SlideShare a Scribd company logo

How enterprises learned to stop worrying and love open source

Download as PPTX, PDF
Rogue Wave Software
Rogue Wave Software

The document discusses the history and adoption of open source software by enterprises. It describes how enterprises have evolved from being unaware of open source to fully embracing it. It also discusses the technical, security, and licensing challenges enterprises face with open source and how confidence and processes around open source have matured over time. The presentation covers key topics like the growth in packages, languages, and skills and how this impacts enterprises. It also addresses security vulnerabilities and the importance of monitoring for issues.

Technology
1 of 31
1© 2016 Rogue Wave Software, Inc. All Rights Reserved. 1 Top open source lessons for every enterprise Episode I: How enterprises learned to stop worrying and love open source
2© 2016 Rogue Wave Software, Inc. All Rights Reserved. 2 Rod Cope, CTO Rogue Wave Software Presenter
3© 2016 Rogue Wave Software, Inc. All Rights Reserved. 3 Poll #1 What percentage of your code is free and open source software? A. 0 to 25% B. 26 to 50% C. 51 to 75% D. More than 75%
4© 2016 Rogue Wave Software, Inc. All Rights Reserved. 4
5© 2016 Rogue Wave Software, Inc. All Rights Reserved. 5 ”Open source has eaten the world.” Rod Cope, CTO Rogue Wave Software
6© 2016 Rogue Wave Software, Inc. All Rights Reserved. 6 1. A brief history of open source 2. Talking technical 3. Call security 4. Keys to licensing 5. A brief history of the future 6. Summary 7. Q&A Agenda
7© 2016 Rogue Wave Software, Inc. All Rights Reserved. 7 A brief history of open source
8© 2016 Rogue Wave Software, Inc. All Rights Reserved. 8 Open source evolution • Freeware/ shareware • BBS • Perl • GPL • “Open Source” • Apache, Tomcat, JBoss • PHP, Python, Ruby • Linux • FUD • OSS company explosion • Insurance plays • Git • Android 1980’s 1990’s 2000’s 2010’s 2016 • Package explosion • GitHub ascension • Full speed OSS adoption • Docker • Swift • “OSS first” policies • CentOS in enterprise • Cloud OSS • Cognitive computing OSS in the enterprise Unaware Early tests Keep out! Adoption Ubiquitous
9© 2016 Rogue Wave Software, Inc. All Rights Reserved. 9 3 evolutionary paths 1. Technical 2. Security 3. Licensing CHAO S NEUTRAL LOVE Spectrum of confidence
10© 2016 Rogue Wave Software, Inc. All Rights Reserved. 10 Poll #2 How well is your organization managing OSS? A. It’s chaotic: minimal process, no tracking, uncertain use B. It’s okay: some process & tracking, some license compliance C. It’s good: project-level processes, tracking, & compliance D. It’s great: processes and tools in place across organization
11© 2016 Rogue Wave Software, Inc. All Rights Reserved. 11 Talking technical
12© 2016 Rogue Wave Software, Inc. All Rights Reserved. 12 Technical confidence • Growth in number of packages / challenges • Growth in languages / challenges • Growth in skills / challenges By 2018, every enterprise will be a “software company” Recruiting developers will be a CEO top 5 strategy for success 0 10 20 30 40 2015 2020 Billions of IoT devices BI Intelligence 2 billion GB, 600 million queries/sec 278 billion messages/day
13© 2016 Rogue Wave Software, Inc. All Rights Reserved. 13 Packages • 1000’s of repositories • Everything rough around the edges • Venture capitalists: “There will be ~10 OSS packages” CHAO S • 1000’s of packages • Elevated repositories • Package management systems • Strong technical benefits • FUD around licensing • Millions of packages • Dominant repositories • Safe adoption of OSS • Commercial support options NEUTRAL LOVE
14© 2016 Rogue Wave Software, Inc. All Rights Reserved. 14 Languages • Few language choices • Everything written from scratch • No standards • Weak tool support CHAO S • New scripting languages for web development • Frameworks and other tools accelerate development • Web and other standards become common • Many languages: declarative, functional, statically typed • Strong competition among frameworks & tools • “Best tool for the job” is the norm • Possible downside: tyranny of choice NEUTRAL LOVE
15© 2016 Rogue Wave Software, Inc. All Rights Reserved. 15 Skills • Nobody knows OSS • Developer leaves  code is unmaintainable • No formal support or training available CHAO S • OSS becomes common, easier to find developers • Training available for some key packages • OSS experience appears on resumes • Formal training and certification available • Professional support, guidance, and migration help • OSS history and code is key to getting a job • Employers looking specifically for OSS experts NEUTRAL LOVE
16© 2016 Rogue Wave Software, Inc. All Rights Reserved. 16 Call security
17© 2016 Rogue Wave Software, Inc. All Rights Reserved. 17 Security confidence • Growth in software complexity leads to more vulnerabilities • Large developer base doesn’t imply constant (or skilled) vigilance On Apache Struts: “It is not noteworthy that an open source project could have a severe vulnerability [it’s] that this flaw went undetected for at least seven years.” • Potentially millions of servers • “seeing 10 to 15 attacks per second”1 • Example loss: 4.5 million patient records2 • 8 other flaws in core packages the first week of 2015 1. CloudFlare 2. Reuters: U.S hospital breach biggest yet to exploit Heartbleed bug
18© 2016 Rogue Wave Software, Inc. All Rights Reserved. 18 Security evolution • No focus on security, unknown quality • Every project has own approach to security • Code is available: easy to attack CHAO S • “Given enough eyeballs, all bugs are shallow” • OSS is just code: similar to proprietary • Treat all code the same • Code is available: Static and dynamic code analysis • Security elevated to “critical feature” status • Initiatives to improve widely used infrastructure NEUTRAL LOVE
19© 2016 Rogue Wave Software, Inc. All Rights Reserved. 19 Poll #3 How does your team know when an OSS package has a vulnerability? A. We don’t B. We read the news C. We monitor vulnerability reports, databases, etc. D. We monitor reports and perform regular security scans
20© 2016 Rogue Wave Software, Inc. All Rights Reserved. 20 Keys to licensing
21© 2016 Rogue Wave Software, Inc. All Rights Reserved. 21 Licensing confidence • Growth in licensing • Top licenses on GitHub1: MIT (44.69%), GPL 2.0 (12.96%), Apache (11.19%), GPL 3.0 (8.88%) v.s XimpleWare Only 35 percent of companies have written policies requiring them to use properly licensed software v.s 1. GitHub: Open source license usage
22© 2016 Rogue Wave Software, Inc. All Rights Reserved. 22 Licensing evolution • No license • DIY licenses • ”Vanity” licenses • Non-OSS licenses CHAO S • ”Copyleft” • “Business-friendly” • Use case dependent obligations • Better developer awareness • Attorneys up-to-speed on OSS • Professional auditing services NEUTRAL LOVE
23© 2016 Rogue Wave Software, Inc. All Rights Reserved. 23 Poll #4
24© 2016 Rogue Wave Software, Inc. All Rights Reserved. 24 A brief history of the future
25© 2016 Rogue Wave Software, Inc. All Rights Reserved. 25 Future OSS technologies • VR/AR – Virtual Reality – Augmented Reality – Magic Leap • Cognitive computing – Artificial intelligence – Machine learning – Deep learning • Autonomous vehicles – osvehicle.com – CANtact – OSS code for driving
26© 2016 Rogue Wave Software, Inc. All Rights Reserved. 26 Summary A tyranny of choice Many license options, most don’t know how to manage or track • Awareness building • Audits becoming commonplace or mandatoryVulnerabilities go undetected, elevating security to a critical feature • Static and dynamic analysis help Packages and languages have exploded, requiring new skills • Rise of the “open source developer” • CEO top 5 strategy
27© 2016 Rogue Wave Software, Inc. All Rights Reserved. 27 Q & A
28© 2016 Rogue Wave Software, Inc. All Rights Reserved. 28 Watch on demand • Watch this webinar on demand • Read the recap blog to see the results of the polls and Q&A session
29© 2016 Rogue Wave Software, Inc. All Rights Reserved. 29 Follow up Free newsletter: vulnerabilities, industry news, and enterprise support stories openlogic.com/products-services/openlogic-exchange/openupdate For OpenLogic support customers: OSS Radio
30© 2016 Rogue Wave Software, Inc. All Rights Reserved. 30 Stay tuned Top open source lessons for every enterprise June 29: When is free not free: The true costs of open source Knowing the OSS in use is key to reducing technical, security, and licensing hurdles – how do you do it? July 13: Open source applied: Real-world uses Examine actual field issues, from architecture to production, to better select and use the right packages. July 27: Top issues in the top enterprise packages Dive into specific packages with two architects to discover what goes right and what goes wrong.
31© 2016 Rogue Wave Software, Inc. All Rights Reserved. 31

