Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Establish Trust
The Challenge
IoT/Embedded Device Requirement
Most modern day devices are constructed from
Value Add
80%+ open source
Device Runtime is governed > 100 licenses
>80%
Every shipping device requires open source Open Source
compliance artifacts:
i. Legal Notices document
ii. Obligatory Source Code
iii. Licensing data (SPDX)
iv. Cryptography info
v. Security Vulnerabilities
:
Product
Distributor
Product
Distributor
Open Source
Projects
Device
Distributor
SPDX Version
Document Name
Document Identifier
Name Space
Creator
Created
:
:
Package Name
Download Location
Concluded License
All Licenses From Files
Declared License
:
:
File Name
File Identifier
File Checksum
Concluded License
License Info in File
Copyright Text
:
:
Identifier
License Text
License Name
License Comment
:
:
...
Env-Router-5217 Router-5217
Lx-52
Drv-23
Env-Lx-52
spdx
Src
Env-Drv-23
Env-Lx-52
Env-Router-5217
Env-Drv-23
spdx
Src
Src
Env-Lx-52
spdx
Src
Env-Lx-52 WR-ID create
spdx
Src
Env-Drv-23
spdx
Src
Env-Router-5217 ITech-ID create
Env-Drv-23
Env-Lx-52
spdx
Src
WR-ID
spdx
Env-Drv-23 add
spdx
Src
Compliance Ledger
Dist-ID Org Action Software ID Envelope ID QR Code
+ Intel-ID release X-Driver 2.1 Env-Drv-23
spdx
Src
Env-Drv-23
spdx
Src
spdx
Src
Product
Distributor
Establish Trust
Contact
Mark.Gisi@WindRiver.com