Module 2 - Achieving Compliance and Security


  • Goals:
    Understanding of managing compliance and security risks, operational fulfilment using TustSource
  • Contents:
    Compliance & Security goals, risk management approach, handling compliance risk, handling technical risk (security, viability),
    Part I: achieving compliance , practical questions (cases), TrustSource tools to achieve compliance (understanding legal settings in detail, functionality of legal engine, private licenses, black- & whitelists for components and licenses, etc.), detailed assessment of a notice file, collecting attributions, change notifications making use of DeepScan to qualify sources, quizz
    Part II: managing and assessing vulnerabilities, finding further vulnerability information, limitations of vulnerability data, examples analysing vulnerability data, using vulnerability reports, assessing viability, versions-analysis, forwarding tasks/tickets, handling developer versions, muting vulnerabilities, quizz
    Part III: making use of infrastructure, 3rd party & COTS, handling private and commercial licenses, using linked modules in a different context , COTS report, SOUP list, quizz, Summary and test 
  • Target Groups: project Managers, compliance Managers, developers