Recommended

OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
Rogue Wave Software
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016
Black Duck by Synopsys
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycle
Rogue Wave Software
 
EuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through StandardsEuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through Standards
Arthur Hicken
 
Q1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and BeyondQ1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and Beyond
Black Duck by Synopsys
 
PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?
Black Duck by Synopsys
 
Application Security in the Age of Open Source
Application Security in the Age of Open SourceApplication Security in the Age of Open Source
Application Security in the Age of Open Source
Black Duck by Synopsys
 
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
Parasoft
 

Recommended

OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
Rogue Wave Software
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016
Black Duck by Synopsys
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycle
Rogue Wave Software
 
EuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through StandardsEuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through Standards
Arthur Hicken
 
Q1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and BeyondQ1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and Beyond
Black Duck by Synopsys
 
PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?
Black Duck by Synopsys
 
Application Security in the Age of Open Source
Application Security in the Age of Open SourceApplication Security in the Age of Open Source
Application Security in the Age of Open Source
Black Duck by Synopsys
 
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
Parasoft
 
FROM OPEN SOURCE COMPLIANCE TO SECURITY
FROM OPEN SOURCE COMPLIANCE TO SECURITYFROM OPEN SOURCE COMPLIANCE TO SECURITY
FROM OPEN SOURCE COMPLIANCE TO SECURITY
Black Duck by Synopsys
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
IBM Security
 
September 13, 2016: Security in the Age of Open Source:
September 13, 2016: Security in the Age of Open Source: September 13, 2016: Security in the Age of Open Source:
September 13, 2016: Security in the Age of Open Source:
Black Duck by Synopsys
 
(In)security in Open Source
(In)security in Open Source(In)security in Open Source
(In)security in Open Source
Shane Coughlan
 
Continuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachContinuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain Approach
Sonatype
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security
Rogue Wave Software
 
Software Security Assurance for Devops
Software Security Assurance for DevopsSoftware Security Assurance for Devops
Software Security Assurance for Devops
Jerika Phelps
 
Welcome & The State of Open Source Security
Welcome & The State of Open Source SecurityWelcome & The State of Open Source Security
Welcome & The State of Open Source Security
Jerika Phelps
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017
Suman Sourav
 
Secure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStackSecure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStack
Tim Mackey
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Security
Sander Temme
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Jerika Phelps
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOps
Black Duck by Synopsys
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009
Klocwork
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain Management
Sonatype
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
Tim Mackey
 
DevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresDevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructures
Priyanka Aash
 
Security in the Age of Open Source
Security in the Age of Open SourceSecurity in the Age of Open Source
Security in the Age of Open Source
Black Duck by Synopsys
 
