SlideShare a Scribd company logo

SFSCON23 - Carlo Piana Alberto Pianon - KYCS ‒ Know Your Code Sources (and let it be known)

South Tyrol Free Software Conference
South Tyrol Free Software Conference

CRA at the time of submission is still in a draft status, but it is relatively clear that it will impose a duty to make the software safer if and when it is distributed on the market as a final product. Part of the safety requirements includes the obligation to collect and keep available for inspection a list of software components obtained from third parties, that is their provenance, and the insecurities obtained through mainly CVE scanning. Incidentally there is an obligation to support and provide security patches after the product is placed on the market (hint, open source rulez). Open Source Software is not exempted per se, the current discussion is where the final burden and responsibility of complying, if at all, lies. In any case, whatever the outcome of such discussion is, open source projects should strive to ease up CRA compliance for their downstream adopters, if they want to keep them. We will concentrate on how open source projects that aim at being considered in an industry supply chain (including that of software industry) should strive to make the supply chain's life easier, building on our experience with Eclipse Oniro and the toolchain and processes we have devised for it.

Technology
1 of 25
Download to read offline
© 2023 Alberto Pianon, Carlo Piana - Array KYCS ‒ Know Your Code Sources KYCS ‒ Know Your Code Sources (and let it be known) (and let it be known) Alberto Pianon, Carlo Piana – SFScon @Noi Techpark 2023 Array 1 
© 2023 Alberto Pianon, Carlo Piana - Array Image by from Brigipix Pixabay 2 
© 2023 Alberto Pianon, Carlo Piana - Array CRA CRA Cyber Resilience Act 3 
© 2023 Alberto Pianon, Carlo Piana - Array Under CRA Under CRA You Must Know Your (Upstream) Code You Must Let It Be Known Which Means: - - - provenance integrity security maintenance This is not just a friendly advice 5 
© 2023 Alberto Pianon, Carlo Piana - Array For instance: For instance: 10.4 For the purposes of complying with the obliga on laid down in paragraph 1, manufacturers shall exercise due diligence when integra ng components sourced from third par es in products with digital elements. They shall ensure that such components do not compromise the security of the product with digital elements. 6 
© 2023 Alberto Pianon, Carlo Piana - Array Annex I Annex I (2) Products with digital elements shall be delivered without any known exploitable vulnerabili es 7 
© 2023 Alberto Pianon, Carlo Piana - Array Annex II Annex II As a minimum, the product with digital elements shall be accompanied by: […] 6. if and, where applicable, where the so ware bill of materials can be accessed; 8 
© 2023 Alberto Pianon, Carlo Piana - Array Annex V Annex V The technical documenta on […] shall contain at least the following informa on […] where applicable, the so ware bill of materials […], further to a reasoned request from a market surveillance authority provided that it is necessary in order for this authority to be able to check compliance with the essen al requirements set out in Annex I. 9 
© 2023 Alberto Pianon, Carlo Piana - Array Stricter requirements for Stricter requirements for Cri cal products with digital elements High-risk AI systems - - 10 
© 2023 Alberto Pianon, Carlo Piana - Array Therefore… Therefore… Image by from DaveMeier Pixabay Just take the plunge! 11 
© 2023 Alberto Pianon, Carlo Piana - Array Where We Have Done It Where We Have Done It v2.0 Embedded Opera ng System pla orm, with mul ple build targets - an integrated Con nuous Compliance process managed through a dedicated toolchain - based on exis ng OSS tools + a set of custom tools (aliens4friends) using across the whole worküow, to get machine readable SBOM - 12 
© 2023 Alberto Pianon, Carlo Piana - Array Who Did It? Who Did It? NOI Techpark Array h ps:/ /noi.bz.it/en h ps:/ /array.eu 13 
sca.so ware.bz.it 
© 2023 Alberto Pianon, Carlo Piana - Array 14 
sca.so ware.bz.it 
© 2023 Alberto Pianon, Carlo Piana - Array 15 
© 2023 Alberto Pianon, Carlo Piana - Array The Problem We Had To Solve The Problem We Had To Solve In embedded opera ng systems, hardware integra on is a PITA - to handle it, you need to bake your own custom linux distribu on: is the tool - mixing ingredients by using recipes, layers and overrides offers great üexibility and eases hardware integra on… - …but it brings PITA when you need to generate SBOM - 16 
© 2023 Alberto Pianon, Carlo Piana - Array Soup Is Great But… Soup Is Great But… How do you trace ingredients when you already mixed them? 17 
© 2023 Alberto Pianon, Carlo Piana - Array Yocto Workflow (Simplified) Yocto Workflow (Simplified) 18 
© 2023 Alberto Pianon, Carlo Piana - Array How We Want To Collect Required How We Want To Collect Required Data On Yocto Side Data On Yocto Side Map upstream source ûles to local workdir source ûles to binary ûles consume metadata coming from Yocto trace unpacking of upstream source packages and of downstream patches (the ingredients), separately from each other, and map them to local workdir ûles (the soup pan) - 19 
© 2023 Alberto Pianon, Carlo Piana - Array Downstream Or Upstream? Downstream Or Upstream? In a ûrst PoC we did that with an external, post-mortem script using Yocto/bitbake libraries to parse build directories and reproduce the unpack process… - but the solu on needed to be pushed upstream! - 20 
© 2023 Alberto Pianon, Carlo Piana - Array Finally, We Made It! Finally, We Made It! Patch has been recently accepted in Bitbake and Poky repositories and will be part of the upcoming Yocto release - It exposes an <unpack tracer= API where one can plug-in upstream source tracing logic directly into the core of bitbake - Trace ingredients before making the soup! - A ûrst API implementa on (WIP) is already available at - h ps:/ /gitlab.eclipse.org/eclipse/oniro- compliancetoolchain/toolchain/next/meta-bbtracer We will work on back-por ng the patch to older Yocto LTS releases - 21 
© 2023 Alberto Pianon, Carlo Piana - Array Q&A: We Need Your Feedback! Q&A: We Need Your Feedback! 22 
© 2023 Alberto Pianon, Carlo Piana - Array Thank You For Your Attention Thank You For Your Attention    Array Alberto Pianon Carlo Piana This work is licensed under a 4.0 Presentation made using and a workflow with Soup image: , , via Wikimedia Commons h ps:/ /array.eu h ps:/ /projects.eclipse.org/projects/oniro.oniro- compliancetoolchain h ps:/ /gitlab.eclipse.org/eclipse/oniro- compliancetoolchain/toolchain       Creative Commons - Attribution - ShareAlike Reveal.js Markdown reveal-md Bonniebartilomo CC BY-SA 4.0 23 


