In this episode of What’s in the SOSS, CRob has an inspiring conversation with Kate Stewart, a Linux Foundation veteran who took an unconventional path into open source as a manager rather than a developer, navigating complex legal challenges to get Motorola's contributions upstream. Now a decade into her tenure at the Linux Foundation, Kate leads critical initiatives in safety-critical open source software, including the Zephyr RTOS project and ELISA, while being instrumental in the evolution of SPDX and Software Bill of Materials (SBOM). She breaks down the different types of SBOMs, explains how the Zephyr project became a security exemplar with gold-level OpenSSF badging, and shares practical insights on navigating the European Union's Cyber Resilience Act (CRA). Whether you're interested in embedded systems, security best practices, or the evolving regulatory landscape for open source, this episode offers valuable perspectives from someone who's been shaping these conversations for years.
Episode Chapters:
- 00:00 - Intro Music & Promo Clip
- 00:00- Introduction and Welcome
- 00:42- Kate's Current Work at Linux Foundation
- 02:18- Origin Story: From Motorola Manager to Open Source Advocate
- 06:38- Building Global Open Source Teams and SPDX Beginnings
- 09:45- The Variety of Open Source Contributors
- 10:57- Deep Dive: What is an SBOM and Why It Matters
- 17:05- The Evolution of SBOM Types and Academic Understanding
- 19:21- Cyber Resilience Act and Zephyr as a Security Exemplar
- 26:46- Zephyr's Security Journey: From Badging to CNA Status
- 31:05- Rapid Fire Questions
- 32:19- Advice for Newcomers and Closing Thoughts
Episode links:
