Agustin Benito Bethencourt
Independent Consultant
Málaga, Spain
Actions
Agustín has guided projects, and organizations throughout the life cycle of OSS based products and services in different markets. He now works as an independent consultant, focused on helping organizations in two ways: applying advanced data analytics to production environments to increase delivery performance, partnering with Bitergia, and increasing their organizational performance by becoming good open source citizens, like in the case of SCANOSS.
Area of Expertise
Topics
The SBOM era: leaving no open source project behind with osskb.org
Creating complete, machine-readable SBOMs in standardized formats can be a significant burden for many open source projects, especially for resource-constrained, large integration efforts, projects dealing with complex dependencies, etc. Detection of undeclared dependencies and unwanted snippets is one of their main challenges.
This talk introduces osskb.org, a free of charge service by the Software Transparency Foundation (STF) designed to make accurate open source scanning accessible to all. Integrated as a back-end already by popular open source tools like FOSSology, ORT, FOSSLight, scanoos.py, or Theia, OSSKB.org detects open source files and code snippets against one of the largest open source knowledge bases, providing license information and without compromising user privacy.
The session will address key questions about STF's mission, governance and shareholders, it will walk attendees through the open source technologies behind osskb.org, and will demo how OSSKB.org works integrated with popular compliance tools and with pipelines.
AGL's delivery process performance: a data-supported view
AGL's delivery process is the finest and more mature example in the open of a complex automotive software-defined production system. This activity is a continuation of last year's talk, where the speakers will present the second iteration of an analysis of AGL's software delivery process performance and activity.
After a very short introduction about the principles, process and metrics applied to the study, speakers will focus on:
* Showing the most relevant and comprehensible data and graphs
* Describing the main conclusions extracted from the study
* Providing a high level view of the potential points for improvements that should be mitigated
* Highlighting the strengths of the delivery process that can be maximized.
The session will finalize with examples of how AGL contributors can use the data on their everyday activities to improve the overall process performance.
Note: This can also be a session presentation rather than a BoF.
From an open data set to standardized management processes. Step one: cryptographic algorithms list
Software supply chains would benefit from standardizing the declaration of cryptographic algorithms. Incorporating these algorithms into SBOMs is crucial for developing open, shared and transparent management processes in areas like export control or security compliance and auditing to declare, publish, distribute, etc. information about crypto algorithms present in any software composition within complex supply chains.
Creating, maintaining, and publishing a curated list of cryptographic algorithms is a required infrastructure step, and the SPDX project has committed to perform these tasks, under an open participation process.
During the talk, Julián and Agustin will describe the current state of SPDX's crypto algorithms list and its expected impact, together with future plans.
List: https://github.com/spdx/crypto-algorithms
Finally, both speakers will trigger a discussion around an open collaboration within OpenChain to foster a robust open-source tooling ecosystem for detecting cryptographic algorithms as well as to define those key management processes within complex supply chains.
Meeting software license compliance policies during the inbound process: a practical approach
Some of the most common license compliance policies violations in automotive are related to specific black listed OSS licenses. Ideally, code under such licenses should be detected during the inbound process. Commercial SCA solutions are the default option in automotive to address this challenge.
We need solutions that can be shared in both, commercial environments and in the open.
This tutorial will demonstrate how any organization can build their own knowledge base linked to a specific license compliance policy, such as preventing GPLv3 code from landing onto an in-vehicle platform.
Julián will also show how to create license scanning and detection mechanisms against such ad-hoc knowledge base during the inbound process, using OSS only. It will also provide solutions on how companies in the automotive supply chain, including open-source organizations, can share and audit the results using this common toolkit and knowledge base.
Additionally, the talk will illustrate how this approach can be generalized for broader use cases, with limited usage intensity, using the OSS KB, from the Software Transparency Foundation.
OSS KB: https://www.softwaretransparency.org/osskb
Practical approach to delivery process performance: the AGL case
AGL's delivery process is the finest and more mature example in the open of a complex automotive software defined production system. This presentation explores the AGL's delivery process through an analysis of basic flow metrics, attendees will gain an understanding of its performance and its evolution over time.
The session dissects the fundamental principles of advanced data analytics applied to the production of software-defined products, using AGL's delivery process as a case study. Attendees will gain insights into leveraging analytics for optimizing software delivery in their respective domains. Additionally, practical strategies will be offered for translating the concepts, metrics, and methodologies, into actionable plans for adoption within automotive corporations.
Finally, the speakers will provide hints about those open source development and delivery practices that can increase delivery performance in commercial environments, based on the analysis described in this talk.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top