The Open Source Way

Experts Mirko Boehm, Mike Milinkovich, and Sebastian Wolf discuss the EU Cyber Resilience Act's impact on open source software and technology regulations in the European market. Topics include secure software development, supply chain security, and the alignment of industry interests with open source communities under the CRA.

Introducing abapGit – an open source Git client. In this Podcast episode, we explain and discuss what abapGit is, how it works, what it’s needed for, and how it can be used. In this episode, host Karsten Hohage speaks with Michael Schneider and Marc Bernard about abapGit – an open source Git client developed for the ABAP server to import and export objects between ABAP systems. In the discussion, Marc explains the basics of abapGit, and how it works. He also shares what abapGit is needed for, and how it can be used. Michael gives us some insights about SAP’s involvement in the development of abapGit and invites the listeners to explore more ABAP open source projects. Guests: Michael Schneider For over ten years, Michael has held the product owner role, handling various topics related to ABAP developer tools. Previously, he was a developer in the same field and was part of the pioneering team that built ABAP development tools in Eclipse. He is responsible for various tools in this area, including the ABAP class editor. More recently, he and his team launched and are actively maintaining two open source repositories focusing on ABAP file formats. GitHub-Link: https://github.com/schneidermic0 Marc Bernard Marc Bernard is a distinguished technology architect with a rich history at SAP as a Sr. Chief Architect, specializing in in-memory computing and data warehousing. His strategic vision contributed significantly to SAP HANA and BW/4HANA’s success, earning him a reputation as a trusted advisor for SAP customers. In 2019, Marc founded Marc Bernard Tools, focusing on pioneering ABAP open source tools. He’s a lead maintainer for abapGit and contributes to ABAP and JavaScript open source projects, demonstrating his unwavering commitment to the tech community. Marc is a recognized speaker at industry events and is set to present at ABAPConf in June 2024. Twitter: https://twitter.com/marcfbe LinkedIn: https://linkedin.com/in/marcfbe GitHub-Link: https://github.com/mbtools Show Notes: Links abapGit – A git client for ABAP developed in ABAP GitHub – abapGit/abapGit: Git client for ABAP GitHub – ABAP file format repository Working with abapGit | SAP Help Portal ABAPConf Europe 2024 SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter (@sapopensource) e-mail – ospo@sap.com Try out an open source podcast player (list not maintained by SAP) Additional Downloads Download the transcript as PDF-file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/

In this episode, host Karsten Hohage discusses the European Cyber Resilience Act (CRA) with Mirko Boehm, Mike Milinkovich, and Sebastian Wolf. Our guests explain what the Cyber Resilience Act (CRA) is and why it is important to virtually everyone in the EU and anyone who wants to do business in the European market. What has the journey of the CRA been until now, and what are the next steps in the evolution of CRA? How will the CRA impact the consumption and contribution of Open Source Software? Guests: Mike Milinkovich Mike Milinkovich is a seasoned technology executive with a wealth of experience in leading open source software organizations. For the past 20 years, Mike has served as the Executive Director of the Eclipse Foundation, where he has played a pivotal role in driving innovation and fostering industry collaboration within the Eclipse community. Mike has served on the boards of Open Source Initiative, the Java Community Process, and the OpenJDK community where he championed industry adoption of open-source technologies and standards. LinkedIn – https://www.linkedin.com/in/mikemilinkovich/ Twitter / X – https://twitter.com/mmilinkov Mirko Bohm Mirko Boehm is a prominent figure in the open-source software community, known for his expertise in software development, leadership, and advocacy. He is currently working as Senior Director, Community Development, Linux Foundation Europe. As a seasoned technologist and entrepreneur, he has held leadership roles in both technical and managerial capacities, demonstrating a unique blend of technical acumen and strategic thinking. Mirko is passionate about fostering collaboration and innovation within the open-source ecosystem, and he is actively involved in promoting the principles of openness, transparency, and community-driven development. LinkedIn – https://www.linkedin.com/in/mirkoboehm/ Twitter / X –  https://twitter.com/mirkoboehm Sebastian Wolf Sebastian is a development architect and has worked for the SAP OSPO since the beginning of 2020. He first joined SAP in 2003 as a student and has since worked in several development positions at, for example, SAP SRM, ABAP Development Tools, the SAP Community Network, and Central Architecture. He was engaged at the Corona-Warn-App project as a community manager from the very beginning and is now coordinating open-source consumption topics in the SAP OSPO. Twitter: https://twitter.com/Ygriega GitHub: https://github.com/Wunderfitz Show Notes: Links https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act https://www.eclipse.org/ https://linuxfoundation.eu/ FOSDEM 24 EU Legislative Landscape Devroom: https://fosdem.org/2024/schedule/track/eu-policy/ SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter (@sapopensource) e-mail – ospo@sap.com Try out an open-source podcast player – find a list here (list not maintained by SAP) Additional Downloads Download the transcript as PDF-file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/

Clare Dillon, an open source advocate, discusses collaborative open-source development at universities. Topics include challenges and benefits of academia-driven approaches, the rise of open research in universities, managing intellectual property, and fostering collaboration for sustainable industry progress.