Findings Revealed: 2015 State of the Software Supply Chain
Findings Revealed: 2015 State of the Software Supply Chain Findings Revealed: 2015 State of the Software Supply Chain
Findings Revealed: 2015 State of the Software Supply Chain
Sonatype
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Great Wide Open
 
Open source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsOpen source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the details
Rogue Wave Software
 
Res cnm nec2013
Res cnm nec2013Res cnm nec2013
Res cnm nec2013
ACAM ATLETISMO
 

More Related Content

What's hot

Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
IBM Security
 
Welcome & The State of Open Source Security
Welcome & The State of Open Source SecurityWelcome & The State of Open Source Security
Welcome & The State of Open Source Security
Jerika Phelps
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
Tim Mackey
 

What's hot (20)

FROM OPEN SOURCE COMPLIANCE TO SECURITY
FROM OPEN SOURCE COMPLIANCE TO SECURITYFROM OPEN SOURCE COMPLIANCE TO SECURITY
FROM OPEN SOURCE COMPLIANCE TO SECURITY
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
 
September 13, 2016: Security in the Age of Open Source:
September 13, 2016: Security in the Age of Open Source: September 13, 2016: Security in the Age of Open Source:
September 13, 2016: Security in the Age of Open Source:
 
(In)security in Open Source
(In)security in Open Source(In)security in Open Source
(In)security in Open Source
 
Continuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachContinuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain Approach
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security
 
Software Security Assurance for Devops
Software Security Assurance for DevopsSoftware Security Assurance for Devops
Software Security Assurance for Devops
 
Welcome & The State of Open Source Security
Welcome & The State of Open Source SecurityWelcome & The State of Open Source Security
Welcome & The State of Open Source Security
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017
 
Secure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStackSecure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStack
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Security
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOps
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain Management
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
DevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresDevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructures
 
Security in the Age of Open Source
Security in the Age of Open SourceSecurity in the Age of Open Source
Security in the Age of Open Source
 
Findings Revealed: 2015 State of the Software Supply Chain
Findings Revealed: 2015 State of the Software Supply Chain Findings Revealed: 2015 State of the Software Supply Chain
Findings Revealed: 2015 State of the Software Supply Chain
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
 

Viewers also liked

Open source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsOpen source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the details
Rogue Wave Software
 
Tips for Fixing A Hacked WordPress Site - Vlad Lasky
Tips for Fixing A Hacked WordPress Site - Vlad LaskyTips for Fixing A Hacked WordPress Site - Vlad Lasky
Tips for Fixing A Hacked WordPress Site - Vlad Lasky
WordCamp Sydney
 
Ahmed Anwar Senior Architect
Ahmed Anwar Senior Architect Ahmed Anwar Senior Architect
Ahmed Anwar Senior Architect
Ahmed Anwar
 
Mahmoud Mostafa Mohamed Lashen
Mahmoud Mostafa Mohamed LashenMahmoud Mostafa Mohamed Lashen
Mahmoud Mostafa Mohamed Lashen
mahmoud lashen
 

Viewers also liked (19)

Open source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsOpen source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the details
 
Res cnm nec2013
Res cnm nec2013Res cnm nec2013
Res cnm nec2013
 
GlassFish v3 Prelude Aquarium Paris
GlassFish v3 Prelude Aquarium ParisGlassFish v3 Prelude Aquarium Paris
GlassFish v3 Prelude Aquarium Paris
 
new cv najah
new cv najahnew cv najah
new cv najah
 
Shelf help final presentation (eecs 441)
Shelf help final presentation (eecs 441)Shelf help final presentation (eecs 441)
Shelf help final presentation (eecs 441)
 
Hu sb maersk_5.3_final
Hu sb maersk_5.3_finalHu sb maersk_5.3_final
Hu sb maersk_5.3_final
 