Recommended

SFScon 22 - Alberto Pianon Carlo Piana - Yocto, with great power comes legal ...
SFScon 22 - Alberto Pianon Carlo Piana - Yocto, with great power comes legal ...SFScon 22 - Alberto Pianon Carlo Piana - Yocto, with great power comes legal ...
SFScon 22 - Alberto Pianon Carlo Piana - Yocto, with great power comes legal ...South Tyrol Free Software Conference
 
Brksec 2048-demystifying aci-security
Brksec 2048-demystifying aci-securityBrksec 2048-demystifying aci-security
Brksec 2048-demystifying aci-securityCisco
 
Blockchain Software for Hardware: The Canaan AvalonMiner Open Source Embedded...
Blockchain Software for Hardware: The Canaan AvalonMiner Open Source Embedded...Blockchain Software for Hardware: The Canaan AvalonMiner Open Source Embedded...
Blockchain Software for Hardware: The Canaan AvalonMiner Open Source Embedded...Mike Qin
 
Beccoame Ver0.1
Beccoame Ver0.1Beccoame Ver0.1
Beccoame Ver0.1Satoshi Hirata
 
IPC-7352_2023 Generic Guideline for Land Pattern Designpdf
IPC-7352_2023 Generic Guideline for Land Pattern DesignpdfIPC-7352_2023 Generic Guideline for Land Pattern Designpdf
IPC-7352_2023 Generic Guideline for Land Pattern Designpdfcdming
 