In this episode, our host talks to Powen Shiah and Mirko Swillus about the Sovereign Tech Fund, which focuses on critical infrastructure in the public interest. They discuss the types of technologies the fund invests in, the criteria for applying, and the importance of maintenance and security updates. The goal is to strengthen innovation, economic competition, and democracy.

Max Mehl and Sebastian Wolf discuss the importance of Software Bills of Materials (SBOMs), including license compliance, export control restrictions, and risk management. They highlight the challenges faced by organizations in implementing SBOMs and the growing significance due to legal requirements and security reasons. The difference between SBOM and SPOD is also explored. Additionally, the podcast covers approaches to SBOM management, including proprietary solutions and open-source tools.

In this episode, our host Karsten Hohage talks to Thomas Barber about project “Foxhound”, an SAP-maintained fork of Firefox (the web browser) that is designed to detect security vulnerabilities in websites. Thomas discusses the history of “Foxhound”, how and why it was created, and its journey to becoming an open-source project. He talks about the importance of the collaborations that made Foxhound successful and about some of the challenges that it has faced along the way. Anyone who wants to get involved in this project is welcome to visit the GitHub page to learn more. Guest: Thomas Barber Thomas’ first experience with software development was at the age of twelve when he programmed the game “Mortal Wombat” in QuickBASIC. Since then, he has worked as an embedded software developer and security expert in the automotive industry, before moving to SAP Security Research in 2019. Thomas’ interests include investigating novel techniques for the detection and automatic prevention of injection vulnerabilities and privacy violations in web applications. Thomas holds a PhD in the field of Physics from the University of Cambridge and has published papers in the fields of Particle Physics, Astronomy, and Computer Science. GitHub: https://github.com/tmbrbr  LinkedIn: https://www.linkedin.com/in/thomas-barber-b3965551/ Show Notes: SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter (@sapopensource) e-mail: ospo@sap.com Project Foxhound – https://github.com/SAP/project-foxhound SAP Security Research – https://www.sap.com/about/company/innovation/icn.html#research Additional Downloads Download the transcript as PDF-file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/

Ana Jiménez Santamaria discusses the TODO Group, a community dedicated to promoting open-source practices within organizations. They talk about the history, mission, and working mode of the group. They also discuss the levels of contribution within the community and the process of generating outputs, such as guides, through GitHub discussions and review by the steering committee.

OCM is an extensible standard accompanied by a toolset designed to enable the automation of many software-lifecycle-related processes. It can be defined as a common machine-readable format for describing software components, which serves as a Software Bill of Delivery (SBoD). In this episode, our guests Jason Kafka and Ingo Kober discuss with host Karsten Hohage about OCM and why it is run as open source. Jason and Ingo also talk about their vision for OCM’s future, its applications, and its challenges. Guests: Jason Kafka has been part of the SAP family for 14 years. He started as a Software Engineer in the development support area, debugging hard core C/C++ SAP NetWeaver kernel bugs, and then went into technical project management. After that, he spent 1.5 years in Shanghai to help set up the SAP Cloud Platform. He then joined the Gardener organization, where he is now an engineering manager responsible for the Gardener Lifecycle Management team. LinkedIn: https://www.linkedin.com/in/jason-kafka-073a607/ Ingo Kober joined SAP 22 years ago and has since worked in various positions, including development (Web / Java / ABAP), and  scrum master. He is now a product owner for the internal service Landscaper, used to orchestrate Kubernetes deployments. In his current position, he mostly works with teams in the software lifecycle management area, trying to streamline processes and tools across SAP, with the goal to “improve SAP developers’ lives.” His current technology focus is on Kubernetes. LinkedIn: https://www.linkedin.com/in/ingo-kober-0a9875283/ GitHub: https://github.com/In-Ko SAP People: https://people.sap.com/ingo.kober Show Notes: SGS = SAP Global Security team Links https://ocm.software/ OCM – Breaking Boundaries with Open-Source Collaboration https://www.weave.works/ https://gardener.cloud/ SPDX ® – Software Package Data Exchange® – https://spdx.dev/   https://cyclonedx.org/ SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/

Dear listener, we typically have a summer break in August, but this year we will do it in July. We will be back with an episode for you at the last Wednesday of August. If you are craving for open source content from us, check out the recordings of our public webinars at https://webinars.sap.com/ospo-webinar-series/en/webinar-replays!