Fortaleciendo las competencias de los lideres
Fortaleciendo las competencias de los lideresFortaleciendo las competencias de los lideres
Fortaleciendo las competencias de los lideres
 
Tips for Fixing A Hacked WordPress Site - Vlad Lasky
Tips for Fixing A Hacked WordPress Site - Vlad LaskyTips for Fixing A Hacked WordPress Site - Vlad Lasky
Tips for Fixing A Hacked WordPress Site - Vlad Lasky
 
Autos, Wi-Fi, and IoT
Autos, Wi-Fi, and IoTAutos, Wi-Fi, and IoT
Autos, Wi-Fi, and IoT
 
Managing Open Source software in the Docker era
Managing Open Source software in the Docker era Managing Open Source software in the Docker era
Managing Open Source software in the Docker era
 
Ahmed Anwar Senior Architect
Ahmed Anwar Senior Architect Ahmed Anwar Senior Architect
Ahmed Anwar Senior Architect
 
Future of blogging 2016
Future of blogging 2016Future of blogging 2016
Future of blogging 2016
 
Fanless Embedded PCs for Outdoor Kiosks Applications Guide
Fanless Embedded PCs for Outdoor Kiosks Applications GuideFanless Embedded PCs for Outdoor Kiosks Applications Guide
Fanless Embedded PCs for Outdoor Kiosks Applications Guide
 
Mahmoud Mostafa Mohamed Lashen
Mahmoud Mostafa Mohamed LashenMahmoud Mostafa Mohamed Lashen
Mahmoud Mostafa Mohamed Lashen
 
9 Tips om te groeien op Instagram - Interieur branche
9 Tips om te groeien op Instagram - Interieur branche 9 Tips om te groeien op Instagram - Interieur branche
9 Tips om te groeien op Instagram - Interieur branche
 
климатични пояси и области в европа
климатични пояси и области в европаклиматични пояси и области в европа
климатични пояси и области в европа
 
Hallmark Business Connections
Hallmark Business ConnectionsHallmark Business Connections
Hallmark Business Connections
 
FMUK - E-business & E-marketing 3.10.2016: Webdesign: čo treba pre úspešný we...
FMUK - E-business & E-marketing 3.10.2016: Webdesign: čo treba pre úspešný we...FMUK - E-business & E-marketing 3.10.2016: Webdesign: čo treba pre úspešný we...
FMUK - E-business & E-marketing 3.10.2016: Webdesign: čo treba pre úspešný we...
 
OSS - enterprise adoption strategy and governance
OSS - enterprise adoption strategy and governanceOSS - enterprise adoption strategy and governance
OSS - enterprise adoption strategy and governance
 

Similar to How enterprises learned to stop worrying and love open source

Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysis
Rogue Wave Software
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization
Rogue Wave Software
 
Top 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareTop 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle software
Rogue Wave Software
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurity
Rogue Wave Software
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
FINOS
 
Five ways to protect your software supply chain from hacks, quacks, and wrecks
Five ways to protect your software supply chain from hacks, quacks, and wrecksFive ways to protect your software supply chain from hacks, quacks, and wrecks
Five ways to protect your software supply chain from hacks, quacks, and wrecks
Rogue Wave Software
 

Similar to How enterprises learned to stop worrying and love open source (20)

When is free not free: The true costs of open source
When is free not free: The true costs of open sourceWhen is free not free: The true costs of open source
When is free not free: The true costs of open source
 
Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysis
 
Open Source Support
Open Source SupportOpen Source Support
Open Source Support
 
Identifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersIdentifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developers
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT world
 
Rise of the Open Source Program Office for LinuxCon 2016
Rise of the Open Source Program Office for LinuxCon 2016Rise of the Open Source Program Office for LinuxCon 2016
Rise of the Open Source Program Office for LinuxCon 2016
 
