Loading…
In-person Event | October 30-31, 2024
View More Details

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for the Open Compliance Summit to participate in the sessions. 

Open Compliance Summit is an exclusive event for Linux Foundation members and select invitees. Attendance is limited to ensure ease of networking and collaboration. The summit (like prior) will be held under Chatham House Rule. Please consent to this rule before you request an invitation.

Please note: This schedule is automatically displayed in Japan Standard Time (UTC+9:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Simple
Expanded
Grid
By Venue
strong>Breakout Sessions [clear filter]
Wednesday, October 30
 

14:55 JST

Rapid Handling of Vulnerabilities in the Supply Chain with SBOM and VEX - Yoshihisa Morizumi, Wang Mingyu & Lei Maohul, Fujitsu Limited
Wednesday October 30, 2024 14:55 - 15:20 JST
Room 1
Fujitsu supports SPDX evolution and the movement to an international standard that provides a common SBOM basis for software exploitation for companies throughout the supply chain. We have long provided multilateral support for SPDX, especially thorough activities in Yocto and SPDX-Lite. From 2016, we have been joining maintainers of meta-spdxscanner, enabling SPDX functionality for the Yocto Project. Also, we are the top contributors of patch submissions to the Yocto Project. In recent years, increasing interest in cybersecurity has led to the need to quickly determine whether a product is vulnerable or not. In the supply chain, vulnerability information can be handled in combination with SBOM and VEX. An SBOM should be generated for each build, and a VEX should be generated for each vulnerability detection. It is necessary to manage them separately because their life cycles are different. In addition, there is a problem in the accuracy of the vulnerability, and there are some measures to solve it. In this presentation, we describe the advantages and challenges of creating VEX in Yocto as a use case.
Speakers
avatar for Wang Mingyu

Wang Mingyu

Engineer, Fujitsu
Wang Mingyu joined the Fujitsu Corporation in 2008. Her main job now is developing an In-House Distro for Embedded Ecosystems which is based on Yocto project and LTS Kernel. She is one of the maintainers of Yocto and contributing actively to the community.
LM

Lei Maohui

Software Engineer, Fujitsu
avatar for Yoshihisa Morizumi

Yoshihisa Morizumi

Lead engineer, Fujitsu Limited
I am Embedded Linux Developer. I joined the Fujitsu Corporation since 2010. My major job is developing a In-House Distro for Embedded Systems.
Wednesday October 30, 2024 14:55 - 15:20 JST
Room 1
  Breakout Sessions, Security
 
  • Filter By Date
    Oct 30 - 31, 2024
  • Filter By Venue
    Tokyo, Japan
    All
    Room 1
  • Filter By Type
    Breakout Sessions
    All
    AI Compliance
    Legal / IPR
    Licensing
    M&A
    Other Process Management
    Security
    Technical Deep Dive
    Breaks
    Keynote Sessions
    All
    Legal / IPR
    Licensing
    Other Process Management
    Supply Chain
    Registration & Badge Pick-up
  • Content Experience Level
    Advanced
    Intermediate
  • Timezone
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Wednesday, October 30
Thursday, October 31
Room 1
  • Breakout Sessions
  • Breaks
  • Keynote Sessions
  • Registration & Badge Pick-up
  • Content Experience Level
  • Advanced
  • Intermediate