More Related Content Similar to How enterprises learned to stop worrying and love open source (20) More from Rogue Wave Software (20) How enterprises learned to stop worrying and love open source1. 1© 2016 Rogue Wave Software, Inc. All Rights Reserved. 1
Top open source lessons
for every enterprise
Episode I:
How enterprises learned to stop
worrying and love open source
2. 2© 2016 Rogue Wave Software, Inc. All Rights Reserved. 2
Rod Cope, CTO
Rogue Wave Software
Presenter
3. 3© 2016 Rogue Wave Software, Inc. All Rights Reserved. 3
Poll #1
What percentage of your code is free and open source software?
A. 0 to 25%
B. 26 to 50%
C. 51 to 75%
D. More than 75%
5. 5© 2016 Rogue Wave Software, Inc. All Rights Reserved. 5
”Open source has eaten the world.”
Rod Cope, CTO
Rogue Wave Software
6. 6© 2016 Rogue Wave Software, Inc. All Rights Reserved. 6
1. A brief history of open source
2. Talking technical
3. Call security
4. Keys to licensing
5. A brief history of the future
6. Summary
7. Q&A
Agenda
7. 7© 2016 Rogue Wave Software, Inc. All Rights Reserved. 7
A brief history of open
source
8. 8© 2016 Rogue Wave Software, Inc. All Rights Reserved. 8
Open source evolution
• Freeware/
shareware
• BBS
• Perl
• GPL
• “Open
Source”
• Apache,
Tomcat,
JBoss
• PHP,
Python,
Ruby
• Linux
• FUD
• OSS
company
explosion
• Insurance
plays
• Git
• Android
1980’s 1990’s 2000’s 2010’s 2016
• Package
explosion
• GitHub
ascension
• Full speed
OSS
adoption
• Docker
• Swift
• “OSS first”
policies
• CentOS in
enterprise
• Cloud OSS
• Cognitive
computing
OSS in the enterprise
Unaware Early tests Keep out! Adoption Ubiquitous
9. 9© 2016 Rogue Wave Software, Inc. All Rights Reserved. 9
3 evolutionary paths
1. Technical
2. Security
3. Licensing
CHAO
S
NEUTRAL LOVE
Spectrum of confidence
10. 10© 2016 Rogue Wave Software, Inc. All Rights Reserved. 10
Poll #2
How well is your organization managing OSS?
A. It’s chaotic: minimal process, no tracking, uncertain use
B. It’s okay: some process & tracking, some license compliance
C. It’s good: project-level processes, tracking, & compliance
D. It’s great: processes and tools in place across organization
11. 11© 2016 Rogue Wave Software, Inc. All Rights Reserved. 11
Talking technical
12. 12© 2016 Rogue Wave Software, Inc. All Rights Reserved. 12
Technical confidence
• Growth in number of packages / challenges
• Growth in languages / challenges
• Growth in skills / challenges
By 2018, every enterprise will be a “software company”
Recruiting developers will be a CEO top 5 strategy for success
0
10
20
30
40
2015 2020
Billions of IoT devices
BI Intelligence
2 billion GB, 600 million
queries/sec
278 billion
messages/day
13. 13© 2016 Rogue Wave Software, Inc. All Rights Reserved. 13
Packages
• 1000’s of repositories
• Everything rough around the edges
• Venture capitalists:
“There will be ~10 OSS packages”
CHAO
S
• 1000’s of packages
• Elevated repositories
• Package management systems
• Strong technical benefits
• FUD around licensing
• Millions of packages
• Dominant repositories
• Safe adoption of OSS
• Commercial support options
NEUTRAL
LOVE
14. 14© 2016 Rogue Wave Software, Inc. All Rights Reserved. 14
Languages
• Few language choices
• Everything written from scratch
• No standards
• Weak tool support
CHAO
S
• New scripting languages for web development
• Frameworks and other tools accelerate development
• Web and other standards become common
• Many languages: declarative, functional, statically typed
• Strong competition among frameworks & tools
• “Best tool for the job” is the norm
• Possible downside: tyranny of choice
NEUTRAL
LOVE
15. 15© 2016 Rogue Wave Software, Inc. All Rights Reserved. 15
Skills
• Nobody knows OSS
• Developer leaves code is unmaintainable
• No formal support or training available
CHAO
S
• OSS becomes common, easier to find developers
• Training available for some key packages
• OSS experience appears on resumes
• Formal training and certification available
• Professional support, guidance, and migration help
• OSS history and code is key to getting a job
• Employers looking specifically for OSS experts
NEUTRAL
LOVE
16. 16© 2016 Rogue Wave Software, Inc. All Rights Reserved. 16
Call security
17. 17© 2016 Rogue Wave Software, Inc. All Rights Reserved. 17
Security confidence
• Growth in software complexity leads to more vulnerabilities
• Large developer base doesn’t imply constant (or skilled) vigilance
On Apache Struts: “It is not noteworthy that an open source project could
have a severe vulnerability [it’s] that this flaw went undetected for at least
seven years.”