Gimme shelter: Tips on protecting proprietary and open source code
Gimme shelter: Tips on protecting proprietary and open source codeGimme shelter: Tips on protecting proprietary and open source code
Gimme shelter: Tips on protecting proprietary and open source code
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Top 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareTop 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle software
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impact
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurity
 
Open Source vs Proprietary
Open Source vs ProprietaryOpen Source vs Proprietary
Open Source vs Proprietary
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
 
Hidden Speed Bumps on the Road to "Continuous"
Hidden Speed Bumps on the Road to "Continuous"Hidden Speed Bumps on the Road to "Continuous"
Hidden Speed Bumps on the Road to "Continuous"
 
Découvrez le Rugged DevOps
Découvrez le Rugged DevOpsDécouvrez le Rugged DevOps
Découvrez le Rugged DevOps
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
 
Collaborative security : Securing open source software
Collaborative security : Securing open source softwareCollaborative security : Securing open source software
Collaborative security : Securing open source software
 
How temenos manages open source use, the easy way combined
How temenos manages open source use, the easy way combinedHow temenos manages open source use, the easy way combined
How temenos manages open source use, the easy way combined
 
Five ways to protect your software supply chain from hacks, quacks, and wrecks
Five ways to protect your software supply chain from hacks, quacks, and wrecksFive ways to protect your software supply chain from hacks, quacks, and wrecks
Five ways to protect your software supply chain from hacks, quacks, and wrecks
 

More from Rogue Wave Software

Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...
Rogue Wave Software
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case study
Rogue Wave Software
 
Advanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsAdvanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applications
Rogue Wave Software
 
Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices
Rogue Wave Software
 
Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)
Rogue Wave Software
 
How to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxHow to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to Linux
Rogue Wave Software
 
Approaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsApproaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC apps
Rogue Wave Software
 

More from Rogue Wave Software (20)

The Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveThe Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data Perspective
 
No liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureNo liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failure
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformation
 
Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...
 
Adding layers of security to an API in real-time
Adding layers of security to an API in real-timeAdding layers of security to an API in real-time
Adding layers of security to an API in real-time
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case study
 
Advanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsAdvanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applications
 
The forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youThe forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for you
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?
 
Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices
 
5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliancePSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliance
 
Java 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureJava 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the future
 
How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)
 
Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)
 
How to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxHow to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to Linux
 
Approaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsApproaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC apps
 
Enterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSEnterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOS
 
Walk through an enterprise Linux migration
Walk through an enterprise Linux migrationWalk through an enterprise Linux migration
Walk through an enterprise Linux migration
 
How to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmHow to keep developers happy and lawyers calm
How to keep developers happy and lawyers calm
 

Recently uploaded

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Recently uploaded (20)

AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 

How enterprises learned to stop worrying and love open source

  • 1. 1© 2016 Rogue Wave Software, Inc. All Rights Reserved. 1 Top open source lessons for every enterprise Episode I: How enterprises learned to stop worrying and love open source
  • 2. 2© 2016 Rogue Wave Software, Inc. All Rights Reserved. 2 Rod Cope, CTO Rogue Wave Software Presenter
  • 3. 3© 2016 Rogue Wave Software, Inc. All Rights Reserved. 3 Poll #1 What percentage of your code is free and open source software? A. 0 to 25% B. 26 to 50% C. 51 to 75% D. More than 75%
  • 4. 4© 2016 Rogue Wave Software, Inc. All Rights Reserved. 4
  • 5. 5© 2016 Rogue Wave Software, Inc. All Rights Reserved. 5 ”Open source has eaten the world.” Rod Cope, CTO Rogue Wave Software
  • 6. 6© 2016 Rogue Wave Software, Inc. All Rights Reserved. 6 1. A brief history of open source 2. Talking technical 3. Call security 4. Keys to licensing 5. A brief history of the future 6. Summary 7. Q&A Agenda
  • 7. 7© 2016 Rogue Wave Software, Inc. All Rights Reserved. 7 A brief history of open source
  • 8. 8© 2016 Rogue Wave Software, Inc. All Rights Reserved. 8 Open source evolution • Freeware/ shareware • BBS • Perl • GPL • “Open Source” • Apache, Tomcat, JBoss • PHP, Python, Ruby • Linux • FUD • OSS company explosion • Insurance plays • Git • Android 1980’s 1990’s 2000’s 2010’s 2016 • Package explosion • GitHub ascension • Full speed OSS adoption • Docker • Swift • “OSS first” policies • CentOS in enterprise • Cloud OSS • Cognitive computing OSS in the enterprise Unaware Early tests Keep out! Adoption Ubiquitous
  • 9. 9© 2016 Rogue Wave Software, Inc. All Rights Reserved. 9 3 evolutionary paths 1. Technical 2. Security 3. Licensing CHAO S NEUTRAL LOVE Spectrum of confidence
  • 10. 10© 2016 Rogue Wave Software, Inc. All Rights Reserved. 10 Poll #2 How well is your organization managing OSS? A. It’s chaotic: minimal process, no tracking, uncertain use B. It’s okay: some process & tracking, some license compliance C. It’s good: project-level processes, tracking, & compliance D. It’s great: processes and tools in place across organization
  • 11. 11© 2016 Rogue Wave Software, Inc. All Rights Reserved. 11 Talking technical
  • 12. 12© 2016 Rogue Wave Software, Inc. All Rights Reserved. 12 Technical confidence • Growth in number of packages / challenges • Growth in languages / challenges • Growth in skills / challenges By 2018, every enterprise will be a “software company” Recruiting developers will be a CEO top 5 strategy for success 0 10 20 30 40 2015 2020 Billions of IoT devices BI Intelligence 2 billion GB, 600 million queries/sec 278 billion messages/day
  • 13. 13© 2016 Rogue Wave Software, Inc. All Rights Reserved. 13 Packages • 1000’s of repositories • Everything rough around the edges • Venture capitalists: “There will be ~10 OSS packages” CHAO S • 1000’s of packages • Elevated repositories • Package management systems • Strong technical benefits • FUD around licensing • Millions of packages • Dominant repositories • Safe adoption of OSS • Commercial support options NEUTRAL LOVE
  • 14. 14© 2016 Rogue Wave Software, Inc. All Rights Reserved. 14 Languages • Few language choices • Everything written from scratch • No standards • Weak tool support CHAO S • New scripting languages for web development • Frameworks and other tools accelerate development • Web and other standards become common • Many languages: declarative, functional, statically typed • Strong competition among frameworks & tools • “Best tool for the job” is the norm • Possible downside: tyranny of choice NEUTRAL LOVE
  • 15. 15© 2016 Rogue Wave Software, Inc. All Rights Reserved. 15 Skills • Nobody knows OSS • Developer leaves  code is unmaintainable • No formal support or training available CHAO S • OSS becomes common, easier to find developers • Training available for some key packages • OSS experience appears on resumes • Formal training and certification available • Professional support, guidance, and migration help • OSS history and code is key to getting a job • Employers looking specifically for OSS experts NEUTRAL LOVE
  • 16. 16© 2016 Rogue Wave Software, Inc. All Rights Reserved. 16 Call security
