The Open Source Way

In this episode, our host talks to Powen Shiah and Mirko Swillus about the Sovereign Tech Fund, which focuses on critical infrastructure in the public interest. They discuss the types of technologies the fund invests in, the criteria for applying, and the importance of maintenance and security updates. The goal is to strengthen innovation, economic competition, and democracy.

Max Mehl and Sebastian Wolf discuss the importance of Software Bills of Materials (SBOMs), including license compliance, export control restrictions, and risk management. They highlight the challenges faced by organizations in implementing SBOMs and the growing significance due to legal requirements and security reasons. The difference between SBOM and SPOD is also explored. Additionally, the podcast covers approaches to SBOM management, including proprietary solutions and open-source tools.

In this episode, our host Karsten Hohage talks to Thomas Barber about project “Foxhound”, an SAP-maintained fork of Firefox (the web browser) that is designed to detect security vulnerabilities in websites. Thomas discusses the history of “Foxhound”, how and why it was created, and its journey to becoming an open-source project. He talks about the importance of the collaborations that made Foxhound successful and about some of the challenges that it has faced along the way. Anyone who wants to get involved in this project is welcome to visit the GitHub page to learn more. Guest: Thomas Barber Thomas’ first experience with software development was at the age of twelve when he programmed the game “Mortal Wombat” in QuickBASIC. Since then, he has worked as an embedded software developer and security expert in the automotive industry, before moving to SAP Security Research in 2019. Thomas’ interests include investigating novel techniques for the detection and automatic prevention of injection vulnerabilities and privacy violations in web applications. Thomas holds a PhD in the field of Physics from the University of Cambridge and has published papers in the fields of Particle Physics, Astronomy, and Computer Science. GitHub: https://github.com/tmbrbr  LinkedIn: https://www.linkedin.com/in/thomas-barber-b3965551/ Show Notes: SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter (@sapopensource) e-mail: ospo@sap.com Project Foxhound – https://github.com/SAP/project-foxhound SAP Security Research – https://www.sap.com/about/company/innovation/icn.html#research Additional Downloads Download the transcript as PDF-file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/ The post Project “Foxhound” – Hunting Cross-Site Scripting on the Web first appeared on The Open Source Way.

Ana Jiménez Santamaria discusses the TODO Group, a community dedicated to promoting open-source practices within organizations. They talk about the history, mission, and working mode of the group. They also discuss the levels of contribution within the community and the process of generating outputs, such as guides, through GitHub discussions and review by the steering committee.

OCM is an extensible standard accompanied by a toolset designed to enable the automation of many software-lifecycle-related processes. It can be defined as a common machine-readable format for describing software components, which serves as a Software Bill of Delivery (SBoD). In this episode, our guests Jason Kafka and Ingo Kober discuss with host Karsten Hohage about OCM and why it is run as open source. Jason and Ingo also talk about their vision for OCM’s future, its applications, and its challenges. Guests: Jason Kafka has been part of the SAP family for 14 years. He started as a Software Engineer in the development support area, debugging hard core C/C++ SAP NetWeaver kernel bugs, and then went into technical project management. After that, he spent 1.5 years in Shanghai to help set up the SAP Cloud Platform. He then joined the Gardener organization, where he is now an engineering manager responsible for the Gardener Lifecycle Management team. LinkedIn: https://www.linkedin.com/in/jason-kafka-073a607/ Ingo Kober joined SAP 22 years ago and has since worked in various positions, including development (Web / Java / ABAP), and  scrum master. He is now a product owner for the internal service Landscaper, used to orchestrate Kubernetes deployments. In his current position, he mostly works with teams in the software lifecycle management area, trying to streamline processes and tools across SAP, with the goal to “improve SAP developers’ lives.” His current technology focus is on Kubernetes. LinkedIn: https://www.linkedin.com/in/ingo-kober-0a9875283/ GitHub: https://github.com/In-Ko SAP People: https://people.sap.com/ingo.kober Show Notes: SGS = SAP Global Security team Links https://ocm.software/ OCM – Breaking Boundaries with Open-Source Collaboration https://www.weave.works/ https://gardener.cloud/ SPDX ® – Software Package Data Exchange® – https://spdx.dev/   https://cyclonedx.org/ SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/ The post Open Component Model (OCM) – Describe, Transport, Deploy first appeared on The Open Source Way.

Dear listener, we typically have a summer break in August, but this year we will do it in July. We will be back with an episode for you at the last Wednesday of August. If you are craving for open source content from us, check out the recordings of our public webinars at https://webinars.sap.com/ospo-webinar-series/en/webinar-replays!The post Summer Break 2023 – We’ll be back in August! first appeared on The Open Source Way.

Credential Digger is an SAP Open-Source code scanner for detecting hardcoded secrets. In this episode, Slim Trabelsi discusses with host Karsten Hohage what led to the creation of Credential Digger and about its key differentiators. Slim also speaks of the early challenges of scanning for secrets, and lists the many advantages of using open source for building and maintaining Credential Digger. Open source comes with visibility for customers, and contributors can work on a project even before they join the team or after they leave, leading to improved continuity and a better tool overall. Guests: Slim Trabelsi joined SAP 15 years ago and currently works as a senior security expert in the SAP Security Research team. His background includes data privacy, data protection, and social media security. He is currently focusing his research activities on cyber security, threat intelligence, and surveillance. Slim recently developed an open-source tool called Credential Digger, which is used to identify hardcoded secrets in source code repositories like GitHub.   Twitter: https://twitter.com/slim_security LinkedIn: https://www.linkedin.com/in/slim-trabelsi-94534a83/ GitHub: https://github.com/SlimTrabelsi SAP People: https://people.sap.com/slim.trabelsi   Show Notes: Links https://github.com/SAP/credential-digger https://github.com/SAP/vs-code-extension-for-project-credential-digger Credential Digger: Using Machine Learning to Identify Hardcoded Credentials in Github – blog post SAP Security Research https://huggingface.co/SAPOSS/password-model NIST – Source Code Security Analyzers SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/ The post Credential Digger – detecting leaked secrets on GitHub first appeared on The Open Source Way.

