October 4-6 in Berlin, Germany
Register Now for LinuxCon+ContainerCon Europe
Back To Schedule
Thursday, October 6 • 11:50 - 12:40
Documenting Your Software Supply Chain with Linked Data - Yev Bronshteyn, Black Duck Software

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

What’s in your software other than your code? Most likely, other people’s software. And what’s inside that software? More other people’s software. And each layer of that vast layer cake comes with its own licensing license agreements, copyrights, origin information, and, alas, vulnerabilities. To document all that, you’d need far more than an ingredient label and, preferably, something other than a COPYING file the size of "War and Peace".

In this presentation, we’ll examine the possibilities offered by Linked Data. We’ll talk about the fundamentals of Linked Data and RDF, its incarnations and formats (Turtle, RDF/XML, Thrift, JSON-LD), query language (SPARQL), tooling, and more. We’ll then look at SPDX, Linux Foundation's standard for using Linked Data to document component relationships, licenses, copyrights, and even vulnerabilities.

avatar for Yev Bronshteyn

Yev Bronshteyn

Senior Software Engineer - Alliances, Black Duck Software/Synopsys
Yev Bronshteyn is a Senior Software Engineer at Black Duck Software, working on solutions for open source governance and security. He is a contributor to the SPDX technical team, which defines the Linux Foundation standard for documenting deep software package information with linked... Read More →

Thursday October 6, 2016 11:50 - 12:40 CEST