Philippe Ombredanne is a FOSS hacker on a mission to make it easier and safer to reuse FOSS code. He is the maintainer of ScanCode, the industry standard licence detection tool, and other open-source tools for software composition analysis and licence & security compliance at AboutCode.org.
Philippe is the project lead in two supply chain projects funded by NGI0: FOSS Code Supply Chain Assurancewhich is building a new system to help verify the integrity of deployed code packages and validate their origin with external data sources, with the potential to mitigate attacks on open-source packages supply chains such as detecting if a package in use is matching verified code by matching source and binaries exactly and approximately; and Free Software Vulnerability Database which is a resource set up to aggregate software updates.
We are on a mission to make it easier to reuse free and open source software to build better apps and system, faster and more efficiently. For this we are creating the best-in-class open source tools and open data for software origin, license and security determination to help secure your software supply chain.
Anthony Harrison is an experienced independent consultant from the UK delivering and securing mission critical systems. He founded and is currently the director of APH10, a consultancy focused on helping organisations manage software risks more effectively.
He has been involved in promoting the software bill of materials (SBOM) since 2021 as a way of supporting vulnerability management, and taken part in various working groups related to SBOM, including the SBOM Forum, SPDX Defects and OpenSSF SBOM Everywhere initiative.
Anthony has also been actively promoting open-source for many years and regularly contributes to an increasing number of related projects.
APH10 was founded in 2022 to help organizations identify, assess, and mitigate software risks, especially those related to security and resilience.
Currently developing a product to reduce the time and effort required to assess and manage software vulnerabilities by providing an automated process which prioritises the vulnerabilities.