Learn how to build decentralized and serverless html5 applications with embar...
Learn how to build decentralized and serverless html5 applications with embar...Learn how to build decentralized and serverless html5 applications with embar...
Learn how to build decentralized and serverless html5 applications with embar...Alessandro Confetti
 
Learn how to build decentralized and serverless html5 applications with Embar...
Learn how to build decentralized and serverless html5 applications with Embar...Learn how to build decentralized and serverless html5 applications with Embar...
Learn how to build decentralized and serverless html5 applications with Embar...Codemotion
 
Getting started with AGL using a Raspberry Pi
Getting started with AGL using a Raspberry PiGetting started with AGL using a Raspberry Pi
Getting started with AGL using a Raspberry PiLeon Anavi
 

Recommended

SFScon 22 - Alberto Pianon Carlo Piana - Yocto, with great power comes legal ...
SFScon 22 - Alberto Pianon Carlo Piana - Yocto, with great power comes legal ...SFScon 22 - Alberto Pianon Carlo Piana - Yocto, with great power comes legal ...
SFScon 22 - Alberto Pianon Carlo Piana - Yocto, with great power comes legal ...South Tyrol Free Software Conference
 
Brksec 2048-demystifying aci-security
Brksec 2048-demystifying aci-securityBrksec 2048-demystifying aci-security
Brksec 2048-demystifying aci-securityCisco
 
Blockchain Software for Hardware: The Canaan AvalonMiner Open Source Embedded...
Blockchain Software for Hardware: The Canaan AvalonMiner Open Source Embedded...Blockchain Software for Hardware: The Canaan AvalonMiner Open Source Embedded...
Blockchain Software for Hardware: The Canaan AvalonMiner Open Source Embedded...Mike Qin
 
Beccoame Ver0.1
Beccoame Ver0.1Beccoame Ver0.1
Beccoame Ver0.1Satoshi Hirata
 
IPC-7352_2023 Generic Guideline for Land Pattern Designpdf
IPC-7352_2023 Generic Guideline for Land Pattern DesignpdfIPC-7352_2023 Generic Guideline for Land Pattern Designpdf
IPC-7352_2023 Generic Guideline for Land Pattern Designpdfcdming
 
Learn how to build decentralized and serverless html5 applications with embar...
Learn how to build decentralized and serverless html5 applications with embar...Learn how to build decentralized and serverless html5 applications with embar...
Learn how to build decentralized and serverless html5 applications with embar...Alessandro Confetti
 
Learn how to build decentralized and serverless html5 applications with Embar...
Learn how to build decentralized and serverless html5 applications with Embar...Learn how to build decentralized and serverless html5 applications with Embar...
Learn how to build decentralized and serverless html5 applications with Embar...Codemotion
 
Getting started with AGL using a Raspberry Pi
Getting started with AGL using a Raspberry PiGetting started with AGL using a Raspberry Pi
Getting started with AGL using a Raspberry PiLeon Anavi
 
Advanced view of projects raspberry pi list raspberry pi projects
Advanced view of projects raspberry pi list raspberry pi projectsAdvanced view of projects raspberry pi list raspberry pi projects
Advanced view of projects raspberry pi list raspberry pi projectsWiseNaeem
 
MOBILE REMOTE SURVEILLANCE TOWER
MOBILE REMOTE SURVEILLANCE TOWERMOBILE REMOTE SURVEILLANCE TOWER
MOBILE REMOTE SURVEILLANCE TOWERIRJET Journal
 
CNCF App-Delivery SIG Presentation - Litmus Chaos Engineering
CNCF App-Delivery SIG Presentation - Litmus Chaos EngineeringCNCF App-Delivery SIG Presentation - Litmus Chaos Engineering
CNCF App-Delivery SIG Presentation - Litmus Chaos EngineeringUmasankar Mukkara
 
swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...
swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...
swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...Ivan Kravets
 
Advanced view of projects raspberry pi list raspberry pi projects
Advanced view of projects raspberry pi list raspberry pi projectsAdvanced view of projects raspberry pi list raspberry pi projects
Advanced view of projects raspberry pi list raspberry pi projectsWiseNaeem
 
