In this episode of What’s in the SOSS, CRob has an inspiring conversation with Kate Stewart, a Linux Foundation veteran who took an unconventional path into open source as a manager rather than a developer, navigating complex legal challenges to get Motorola's contributions upstream. Now a decade into her tenure at the Linux Foundation, Kate leads critical initiatives in safety-critical open source software, including the Zephyr RTOS project and ELISA, while being instrumental in the evolution of SPDX and Software Bill of Materials (SBOM). She breaks down the different types of SBOMs, explains how the Zephyr project became a security exemplar with gold-level OpenSSF badging, and shares practical insights on navigating the European Union's Cyber Resilience Act (CRA). Whether you're interested in embedded systems, security best practices, or the evolving regulatory landscape for open source, this episode offers valuable perspectives from someone who's been shaping these conversations for years.Episode Chapters:00:00 - Intro Music & Promo Clip00:00- Introduction and Welcome00:42- Kate's Current Work at Linux Foundation02:18- Origin Story: From Motorola Manager to Open Source Advocate06:38- Building Global Open Source Teams and SPDX Beginnings09:45- The Variety of Open Source Contributors10:57- Deep Dive: What is an SBOM and Why It Matters17:05- The Evolution of SBOM Types and Academic Understanding19:21- Cyber Resilience Act and Zephyr as a Security Exemplar26:46- Zephyr's Security Journey: From Badging to CNA Status31:05- Rapid Fire Questions32:19- Advice for Newcomers and Closing ThoughtsEpisode links:Kate Stewart LinkedIn pageZephyr ProjectSPDX (Software Package Data Exchange)ELISA ProjectGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn

Ver todos los episodios