The Open Source Way

In this episode, host Karsten Hohage discusses the European Cyber Resilience Act (CRA) with Mirko Boehm, Mike Milinkovich, and Sebastian Wolf. Our guests explain what the Cyber Resilience Act (CRA) is and why it is important to virtually everyone in the EU and anyone who wants to do business in the European market. What has the journey of the CRA been until now, and what are the next steps in the evolution of CRA? How will the CRA impact the consumption and contribution of Open Source Software? Guests: Mike Milinkovich Mike Milinkovich is a seasoned technology executive with a wealth of experience in leading open source software organizations. For the past 20 years, Mike has served as the Executive Director of the Eclipse Foundation, where he has played a pivotal role in driving innovation and fostering industry collaboration within the Eclipse community. Mike has served on the boards of Open Source Initiative, the Java Community Process, and the OpenJDK community where he championed industry adoption of open-source technologies and standards. LinkedIn – https://www.linkedin.com/in/mikemilinkovich/ Twitter / X – https://twitter.com/mmilinkov Mirko Bohm Mirko Boehm is a prominent figure in the open-source software community, known for his expertise in software development, leadership, and advocacy. He is currently working as Senior Director, Community Development, Linux Foundation Europe. As a seasoned technologist and entrepreneur, he has held leadership roles in both technical and managerial capacities, demonstrating a unique blend of technical acumen and strategic thinking. Mirko is passionate about fostering collaboration and innovation within the open-source ecosystem, and he is actively involved in promoting the principles of openness, transparency, and community-driven development. LinkedIn – https://www.linkedin.com/in/mirkoboehm/ Twitter / X –  https://twitter.com/mirkoboehm Sebastian Wolf Sebastian is a development architect and has worked for the SAP OSPO since the beginning of 2020. He first joined SAP in 2003 as a student and has since worked in several development positions at, for example, SAP SRM, ABAP Development Tools, the SAP Community Network, and Central Architecture. He was engaged at the Corona-Warn-App project as a community manager from the very beginning and is now coordinating open-source consumption topics in the SAP OSPO. Twitter: https://twitter.com/Ygriega GitHub: https://github.com/Wunderfitz Show Notes: Links https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act https://www.eclipse.org/ https://linuxfoundation.eu/ FOSDEM 24 EU Legislative Landscape Devroom: https://fosdem.org/2024/schedule/track/eu-policy/ SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter (@sapopensource) e-mail – ospo@sap.com Try out an open-source podcast player – find a list here (list not maintained by SAP) Additional Downloads Download the transcript as PDF-file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/ The post EU Cyber Resilience Act (CRA) first appeared on The Open Source Way.

Clare Dillon, an open source advocate, discusses collaborative open-source development at universities. Topics include challenges and benefits of academia-driven approaches, the rise of open research in universities, managing intellectual property, and fostering collaboration for sustainable industry progress.

In this episode, our host talks to Powen Shiah and Mirko Swillus about the Sovereign Tech Fund, which focuses on critical infrastructure in the public interest. They discuss the types of technologies the fund invests in, the criteria for applying, and the importance of maintenance and security updates. The goal is to strengthen innovation, economic competition, and democracy.

Max Mehl and Sebastian Wolf discuss the importance of Software Bills of Materials (SBOMs), including license compliance, export control restrictions, and risk management. They highlight the challenges faced by organizations in implementing SBOMs and the growing significance due to legal requirements and security reasons. The difference between SBOM and SPOD is also explored. Additionally, the podcast covers approaches to SBOM management, including proprietary solutions and open-source tools.

In this episode, our host Karsten Hohage talks to Thomas Barber about project “Foxhound”, an SAP-maintained fork of Firefox (the web browser) that is designed to detect security vulnerabilities in websites. Thomas discusses the history of “Foxhound”, how and why it was created, and its journey to becoming an open-source project. He talks about the importance of the collaborations that made Foxhound successful and about some of the challenges that it has faced along the way. Anyone who wants to get involved in this project is welcome to visit the GitHub page to learn more. Guest: Thomas Barber Thomas’ first experience with software development was at the age of twelve when he programmed the game “Mortal Wombat” in QuickBASIC. Since then, he has worked as an embedded software developer and security expert in the automotive industry, before moving to SAP Security Research in 2019. Thomas’ interests include investigating novel techniques for the detection and automatic prevention of injection vulnerabilities and privacy violations in web applications. Thomas holds a PhD in the field of Physics from the University of Cambridge and has published papers in the fields of Particle Physics, Astronomy, and Computer Science. GitHub: https://github.com/tmbrbr  LinkedIn: https://www.linkedin.com/in/thomas-barber-b3965551/ Show Notes: SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter (@sapopensource) e-mail: ospo@sap.com Project Foxhound – https://github.com/SAP/project-foxhound SAP Security Research – https://www.sap.com/about/company/innovation/icn.html#research Additional Downloads Download the transcript as PDF-file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/ The post Project “Foxhound” – Hunting Cross-Site Scripting on the Web first appeared on The Open Source Way.

Ana Jiménez Santamaria discusses the TODO Group, a community dedicated to promoting open-source practices within organizations. They talk about the history, mission, and working mode of the group. They also discuss the levels of contribution within the community and the process of generating outputs, such as guides, through GitHub discussions and review by the steering committee.

