managing open source in your supply chain o’reilly open source conference andy wilson chief open...
TRANSCRIPT
![Page 1: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/1.jpg)
Managing Open Source in Your Supply Chain
O’Reilly Open Source ConferenceAndy WilsonChief open source compliance officer, [email protected]
![Page 2: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/2.jpg)
agenda
![Page 3: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/3.jpg)
intro“the big picture”things that make a differencelots of time for discussion
![Page 4: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/4.jpg)
IANAL, TINLA, personal intro
![Page 5: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/5.jpg)
the SW world is not flat…
![Page 6: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/6.jpg)
… the SW world is systolic
![Page 7: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/7.jpg)
in a systolic economy, vendors provide direct, immediate value-add
![Page 8: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/8.jpg)
and pass through to the next stage
![Page 9: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/9.jpg)
the product cycle is continuous
![Page 10: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/10.jpg)
pipelines are deep
![Page 11: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/11.jpg)
development is highly parallel
![Page 12: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/12.jpg)
Each processing node runs on its own pulse
![Page 13: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/13.jpg)
as “wavefronts” of code flow through
![Page 14: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/14.jpg)
lub dub
![Page 15: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/15.jpg)
The beat goes on.
![Page 16: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/16.jpg)
The enemy of a systolic world is friction.
![Page 17: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/17.jpg)
proprietary standards, undocumented HW, restricted software cause friction
![Page 18: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/18.jpg)
Open standards, documented HW, open source reduce friction
![Page 19: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/19.jpg)
open source is not zero friction
![Page 20: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/20.jpg)
it is not public domain
![Page 21: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/21.jpg)
open source has rules
![Page 22: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/22.jpg)
not following the rules is a mistake
![Page 23: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/23.jpg)
mistakes can clog your pipeline
![Page 24: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/24.jpg)
mistakes can even land you in court
![Page 25: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/25.jpg)
don’t make mistakes
![Page 26: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/26.jpg)
to avoid mistakes
![Page 27: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/27.jpg)
it is in your interest to pass good information downstream
![Page 28: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/28.jpg)
information loss is friction
![Page 29: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/29.jpg)
friction is bad
![Page 30: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/30.jpg)
getting good information from upstream can be hard
![Page 31: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/31.jpg)
be clear with your downstream you need all their information
![Page 32: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/32.jpg)
(and a “no open source at all” policy from your vendors is so 1995)
![Page 33: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/33.jpg)
You need confidence in your vendor’s information
![Page 34: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/34.jpg)
you need to know where SW came from and how it is licensed
![Page 35: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/35.jpg)
you need downstream info in an understandable format
![Page 36: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/36.jpg)
and you need to document what you add in an understandable format
![Page 37: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/37.jpg)
pass on all your vendors’ information plus your information
![Page 38: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/38.jpg)
you will be asked for the info at some point
![Page 39: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/39.jpg)
if you can’t find the info, it’s a fire drill.fire drills are bad
![Page 40: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/40.jpg)
recap
![Page 41: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/41.jpg)
think systolically
![Page 42: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/42.jpg)
know exactly what you take in
![Page 43: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/43.jpg)
know exactly what you add
![Page 44: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/44.jpg)
always pass your information through; destroying information causes friction
![Page 45: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/45.jpg)
things that can help (1): have a GPL policy
![Page 46: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/46.jpg)
GPL is a high friction open source license
![Page 47: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/47.jpg)
not a criticism
![Page 48: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/48.jpg)
just a fact
![Page 49: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/49.jpg)
GPL is long
![Page 50: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/50.jpg)
it has never been litigated in the US
![Page 51: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/51.jpg)
there are two incompatible versions
![Page 52: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/52.jpg)
smart people disagree about what GPL means
![Page 53: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/53.jpg)
(But a “no-GPL” policy is so 1995)
![Page 54: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/54.jpg)
so you need a GPL policy
![Page 55: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/55.jpg)
define what is acceptable, what is not
![Page 56: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/56.jpg)
for example, LKMs: will you accept binary kernel modules?
![Page 57: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/57.jpg)
another example: how do you want source code packages?
![Page 58: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/58.jpg)
give it your best shot
![Page 59: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/59.jpg)
there is no “perfect”
![Page 60: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/60.jpg)
there is only “good enough”
![Page 61: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/61.jpg)
a GPL policy is good enough if
![Page 62: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/62.jpg)
you can articulate it crisply
![Page 63: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/63.jpg)
you can defend it
![Page 64: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/64.jpg)
and you can deliver on it
![Page 65: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/65.jpg)
documented and communicated upstream; downstream; and to your developers.
![Page 66: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/66.jpg)
things that can help (2): tools
![Page 67: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/67.jpg)
source code scanning
![Page 68: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/68.jpg)
binary code scanning
![Page 69: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/69.jpg)
standardized SW bill of materials (SPDX or other)
![Page 70: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/70.jpg)
things that can help (3): always use boilerplate
![Page 71: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/71.jpg)
standard clauses in your contracts saying what you expect
![Page 72: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/72.jpg)
example: “we need rights to publish a GPL Linux driver” for HW
![Page 73: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/73.jpg)
example: “we must have a complete software Bill of Materials in this format”
![Page 74: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/74.jpg)
example: “we must have the complete GPL sources as tarballs and instructions to compile them”
![Page 75: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/75.jpg)
rewind
![Page 76: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/76.jpg)
Think systolicLow frictionPreserve informationHave a GPL policyUse toolsUse boilerplate
![Page 77: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/77.jpg)
discussion
![Page 78: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/78.jpg)
Thank you!
![Page 79: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/79.jpg)
links to systolic systems, natural and artificial:
en.wikipedia.org/wiki/Systolic_arraywww.mayoclinic.com/health/circulatory-system/MM00636
![Page 80: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/80.jpg)
links for tools:
www.binaryanalysis.org/en/homewww.blackducksoftware.com/www.fossology.org/www.palamida.com/http://www.spdx.org/
![Page 81: Managing Open Source in Your Supply Chain O’Reilly Open Source Conference Andy Wilson Chief open source compliance officer, Intel andrew.wilson@intel.com](https://reader038.vdocument.in/reader038/viewer/2022110304/551c400c5503467b488b4a98/html5/thumbnails/81.jpg)
legal disclaimers
Linux is a registered trademark of Linus TorvaldsIntel is a registered trademark of Intel Corp.Other trademarks are property of their holders.Nothing in this presentation is intended as legal advice.