SlideShare a Scribd company logo

OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)

FINOS
FINOS

Gil Yehuda, Oath: Open Source Horror Stories (and lessons learned). Open Source is not just about unicorns and rainbows where nice developers give you free code and fix it for you. This talk will feature a few cringeworthy but real-world stories of open source situations gone bad. We’ll talk about cases where people published things they should not have, licenses with terms you’d never agree with, employees who forget who signs their paychecks, DMCA takedowns that kill your code, and situations where you now own someone else’s mistakes. Names and some details will be withheld to protect the innocent and guilty alike. But each case points to a policy which you should put in place to protect your projects and your interests in the world of open source. At the end of this talk you’ll see why many companies manage an open source program the way they do.

Technology
1 of 27
Download to read offline
Open Source Horror Stories How to manage the open source process to get desired results Gil Yehuda November 2017
About me ● I run the open source program office at Oath: Inc. ● Oath is basically Yahoo! + Aol. and part of Verizon ● Long ago I worked at Fidelity Investments where I opposed our move to create an open source program. ● I was mistaken and overruled by smarter people. ● I write about open source too.
Today’s Agenda True stories Simple lessons A takeaway
Sample vs. Scale ● Imagine a bug that has a 1/billion chance of causing a catastrophic failure. ● Imagine the bug is in your transaction processing server. ● Failure occurs three times a day.
The Takeaway ● Horror stories almost never happen. When you manage a lot of open source, you are more likely to face problems. Think about scale, not sample. ● Positive outcomes require coordinated efforts. Believing doesn’t make open source work. You need allies who see tangible benefit to help. ● Even luddite companies can overcome their self-imposed obstacles. It takes work and someone to lead that effort. Perhaps that's you.
Stories of pessimism and optimism Engineers decide Should you sign that CLA? Trusting the Source Me? Insecure?
When engineers don’t ask ● Mark took code from his last company and put in our project. We found out during a review when we going to publish the code in an open source project. ● A company open sourced a project and we noticed our code in it, and our former employee's name too. ● Divya took code she wrote as an intern and posted it on Github to show her work (for future employers). Sadly she hardcoded server names and passwords.
Engineers who don't trust the process make their own rules. Their rules are based on how they think code sharing should work. They are often mistaken.
Create practices that match your policies Inconsistent practices erode trust and drive engineers to disclose less.
Making engineers sign terms they will them be asked to violate?!
Trusting the source to do no evil ● Someone moved their code from github and broke my build ● A dependency added to their project, it’s now in my product ● We forked a project which got a DMCA takedown
When things work well we become less paranoid
github/them/foo github/us/foo gitcorp/us/foo A 3rd party issues a DMCA takedown on /foo
Conduct a rational audit of your build/mirror process Consider DMCA of forks, code injection, and dependency bugs
CLAs that ask for too much Most CLAs are OK
No one reads the fine print
Should you agree to this?
Worth a healthy conversation about scope before you sign this one
Create a fast path to CLA approval
Me insecure? ● Without 2FA, you are one p4ssw0rd away from a leak. ● Adding people to your org is easy. When do you remove them?
Your open source program office is also a Github ops group. Automate!
The Real Horror Story The tech-dependent company that ● does not have an open source program ● filled with engineers who don’t ask for help ● yet face the reality of bad actors, poorly written legal documents, ● but make overly optimistic decisions.
How do Open Source Programs add processes that enable speed? By providing trusted guidance about publication rights, effective code protection strategies, fast support for legal questions, ensuring better long term technical outcomes.
Processes get in the way
Help the runners go the distance
Thank you Gil Yehuda Work: gyehuda@oath.com Home: gil@gilyehuda.com

Recommended

How to run a kick ass bug bounty program - Node Summit 2013
How to run a kick ass bug bounty program - Node Summit 2013How to run a kick ass bug bounty program - Node Summit 2013
How to run a kick ass bug bounty program - Node Summit 2013bugcrowd
 
Fail fast! approach
Fail fast! approachFail fast! approach
Fail fast! approachDanylenko Max
 
Agile Mindset for Your Startup: From Vision to Viability
Agile Mindset for Your Startup: From Vision to ViabilityAgile Mindset for Your Startup: From Vision to Viability
Agile Mindset for Your Startup: From Vision to ViabilityAbby Fichtner
 
