Open Source in (Consumer) Electronics Supply Chains
This webinar took place on May 4, you can watch the recording here
Thursday, April 6, 2023. 13.00 - 14.30 CEST
Join the free online webinar with open source supply chain expert Armijn Hemel on Thursday, April 6, 2023. 13.00 - 14.30 CEST
He will provide a high level overview of electronics supply chains and will explain where these can fail in the context of software provenance. He will also briefly introduce some solutions that industry players are working on, both on the governance side, as well as tooling. The talk will be about 45 minutes followed by a Q&A. If you don't have time for the Q&A feel free to leave earlier. This talk is part of the webinar series The Ins and Outs of Open Software Supply Chain hosted on Thursdays in April and May.
Failure in the supply chain and possible solutions
In the past two decades the (consumer) electronics industry has made a dramatic switch to open source software. These days nearly all Internet connected devices are running on some open source operating system, mostly Linux (including Android) and Zephyr (RTOS for resource-constrained devices). The way that these devices are made has led to a massive drop in price for end consumers, but the model has lead to corners being cut when it comes to determining and preserving software provenance. Many companies would not even know how to start and have no idea what they are shipping. This is leading to devices being shipped with old and vulnerable software unnecessarily, with the costs of those vulnerabilities being borne by the end consumers and not by the companies having made the decision to ship old and vulnerable software.
Armijn Hemel will provide a high level overview of electronics supply chains and will explain where these can fail in the context of software provenance. He will also briefly introduce some solutions that industry players are working on, both on the governance side, as well as tooling.
You can register for the webinar by sending an e-mail to webinars@nlnet.nl.
About Armijn Hemel
Armijn Hemel , MSc, is the owner of Tjaldur Software Governance Solutions. Mr Hemel studied computer science at Utrecht University, where he explored reproducible builds by building the first prototype of NixOS, a Linux distribution built around the Nix build system, where reproducibility and provenance is central. Since 2005 he has been focusing on open source license compliance and supply chain management in the (consumer) electronics industry, first on the license enforcement side as part of gpl-violations.org, but later (more effectively) as a consultant helping companies come into compliance, fight off copyright trolls and help improve processes. Mr Hemel has co-written academic research papers (MSR 2011, WCRE 2012, ASE 2014), made various open source tools for firmware reverse engineering and license compliance, and frequently talks at (industry) conferences about supply chain management in the (consumer) electronics industry. In the past he has served on the boards of NLUUG, as well as NixOS Foundation.
References
Details
Webinar series: The Ins and Outs of Open Software Supply Chain
Armijn Hemel's talk will be the first in a series of webinars about open source supply chain management. The series will explore topics such as the software bill of materials, legal consequences, tooling, and the Cyber Resilience Act.
April 6. Speaker: Armijn Hemel. Topic: Open Source in (Consumer) Electronics Supply Chains.
April 13. Speaker: Philippe Ombredanne. Topic: Tooling.
May 4. Speaker: Carlo Piana & Alberto Pianon. Topic: The importance of a Software Bill of Materials in light of the upcoming Cyber Resilience Act and product liability legislation in Europe.
May 11. Speaker: Shane Martin Coughlan, Topic: ISO standards and certification. (This talk was previously scheduled for April 27).
All episodes start at 13.00 at CEST (Amsterdam, Berlin, Rome).