OCM is an extensible standard accompanied by a toolset designed to enable the automation of many software-lifecycle-related processes. It can be defined as a common machine-readable format for describing software components, which serves as a Software Bill of Delivery (SBoD). In this episode, our guests Jason Kafka and Ingo Kober discuss with host Karsten Hohage about OCM and why it is run as open source. Jason and Ingo also talk about their vision for OCM’s future, its applications, and its challenges. Guests: Jason Kafka has been part of the SAP family for 14 years. He started as a Software Engineer in the development support area, debugging hard core C/C++ SAP NetWeaver kernel bugs, and then went into technical project management. After that, he spent 1.5 years in Shanghai to help set up the SAP Cloud Platform. He then joined the Gardener organization, where he is now an engineering manager responsible for the Gardener Lifecycle Management team. LinkedIn: https://www.linkedin.com/in/jason-kafka-073a607/ Ingo Kober joined SAP 22 years ago and has since worked in various positions, including development (Web / Java / ABAP), and  scrum master. He is now a product owner for the internal service Landscaper, used to orchestrate Kubernetes deployments. In his current position, he mostly works with teams in the software lifecycle management area, trying to streamline processes and tools across SAP, with the goal to “improve SAP developers’ lives.” His current technology focus is on Kubernetes. LinkedIn: https://www.linkedin.com/in/ingo-kober-0a9875283/ GitHub: https://github.com/In-Ko SAP People: https://people.sap.com/ingo.kober Show Notes: SGS = SAP Global Security team Links https://ocm.software/ OCM – Breaking Boundaries with Open-Source Collaboration https://www.weave.works/ https://gardener.cloud/ SPDX ® – Software Package Data Exchange® – https://spdx.dev/   https://cyclonedx.org/ SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/ The post Open Component Model (OCM) – Describe, Transport, Deploy first appeared on The Open Source Way.

Dear listener, we typically have a summer break in August, but this year we will do it in July. We will be back with an episode for you at the last Wednesday of August. If you are craving for open source content from us, check out the recordings of our public webinars at https://webinars.sap.com/ospo-webinar-series/en/webinar-replays!The post Summer Break 2023 – We’ll be back in August! first appeared on The Open Source Way.

Credential Digger is an SAP Open-Source code scanner for detecting hardcoded secrets. In this episode, Slim Trabelsi discusses with host Karsten Hohage what led to the creation of Credential Digger and about its key differentiators. Slim also speaks of the early challenges of scanning for secrets, and lists the many advantages of using open source for building and maintaining Credential Digger. Open source comes with visibility for customers, and contributors can work on a project even before they join the team or after they leave, leading to improved continuity and a better tool overall. Guests: Slim Trabelsi joined SAP 15 years ago and currently works as a senior security expert in the SAP Security Research team. His background includes data privacy, data protection, and social media security. He is currently focusing his research activities on cyber security, threat intelligence, and surveillance. Slim recently developed an open-source tool called Credential Digger, which is used to identify hardcoded secrets in source code repositories like GitHub.   Twitter: https://twitter.com/slim_security LinkedIn: https://www.linkedin.com/in/slim-trabelsi-94534a83/ GitHub: https://github.com/SlimTrabelsi SAP People: https://people.sap.com/slim.trabelsi   Show Notes: Links https://github.com/SAP/credential-digger https://github.com/SAP/vs-code-extension-for-project-credential-digger Credential Digger: Using Machine Learning to Identify Hardcoded Credentials in Github – blog post SAP Security Research https://huggingface.co/SAPOSS/password-model NIST – Source Code Security Analyzers SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/ The post Credential Digger – detecting leaked secrets on GitHub first appeared on The Open Source Way.

In this episode, our host Karsten Hohage talks with Johannes Bechberger, who is an open-source developer at SAP. They discuss why and how Johannes promotes his work on SapMachine, OpenJDK, and profiling through blogging, speaking at conferences, and having a presence on social media. Johannes also shares tips and learnings collected on his journey of “doing good and talking about it”. Guests: Johannes Bechberger currently works as a JVM developer in the SapMachine team at SAP. His responsibilities include making improvements to async-profiler and its ecosystem, as well as improving the FirefoxProfiler, which enables it to be usable in the Java world. In addition to his many contributions to open source, he also runs a successful blog, where he regularly writes about in-depth profiling and debugging. Twitter: https://twitter.com/parttimen3rdBlog: https://mostlynerdless.deLinkedIn: https://linkedin.com/in/johannes-bechberger-381296149GitHub: https://github.com/parttimenerdMastodon: https://mastodon.social/@parttimenerdSAP People: https://people.sap.com/parttimenerd Show Notes: Links SapMachine: https://sapmachine.io https://github.com/SAP/SapMachine Async Profiler: https://github.com/async-profiler/async-profiler Firefox Profiler based IntelliJ plugin: https://github.com/parttimenerd/intellij-profiler-plugin Sweet SapMachine on Twitter: https://twitter.com/SweetSapMachine The Open Source Way – Compiler History: https://podcast.opensap.info/open-source-way/2021/10/27/compiler-history-the-open-source-in-your-favorite-1990s-first-person-shooter/   The Open Source Way – SapMachine and OpenJDK: https://podcast.opensap.info/open-source-way/2021/12/29/sapmachine-the-openjdk-for-all-things-sap/ Foojay Podcast #14: Debugging Tools and Skills for Fun and Profit: https://foojay.io/today/foojay-podcast-14/ SAP Open Source Program Office SAP Open Source at SAP Community SAP Open Source Twitter ospo@sap.com Additional Downloads: Download transcript as PDF file Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I) LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/ The post Do Good and Talk about it! first appeared on The Open Source Way.