Greetings, open source enthusiasts!
The recent OSS Summit in Bilbao, Spain, was an event brimming with insights, camaraderie, and shared aspirations. The SCANOSS team was delighted to meet many of you in person and engage in stimulating discussions.
One of the highlights of our booth was the “Down the Duck” game, and we hope many of you had as much fun playing as we did and a special shout-out to our winners! We also introduced many of you to our mascot, Frankie, and it seemed he quickly became a favourite.
As we reflect on the summit, certain themes resonate prominently. Here are our key takeaways from the event…
SCANOSS as the De-facto Standard
We were humbled and encouraged by the overwhelming feedback pointing towards SCANOSS’s position as the “de-facto standard” for open source risk visibility. Making an SBOM out of your declared dependencies is not enough! Make sure your SBOM includes ALL dependencies, including the undeclared ones. It’s a gentle reminder for all to ensure you’re aligned with the broader open source community’s visibility. Make sure your policy enforcement tooling has the same view as the Open source community.
Security Above All
Open source developers have always been passionate about security, but this summit underscored the urgency surrounding it. The emphasis on security risks was palpable and, without a doubt, a top concern. However, many attendees were unaware that 90% of SBOMs are incomplete, giving you an incomplete view of your open source vulnerability and license risks.
Following increased regulations and government mandates, many shared that their organizations are already leveraging SBOMs or are on the brink of doing so within the next year. This trend is particularly noticeable among large organizations. Surprisingly, most attendees were unaware that most SBOMs fail to identify undeclared open source, like code copied from Stackoverflow or ChatGPT. This was exciting for us because SBOMs aren’t just for large organizations anymore. Being the first free and open source solution in the space allows for 100% FREE SBOM generation AND decoration… Yup, you read correctly.
The Surge in SCANOSS Adoption and Contributions
Our influence within the community continues to grow. Our integration with FOSSology from version 4.3.0—allowing users to detect undeclared code even when license headers are stripped—is just one example of our expanding footprint.
Our journey is continually enriched by contributions from the global community. From the VSCode Plugin, streamlining compliance, to the recent Japanese language inclusion in our SBOM Workbench, it’s evident that open source knows no boundaries. Nor should its tools.
The event was a treasure trove of learning for us. While we aimed to share our expertise, we came away enriched with insights and ideas from all of you.
For those keen to delve deeper into SCANOSS’s offerings and our mission to disrupt the SCA space, do check out our website here.
Lastly, a heartfelt thank you from the entire SCANOSS team for making the summit memorable. Your engagement and enthusiasm were truly the event’s soul.