Apply your growth hacking strategy into product developing stage
Apply your growth hacking strategy into product developing stageApply your growth hacking strategy into product developing stage
Apply your growth hacking strategy into product developing stageBenson Chang
 
Running efficient distributed teams
Running efficient distributed teamsRunning efficient distributed teams
Running efficient distributed teamsRicardo J. Mendez
 
Everything you wanted to know about making an R package but were afraid to ask
Everything you wanted to know about making an R package but were afraid to askEverything you wanted to know about making an R package but were afraid to ask
Everything you wanted to know about making an R package but were afraid to askEmily Robinson
 
Starting Lean: How to Find Out If Your Business Idea Has Potential In Days an...
Starting Lean: How to Find Out If Your Business Idea Has Potential In Days an...Starting Lean: How to Find Out If Your Business Idea Has Potential In Days an...
Starting Lean: How to Find Out If Your Business Idea Has Potential In Days an...Kissmetrics on SlideShare
 
Five Whys
Five WhysFive Whys
Five WhysUbersoldat
 

Recommended

How to run a kick ass bug bounty program - Node Summit 2013
How to run a kick ass bug bounty program - Node Summit 2013How to run a kick ass bug bounty program - Node Summit 2013
How to run a kick ass bug bounty program - Node Summit 2013bugcrowd
 
Fail fast! approach
Fail fast! approachFail fast! approach
Fail fast! approachDanylenko Max
 
Agile Mindset for Your Startup: From Vision to Viability
Agile Mindset for Your Startup: From Vision to ViabilityAgile Mindset for Your Startup: From Vision to Viability
Agile Mindset for Your Startup: From Vision to ViabilityAbby Fichtner
 
Apply your growth hacking strategy into product developing stage
Apply your growth hacking strategy into product developing stageApply your growth hacking strategy into product developing stage
Apply your growth hacking strategy into product developing stageBenson Chang
 
Running efficient distributed teams
Running efficient distributed teamsRunning efficient distributed teams
Running efficient distributed teamsRicardo J. Mendez
 
Everything you wanted to know about making an R package but were afraid to ask
Everything you wanted to know about making an R package but were afraid to askEverything you wanted to know about making an R package but were afraid to ask
Everything you wanted to know about making an R package but were afraid to askEmily Robinson
 
Starting Lean: How to Find Out If Your Business Idea Has Potential In Days an...
Starting Lean: How to Find Out If Your Business Idea Has Potential In Days an...Starting Lean: How to Find Out If Your Business Idea Has Potential In Days an...
Starting Lean: How to Find Out If Your Business Idea Has Potential In Days an...Kissmetrics on SlideShare
 
Five Whys
Five WhysFive Whys
Five WhysUbersoldat
 
From DevOps to NoOps how not to get Equifaxed Apidays
From DevOps to NoOps how not to get Equifaxed ApidaysFrom DevOps to NoOps how not to get Equifaxed Apidays
From DevOps to NoOps how not to get Equifaxed ApidaysOri Pekelman
 
Baby steps in an agile world
Baby steps in an agile worldBaby steps in an agile world
Baby steps in an agile worldJesse Rodgers
 
Impact Mapping: Making an Impact over Shipping Software
Impact Mapping: Making an Impact over Shipping SoftwareImpact Mapping: Making an Impact over Shipping Software
Impact Mapping: Making an Impact over Shipping SoftwareEm Campbell-Pretty
 
The Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecThe Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecJames Wickett
 
Websites are a symptom, not the cause
Websites are a symptom, not the causeWebsites are a symptom, not the cause
Websites are a symptom, not the causeSally Lait
 
Make it Fixable (Security Divas 2017)
Make it Fixable (Security Divas 2017)Make it Fixable (Security Divas 2017)
Make it Fixable (Security Divas 2017)Patricia Aas
 
Plugged-In Management for Quixey
Plugged-In Management for QuixeyPlugged-In Management for Quixey
Plugged-In Management for QuixeyTerri Griffith
 