OpenStack Murano introduction
OpenStack Murano introductionOpenStack Murano introduction
OpenStack Murano introductionVictor Zhang
 
Automotive Grade Linux on Raspberry Pi: How Does It Work?
Automotive Grade Linux on Raspberry Pi: How Does It Work?Automotive Grade Linux on Raspberry Pi: How Does It Work?
Automotive Grade Linux on Raspberry Pi: How Does It Work?Leon Anavi
 
WEBINAR: Emerging Technologies in Supply Chain
WEBINAR: Emerging Technologies in Supply ChainWEBINAR: Emerging Technologies in Supply Chain
WEBINAR: Emerging Technologies in Supply ChainFlytBase
 
Software Define your Current Storage with Opensource
Software Define your Current Storage with OpensourceSoftware Define your Current Storage with Opensource
Software Define your Current Storage with OpensourceAntonio Romeo
 
Advanced View of Projects Raspberry Pi List - Raspberry PI Projects.pdf
Advanced View of Projects Raspberry Pi List - Raspberry PI Projects.pdfAdvanced View of Projects Raspberry Pi List - Raspberry PI Projects.pdf
Advanced View of Projects Raspberry Pi List - Raspberry PI Projects.pdfWiseNaeem
 
Rapidly developing IoT (Internet of Things) applications - Part 2: Arduino, B...
Rapidly developing IoT (Internet of Things) applications - Part 2: Arduino, B...Rapidly developing IoT (Internet of Things) applications - Part 2: Arduino, B...
Rapidly developing IoT (Internet of Things) applications - Part 2: Arduino, B...Raul Chong
 
Open-source IoT cookbook
Open-source IoT cookbookOpen-source IoT cookbook
Open-source IoT cookbookBenjamin Cabé
 
ataei-thesis
ataei-thesisataei-thesis
ataei-thesisAmirhosein Ataei
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Honeywell
 
Automation of pheromone traps
Automation of pheromone trapsAutomation of pheromone traps
Automation of pheromone trapssarvan k
 
Intro to iBeacon and Bluetooth Low Energy
Intro to iBeacon and Bluetooth Low EnergyIntro to iBeacon and Bluetooth Low Energy
Intro to iBeacon and Bluetooth Low EnergyKurt McIntire
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngOpen Knowledge Nepal
 
PIACERE project at EClipse Con 2023
PIACERE project at EClipse Con 2023PIACERE project at EClipse Con 2023
PIACERE project at EClipse Con 2023PIACERE
 
Raspberry pi pico projects raspberry pi projects
Raspberry pi pico projects raspberry pi projectsRaspberry pi pico projects raspberry pi projects
Raspberry pi pico projects raspberry pi projectsIsmailkhan77481
 
Sensoro beacon
Sensoro beaconSensoro beacon
Sensoro beaconGiuseppe D'Alpino
 
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...South Tyrol Free Software Conference
 
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...South Tyrol Free Software Conference
 

More Related Content

Similar to SFSCON23 - Carlo Piana Alberto Pianon - KYCS ‒ Know Your Code Sources (and let it be known)

Advanced view of projects raspberry pi list raspberry pi projects
Advanced view of projects raspberry pi list raspberry pi projectsAdvanced view of projects raspberry pi list raspberry pi projects
Advanced view of projects raspberry pi list raspberry pi projectsWiseNaeem
 
MOBILE REMOTE SURVEILLANCE TOWER
MOBILE REMOTE SURVEILLANCE TOWERMOBILE REMOTE SURVEILLANCE TOWER
MOBILE REMOTE SURVEILLANCE TOWERIRJET Journal
 
CNCF App-Delivery SIG Presentation - Litmus Chaos Engineering
CNCF App-Delivery SIG Presentation - Litmus Chaos EngineeringCNCF App-Delivery SIG Presentation - Litmus Chaos Engineering
CNCF App-Delivery SIG Presentation - Litmus Chaos EngineeringUmasankar Mukkara
 
swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...
swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...
swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...Ivan Kravets
 
