Privacy and security are closely tied together in the form of legal requirements for “data protection” in laws across the world, such as under Article 32 of EU’s General Data Protection Regulation, and India’s Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
This talk will focus on how the best practices in FOSS compliance, such as compliance with OpenChain Specification 2.1 (functionally identical to ISO/IEC 5230:2020), can not only help with legal compliances for licensing requirements, but can also help improve security in the entire supply chain. Implementing and maintaining a software bill of materials (SBOM) brings awareness of all components that are in use in your products at all times. When a vulnerability is discovered in an existing open source component, the SBOM can be used to quickly identify which of your products and components are affected.
This talk will also discuss the case study of Equifax data breach.