In this episode, our host Karsten Hohage talks with Johannes Bechberger, who is an open-source developer at SAP. They discuss why and how Johannes promotes his work on SapMachine, OpenJDK, and profiling through blogging, speaking at conferences, and having a presence on social media. Johannes also shares tips and learnings collected on his journey of “doing good and talking about it”. Guests: Johannes Bechberger currently works as a JVM developer in the SapMachine team at SAP. His responsibilities include making improvements to async-profiler and its ecosystem, as well as improving the FirefoxProfiler, which enables it to be usable in the Java world. In addition to his many contributions to open source, he also runs a successful blog, where he regularly writes about in-depth profiling and debugging. Twitter: https://twitter.com/parttimen3rdBlog: https://mostlynerdless.deLinkedIn: https://linkedin.com/in/johannes-bechberger-381296149GitHub: https://github.com/parttimenerdMastodon: https://mastodon.social/@parttimenerdSAP People: https://people.sap.com/parttimenerd Show Notes: Links SapMachine: https://sapmachine.io https://github.com/SAP/SapMachine Async Profiler: https://github.com/async-profiler/async-profiler Firefox Profiler based IntelliJ plugin: https://github.com/parttimenerd/intellij-profiler-plugin Sweet SapMachine on Twitter: https://twitter.com/SweetSapMachine The Open Source Way – Compiler History: https://podcast.opensap.info/open-source-way/2021/10/27/compiler-history-the-open-source-in-your-favorite-1990s-first-person-shooter/   The Open Source Way – SapMachine and OpenJDK: https://podcast.opensap.info/open-source-way/2021/12/29/sapmachine-the-openjdk-for-all-things-sap/ Foojay Podcast #14: Debugging Tools and Skills for Fun and Profit: https://foojay.io/today/foojay-podcast-14/ SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/ The post Do Good and Talk about it! first appeared on The Open Source Way.

In this episode, our host Karsten Hohage talks with our guests Georg Gruetter from Robert Bosch and Michael Picht from SAP about common concerns regarding InnerSource. They debunk some of the frequent myths surrounding InnerSource and explain the many benefits of its utilization, including its versatility and its innovative and collaborative nature. In the course of the conversation, they also discuss how InnerSource code can be maintained successfully and what can be done for quality control. Guests: Georg Grütter is a passionate software developer and chief expert for InnerSource at Robert Bosch in Germany, where he co-founded the InnerSource initiative in 2009. Georg also co-founded the InnerSource Commons Foundation, for which he serves on the board of directors. Before Georg joined Bosch in 2004, he worked as a software developer and consultant for Line Information GmbH, Zurich System House and Mercedes-Benz AG. LinkedIn: https://www.linkedin.com/in/georggruetter/ Michael Picht works as a chief architect at the SAP Open Source Program Office. He is one of the leads of SAP’s InnerSource program. Prior to this, he worked as a developer, software architect, project-, program- and product manager within SAP application development with focus on supply chain management, business processes, and innovation topics. LinkedIn: https://de.linkedin.com/in/michael-picht-249b7a149 Show Notes: Links https://www.youtube.com/@sapdevs https://groups.community.sap.com/t5/sap-codejam/eb-p/codejam-events https://innersourcecommons.org https://www.oreilly.com/library/view/adopting-innersource/9781492041863/ http://georg-gruetter.de/seven-years-of-innersource-at-bosch.mp4 https://podcast.opensap.info/open-source-way/2020/11/11/innersource-rocks/ https://blogs.sap.com/2021/10/06/establishing-innersource-at-sap/ InnerSource is a marathon, not a sprint – the SAP Journey – IS Summit 22 SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/ The post Debunking InnerSource Myths first appeared on The Open Source Way.

In this episode, our host Karsten Hohage talks with our guests Alan Clarke and Keith Seigel about SUSE Enterprise Linux and and Linux in general. The speakers discuss how the SUSE distribution relates to Linux as an open source project and and talk about the development of new projects like Trento. They also mention the certification process, the subscription for patches and updates, discuss an example of fixing a HANA on SUSE issue, and explain the importance of the long-standing partnership with SAP for SUSE’s business. Guests: Alan Clarke is SAP Alliance Manager for the EMEA region at SUSE and has spent 8 of his 10 years there, embedded within the SAP ecosystem. Alan spends much of his time collaborating with and supporting both SAP partners (Hyperscalers, IHVs, GSIs and regional SIs and MSPs) and also assists SAP customers with their migration and transformation projects. Twitter: https://twitter.com/alanclarke_SUSELinkedIn: https://www.linkedin.com/in/alanclarke7 Keith Seigel came to SUSE in December of 2020 after a 10 year career within the SAP Ecosystem. At SAP he was an Account Executive who then moved through the leadership rankings within the Sales Development organization. Shortly after leading the Sales Development teams at SAP, he moved into a leadership role for various different solutions and services at SAP. Keith now oversees SUSE’s partnership with SAP for North America. LinkedIn: https://www.linkedin.com/in/keith-s-626a7b8 Show Notes: Links https://www.suse.com/solutions/run-sap-solutions/ https://www.trento-project.io/ https://github.com/trento-project Safeguard Your SAP S/4HANA deployment with SUSE Trento SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/ The post SUSE – Delivering automation and enterprise grade Open Source software to the SAP ecosystem first appeared on The Open Source Way.