The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for the event to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
This schedule is automatically displayed in Pacific Daylight Time (UTC/GMT -8). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."
IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
“Perfect is the enemy of good.” Whether it was Voltaire or Aristotle who said it first, it’s true for risk management in open source software.
For both vulnerability mitigation and license compliance, risk management is always a sliding scale. How do you define or apply practical policies to focus identification and mitigation for the highest risk vulnerabilities in the context of your technology stack? And for the highest risk licenses in the context of how you deploy or distribute products or applications?
In this talk, Michael will discuss setting priorities for open source software compliance and how to avoid the pitfalls of focusing on low value / high cost activities, based on over 15 years of experience running Software Composition Analysis projects. The best advice? Focus on accuracy over precision.
