Alberto Pianon
Project Lead of the Eclipse Oniro Compliance Toolchain project.
Experienced IT Lawyer, skilled in Data Privacy, Privacy Law, Intellectual Property, Cyberlaw, and Copyright Law.
Member of the Legal Network of the FSFE. More than 10 years of experience in open source licensing and compliance, especially in the embedded/IoT field. Intermediate programming skills (python, php, java, C/C++); 5 years of experience in designing and developing compliance automation software tools for embedded projects, integrated in CI/CD pipelines.
Session
Your company's OSPO would really enjoy to have many datapoints ready for consumption, for detecting inbound and outbound license incompatibilities at file level, generating detailed SBOM for firmware images with file-level license metadata, automatically identify offending binary files in IP compliance litigation cases and so on.
A PoC showcasing these features has been created via a dynamic representation of a Yocto project SBOM in a graph database, starting from upstream sources, down to workdir sources, debug sources, and finally to binary files and libraries, with very simple graph queries.