In this episode of What’s in the SOSS, CRob has an inspiring conversation with Kate Stewart, a Linux Foundation veteran who took an unconventional path into open source as a manager rather than a developer, navigating complex legal challenges to get Motorola's contributions upstream. Now a decade into her tenure at the Linux Foundation, Kate leads critical initiatives in safety-critical open source software, including the Zephyr RTOS project and ELISA, while being instrumental in the evolution of SPDX and Software Bill of Materials (SBOM). She breaks down the different types of SBOMs, explains how the Zephyr project became a security exemplar with gold-level OpenSSF badging, and shares practical insights on navigating the European Union's Cyber Resilience Act (CRA). Whether you're interested in embedded systems, security best practices, or the evolving regulatory landscape for open source, this episode offers valuable perspectives from someone who's been shaping these conversations for years.

Episode Chapters:

00:00 - Intro Music & Promo Clip
00:00- Introduction and Welcome
00:42- Kate's Current Work at Linux Foundation
02:18- Origin Story: From Motorola Manager to Open Source Advocate
06:38- Building Global Open Source Teams and SPDX Beginnings
09:45- The Variety of Open Source Contributors
10:57- Deep Dive: What is an SBOM and Why It Matters
17:05- The Evolution of SBOM Types and Academic Understanding
19:21- Cyber Resilience Act and Zephyr as a Security Exemplar
26:46- Zephyr's Security Journey: From Badging to CNA Status
31:05- Rapid Fire Questions
32:19- Advice for Newcomers and Closing Thoughts

Episode links:

From Manager to Open Source Security Pioneer: Kate Stewart's Journey Through SBOM, Safety, and the Zephyr Project