Advanced view of projects raspberry pi list raspberry pi projects
Advanced view of projects raspberry pi list raspberry pi projectsAdvanced view of projects raspberry pi list raspberry pi projects
Advanced view of projects raspberry pi list raspberry pi projectsWiseNaeem
 
OpenStack Murano introduction
OpenStack Murano introductionOpenStack Murano introduction
OpenStack Murano introductionVictor Zhang
 
Automotive Grade Linux on Raspberry Pi: How Does It Work?
Automotive Grade Linux on Raspberry Pi: How Does It Work?Automotive Grade Linux on Raspberry Pi: How Does It Work?
Automotive Grade Linux on Raspberry Pi: How Does It Work?Leon Anavi
 
WEBINAR: Emerging Technologies in Supply Chain
WEBINAR: Emerging Technologies in Supply ChainWEBINAR: Emerging Technologies in Supply Chain
WEBINAR: Emerging Technologies in Supply ChainFlytBase
 
Software Define your Current Storage with Opensource
Software Define your Current Storage with OpensourceSoftware Define your Current Storage with Opensource
Software Define your Current Storage with OpensourceAntonio Romeo
 
Advanced View of Projects Raspberry Pi List - Raspberry PI Projects.pdf
Advanced View of Projects Raspberry Pi List - Raspberry PI Projects.pdfAdvanced View of Projects Raspberry Pi List - Raspberry PI Projects.pdf
Advanced View of Projects Raspberry Pi List - Raspberry PI Projects.pdfWiseNaeem
 
Rapidly developing IoT (Internet of Things) applications - Part 2: Arduino, B...
Rapidly developing IoT (Internet of Things) applications - Part 2: Arduino, B...Rapidly developing IoT (Internet of Things) applications - Part 2: Arduino, B...
Rapidly developing IoT (Internet of Things) applications - Part 2: Arduino, B...Raul Chong
 
Open-source IoT cookbook
Open-source IoT cookbookOpen-source IoT cookbook
Open-source IoT cookbookBenjamin Cabé
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Honeywell
 
Automation of pheromone traps
Automation of pheromone trapsAutomation of pheromone traps
Automation of pheromone trapssarvan k
 
Intro to iBeacon and Bluetooth Low Energy
Intro to iBeacon and Bluetooth Low EnergyIntro to iBeacon and Bluetooth Low Energy
Intro to iBeacon and Bluetooth Low EnergyKurt McIntire
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngOpen Knowledge Nepal
 
PIACERE project at EClipse Con 2023
PIACERE project at EClipse Con 2023PIACERE project at EClipse Con 2023
PIACERE project at EClipse Con 2023PIACERE
 
Raspberry pi pico projects raspberry pi projects
Raspberry pi pico projects raspberry pi projectsRaspberry pi pico projects raspberry pi projects
Raspberry pi pico projects raspberry pi projectsIsmailkhan77481
 

Similar to SFSCON23 - Carlo Piana Alberto Pianon - KYCS ‒ Know Your Code Sources (and let it be known) (20)

Advanced view of projects raspberry pi list raspberry pi projects
Advanced view of projects raspberry pi list raspberry pi projectsAdvanced view of projects raspberry pi list raspberry pi projects
Advanced view of projects raspberry pi list raspberry pi projects
 
MOBILE REMOTE SURVEILLANCE TOWER
MOBILE REMOTE SURVEILLANCE TOWERMOBILE REMOTE SURVEILLANCE TOWER
MOBILE REMOTE SURVEILLANCE TOWER
 
CNCF App-Delivery SIG Presentation - Litmus Chaos Engineering
CNCF App-Delivery SIG Presentation - Litmus Chaos EngineeringCNCF App-Delivery SIG Presentation - Litmus Chaos Engineering
CNCF App-Delivery SIG Presentation - Litmus Chaos Engineering
 
swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...
swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...
swampUP: Over-The-Air (OTA) firmware upgrades for Internet of Things devices ...
 
