Open Source Hygiene
11-08, 10:30–11:20 (US/Pacific), 334

Open source compliance used to focus on license obligations. Recent regulatory movements (e.g., EO-14028 and EU-CRA) along with an increasing awareness of the need for stronger security profiles in open source (e.g., XZ vulnerability) have created new obligations for consumers and distributors of open source software. This talk will focus on basic open source compliance and best practices in that space along with the newer SBOM requirements arising out of regulatory efforts in both the United States and Europe. This talk will also touch on the additional considerations such as open source health and how good hygiene is necessary for the sustainability of both individual open source projects as well as for the products which incorporate them


Open source compliance used to focus on license obligations. Recent regulatory movements (e.g., EO-14028 and EU-CRA) along with an increasing awareness of the need for stronger security profiles in open source (e.g., XZ vulnerability) have created new obligations for consumers and distributors of open source software. This talk will focus on basic open source compliance and best practices in that space along with the newer SBOM requirements arising out of regulatory efforts in both the United States and Europe. This talk will also touch on the additional considerations such as open source health and how good hygiene is necessary for the sustainability of both individual open source projects as well as for the products which incorporate them.

Ria Farrell Schalnat works with the Open Program Office of Hewlett Packard Enterprise. This role combines her prior lives as a computer programmer, lawyer and adjunct professor specializing in intellectual property subjects including open source. She has guided initiatives in patent portfolio management, intellectual property due diligence for mergers and acquisitions, software licensing, workflow and process management. Ria is served for two years as President of CincyIP, a local bar association dedicated to intellectual property education. She also served as an adjunct professor at the University of Cincinnati School of Law and University of Dayton School of Law on subjects including Patent Litigation, Cyberspace Law and Open Source Lice