Thinkful DC - Building a Virtual Pet with JavaScript
Thinkful DC - Building a Virtual Pet with JavaScriptThinkful DC - Building a Virtual Pet with JavaScript
Thinkful DC - Building a Virtual Pet with JavaScriptTJ Stalcup
 
The True Cost of Open Source
The True Cost of Open SourceThe True Cost of Open Source
The True Cost of Open SourcePatrick Steele-Idem
 
The Five Whys
The Five WhysThe Five Whys
The Five WhysRomains Bos, PMP, MBA
 
Ward.le roy
Ward.le royWard.le roy
Ward.le royNASAPMC
 
Avoiding the Agile Alignment Trap with DevOps
Avoiding the Agile Alignment Trap with DevOpsAvoiding the Agile Alignment Trap with DevOps
Avoiding the Agile Alignment Trap with DevOpsMike Long
 
Lean Startup: How Development Looks Different When You're Changing the World ...
Lean Startup: How Development Looks Different When You're Changing the World ...Lean Startup: How Development Looks Different When You're Changing the World ...
Lean Startup: How Development Looks Different When You're Changing the World ...Abby Fichtner
 
The 80percent case
The 80percent caseThe 80percent case
The 80percent caseKonrad Synoradzki
 
InnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your companyInnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your companyEric Caron
 
Open Source Craft at Twitter
Open Source Craft at TwitterOpen Source Craft at Twitter
Open Source Craft at TwitterChris Aniszczyk
 
Open source contribution policies, OW2online, June 2020
Open source contribution policies, OW2online, June 2020Open source contribution policies, OW2online, June 2020
Open source contribution policies, OW2online, June 2020OW2
 
Open source contribution policies, OW2online, June 2020
Open source contribution policies, OW2online, June 2020Open source contribution policies, OW2online, June 2020
Open source contribution policies, OW2online, June 2020OW2
 
Open Source Contribution Policies That Don't Suck
Open Source Contribution Policies That Don't SuckOpen Source Contribution Policies That Don't Suck
Open Source Contribution Policies That Don't SuckTobie Langel
 
'Open source contribution policies that don’t suck!'
'Open source contribution policies that don’t suck!''Open source contribution policies that don’t suck!'
'Open source contribution policies that don’t suck!'Shane Coughlan
 
Outsourcing web development ultimate guide (1)
Outsourcing web development ultimate guide (1)Outsourcing web development ultimate guide (1)
Outsourcing web development ultimate guide (1)Katy Slemon
 
A tale of two cities: Merging Yahoo and Aol’s open source programs
A tale of two cities: Merging Yahoo and Aol’s open source programsA tale of two cities: Merging Yahoo and Aol’s open source programs
A tale of two cities: Merging Yahoo and Aol’s open source programsAshley Wolf
 

More Related Content

What's hot

From DevOps to NoOps how not to get Equifaxed Apidays
From DevOps to NoOps how not to get Equifaxed ApidaysFrom DevOps to NoOps how not to get Equifaxed Apidays
From DevOps to NoOps how not to get Equifaxed ApidaysOri Pekelman
 
Baby steps in an agile world
Baby steps in an agile worldBaby steps in an agile world
Baby steps in an agile worldJesse Rodgers
 
Impact Mapping: Making an Impact over Shipping Software
Impact Mapping: Making an Impact over Shipping SoftwareImpact Mapping: Making an Impact over Shipping Software
Impact Mapping: Making an Impact over Shipping SoftwareEm Campbell-Pretty
 
The Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecThe Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecJames Wickett
 
Websites are a symptom, not the cause
Websites are a symptom, not the causeWebsites are a symptom, not the cause
Websites are a symptom, not the causeSally Lait
 
Make it Fixable (Security Divas 2017)
Make it Fixable (Security Divas 2017)Make it Fixable (Security Divas 2017)
Make it Fixable (Security Divas 2017)Patricia Aas
 
Plugged-In Management for Quixey
Plugged-In Management for QuixeyPlugged-In Management for Quixey
Plugged-In Management for QuixeyTerri Griffith
 
Thinkful DC - Building a Virtual Pet with JavaScript
Thinkful DC - Building a Virtual Pet with JavaScriptThinkful DC - Building a Virtual Pet with JavaScript
Thinkful DC - Building a Virtual Pet with JavaScriptTJ Stalcup
 
