While open source technologies are now at the heart of organizations' IS, the importance of the software supply chain and its management is clear. This concerns physical flows as well as information flows or even financial flows.
The Software Heritage initiative - a neutral, shared and non-profit reference base containing all publicly available software sources - launched in 2016 by Inria with the support of Unesco therefore finds its justification. SWH is becoming a key to industrializing the open source approach by businesses. And even more so that according to the American government and in the face of cyber risks, it is important to be able to “guarantee and attest (…), the integrity and the origin of free software used in any part of a product”.
During this round table, we will analyze the why of the construction of this repository, who will be able to use it and how? We will also understand why the biggest publishers including Microsoft are adopting this industrial approach to open source. Finally, we will come back to the conditions for its success and the need for a sustained collective effort, with open source governance that sustains value chains.
OSS Supply Chain : Software Supply Chain : What Supply Chain To Secure The Supply Of Open Source Components?