plain Schwarz – https://plainschwarz.com

Комментарии

Информация по комментариям в разработке