This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own

LinuxCon Japan is the premiere Linux conference in Asia that brings together a unique blend of core developers, administrators, users, community managers and industry experts.

CloudOpen Japan is a conference celebrating and exploring the open source projects, technologies and companies who make up the cloud. It’s built on a belief that open works: for users, for industry and for technology.

Register Now

View analytic
Thursday, May 30 • 2:00pm - 2:50pm
Upstreaming Due Dilligence - Armijn Hemel, Tjaldur Software Governance Solutions

Sign up or log in to save this to your schedule and see who's attending!

Checking source code is a mandatory task for license compliance. But scanning a lot of source code each time is costly: it takes time and effort and the available tools don't always make it easy, by generating a lot of information that needs to be analyzed for correctness. Especially if the scanned code is often very similar to previously scanned code this can be frustrating.

I argue that besides a waste of resources it is also unnecessary! There are far more effective methods that allow someone to quickly drill down to problematic files in minutes, rather than having to wade through tens of thousands of source code files for hours or days, which is especially useful if quick action needs to be taken, or if audits need to be done frequently (for example on snapshots of code from an upstream vendor).

In this talk I will describe a very simple method that I have found to be very effective, namely trusting upstream software teams more. It requires to make a few reasonable assumptions, but can dramaticaly decrease the problem space with over 90%, making for example a Linux kernel audit manageable.


Armijn Hemel, Tjaldur Software Governance Solutions

Tjaldur Software Governance Solutions
Armijn Hemel, MSc, is a Dutch technologist, specialising in license compliance engineering and supply chain management. As a former member of the core team of gpl-violations.org he has intimate knowledge of license enforcement, common mistakes in supply chains and resolution of these mistakes. With his own company Tjaldur Software Governance Solutions he makes tools for supply chain management that reach far beyond source code scanning and... Read More →

Thursday May 30, 2013 2:00pm - 2:50pm

Attendees (3)

  • Profile image