License Compliance and Security Management for Embedded Systems

Explore license compliance and security management strategies for embedded systems in this 30-minute talk by Yoshihisa Morizumi. Delve into compliance issues faced by suppliers and product vendors, and examine security concerns in software development. Learn about Software Bill of Materials (SBOM) and its implementation throughout the product lifecycle. Discover tools and systems for generating SPDX files, including integration with Yocto Project. Gain insights into using CodeChecker, PostgreSQL, and FOSSology for effective problem-solving in embedded software development. Understand the importance of SBOM in addressing software development challenges and ensuring compliance with software licenses.

Intro
Agenda
Compliance issues Supplier Product vendor
Security issues
Issues in software development Compliance issue Understand all the components used Comply with the software license
What is SBOM? OSBOM : Software Bill of Materials
SBOM in Life Cycle
SBOM Implementation Example
Solution for creating SPDX
Using spdx with Yocto Ometa-spdxscanner Generate a SPDX file by calling FOSSology or ScanCode Toolkit
Systems that solve problems
Example of system use
CodeChecker - Settings
PostgreSQL - Settings
FOSSology - Settings
cve-check & build
CodeChecker - Results
FOSSology - Results
SPDX files
Summary & Future work Summary OSBOM is effective for solving software development problems