Skip to content
View tsteenbe's full-sized avatar

Organizations

@todogroup @spdx @OpenChain-Project @clearlydefined @cdfoundation @oss-review-toolkit @act-project

Block or report tsteenbe

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
tsteenbe/README.md

Hi there 👋

🏢 I help organizations manage open source in a strategic, safe and efficient manner that meets their business needs. Or as I like to put it "How can we do open source at scale and speed whilst staying safe, respect licenses, enable upstream sustainability, and make life easier for our devs?"

I have been working on answering the above question as an open source project maintainer/contributor of various projects and by sharing my experiences trying to help the open source commmunity move forward.

🤝 I’m looking to collaborate on open source supply chain (security), SBOM, and managing open source in organizations. Open to speaking opportunities.

💬 Ask me anything open source, dealing with toddlers or about my two cats 😺

📫 How to reach me:

🏳️‍🌈 Pronouns: he/him

Projects

I'm regularly contributing to...

OSS Review Toolkit (ORT) provides tooling to safely use, integrate, modify and redistribute third party software including FOSS.

You can use it to:

  • Generate CycloneDX or SPDX SBOMs for your software project
  • Automate your FOSS policy using Policy as Code to do licensing, security vulnerabilities and engineering standards checks for your software project and its dependencies
  • Correct found invalid or missing package metadata (licensing, source location, etc.)
  • Overwrite scanner license findings in the sources of your software project and its dependencies
  • Mark files, directories or or package manager scopes as not included in your software project or dependency released artifacts - use it to make clear that license findings in build scripts, documentation or tests in a package sources do not apply to the release (binary) artifact
  • Create a source code archive for your software project, including its dependencies to comply with certain licenses or have your own copy as nothing on the internet is forever

I'm one of the project's maintainers and a frequent speaker at conferences as the project's spokesperson.

Software Package Data Exchange (SPDX) is an open standard for Software Bill of Materials (SBOM). SPDX allows the expression of components, licenses, copyrights, security references and other metadata relating to software. I'm currently the lead for Security Profile specfication working to exchange quality, vulnerability, and software supportability information in SPDX.

TODO is an open group of organizations that collaborate on practices, tools, and other ways to run successful and effective open source projects and programs. I'm a co-founder of the European chapter of TODO Group, TODO OSPO ambassador, creator/organizer of the OSPOlogy.live and ex-TODO steering committee member.

OpenChain Project is an open standard for open source license compliance. It allows organizations of all sizes and sectors to adopt the key requirements of a quality open source compliance program. I'm a co-founder and regular contributor to the OpenChain Reference Tooling Work Group.

OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. I am contributor to the SBOM Everywhere SIG.

The Fintech Open Source Foundation (FINOS)'s purpose is to accelerate collaboration and innovation in financial services through the adoption of open source software, standards and best practices. I am a contributor to various projects within FINOS Open Source Readiness (OSR SIG), for example Q3 2023 I co-authored to the Financial Services Certified Open Source Developer (FSOSD) exam.

Bitkom is Germany’s digital association. I am contributor to the Bitkom Open Source Work Group.

Talks

Below a selection of some of my past presentations...

Pinned Loading

  1. oss-review-toolkit/ort oss-review-toolkit/ort Public

    A suite of tools to automate software compliance checks.

    Kotlin 1.6k 314

  2. spdx/spdx-spec spdx/spdx-spec Public

    The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.

    Python 300 140