Advanced view of projects raspberry pi list raspberry pi projects
Advanced view of projects raspberry pi list raspberry pi projectsAdvanced view of projects raspberry pi list raspberry pi projects
Advanced view of projects raspberry pi list raspberry pi projects
 
OpenStack Murano introduction
OpenStack Murano introductionOpenStack Murano introduction
OpenStack Murano introduction
 
Automotive Grade Linux on Raspberry Pi: How Does It Work?
Automotive Grade Linux on Raspberry Pi: How Does It Work?Automotive Grade Linux on Raspberry Pi: How Does It Work?
Automotive Grade Linux on Raspberry Pi: How Does It Work?
 
WEBINAR: Emerging Technologies in Supply Chain
WEBINAR: Emerging Technologies in Supply ChainWEBINAR: Emerging Technologies in Supply Chain
WEBINAR: Emerging Technologies in Supply Chain
 
Software Define your Current Storage with Opensource
Software Define your Current Storage with OpensourceSoftware Define your Current Storage with Opensource
Software Define your Current Storage with Opensource
 
Advanced View of Projects Raspberry Pi List - Raspberry PI Projects.pdf
Advanced View of Projects Raspberry Pi List - Raspberry PI Projects.pdfAdvanced View of Projects Raspberry Pi List - Raspberry PI Projects.pdf
Advanced View of Projects Raspberry Pi List - Raspberry PI Projects.pdf
 
Rapidly developing IoT (Internet of Things) applications - Part 2: Arduino, B...
Rapidly developing IoT (Internet of Things) applications - Part 2: Arduino, B...Rapidly developing IoT (Internet of Things) applications - Part 2: Arduino, B...
Rapidly developing IoT (Internet of Things) applications - Part 2: Arduino, B...
 
Open-source IoT cookbook
Open-source IoT cookbookOpen-source IoT cookbook
Open-source IoT cookbook
 
ataei-thesis
ataei-thesisataei-thesis
ataei-thesis
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
 
Automation of pheromone traps
Automation of pheromone trapsAutomation of pheromone traps
Automation of pheromone traps
 
Intro to iBeacon and Bluetooth Low Energy
Intro to iBeacon and Bluetooth Low EnergyIntro to iBeacon and Bluetooth Low Energy
Intro to iBeacon and Bluetooth Low Energy
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ng
 
PIACERE project at EClipse Con 2023
PIACERE project at EClipse Con 2023PIACERE project at EClipse Con 2023
PIACERE project at EClipse Con 2023
 
Raspberry pi pico projects raspberry pi projects
Raspberry pi pico projects raspberry pi projectsRaspberry pi pico projects raspberry pi projects
Raspberry pi pico projects raspberry pi projects
 
Sensoro beacon
Sensoro beaconSensoro beacon
Sensoro beacon
 

More from South Tyrol Free Software Conference

SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...South Tyrol Free Software Conference
 
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...South Tyrol Free Software Conference
 
SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data Hub
SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data HubSFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data Hub
SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data HubSouth Tyrol Free Software Conference
 
SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...
SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...
SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...South Tyrol Free Software Conference
 
SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...
SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...
SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...South Tyrol Free Software Conference
 
SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...
SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...
SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...South Tyrol Free Software Conference
 
SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelines
SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelinesSFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelines
SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelinesSouth Tyrol Free Software Conference
 
SFSCON23 - Charles H. Schulz - Why open digital infrastructure matters
SFSCON23 - Charles H. Schulz - Why open digital infrastructure mattersSFSCON23 - Charles H. Schulz - Why open digital infrastructure matters
SFSCON23 - Charles H. Schulz - Why open digital infrastructure mattersSouth Tyrol Free Software Conference
 
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...South Tyrol Free Software Conference
 
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...South Tyrol Free Software Conference
 
SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free software
SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free softwareSFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free software
SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free softwareSouth Tyrol Free Software Conference
 
SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...
SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...
SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...South Tyrol Free Software Conference
 
SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changer
SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changerSFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changer
SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changerSouth Tyrol Free Software Conference
 
SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...
SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...
SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...South Tyrol Free Software Conference
 
SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation Internet
SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation InternetSFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation Internet
SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation InternetSouth Tyrol Free Software Conference
 
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...South Tyrol Free Software Conference
 

More from South Tyrol Free Software Conference (20)

SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...
 
