The Open Source Way

Open Source at Microsoft – ClearlyDefined and Open-Source Supply Chain Security

May 25, 2022

Nell from Microsoft and Sebastian from SAP discuss ClearlyDefined as a data store for open-source licenses, open-source supply chain security, Microsoft's open source history, and SAP's engagement with open source projects. They explore SPDX identifiers, corporate transformations, and the evolution of SAP's open source journey, and Microsoft's approach to open source security with automated vulnerability scanning and securing web dependencies.

30:20

Creator website

Episode guests

Nell Shamrell-Harrington

Sebastian Wolf

AI Summary

Highlights

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Transition from open source license compliance to supply chain security at Microsoft.

Evolution of Microsoft and SAP from skepticism to active open source engagement.

Deep dives

Nell Shumrel Harrington and Bastian Wolf: Clearly Defined vs. Supply Chain Security

Nell Shumrel Harrington from Microsoft discusses the shift from clearly defined, focusing on open source license compliance, to open source supply chain security. The shift entails verifying open source dependencies for security, ensuring their integrity and origin, emphasizing a security-centric approach over purely licensing compliance. Microsoft and SAP collaborate on clearly defined, with contributions from both sides enhancing the open source ecosystem.

Ensuring Security in Open Source Supply Chain

01:08

Utilizing Various Services for Harvesting License Information

01:06

Introduction

3min

Exploring ClearlyDefined and Open-Source Supply Chain Security

8min

Exploring SPDX Identifiers and Corporate Transformations Towards Open Source

4min

The Evolution of SAP's Engagement with Open Source

6min

Microsoft's Approach to Open Source and Security

10min

In this episode, our host Karsten Hohage talks to Nell Shamrell-Harrington from Microsoft and Sebastian Wolf from SAP about ClearlyDefined, a central data store for all open-source licenses across many different open-source ecosystems, and open source supply chain security at Microsoft. Nell explains both projects, talks about Microsoft’s open source history and evolution, and we also learn about the differences and similarities between Microsoft and SAP’s open source engagement from Sebastian.

Guest:

Nell Shamrell-Harrington is a principal software engineer at Microsoft in the Azure Office of the CTO, and former lead engineer for ClearlyDefined. She is also on the board of directors of the RUST foundation.

Twitter: https://twitter.com/nellshamrell?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor
LinkedIn: https://www.linkedin.com/in/nellshamrell/
Nell’s website: http://www.nellshamrell.com

Sebastian Wolf is a development architect and has been working for the SAP Open Source Program Office (OSPO) since the beginning of 2020. He first joined SAP back in 2003 as a student and has since worked in several development positions – for example at SAP SRM, ABAP Development Tools, the SAP Community Network, and Central Architecture.