jeena/fn-static-web
1
0
Fork 0
Code Issues Pull requests Projects Packages Wiki Activity Actions

Whitesource training

Browse source
This commit is contained in:
Johan Thelin 2020-02-27 08:08:29 +01:00
parent 79ff446b3e
commit 36595c8ae6
2 changed files with 79 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
2020/style.css
View file

@ -37,6 +37,15 @@ h3 {
margin-bottom: 30px;
}
h4 {
font-family: 'Armata', serif;
color: #333333;
font-size: 16pt;
text-align: left;
margin-bottom: 30px;
}
th {
text-align: center;
}

70
2020/trainingday.html
View file

@ -90,6 +90,7 @@
<ul>
<li><a href="#csimmonds">Fast track to OpenEmbedded and Yocto Project, by Chris Simmonds</a></li>
<li><a href="#rmunitz">Android Automotive Internals and Security, by Ron Munitz</a></li>
<li><a href="#synergon">Managing the risk and growth of using Open Source Software, by Jason Hammond and Rhys Arkins</a></li>
</ul>
@ -217,6 +218,75 @@ However, in the one-day workshop, we will give a comprehensive architecture over
<p class="left">In his previous lifetimes, Ron founded Nubo Software, the first Android display protocol, brought up Linux and some RTOS's on more boards than he can remember, did all kinds of security related work ( ;-) ), and led the development of a couple of satellite launchers ( ;-) ;-) ).</p>
<div class="bodybreak">&nbsp;</div>
<a name="synergon" class="offsetanchor"></a>
<h2 class="left">Managing the risk and growth of using Open Source Software</h2>
<p class="left tight"><i>By Jason Hammond and Rhys Arkins</i></p>
<p class="left">Today, every company is a software company. Even companies with a core business that is not about developing software products are building software to help run their businesses. More and more, development organizations are using open source software as part of their applications in order to support their agility and efficiency goals. While the benefits of using open source software are apparent, organizations need to manage the vulnerabilities and risks associated with that use. In this session you will learn about the business impact of security vulnerabilities and license compliance issues presented to organizations that use open source software. You will also learn how Software Composition Analysis tools, such as WhiteSource Software, can help to automate and simplify the process of managing vulnerability and compliance issues throughout the Software Delivery Lifecycle (SDLC). The session will include a hands-on workshop using WhiteSource Software to scan code for open source libraries, build an inventory of these libraries, and highlight identified security vulnerabilities, the licenses associated with these libraries, and the identified risk they present.</p>
<h3>Audience and prerequisites</h3>
<p class="left">The course is targeted at Application development managers and team members, security practitioners, and compliance officers.</p>
<p class="left">Some familiarity with the use of open source software in software development projects, open source software security vulnerabilities and licenses, and software scanning tools and processes will be helpful, but is not required.
Participants should bring their personal laptops to access cloud services used in the workshop. Laptops should be running a version of Windows with Remote Desktop Connection (RDP).</p>
<h3>Course materials</h3>
<p class="left">Presentation materials. Hands-on exercise use case workbook</p>
<h3>Course duration and format</h3>
<p class="left">One day. The training includes lunch and a coffee break.</p>
<h4>Detailed agenda</h4>
<p class="left tight">9:00-09:45 Overview:</p>
<ul>
<li>The growth and risks of using open source software</li>
<li>Introduction to WhiteSource Software</li>
</ul>
<p class="left tight">9:45- 10:00 Coffee Break</p>
<p class="left tight">10:00 -12:00 Hands-On Exercises</p>
<ul>
<li>Hands-on Topic #1: Building an inventory of Open Source Software</li>
<ul>
<li>Scanning code</li>
<li>Reviewing the inventory of identified open source libraries</li>
</ul>
<li>Hands-on Topic #2: Open Source Software Licensing</li>
<li>Hands-on Topic #3: Open Source Software Security Vulnerabilities</li>
</ul>
<p class="left tight">12:00-13:00 Lunch</p>
<p class="left tight">13:00 14:30 Hands-On Exercises continued</p>
<ul>
<li>Hands-on Topic #4: Remediation</li>
<li>Hands-on Topic #5: Prioritization</li>
<li>Hands-on Topic #6: Prevention\Automation</li>
</ul>
<p class="left tight">14:30 14:45 Coffee break</p>
<p class="left tight">14:45- 16:00 </p>
<ul>
<li>Review of Case Studies How organizations manage open source, risk & compliance</li>
<li>Q&A</li>
</ul>
<h3>About the trainers</h3>
<p class="left">Jason Hammond<br />
<i>Director of Solutions Engineering: Channels - WhiteSource Software</i><br />
Jason Hammond is responsible for the technical enablement of WhiteSource's network of integration and go-to-market partners and their customers. He has more than 15 years of experience working in a variety of technical roles across the fields of information security, audit, and compliance. Jason is passionate about enabling businesses to adopt and expand the use of open source software in a secure, compliant, and scalable way.
</p>
<p class="left">Rhys Arkins<br />
<i>Director of Product Management - WhiteSource Software</i><br />
Rhys Arkins is responsible for developer solutions at WhiteSource. He was the founder of Renovate Bot an automated tool for software dependency updating, which was acquired by WhiteSource in 2019. Rhys is particularly fond of automation and a firm believer in never sending humans to do a machines job.</p>
</div>
<div class="footer">
foss-north and foss-gbg are arranged by Free Open Source Software North Conferences ek.f&ouml;r.<br />