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...
 
SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data Hub
SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data HubSFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data Hub
SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data Hub
 
SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...
SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...
SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...
 
SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...
SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...
SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...
 
SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...
SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...
SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...
 
SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelines
SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelinesSFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelines
SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelines
 
SFSCON23 - Christian Busse - Free Software and Open Science
SFSCON23 - Christian Busse - Free Software and Open ScienceSFSCON23 - Christian Busse - Free Software and Open Science
SFSCON23 - Christian Busse - Free Software and Open Science
 
SFSCON23 - Charles H. Schulz - Why open digital infrastructure matters
SFSCON23 - Charles H. Schulz - Why open digital infrastructure mattersSFSCON23 - Charles H. Schulz - Why open digital infrastructure matters
SFSCON23 - Charles H. Schulz - Why open digital infrastructure matters
 
SFSCON23 - Andrea Vianello - Achieving FAIRness with EDP-portal
SFSCON23 - Andrea Vianello - Achieving FAIRness with EDP-portalSFSCON23 - Andrea Vianello - Achieving FAIRness with EDP-portal
SFSCON23 - Andrea Vianello - Achieving FAIRness with EDP-portal
 
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...
 
SFSCON23 - Stefan Mutschlechner - Smart Werke Meran
SFSCON23 - Stefan Mutschlechner - Smart Werke MeranSFSCON23 - Stefan Mutschlechner - Smart Werke Meran
SFSCON23 - Stefan Mutschlechner - Smart Werke Meran
 
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...
 
SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free software
SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free softwareSFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free software
SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free software
 
SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...
SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...
SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...
 
SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changer
SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changerSFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changer
SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changer
 
SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...
SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...
SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...
 
SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation Internet
SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation InternetSFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation Internet
SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation Internet
 
SFSCON23 - Edoardo Scepi - The Brand-New Version of IGis Maps
SFSCON23 - Edoardo Scepi - The Brand-New Version of IGis MapsSFSCON23 - Edoardo Scepi - The Brand-New Version of IGis Maps
SFSCON23 - Edoardo Scepi - The Brand-New Version of IGis Maps
 
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...
 

Recently uploaded

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Recently uploaded (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

SFSCON23 - Carlo Piana Alberto Pianon - KYCS ‒ Know Your Code Sources (and let it be known)

