Skip to content

Latest commit

 

History

History
139 lines (99 loc) · 5.88 KB

README.md

File metadata and controls

139 lines (99 loc) · 5.88 KB

Call for Proposals: Software Composition Analysis Devroom at FOSDEM, February 6th - 7th 2021

Dates and Deadlines

  • Submission deadline: Sunday December 27th, 2020 (Midnight AoE)
  • Selected talks announced by Thursday December 31st, 2020
  • Talk video submission is Sunday January 17th, 2021
  • Talk video validation is Sunday January 24th, 2021
  • Conference date is likely 7th February 2021 all online (CET)

Contact

About Software Composition Analysis

As we all assemble more complex software apps from an ever growing number of free and open source software components, knowing what's in our code is a must for legal, security and operational reasons.

Software Composition Analysis (SCA) is the set of techniques to determine which software components we reuse, where and how, as well as their origin, licensing, vulnerabilities, quality and other important attributes.

Open source SCA tools are emerging as the best way to help determine which FOSS software components are used in a software system or application.

You are an SCA FOSS tool or project contributor, maintainer, or user?

If so, let's meet at FOSDEM 2021 to share our techniques, experiences and bag of tricks and demo or present our FOSS tools to colloborate towards a better SCA FOSS toolchain.

Call for Proposals

We are interested in all kinds of presentations about SCA-related topics using Free and Open Source software. Some of the topics include in no particular order:

  • Code origin detection techniques
  • Code matching and related code similarity detection
  • Static or dynamic binary analysis for provenance and origin
  • Source code analysis for provenance and origin
  • Package and project metadata collection
  • App and distro dependencies discovery
  • Container and related whole-distro analysis
  • tools producing and consuming a software bill-of-material (SBOM)
  • License and copyright detection and analysis
  • Open data for SCA (packages, vulnerabilities, licenses, etc.)
  • Packages and projects quality metrics
  • Vulnerability detection and related security analysis
  • License and security compliance and policies
  • Various data formats for SCA such as package manifests and SBOM
  • New or existing FOSS tool demo for any of the above

About the organizers

Last year we organized a fringe meeting on the day before FOSDEM 2020 and this was well attended with over 50 participants.

We are seasoned open source developers that maintain a few popular SCA-related tools and projects and want to ensure that all FOSS developers in that domain can meet and share.

Looking forward to meet you,

the devroom organizers:

  • Philippe Ombredanne, ScanCode and AboutCode maintainer
  • Kate Stewart, SPDX and ACT @ Linux Foundation
  • Michael C. Jaeger, FOSSology maintainer, SW360
  • Maximilian Huber, FOSSology maintainer and SW360 and LDBCollector

How to Apply

All submissions must be made through FOSDEM pentabarf website. Make sure to select the "Software Composition Analysis" when submitting:

https://penta.fosdem.org/submission/FOSDEM21

You must also make sure to be able to fulfil all requirements to be able to present as listed in the next section.

Prerequisites and Talk Details

  • Since this is going to be a virtual event, we are planning to have presentations for about 10 minutes. You will have to pre-record this presentation ahead of time and upload it to FOSDEM servers.

  • We are grouping three to four presentations on related topics into a session. Each of these ~10 minutes presentations will be broadcasted in sequence with a chat backchannel for questions from the attendees. Once the broadcast is completed there will be a live 15 minute panel with the presenters and moderated by the devroom organizers to address questions.

  • Therefore the presenters must be online and available during the whole session that will air their presentation.

  • With this approach we plan to support a combination of prepared presentations and interactive discussions which is alway a challenge for virtual events.

  • Since presentations will be pre-recorded in advance and streamed by FOSDEM during the event, you will need to complete and submit your talk recording by mid January.

International submitters:

Please note that the event will run during European day hours CET time zone. This is important because after your talk airs, you will have to attend the live mini panel. We do not know yet the actual times slots we will have so please tell us your home time zone in your submission so we can try to accomodate this as best as we can.

About FOSDEM

FOSDEM is a free, volunter-led and non-commercial event organized by the community for the community. The event in normally hosted at the Free University of Brussels, Belgium. This year it will be held on-line for the first time at the dates of 6th and 7th of February 2021. Participation and attendance is free of charge. Please note that as in previous years the event can be supported with donations and sponsorship. Although there is no registration, attendees are expected to follow FOSDEM's code of conduct.

The goal is to provide free and open source software developers and communities a place to meet. It helps to get in touch with other developers and projects. It is an opportunity to be informed about the latest developments in the free and open source software world.

Attendees can see interesting talks and presentations on various topics by project leaders and committers; Last but not least, this event helps promoting the development and benefits of free software and open source solutions.