Agustin Benito Bethencourt
Independent Consultant
Málaga, Spain
Actions
Agustín has guided projects, and organizations throughout the life cycle of OSS based products and services in different markets. He now works as an independent consultant, focused on helping organizations in two ways: applying advanced data analytics to production environments to increase delivery performance, partnering with Bitergia, and increasing their organizational performance by becoming good open source citizens, like in the case of SCANOSS.
Area of Expertise
Topics
From an open data set to standardized management processes. Step one: cryptographic algorithms list
Software supply chains would benefit from standardizing the declaration of cryptographic algorithms. Incorporating these algorithms into SBOMs is crucial for developing open, shared and transparent management processes in areas like export control or security compliance and auditing to declare, publish, distribute, etc. information about crypto algorithms present in any software composition within complex supply chains.
Creating, maintaining, and publishing a curated list of cryptographic algorithms is a required infrastructure step, and the SPDX project has committed to perform these tasks, under an open participation process.
During the talk, Julián and Agustin will describe the current state of SPDX's crypto algorithms list and its expected impact, together with future plans.
List: https://github.com/spdx/crypto-algorithms
Finally, both speakers will trigger a discussion around an open collaboration within OpenChain to foster a robust open-source tooling ecosystem for detecting cryptographic algorithms as well as to define those key management processes within complex supply chains.
Meeting software license compliance policies during the inbound process: a practical approach
Some of the most common license compliance policies violations in automotive are related to specific black listed OSS licenses. Ideally, code under such licenses should be detected during the inbound process. Commercial SCA solutions are the default option in automotive to address this challenge.
We need solutions that can be shared in both, commercial environments and in the open.
This tutorial will demonstrate how any organization can build their own knowledge base linked to a specific license compliance policy, such as preventing GPLv3 code from landing onto an in-vehicle platform.
Julián will also show how to create license scanning and detection mechanisms against such ad-hoc knowledge base during the inbound process, using OSS only. It will also provide solutions on how companies in the automotive supply chain, including open-source organizations, can share and audit the results using this common toolkit and knowledge base.
Additionally, the talk will illustrate how this approach can be generalized for broader use cases, with limited usage intensity, using the OSS KB, from the Software Transparency Foundation.
OSS KB: https://www.softwaretransparency.org/osskb
Practical approach to delivery process performance: the AGL case
AGL's delivery process is the finest and more mature example in the open of a complex automotive software defined production system. This presentation explores the AGL's delivery process through an analysis of basic flow metrics, attendees will gain an understanding of its performance and its evolution over time.
The session dissects the fundamental principles of advanced data analytics applied to the production of software-defined products, using AGL's delivery process as a case study. Attendees will gain insights into leveraging analytics for optimizing software delivery in their respective domains. Additionally, practical strategies will be offered for translating the concepts, metrics, and methodologies, into actionable plans for adoption within automotive corporations.
Finally, the speakers will provide hints about those open source development and delivery practices that can increase delivery performance in commercial environments, based on the analysis described in this talk.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top