  • 1. © 2023 Alberto Pianon, Carlo Piana - Array KYCS ‒ Know Your Code Sources KYCS ‒ Know Your Code Sources (and let it be known) (and let it be known) Alberto Pianon, Carlo Piana – SFScon @Noi Techpark 2023 Array 1 
  • 2. © 2023 Alberto Pianon, Carlo Piana - Array Image by from Brigipix Pixabay 2 
  • 3. © 2023 Alberto Pianon, Carlo Piana - Array CRA CRA Cyber Resilience Act 3 
  • 4. © 2023 Alberto Pianon, Carlo Piana - Array Under CRA Under CRA You Must Know Your (Upstream) Code You Must Let It Be Known Which Means: - - - provenance integrity security maintenance This is not just a friendly advice 5 
  • 5. © 2023 Alberto Pianon, Carlo Piana - Array For instance: For instance: 10.4 For the purposes of complying with the obliga on laid down in paragraph 1, manufacturers shall exercise due diligence when integra ng components sourced from third par es in products with digital elements. They shall ensure that such components do not compromise the security of the product with digital elements. 6 
  • 6. © 2023 Alberto Pianon, Carlo Piana - Array Annex I Annex I (2) Products with digital elements shall be delivered without any known exploitable vulnerabili es 7 
  • 7. © 2023 Alberto Pianon, Carlo Piana - Array Annex II Annex II As a minimum, the product with digital elements shall be accompanied by: […] 6. if and, where applicable, where the so ware bill of materials can be accessed; 8 
  • 8. © 2023 Alberto Pianon, Carlo Piana - Array Annex V Annex V The technical documenta on […] shall contain at least the following informa on […] where applicable, the so ware bill of materials […], further to a reasoned request from a market surveillance authority provided that it is necessary in order for this authority to be able to check compliance with the essen al requirements set out in Annex I. 9 
  • 9. © 2023 Alberto Pianon, Carlo Piana - Array Stricter requirements for Stricter requirements for Cri cal products with digital elements High-risk AI systems - - 10 
  • 10. © 2023 Alberto Pianon, Carlo Piana - Array Therefore… Therefore… Image by from DaveMeier Pixabay Just take the plunge! 11 
  • 11. © 2023 Alberto Pianon, Carlo Piana - Array Where We Have Done It Where We Have Done It v2.0 Embedded Opera ng System pla orm, with mul ple build targets - an integrated Con nuous Compliance process managed through a dedicated toolchain - based on exis ng OSS tools + a set of custom tools (aliens4friends) using across the whole worküow, to get machine readable SBOM - 12 
  • 12. © 2023 Alberto Pianon, Carlo Piana - Array Who Did It? Who Did It? NOI Techpark Array h ps:/ /noi.bz.it/en h ps:/ /array.eu 13 
  • 14. © 2023 Alberto Pianon, Carlo Piana - Array 14 
  • 16. © 2023 Alberto Pianon, Carlo Piana - Array 15 
  • 17. © 2023 Alberto Pianon, Carlo Piana - Array The Problem We Had To Solve The Problem We Had To Solve In embedded opera ng systems, hardware integra on is a PITA - to handle it, you need to bake your own custom linux distribu on: is the tool - mixing ingredients by using recipes, layers and overrides offers great üexibility and eases hardware integra on… - …but it brings PITA when you need to generate SBOM - 16 
  • 18. © 2023 Alberto Pianon, Carlo Piana - Array Soup Is Great But… Soup Is Great But… How do you trace ingredients when you already mixed them? 17 
  • 19. © 2023 Alberto Pianon, Carlo Piana - Array Yocto Workflow (Simplified) Yocto Workflow (Simplified) 18 
  • 20. © 2023 Alberto Pianon, Carlo Piana - Array How We Want To Collect Required How We Want To Collect Required Data On Yocto Side Data On Yocto Side Map upstream source ûles to local workdir source ûles to binary ûles consume metadata coming from Yocto trace unpacking of upstream source packages and of downstream patches (the ingredients), separately from each other, and map them to local workdir ûles (the soup pan) - 19 
  • 21. © 2023 Alberto Pianon, Carlo Piana - Array Downstream Or Upstream? Downstream Or Upstream? In a ûrst PoC we did that with an external, post-mortem script using Yocto/bitbake libraries to parse build directories and reproduce the unpack process… - but the solu on needed to be pushed upstream! - 20 
  • 22. © 2023 Alberto Pianon, Carlo Piana - Array Finally, We Made It! Finally, We Made It! Patch has been recently accepted in Bitbake and Poky repositories and will be part of the upcoming Yocto release - It exposes an <unpack tracer= API where one can plug-in upstream source tracing logic directly into the core of bitbake - Trace ingredients before making the soup! - A ûrst API implementa on (WIP) is already available at - h ps:/ /gitlab.eclipse.org/eclipse/oniro- compliancetoolchain/toolchain/next/meta-bbtracer We will work on back-por ng the patch to older Yocto LTS releases - 21 
  • 23. © 2023 Alberto Pianon, Carlo Piana - Array Q&A: We Need Your Feedback! Q&A: We Need Your Feedback! 22 
  • 24. © 2023 Alberto Pianon, Carlo Piana - Array Thank You For Your Attention Thank You For Your Attention    Array Alberto Pianon Carlo Piana This work is licensed under a 4.0 Presentation made using and a workflow with Soup image: , , via Wikimedia Commons h ps:/ /array.eu h ps:/ /projects.eclipse.org/projects/oniro.oniro- compliancetoolchain h ps:/ /gitlab.eclipse.org/eclipse/oniro- compliancetoolchain/toolchain       Creative Commons - Attribution - ShareAlike Reveal.js Markdown reveal-md Bonniebartilomo CC BY-SA 4.0 23 
  • 25.