• Potentially millions of servers
• “seeing 10 to 15 attacks per second”1
• Example loss: 4.5 million patient records2
• 8 other flaws in core packages the first week of 2015
1. CloudFlare
2. Reuters: U.S hospital breach biggest yet to exploit Heartbleed bug
18. 18© 2016 Rogue Wave Software, Inc. All Rights Reserved. 18
Security evolution
• No focus on security, unknown quality
• Every project has own approach to security
• Code is available: easy to attack
CHAO
S
• “Given enough eyeballs, all bugs are shallow”
• OSS is just code: similar to proprietary
• Treat all code the same
• Code is available: Static and dynamic code analysis
• Security elevated to “critical feature” status
• Initiatives to improve widely used infrastructure
NEUTRAL
LOVE
19. 19© 2016 Rogue Wave Software, Inc. All Rights Reserved. 19
Poll #3
How does your team know when an OSS package has a vulnerability?
A. We don’t
B. We read the news
C. We monitor vulnerability reports, databases, etc.
D. We monitor reports and perform regular security scans
20. 20© 2016 Rogue Wave Software, Inc. All Rights Reserved. 20
Keys to licensing
21. 21© 2016 Rogue Wave Software, Inc. All Rights Reserved. 21
Licensing confidence
• Growth in licensing
• Top licenses on GitHub1: MIT (44.69%), GPL 2.0 (12.96%), Apache
(11.19%), GPL 3.0 (8.88%)
v.s
XimpleWare
Only 35 percent of companies have written policies requiring them to use
properly licensed software
v.s
1. GitHub: Open source license usage
22. 22© 2016 Rogue Wave Software, Inc. All Rights Reserved. 22
Licensing evolution
• No license
• DIY licenses
• ”Vanity” licenses
• Non-OSS licenses
CHAO
S
• ”Copyleft”
• “Business-friendly”
• Use case dependent obligations
• Better developer awareness
• Attorneys up-to-speed on OSS
• Professional auditing services
NEUTRAL
LOVE
23. 23© 2016 Rogue Wave Software, Inc. All Rights Reserved. 23
Poll #4
24. 24© 2016 Rogue Wave Software, Inc. All Rights Reserved. 24
A brief history of the
future
25. 25© 2016 Rogue Wave Software, Inc. All Rights Reserved. 25
Future OSS technologies
• VR/AR
– Virtual Reality
– Augmented Reality
– Magic Leap
• Cognitive computing
– Artificial intelligence
– Machine learning
– Deep learning
• Autonomous vehicles
– osvehicle.com
– CANtact
– OSS code for driving
26. 26© 2016 Rogue Wave Software, Inc. All Rights Reserved. 26
Summary
A tyranny of choice
Many license options, most
don’t know how to manage
or track
• Awareness building
• Audits becoming
commonplace or
mandatoryVulnerabilities go
undetected, elevating
security to a critical feature
• Static and dynamic
analysis help
Packages and languages have
exploded, requiring new skills
• Rise of the “open source
developer”
• CEO top 5 strategy
28. 28© 2016 Rogue Wave Software, Inc. All Rights Reserved. 28
Watch on demand
• Watch this webinar on demand
• Read the recap blog to see the results of the
polls and Q&A session
29. 29© 2016 Rogue Wave Software, Inc. All Rights Reserved. 29
Follow up
Free newsletter: vulnerabilities, industry news, and enterprise support stories
openlogic.com/products-services/openlogic-exchange/openupdate
For OpenLogic support customers:
OSS Radio
30. 30© 2016 Rogue Wave Software, Inc. All Rights Reserved. 30
Stay tuned
Top open source lessons for every enterprise
June 29: When is free not free: The true costs of open source
Knowing the OSS in use is key to reducing technical, security, and licensing hurdles – how do you
do it?
July 13: Open source applied: Real-world uses
Examine actual field issues, from architecture to production, to better select and use the right
packages.
July 27: Top issues in the top enterprise packages
Dive into specific packages with two architects to discover what goes right and what goes wrong.
Editor's Notes For open source included in software that you’re releasing, are you compliant with all license obligations?
Yes
No
Probably not
Don’t know
(talk about code for internal and external releases)