OSS Consultants

Our founder, Russ Eling, alongside Sandra Frischmuth, had the wonderful opportunity to speak at the Bitkom Open Source Conference in Germany. They explored the importance of collaboration within the open source ecosystem, extending beyond software development. During the talk, Russ dove into key topics such as defining the scope of a governance program and preparing for scale and evolving requirements. He also highlighted the similarities between the EU’s CRA and SBOMs. We’re grateful for the chance to exchange ideas, build connections, and contribute to meaningful discussions that strengthen and drive innovation within the open source space. Thank you to everyone who attended and engaged during the talk! 🙌 #bfoss24

Exciting day at the Bitkom Open Source conference here in Germany! 👏🏻 It's been an incredible experience meeting so many inspiring professionals in the open source community. A special highlight was getting the chance to connect with Frank Termer, Bitkom's Head of Software! Conversations like these are what make conferences so energizing, bringing together industry leaders to share ideas and drive innovation forward. Looking forward to even more great discussions! #bfoss24 #bitkom

Exciting times ahead! 🎉 Our founder, Russ Eling, will be attending three fantastic events in Germany and Japan in September & October, and would love to connect with others who will be there too. 📅 September 10: He'll be giving a talk about the impact of regulations on the open source software supply chain at the OpenChain Project Automotive Work Group 📅 September 12: He'll be giving a lecture at the Bitkom Open Source Conference with Sandra Frischmuth about collaboration in the open source ecosystem beyond software development. 📅 October 31: Russ and Shane Coughlan will discuss using case studies to inspire and share valuable experiences with the community at the Open Compliance Summit 2024. If you'll be at either event, he'd love to meet up! Drop by, say hi, and let's chat about all things open source. Feel free to message us or leave a comment below if you plan to attend. Looking forward to seeing some familiar faces and meeting new ones! #bfoss24 #opensource #bitkom #opencompliancesummit

Last chance to register for the webinar! 🌟 Join Russ Eling tomorrow, September 4 at 10 AM EST., for a webinar with FossID and Tomas Gonzalez Blasini: "Practical Advice for Successful SBOM Management".   This session will equip you with: 🔍 Practical strategies for effective SBOM implementation 🔒 Best practices to enhance security and compliance 🔗 Actionable tips to optimize your software supply chain processes   Whether you're new to #SBOMs or aiming to refine your existing practices, this webinar offers valuable insights to help you succeed.   Registration link in the comments below! See you tomorrow!

Ready to master SBOMs? There’s no shortage of generic SBOM advice and vague requirements. But what do YOU need for YOUR software in YOUR industry? We want you to walk away with tangible advice that applies to you. Join our live session on September 4. FossID and OSS Consultants are working together to offer Practical Advice for Successful SBOM Management. Hear from Russ Eling and Tomas Gonzalez Blasini, two experts in open source software security and compliance that closely follow the latest SBOM trends. ⤵️ See link in the comments to sign up. #SBOM #SoftwareSecurity #OpenSource #OSPO

Overcoming Common OSPO Challenges ⚠️🚧 We’ve covered the basics of starting an OSPO, but now let's dive into the real challenges organizations encounter along the way. From limited resources to tight budgets and the right tools, these obstacles are common, but they don’t have to stop you! Here’s how to overcome some of the biggest hurdles: 💡 Budget Concerns: This is a common barrier. While budget approval may not always be a top-down directive, it’s crucial for items like staffing, scanning tools, and attending industry events. ⏳ Timing & Priorities: Companies may hesitate to embrace the agility required to launch an OSPO. You might start with awareness and feedback, but face delays in hiring and tool acquisition. So how can we break through these barriers? Sometimes, it can help to highlight business risks such as: - License compliance lawsuits - New SBOM requirements from customers - Vulnerabilities in unknown open source software - Intellectual property concerns with certain open source licenses Engage with your legal and security teams. They can also help provide powerful arguments for why an OSPO is essential and bring attention to potential risks. The road might be challenging, but by promoting the value and urgency of an OSPO, you can turn those obstacles into opportunities.

Our founder, Russ Eling, is teaming up with Tomas Gonzalez Blasini of FossID for a discussion on SBOM management. If you’re looking for real, actionable SBOM advice, register and join us live on September 4th! https://lnkd.in/gj6vHMjW

The Blueprint of a Successful Software Bill of Materials ⚙️ An SBOM is essential for securing your software and helps you to manage your software inventory. But what makes an SBOM truly effective? Here’s a breakdown of what should most often be included: 🔍 Comprehensive Component Inventory List all open-source and third-party components, including libraries and dependencies. 📜 License Information Clearly identify the licenses for each component. While this may not always be a requirement on your SBOM, it is a good practice. This helps you avoid potential licensing risks by helping you manage compliance with licensing terms. 🔢 Version Details Specify the exact version of each component. This is crucial for tracking security patches and updates, and keeping your software secure. 🏷️ Supplier Data Record the origin of each component. Knowing where your software components come from helps you assess supply chain risks. ⚠️ Vulnerability Data Incorporate known vulnerabilities for each component. This allows you to prioritize remediation efforts and strengthen your defenses. 🔗 Relationships Document the relationships between components. Understanding how they interact can help uncover potential security risks and compatibility issues. An SBOM is a living document that evolves with your software. By including these elements, you’re not just enhancing security and license compliance, you’re building trust with your clients and stakeholders. Interested in learning more about SBOMs? Join our upcoming webinar with FossID: Practical Advice for Successful SBOM Management to dive deeper into producing a quality SBOM to protect your organization from security and legal risks! 👉 Register here: https://lnkd.in/gj6vHMjW 

Getting Started with an Open Source Program Office ✅📝 A few weeks ago, our founder, Russ Eling, joined up with Chris H. and LeanAppSec for their OSPO 101 webinar! We covered a lot of topics, one of which was how to get started with an OSPO. So we have to ask... thinking about starting an OSPO but not sure where to begin? We've got you covered! From identifying a leader to finding the right home for your OSPO, our latest blog post breaks down the essential steps to set your organization up for success. Whether you're looking to improve security, ensure license compliance, or gain stakeholder buy-in, this guide will help you navigate the process. 👉 Ready to dive in? Check out the video below, and read the full post here: https://lnkd.in/gQJBiBCi

⚠️ Top 5 Challenges of Open Source Compliance 🚧   Navigating these challenges requires proactive measures and strategic planning to ensure your organization meets open source license compliance obligations effectively.   Do any of these challenges resonate with you? Are you facing others? We’d love to hear your thoughts!