
The Open Source Way
Open Source at Microsoft – ClearlyDefined and Open-Source Supply Chain Security
May 25, 2022
Nell from Microsoft and Sebastian from SAP discuss ClearlyDefined as a data store for open-source licenses, open-source supply chain security, Microsoft's open source history, and SAP's engagement with open source projects. They explore SPDX identifiers, corporate transformations, and the evolution of SAP's open source journey, and Microsoft's approach to open source security with automated vulnerability scanning and securing web dependencies.
30:20
Episode guests
AI Summary
Highlights
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- Transition from open source license compliance to supply chain security at Microsoft.
- Evolution of Microsoft and SAP from skepticism to active open source engagement.
Deep dives
Nell Shumrel Harrington and Bastian Wolf: Clearly Defined vs. Supply Chain Security
Nell Shumrel Harrington from Microsoft discusses the shift from clearly defined, focusing on open source license compliance, to open source supply chain security. The shift entails verifying open source dependencies for security, ensuring their integrity and origin, emphasizing a security-centric approach over purely licensing compliance. Microsoft and SAP collaborate on clearly defined, with contributions from both sides enhancing the open source ecosystem.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.