Ward.le roy
Ward.le royWard.le roy
Ward.le royNASAPMC
 
Avoiding the Agile Alignment Trap with DevOps
Avoiding the Agile Alignment Trap with DevOpsAvoiding the Agile Alignment Trap with DevOps
Avoiding the Agile Alignment Trap with DevOpsMike Long
 
Lean Startup: How Development Looks Different When You're Changing the World ...
Lean Startup: How Development Looks Different When You're Changing the World ...Lean Startup: How Development Looks Different When You're Changing the World ...
Lean Startup: How Development Looks Different When You're Changing the World ...Abby Fichtner
 

What's hot (14)

From DevOps to NoOps how not to get Equifaxed Apidays
From DevOps to NoOps how not to get Equifaxed ApidaysFrom DevOps to NoOps how not to get Equifaxed Apidays
From DevOps to NoOps how not to get Equifaxed Apidays
 
Baby steps in an agile world
Baby steps in an agile worldBaby steps in an agile world
Baby steps in an agile world
 
Impact Mapping: Making an Impact over Shipping Software
Impact Mapping: Making an Impact over Shipping SoftwareImpact Mapping: Making an Impact over Shipping Software
Impact Mapping: Making an Impact over Shipping Software
 
The Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecThe Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSec
 
Websites are a symptom, not the cause
Websites are a symptom, not the causeWebsites are a symptom, not the cause
Websites are a symptom, not the cause
 
Make it Fixable (Security Divas 2017)
Make it Fixable (Security Divas 2017)Make it Fixable (Security Divas 2017)
Make it Fixable (Security Divas 2017)
 
Plugged-In Management for Quixey
Plugged-In Management for QuixeyPlugged-In Management for Quixey
Plugged-In Management for Quixey
 
Thinkful DC - Building a Virtual Pet with JavaScript
Thinkful DC - Building a Virtual Pet with JavaScriptThinkful DC - Building a Virtual Pet with JavaScript
Thinkful DC - Building a Virtual Pet with JavaScript
 
The True Cost of Open Source
The True Cost of Open SourceThe True Cost of Open Source
The True Cost of Open Source
 
The Five Whys
The Five WhysThe Five Whys
The Five Whys
 
Ward.le roy
Ward.le royWard.le roy
Ward.le roy
 
Avoiding the Agile Alignment Trap with DevOps
Avoiding the Agile Alignment Trap with DevOpsAvoiding the Agile Alignment Trap with DevOps
Avoiding the Agile Alignment Trap with DevOps
 
Lean Startup: How Development Looks Different When You're Changing the World ...
Lean Startup: How Development Looks Different When You're Changing the World ...Lean Startup: How Development Looks Different When You're Changing the World ...
Lean Startup: How Development Looks Different When You're Changing the World ...
 
The 80percent case
The 80percent caseThe 80percent case
The 80percent case
 

Similar to OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)

InnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your companyInnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your companyEric Caron
 
Open Source Craft at Twitter
Open Source Craft at TwitterOpen Source Craft at Twitter
Open Source Craft at TwitterChris Aniszczyk
 
Open source contribution policies, OW2online, June 2020
Open source contribution policies, OW2online, June 2020Open source contribution policies, OW2online, June 2020
Open source contribution policies, OW2online, June 2020OW2
 
Open source contribution policies, OW2online, June 2020
Open source contribution policies, OW2online, June 2020Open source contribution policies, OW2online, June 2020
Open source contribution policies, OW2online, June 2020OW2
 
Open Source Contribution Policies That Don't Suck
Open Source Contribution Policies That Don't SuckOpen Source Contribution Policies That Don't Suck
Open Source Contribution Policies That Don't SuckTobie Langel
 
'Open source contribution policies that don’t suck!'
'Open source contribution policies that don’t suck!''Open source contribution policies that don’t suck!'
'Open source contribution policies that don’t suck!'Shane Coughlan
 
Outsourcing web development ultimate guide (1)
Outsourcing web development ultimate guide (1)Outsourcing web development ultimate guide (1)
Outsourcing web development ultimate guide (1)Katy Slemon
 
