Maximilian Huber
Maximilian Huber is a open source compliance nerd and principal consultant at TNG Technology Consulting, where he is specialized on building and integrating Open Source compliance solutions from Open Source.
He is a commiter and maintainer in several Open Source projects like FOSSology, SW360, LDBcollector, yacp and the license-compliance-toolbox. His activity can be found on https://github.com/maxhbr.
Maximilian other most prominent interests are functional programming languages like Haskell and functional package managing with NixOS.
Sessions
The software supply chain has been an increasingly vulnerable target due to the downstream users of open source software not being aware that they are using compromised or vulnerable components. Log4Shell and SolarWinds are just two prominent examples of supply chain attacks causing significant damage to a large population of downstream users.
Package Managers already provide critical information through package metadata, however most software developed crosses several package manager boundaries (e.g. using Gradle in the back-end and NPM in the front-end). To really provide a solution to supply chain vulnerabilities, an integrated view of software dependencies need to be provided..
In this talk, we will provide practical advice to package manager software developers on how they can provide critical information in a manner that can be integrated across different package manager ecosystems resulting in greatly improved security across the entire software supply chain. We will also cover how that same information can improve open source license compliance and software product safety.
BoFs are sessions presented by community members as an opportunity to gather and discuss special topics of interest. BoFs can be anything from agenda-driven to an open-ended discussion.