  • 17. 17© 2016 Rogue Wave Software, Inc. All Rights Reserved. 17 Security confidence • Growth in software complexity leads to more vulnerabilities • Large developer base doesn’t imply constant (or skilled) vigilance On Apache Struts: “It is not noteworthy that an open source project could have a severe vulnerability [it’s] that this flaw went undetected for at least seven years.” • Potentially millions of servers • “seeing 10 to 15 attacks per second”1 • Example loss: 4.5 million patient records2 • 8 other flaws in core packages the first week of 2015 1. CloudFlare 2. Reuters: U.S hospital breach biggest yet to exploit Heartbleed bug
  • 18. 18© 2016 Rogue Wave Software, Inc. All Rights Reserved. 18 Security evolution • No focus on security, unknown quality • Every project has own approach to security • Code is available: easy to attack CHAO S • “Given enough eyeballs, all bugs are shallow” • OSS is just code: similar to proprietary • Treat all code the same • Code is available: Static and dynamic code analysis • Security elevated to “critical feature” status • Initiatives to improve widely used infrastructure NEUTRAL LOVE
  • 19. 19© 2016 Rogue Wave Software, Inc. All Rights Reserved. 19 Poll #3 How does your team know when an OSS package has a vulnerability? A. We don’t B. We read the news C. We monitor vulnerability reports, databases, etc. D. We monitor reports and perform regular security scans
  • 20. 20© 2016 Rogue Wave Software, Inc. All Rights Reserved. 20 Keys to licensing
  • 21. 21© 2016 Rogue Wave Software, Inc. All Rights Reserved. 21 Licensing confidence • Growth in licensing • Top licenses on GitHub1: MIT (44.69%), GPL 2.0 (12.96%), Apache (11.19%), GPL 3.0 (8.88%) v.s XimpleWare Only 35 percent of companies have written policies requiring them to use properly licensed software v.s 1. GitHub: Open source license usage
  • 22. 22© 2016 Rogue Wave Software, Inc. All Rights Reserved. 22 Licensing evolution • No license • DIY licenses • ”Vanity” licenses • Non-OSS licenses CHAO S • ”Copyleft” • “Business-friendly” • Use case dependent obligations • Better developer awareness • Attorneys up-to-speed on OSS • Professional auditing services NEUTRAL LOVE
  • 23. 23© 2016 Rogue Wave Software, Inc. All Rights Reserved. 23 Poll #4
  • 24. 24© 2016 Rogue Wave Software, Inc. All Rights Reserved. 24 A brief history of the future
  • 25. 25© 2016 Rogue Wave Software, Inc. All Rights Reserved. 25 Future OSS technologies • VR/AR – Virtual Reality – Augmented Reality – Magic Leap • Cognitive computing – Artificial intelligence – Machine learning – Deep learning • Autonomous vehicles – osvehicle.com – CANtact – OSS code for driving
  • 26. 26© 2016 Rogue Wave Software, Inc. All Rights Reserved. 26 Summary A tyranny of choice Many license options, most don’t know how to manage or track • Awareness building • Audits becoming commonplace or mandatoryVulnerabilities go undetected, elevating security to a critical feature • Static and dynamic analysis help Packages and languages have exploded, requiring new skills • Rise of the “open source developer” • CEO top 5 strategy
  • 27. 27© 2016 Rogue Wave Software, Inc. All Rights Reserved. 27 Q & A
  • 28. 28© 2016 Rogue Wave Software, Inc. All Rights Reserved. 28 Watch on demand • Watch this webinar on demand • Read the recap blog to see the results of the polls and Q&A session
  • 29. 29© 2016 Rogue Wave Software, Inc. All Rights Reserved. 29 Follow up Free newsletter: vulnerabilities, industry news, and enterprise support stories openlogic.com/products-services/openlogic-exchange/openupdate For OpenLogic support customers: OSS Radio
  • 30. 30© 2016 Rogue Wave Software, Inc. All Rights Reserved. 30 Stay tuned Top open source lessons for every enterprise June 29: When is free not free: The true costs of open source Knowing the OSS in use is key to reducing technical, security, and licensing hurdles – how do you do it? July 13: Open source applied: Real-world uses Examine actual field issues, from architecture to production, to better select and use the right packages. July 27: Top issues in the top enterprise packages Dive into specific packages with two architects to discover what goes right and what goes wrong.
  • 31. 31© 2016 Rogue Wave Software, Inc. All Rights Reserved. 31

Editor's Notes

  1. For open source included in software that you’re releasing, are you compliant with all license obligations? Yes No Probably not Don’t know (talk about code for internal and external releases)