A tale of two cities: Merging Yahoo and Aol’s open source programs
A tale of two cities: Merging Yahoo and Aol’s open source programsA tale of two cities: Merging Yahoo and Aol’s open source programs
A tale of two cities: Merging Yahoo and Aol’s open source programsAshley Wolf
 
IDCEE 2013: How to do a successful company around open source - Michael Widen...
IDCEE 2013: How to do a successful company around open source - Michael Widen...IDCEE 2013: How to do a successful company around open source - Michael Widen...
IDCEE 2013: How to do a successful company around open source - Michael Widen...IDCEE
 
To Open Source or Not to Open Source...Where is the ROI?
To Open Source or Not to Open Source...Where is the ROI?To Open Source or Not to Open Source...Where is the ROI?
To Open Source or Not to Open Source...Where is the ROI?Ted Haeger
 
“Why Content Projects Fail” by Deane Barker - Now What? Conference 2017
“Why Content Projects Fail” by Deane Barker - Now What? Conference 2017“Why Content Projects Fail” by Deane Barker - Now What? Conference 2017
“Why Content Projects Fail” by Deane Barker - Now What? Conference 2017Blend Interactive
 
Micheal Monty Widenius - Free Open Source Software Entrepreneurship
Micheal Monty Widenius - Free Open Source Software EntrepreneurshipMicheal Monty Widenius - Free Open Source Software Entrepreneurship
Micheal Monty Widenius - Free Open Source Software EntrepreneurshipSouth Tyrol Free Software Conference
 
Why Content Projects Fail - Deane Barker - Presentation at eZ Conference 2017
Why Content Projects Fail - Deane Barker - Presentation at eZ Conference 2017Why Content Projects Fail - Deane Barker - Presentation at eZ Conference 2017
Why Content Projects Fail - Deane Barker - Presentation at eZ Conference 2017eZ Systems
 
[DSC Adria 23] Radovan Bacovic Steal Our Knowledge Please.pptx
[DSC Adria 23] Radovan Bacovic Steal Our Knowledge Please.pptx[DSC Adria 23] Radovan Bacovic Steal Our Knowledge Please.pptx
[DSC Adria 23] Radovan Bacovic Steal Our Knowledge Please.pptxDataScienceConferenc1
 
How to Open Source an Internal Project
How to Open Source an Internal ProjectHow to Open Source an Internal Project
How to Open Source an Internal ProjectAll Things Open
 
Agile product development
Agile product developmentAgile product development
Agile product developmentBrenn Hill
 
How to successfully grow a code review culture
How to successfully grow a code review cultureHow to successfully grow a code review culture
How to successfully grow a code review cultureNina Zakharenko
 
Playing By The Rules Wiliam
Playing By The Rules WiliamPlaying By The Rules Wiliam
Playing By The Rules Wiliamwiliamau
 
My Bug Hunting With Open Source
My Bug Hunting With Open SourceMy Bug Hunting With Open Source
My Bug Hunting With Open SourceMadhu Akula
 

Similar to OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED) (20)

InnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your companyInnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your company
 
Open Source Craft at Twitter
Open Source Craft at TwitterOpen Source Craft at Twitter
Open Source Craft at Twitter
 
Open source contribution policies, OW2online, June 2020
Open source contribution policies, OW2online, June 2020Open source contribution policies, OW2online, June 2020
Open source contribution policies, OW2online, June 2020
 
Open source contribution policies, OW2online, June 2020
Open source contribution policies, OW2online, June 2020Open source contribution policies, OW2online, June 2020
Open source contribution policies, OW2online, June 2020
 
Open Source Contribution Policies That Don't Suck
Open Source Contribution Policies That Don't SuckOpen Source Contribution Policies That Don't Suck
Open Source Contribution Policies That Don't Suck
 
'Open source contribution policies that don’t suck!'
'Open source contribution policies that don’t suck!''Open source contribution policies that don’t suck!'
'Open source contribution policies that don’t suck!'
 
Outsourcing web development ultimate guide (1)
Outsourcing web development ultimate guide (1)Outsourcing web development ultimate guide (1)
Outsourcing web development ultimate guide (1)
 
A tale of two cities: Merging Yahoo and Aol’s open source programs
A tale of two cities: Merging Yahoo and Aol’s open source programsA tale of two cities: Merging Yahoo and Aol’s open source programs
A tale of two cities: Merging Yahoo and Aol’s open source programs
 
IDCEE 2013: How to do a successful company around open source - Michael Widen...
IDCEE 2013: How to do a successful company around open source - Michael Widen...IDCEE 2013: How to do a successful company around open source - Michael Widen...
IDCEE 2013: How to do a successful company around open source - Michael Widen...
 
To Open Source or Not to Open Source...Where is the ROI?
To Open Source or Not to Open Source...Where is the ROI?To Open Source or Not to Open Source...Where is the ROI?
To Open Source or Not to Open Source...Where is the ROI?
 
“Why Content Projects Fail” by Deane Barker - Now What? Conference 2017
“Why Content Projects Fail” by Deane Barker - Now What? Conference 2017“Why Content Projects Fail” by Deane Barker - Now What? Conference 2017
“Why Content Projects Fail” by Deane Barker - Now What? Conference 2017
 
Micheal Monty Widenius - Free Open Source Software Entrepreneurship
Micheal Monty Widenius - Free Open Source Software EntrepreneurshipMicheal Monty Widenius - Free Open Source Software Entrepreneurship
Micheal Monty Widenius - Free Open Source Software Entrepreneurship
 
Let's talk FOSS!
Let's talk FOSS!Let's talk FOSS!
Let's talk FOSS!
 
Why Content Projects Fail - Deane Barker - Presentation at eZ Conference 2017
Why Content Projects Fail - Deane Barker - Presentation at eZ Conference 2017Why Content Projects Fail - Deane Barker - Presentation at eZ Conference 2017
Why Content Projects Fail - Deane Barker - Presentation at eZ Conference 2017
 
[DSC Adria 23] Radovan Bacovic Steal Our Knowledge Please.pptx
[DSC Adria 23] Radovan Bacovic Steal Our Knowledge Please.pptx[DSC Adria 23] Radovan Bacovic Steal Our Knowledge Please.pptx
[DSC Adria 23] Radovan Bacovic Steal Our Knowledge Please.pptx
 
How to Open Source an Internal Project
How to Open Source an Internal ProjectHow to Open Source an Internal Project
How to Open Source an Internal Project
 
Agile product development
Agile product developmentAgile product development
Agile product development
 
How to successfully grow a code review culture
How to successfully grow a code review cultureHow to successfully grow a code review culture
How to successfully grow a code review culture
 
Playing By The Rules Wiliam
Playing By The Rules WiliamPlaying By The Rules Wiliam
Playing By The Rules Wiliam
 
My Bug Hunting With Open Source
My Bug Hunting With Open SourceMy Bug Hunting With Open Source
My Bug Hunting With Open Source
 

More from FINOS

2019-03 - An introduction to FINOS
2019-03 - An introduction to FINOS2019-03 - An introduction to FINOS
2019-03 - An introduction to FINOSFINOS
 
OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...
OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...
OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...FINOS
 
OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...
OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...
OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...FINOS
 
OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Com...
OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Com...OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Com...
OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Com...FINOS
 
OSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web Intents
OSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web IntentsOSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web Intents
OSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web IntentsFINOS
 
OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...
OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...
OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...FINOS
 
OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...
OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...
OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...FINOS
 
OSSF 2018 - Jilayne Lovejoy - Training: Intro to Open Source
OSSF 2018 - Jilayne Lovejoy - Training: Intro to Open SourceOSSF 2018 - Jilayne Lovejoy - Training: Intro to Open Source
OSSF 2018 - Jilayne Lovejoy - Training: Intro to Open SourceFINOS
 
OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...
OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...
OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...FINOS
 
OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...
OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...
OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...FINOS
 
OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...
OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...
OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...FINOS
 
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...FINOS
 
OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...
OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...
OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...FINOS
 
OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...
OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...
OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...FINOS
 
OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...
OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...
OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...FINOS
 
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101FINOS
 
OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...
OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...
OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...FINOS
 
OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...
OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...
OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...FINOS
 
OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...
OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...
OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...FINOS
 
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...FINOS
 

More from FINOS (20)

2019-03 - An introduction to FINOS
2019-03 - An introduction to FINOS2019-03 - An introduction to FINOS
2019-03 - An introduction to FINOS
 
OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...
OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...
OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...
 
OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...
OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...
OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...
 
OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Com...
OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Com...OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Com...
OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Com...
 
OSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web Intents
OSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web IntentsOSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web Intents
OSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web Intents
 
OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...
OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...
OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...
 
OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...
OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...
OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...
 
OSSF 2018 - Jilayne Lovejoy - Training: Intro to Open Source
OSSF 2018 - Jilayne Lovejoy - Training: Intro to Open SourceOSSF 2018 - Jilayne Lovejoy - Training: Intro to Open Source
OSSF 2018 - Jilayne Lovejoy - Training: Intro to Open Source
 
OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...
OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...
OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...
 
OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...
OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...
OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...
 
OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...
OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...
OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...
 
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
 
OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...
OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...
OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...
 
OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...
OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...
OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...
 
OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...
OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...
OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...
 
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
 
OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...
OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...
OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...
 
OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...
OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...
OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...
 
OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...
OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...
OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...
 
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...
 

Recently uploaded

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)

  • 1. Open Source Horror Stories How to manage the open source process to get desired results Gil Yehuda November 2017
  • 2. About me ● I run the open source program office at Oath: Inc. ● Oath is basically Yahoo! + Aol. and part of Verizon ● Long ago I worked at Fidelity Investments where I opposed our move to create an open source program. ● I was mistaken and overruled by smarter people. ● I write about open source too.
  • 4. Sample vs. Scale ● Imagine a bug that has a 1/billion chance of causing a catastrophic failure. ● Imagine the bug is in your transaction processing server. ● Failure occurs three times a day.
  • 5. The Takeaway ● Horror stories almost never happen. When you manage a lot of open source, you are more likely to face problems. Think about scale, not sample. ● Positive outcomes require coordinated efforts. Believing doesn’t make open source work. You need allies who see tangible benefit to help. ● Even luddite companies can overcome their self-imposed obstacles. It takes work and someone to lead that effort. Perhaps that's you.
  • 6. Stories of pessimism and optimism Engineers decide Should you sign that CLA? Trusting the Source Me? Insecure?
  • 7. When engineers don’t ask ● Mark took code from his last company and put in our project. We found out during a review when we going to publish the code in an open source project. ● A company open sourced a project and we noticed our code in it, and our former employee's name too. ● Divya took code she wrote as an intern and posted it on Github to show her work (for future employers). Sadly she hardcoded server names and passwords.
  • 8. Engineers who don't trust the process make their own rules. Their rules are based on how they think code sharing should work. They are often mistaken.
  • 9. Create practices that match your policies Inconsistent practices erode trust and drive engineers to disclose less.
  • 10. Making engineers sign terms they will them be asked to violate?!
  • 11. Trusting the source to do no evil ● Someone moved their code from github and broke my build ● A dependency added to their project, it’s now in my product ● We forked a project which got a DMCA takedown
  • 12. When things work well we become less paranoid
  • 13. github/them/foo github/us/foo gitcorp/us/foo A 3rd party issues a DMCA takedown on /foo
  • 14. Conduct a rational audit of your build/mirror process Consider DMCA of forks, code injection, and dependency bugs
  • 15. CLAs that ask for too much Most CLAs are OK
  • 16. No one reads the fine print
  • 17. Should you agree to this?
  • 18. Worth a healthy conversation about scope before you sign this one
  • 19. Create a fast path to CLA approval
  • 20. Me insecure? ● Without 2FA, you are one p4ssw0rd away from a leak. ● Adding people to your org is easy. When do you remove them?
  • 21. Your open source program office is also a Github ops group. Automate!
  • 22. The Real Horror Story The tech-dependent company that ● does not have an open source program ● filled with engineers who don’t ask for help ● yet face the reality of bad actors, poorly written legal documents, ● but make overly optimistic decisions.
  • 23. How do Open Source Programs add processes that enable speed? By providing trusted guidance about publication rights, effective code protection strategies, fast support for legal questions, ensuring better long term technical outcomes.
  • 25. Help the runners go the distance
  • 26.
  • 27. Thank you Gil Yehuda Work: gyehuda@oath.com Home: gil@gilyehuda.com