Presented by

  • Ria Farrell Schalnat

    Ria Farrell Schalnat

    Ria Farrell Schalnat works with the Open Program Office of Hewlett Packard Enterprise. This role combines her prior lives as a computer programmer, lawyer and adjunct professor specializing in intellectual property subjects including open source. She has guided initiatives in patent portfolio management, intellectual property due diligence for mergers and acquisitions, software licensing, workflow and process management. Ria is served for two years as President of CincyIP, a local bar association dedicated to intellectual property education. She also served as an adjunct professor at the University of Cincinnati School of Law and University of Dayton School of Law on subjects including Patent Litigation, Cyberspace Law and Open Source Licensing. Within the Linux Foundation, her extracurricular activities include both the SPDX project and CHAOSS. Finally, she participates in ongoing CISA-hosted community discussions related to software bills of material (SBOMs).

  • Lynn Westfall

    Lynn Westfall
    https://www.themodemlisa.com/resume/

    Lynn Westfall, AKA The Modem Lisa is a Software Supply Chain Expert with over 25 years of experience in the IT Procurement, IT Asset Management, and Software Composition Analysis fields. She started her journey with FOSS as a teen seeking freely available tools in the 1990s to help create music and websites and she quickly fell in love with the many tweaks and adjustments needed to make audio drivers work on different Linux distros. Later in her career, she found herself working in a corporation developing software on Sun, soon to be Oracle stack software and hardware, and this transition prompted a deep dive into the world of software licensing. Creating effective open source policies and the processes to support them throughout the SDLC and entire organization became a true passion for Lynn. Always an advocate for responsible open source software use within software development organizations, she stumbled upon working within the CISA Community groups working on their SBOM initiatives in early 2023. She recently reopened the business she started in 1999, The Modem Lisa, and hopes to help companies of all sizes manage their FOSS with knowledge and respect.

Abstract

There are many processes within an organization dealing with open source including licensing reviews & compliance, export compliance, product security, contractual obligations, and sustainability. These operate against the backdrop of ongoing development in technology, case law and newer legal requirements such as the EO 14028 in the United States and the European Union’s Cyber Resiliency Act (EU-CRA). All of them depend on inventories to understand the scope of obligations, risks and opportunities. They also require simple, scalable runbooks to achieve the underlying goals. Come to this session for an interactive discussion on practices and how to leverage projects within the Linux Foundation to super-charge your company’s open source practices.

Videos

Available sources: