Rogue Wave Software , profile picture
Uploaded byRogue Wave Software
PPTX, PDF151 views

Are open source and embedded software development on a collision course?

The document discusses the intersection of open source software (OSS) and commercial support, highlighting the prevalence of OSS in organizations and the associated legal risks and compliance challenges. It emphasizes the importance of having clear policies, support mechanisms, and the necessity for organizations to audit their code for legal obligations. Additionally, it calls for implementing safety and security measures, including monitoring vulnerabilities and utilizing static analysis tools.

Embed presentation

Download to read offline
1© 2017 Rogue Wave Software, Inc. All Rights Reserved. Are open source and embedded software development on a collision course? Rod Cope, CTO RogueWave Software
2© 2017 Rogue Wave Software, Inc. All Rights Reserved. Presenter Rod Cope CTO Rogue Wave Software rod.cope@roguewave.com Twitter: @rodcope
3© 2017 Rogue Wave Software, Inc. All Rights Reserved. Agenda 1. Introduction 2. Using OSS 3. License risk 4. MISRA, OWASP 5. Safety & security 6. Q & A
4© 2017 Rogue Wave Software, Inc. All Rights Reserved. Introduction
5© 2017 Rogue Wave Software, Inc. All Rights Reserved. Open source is everywhere GitHub 5 million+ OSS projects 80+ Licenses approved by OSI 98% of organizations use OSS https://guides.github.com/activities/contributing-to-open-source/ https://opensource.org/licenses/alphabetical http://www.roguewave.com/programs/open-source-support-report
7© 2017 Rogue Wave Software, Inc. All Rights Reserved. 67% of developers are not sure if there’s a policy for source code, or don’t know what it is. http://www.roguewave.com/resources/white-papers/software-security-begins-with-flaw-free,-standards
8© 2017 Rogue Wave Software, Inc. All Rights Reserved. Using OSS
9© 2017 Rogue Wave Software, Inc. All Rights Reserved. Support the implementation Self-support Committer support Community support Commercial support
10© 2017 Rogue Wave Software, Inc. All Rights Reserved. Why use commercial support Missing skillset Time constraints People change jobs
11© 2017 Rogue Wave Software, Inc. All Rights Reserved. Commercial support example The original implementation was not built for scale. We’ll help you build a workaround. We’re experiencing heavy latency and heavy resource utilization with ActiveMQ. The person who built this left.
12© 2017 Rogue Wave Software, Inc. All Rights Reserved. Support the selected software 80% of support issues are either a lack of product knowledge, or something in the environment outside of the package. http://www.roguewave.com/programs/open-source-support-report
13© 2017 Rogue Wave Software, Inc. All Rights Reserved. What can organizations do? Detect critical areas Investigate knowledge gaps Implement a plan
14© 2017 Rogue Wave Software, Inc. All Rights Reserved. Legal risk
15© 2017 Rogue Wave Software, Inc. All Rights Reserved. Free comes with restrictions Organizations may be at risk of violating legal obligations.
16© 2017 Rogue Wave Software, Inc. All Rights Reserved. Open source related legal action • Versata v. Ameriprise • XimpleWare v. Versata and Ameriprise • Oracle v. Google • Jacobsen v. Katzer • Welte v. Fantec
17© 2017 Rogue Wave Software, Inc. All Rights Reserved. Audit code Identify packages Bill of materials (BOM) Obligations
18© 2017 Rogue Wave Software, Inc. All Rights Reserved. MISRA, OWASP, etc.
19© 2017 Rogue Wave Software, Inc. All Rights Reserved. Maintain compliance
20© 2017 Rogue Wave Software, Inc. All Rights Reserved. MISRA recommends SCA “In order to ensure that the source code written does conform to the [MISRA] subset it is necessary to have measures in place which check that none of the rules have been broken. The most effective means of achieving this is to use one or more of the static checking tools that are available commercially.” - Section 4.3.1
21© 2017 Rogue Wave Software, Inc. All Rights Reserved. Analysis tools Identify bugs and vulnerabilities Compliance checkers
22© 2017 Rogue Wave Software, Inc. All Rights Reserved. Safety & security
23© 2017 Rogue Wave Software, Inc. All Rights Reserved. Vulnerabilities
24© 2017 Rogue Wave Software, Inc. All Rights Reserved. Remediation Establish processes Research issues Scan all code
25© 2017 Rogue Wave Software, Inc. All Rights Reserved. Community updates Monitor and implement community updates.
26© 2017 Rogue Wave Software, Inc. All Rights Reserved. Critical security announcements OPENUPDATE SIGN UP: roguewave.com/openupdate
27© 2017 Rogue Wave Software, Inc. All Rights Reserved. Monitor and test implementation
28© 2017 Rogue Wave Software, Inc. All Rights Reserved. Q & A
29© 2017 Rogue Wave Software, Inc. All Rights Reserved.

More Related Content

PDF
Web hacking using Cyber range
byPriyanka Aash
 
PPTX
Become a Threat Hunter by Hamza Beghal
byNull Singapore
 
PPTX
Open source and embedded software development
byRogue Wave Software
 
PPTX
Add Security Testing Tools to Your Delivery Pipeline
byGene Gotimer
 
PDF
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
byNetworkCollaborators
 
PPTX
Tony Hodgson (Brainwaive): Your Enterprise is Under Attack: Cyber Security Es...
byAugmentedWorldExpo
 
PPTX
Cybersecurity 101 for Ophthalmology & Physician Practices
byRavi D. Goel, MD
 
PDF
BGA Eğitim Kataloğu
byAsım Önder Kabataş
 
Web hacking using Cyber range
byPriyanka Aash
 
Become a Threat Hunter by Hamza Beghal
byNull Singapore
 
Open source and embedded software development
byRogue Wave Software
 
Add Security Testing Tools to Your Delivery Pipeline
byGene Gotimer
 
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
byNetworkCollaborators
 
Tony Hodgson (Brainwaive): Your Enterprise is Under Attack: Cyber Security Es...
byAugmentedWorldExpo
 
Cybersecurity 101 for Ophthalmology & Physician Practices
byRavi D. Goel, MD
 
BGA Eğitim Kataloğu
byAsım Önder Kabataş
 

What's hot

PDF
Netskope Overview
byNetskope
 
PPTX
Mastering Next Gen SIEM Use Cases (Part 1)
byDNIF
 
PDF
NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi
byNorth Texas Chapter of the ISSA
 
PDF
How Components Increase Speed and Risk
byCA Technologies
 
PPTX
Our Mission and Values
byAmber Sawhill
 
PDF
Webinar: Insights from Cyren's 2016 cyberthreat report
byCyren, Inc
 
PPTX
Lastline RSAC 2018 Highlights
byLastline, Inc.
 
PDF
Webinar: A deep dive on ransomware
byCyren, Inc
 
PDF
Webinar: Is your web security broken? - 10 things you need to know
byCyren, Inc
 
PDF
Tadej Hren: IOT Ransomware
byDomen Savič
 
PDF
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
byNur Shiqim Chok
 
PPTX
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
byThreatConnect
 
PDF
Webinar: IT security at SMBs: 2016 benchmarking survey
byCyren, Inc
 
PPTX
Idc security roadshow may2015 Adrian Aron
byDejan Jeremic
 
PPTX
Rise of Crypto rRansomware
byNapier University
 
PPTX
How Silicon Valley startups are approaching security differently
byScott Cressman
 
PPTX
CeBIT 2015 Presentation
byCyren, Inc
 
PDF
Webinar: Stopping evasive malware - how a cloud sandbox array works
byCyren, Inc
 
PDF
TechWiseTV Workshop: Stealthwatch Cloud
byRobb Boyd
 
PPTX
When assets more valuable than system
byArdha Herdianto
 
Netskope Overview
byNetskope
 
Mastering Next Gen SIEM Use Cases (Part 1)
byDNIF
 
NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi
byNorth Texas Chapter of the ISSA
 
How Components Increase Speed and Risk
byCA Technologies
 
Our Mission and Values
byAmber Sawhill
 
Webinar: Insights from Cyren's 2016 cyberthreat report
byCyren, Inc
 
Lastline RSAC 2018 Highlights
byLastline, Inc.
 
Webinar: A deep dive on ransomware
byCyren, Inc
 
Webinar: Is your web security broken? - 10 things you need to know
byCyren, Inc
 
Tadej Hren: IOT Ransomware
byDomen Savič
 
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
byNur Shiqim Chok
 
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
byThreatConnect
 
Webinar: IT security at SMBs: 2016 benchmarking survey
byCyren, Inc
 
Idc security roadshow may2015 Adrian Aron
byDejan Jeremic
 
Rise of Crypto rRansomware
byNapier University
 
How Silicon Valley startups are approaching security differently
byScott Cressman
 
CeBIT 2015 Presentation
byCyren, Inc
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
byCyren, Inc
 
TechWiseTV Workshop: Stealthwatch Cloud
byRobb Boyd
 
When assets more valuable than system
byArdha Herdianto
 

Similar to Are open source and embedded software development on a collision course?

PPTX
Best practice recommendations for utilizing open source software (from a lega...
byRogue Wave Software
 
PPTX
Cyber security - It starts with the embedded system
byRogue Wave Software
 
PPTX
Everything you need to know about your open source support contract
byRogue Wave Software
 
PPTX
The road towards better automotive cybersecurity
byRogue Wave Software
 
PPTX
Find & fix the flaws in your code
byRogue Wave Software
 
PPTX
Create code confidence for better application security
byRogue Wave Software
 
PPTX
When is free not free: The true costs of open source
byRogue Wave Software
 
PPTX
Continuous security: Bringing agility to the secure development lifecycle
byRogue Wave Software
 
PPTX
How to Keep Developers Happy and Lawyers Calm
byAll Things Open
 
PDF
Open source software: Diligence, compliance, and future trends
byRogue Wave Software
 
PPTX
How enterprises learned to stop worrying and love open source
byRogue Wave Software
 
PDF
Identifying and managing the risks of open source software for PHP developers
byRogue Wave Software
 
PPTX
Shifting the conversation from active interception to proactive neutralization
byRogue Wave Software
 
PPTX
OSS has taken over the enterprise: The top five OSS trends of 2015
byRogue Wave Software
 
PDF
Open source software: The infrastructure impact
byRogue Wave Software
 
PDF
Top 5 best practice for delivering secure in-vehicle software
byRogue Wave Software
 
PPTX
Open Source Support
bySébastien Grimonet
 
PDF
Five ways to protect your software supply chain from hacks, quacks, and wrecks
byRogue Wave Software
 
PDF
Create code confidence for better application security
byRogue Wave Software
 
PDF
Open source software support for the enterprise
byRogue Wave Software
 
Best practice recommendations for utilizing open source software (from a lega...
byRogue Wave Software
 
Cyber security - It starts with the embedded system
byRogue Wave Software
 
Everything you need to know about your open source support contract
byRogue Wave Software
 
The road towards better automotive cybersecurity
byRogue Wave Software
 
Find & fix the flaws in your code
byRogue Wave Software
 
Create code confidence for better application security
byRogue Wave Software
 
When is free not free: The true costs of open source
byRogue Wave Software
 
Continuous security: Bringing agility to the secure development lifecycle
byRogue Wave Software
 
How to Keep Developers Happy and Lawyers Calm
byAll Things Open
 
Open source software: Diligence, compliance, and future trends
byRogue Wave Software
 
How enterprises learned to stop worrying and love open source
byRogue Wave Software
 
Identifying and managing the risks of open source software for PHP developers
byRogue Wave Software
 
Shifting the conversation from active interception to proactive neutralization
byRogue Wave Software
 
OSS has taken over the enterprise: The top five OSS trends of 2015
byRogue Wave Software
 
Open source software: The infrastructure impact
byRogue Wave Software
 
Top 5 best practice for delivering secure in-vehicle software
byRogue Wave Software
 
Open Source Support
bySébastien Grimonet
 
Five ways to protect your software supply chain from hacks, quacks, and wrecks
byRogue Wave Software
 
Create code confidence for better application security
byRogue Wave Software
 
Open source software support for the enterprise
byRogue Wave Software
 

More from Rogue Wave Software

PPTX
Getting the most from your API management platform: A case study
byRogue Wave Software
 
PPTX
Enterprise Linux: Justify your migration from Red Hat to CentOS
byRogue Wave Software
 
PPTX
Walk through an enterprise Linux migration
byRogue Wave Software
 
PPTX
Open source applied - Real world use cases (Presented at Open Source 101)
byRogue Wave Software
 
PPTX
Plan a successful enterprise Linux migration
byRogue Wave Software
 
PPTX
PSD2 & Open Banking: How to go from standards to implementation and compliance
byRogue Wave Software
 
PPTX
How to migrate SourcePro apps from Solaris to Linux
byRogue Wave Software
 
PPTX
5 strategies for enterprise cloud infrastructure success
byRogue Wave Software
 
PPTX
Java 10 and beyond: Keeping up with the language and planning for the future
byRogue Wave Software
 
PPTX
How to keep developers happy and lawyers calm
byRogue Wave Software
 
PPTX
Approaches to debugging mixed-language HPC apps
byRogue Wave Software
 
PPTX
How to keep developers happy and lawyers calm (Presented at ESC Boston)
byRogue Wave Software
 
PDF
Disrupt or be disrupted – Using secure APIs to drive digital transformation
byRogue Wave Software
 
PPTX
Leveraging open banking specifications for rigorous API security – What’s in...
byRogue Wave Software
 
PPTX
Advanced technologies and techniques for debugging HPC applications
byRogue Wave Software
 
PPTX
The Global Influence of Open Banking, API Security, and an Open Data Perspective
byRogue Wave Software
 
PPTX
Adding layers of security to an API in real-time
byRogue Wave Software
 
PPTX
The forgotten route: Making Apache Camel work for you
byRogue Wave Software
 
PPTX
No liftoff, touchdown, or heartbeat shall miss because of a software failure
byRogue Wave Software
 
PDF
Three big mistakes with APIs and microservices
byRogue Wave Software
 
Getting the most from your API management platform: A case study
byRogue Wave Software
 
Enterprise Linux: Justify your migration from Red Hat to CentOS
byRogue Wave Software
 
Walk through an enterprise Linux migration
byRogue Wave Software
 
Open source applied - Real world use cases (Presented at Open Source 101)
byRogue Wave Software
 
Plan a successful enterprise Linux migration
byRogue Wave Software
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
byRogue Wave Software
 
How to migrate SourcePro apps from Solaris to Linux
byRogue Wave Software
 
5 strategies for enterprise cloud infrastructure success
byRogue Wave Software
 
Java 10 and beyond: Keeping up with the language and planning for the future
byRogue Wave Software
 
How to keep developers happy and lawyers calm
byRogue Wave Software
 
Approaches to debugging mixed-language HPC apps
byRogue Wave Software
 
How to keep developers happy and lawyers calm (Presented at ESC Boston)
byRogue Wave Software
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
byRogue Wave Software
 
Leveraging open banking specifications for rigorous API security – What’s in...
byRogue Wave Software
 
Advanced technologies and techniques for debugging HPC applications
byRogue Wave Software
 
The Global Influence of Open Banking, API Security, and an Open Data Perspective
byRogue Wave Software
 
Adding layers of security to an API in real-time
byRogue Wave Software
 
The forgotten route: Making Apache Camel work for you
byRogue Wave Software
 
No liftoff, touchdown, or heartbeat shall miss because of a software failure
byRogue Wave Software
 
Three big mistakes with APIs and microservices
byRogue Wave Software
 

Recently uploaded

PDF
Princeton 2026: Tools That Help You
 Write Better Code
byHenry Schreiner
 
PDF
How Fireworks AI Achieves 1TB_s+ Throughput for Model Deployment Across Multi...
byAlluxio, Inc.
 
PDF
The Future of Microsoft Project Management Tools - Connecting Teams, Work, an...
byOnePlan Solutions
 
PDF
Hack&Verse Kick-off and infor session Event ppt
bysanidhyasahu1120
 
PPTX
NetworkMediaWireless (1).pptxunsnsndjdjdjjdnd
byre7022
 
PDF
Shaping Your 2026 Testing Strategy | Applitools Product Pulse - January 2026
byApplitools
 
PDF
828275126-INTUNE-Instructor-Handout-Part2.pdf
byamdusias67
 
PPTX
Introduction to Software Development and Modern Practices
byM Munim
 
PPTX
Business Central and Copilot pitch deck ppt
byjonbravetti
 
PPTX
Orion Context Broker introduction 20260114
byFermin Galan
 
PDF
DSD-INT 2025 iMOD Parallel coupler development plan - Verkaik
byDeltares
 
PDF
C_ABAPD_2507 (83%).pdf antwoten certificate
byImaneKrioutate
 
PPTX
Free AI Paraphrasing Tool to Rewrite Sentences – SENTENCIFY
bySENTENCIFY
 
PDF
DSD-INT 2025 iMOD Coupler - coupling Ribasim – MetaSWAP – MODFLOW 6 - Leander
byDeltares
 
PPTX
Project System Presentation details process presentation
bytejpratappandey4
 
PDF
DSD-INT 2025 Large scale unsaturated zone modelling - Sequential Steady State...
byDeltares
 
PDF
our environment ppt made by many people name rarang yadav
byrarang180
 
PPTX
Lect 1 Number systems and base conversions. [Autosaved].pptx
byzainiman8511
 
PPTX
EMR Software for Gynaecology Clinics How EasyClinic Supports Continuity, Priv...
byEasy Clinic
 
PDF
Cybernetic Global Intelligence Securing Businesses in a Digital-First World.pdf
byCybernetic Global Intelligence
 
Princeton 2026: Tools That Help You
 Write Better Code
byHenry Schreiner
 
How Fireworks AI Achieves 1TB_s+ Throughput for Model Deployment Across Multi...
byAlluxio, Inc.
 
The Future of Microsoft Project Management Tools - Connecting Teams, Work, an...
byOnePlan Solutions
 
Hack&Verse Kick-off and infor session Event ppt
bysanidhyasahu1120
 
NetworkMediaWireless (1).pptxunsnsndjdjdjjdnd
byre7022
 
Shaping Your 2026 Testing Strategy | Applitools Product Pulse - January 2026
byApplitools
 
828275126-INTUNE-Instructor-Handout-Part2.pdf
byamdusias67
 
Introduction to Software Development and Modern Practices
byM Munim
 
Business Central and Copilot pitch deck ppt
byjonbravetti
 
Orion Context Broker introduction 20260114
byFermin Galan
 
DSD-INT 2025 iMOD Parallel coupler development plan - Verkaik
byDeltares
 
C_ABAPD_2507 (83%).pdf antwoten certificate
byImaneKrioutate
 
Free AI Paraphrasing Tool to Rewrite Sentences – SENTENCIFY
bySENTENCIFY
 
DSD-INT 2025 iMOD Coupler - coupling Ribasim – MetaSWAP – MODFLOW 6 - Leander
byDeltares
 
Project System Presentation details process presentation
bytejpratappandey4
 
DSD-INT 2025 Large scale unsaturated zone modelling - Sequential Steady State...
byDeltares
 
our environment ppt made by many people name rarang yadav
byrarang180
 
Lect 1 Number systems and base conversions. [Autosaved].pptx
byzainiman8511
 
EMR Software for Gynaecology Clinics How EasyClinic Supports Continuity, Priv...
byEasy Clinic
 
Cybernetic Global Intelligence Securing Businesses in a Digital-First World.pdf
byCybernetic Global Intelligence
 

Are open source and embedded software development on a collision course?

  • 1.
    1© 2017 RogueWave Software, Inc. All Rights Reserved. Are open source and embedded software development on a collision course? Rod Cope, CTO RogueWave Software
  • 2.
    2© 2017 RogueWave Software, Inc. All Rights Reserved. Presenter Rod Cope CTO Rogue Wave Software rod.cope@roguewave.com Twitter: @rodcope
  • 3.
    3© 2017 RogueWave Software, Inc. All Rights Reserved. Agenda 1. Introduction 2. Using OSS 3. License risk 4. MISRA, OWASP 5. Safety & security 6. Q & A
  • 4.
    4© 2017 RogueWave Software, Inc. All Rights Reserved. Introduction
  • 5.
    5© 2017 RogueWave Software, Inc. All Rights Reserved. Open source is everywhere GitHub 5 million+ OSS projects 80+ Licenses approved by OSI 98% of organizations use OSS https://guides.github.com/activities/contributing-to-open-source/ https://opensource.org/licenses/alphabetical http://www.roguewave.com/programs/open-source-support-report
  • 6.
    7© 2017 RogueWave Software, Inc. All Rights Reserved. 67% of developers are not sure if there’s a policy for source code, or don’t know what it is. http://www.roguewave.com/resources/white-papers/software-security-begins-with-flaw-free,-standards
  • 7.
    8© 2017 RogueWave Software, Inc. All Rights Reserved. Using OSS
  • 8.
    9© 2017 RogueWave Software, Inc. All Rights Reserved. Support the implementation Self-support Committer support Community support Commercial support
  • 9.
    10© 2017 RogueWave Software, Inc. All Rights Reserved. Why use commercial support Missing skillset Time constraints People change jobs
  • 10.
    11© 2017 RogueWave Software, Inc. All Rights Reserved. Commercial support example The original implementation was not built for scale. We’ll help you build a workaround. We’re experiencing heavy latency and heavy resource utilization with ActiveMQ. The person who built this left.
  • 11.
    12© 2017 RogueWave Software, Inc. All Rights Reserved. Support the selected software 80% of support issues are either a lack of product knowledge, or something in the environment outside of the package. http://www.roguewave.com/programs/open-source-support-report
  • 12.
    13© 2017 RogueWave Software, Inc. All Rights Reserved. What can organizations do? Detect critical areas Investigate knowledge gaps Implement a plan
  • 13.
    14© 2017 RogueWave Software, Inc. All Rights Reserved. Legal risk
  • 14.
    15© 2017 RogueWave Software, Inc. All Rights Reserved. Free comes with restrictions Organizations may be at risk of violating legal obligations.
  • 15.
    16© 2017 RogueWave Software, Inc. All Rights Reserved. Open source related legal action • Versata v. Ameriprise • XimpleWare v. Versata and Ameriprise • Oracle v. Google • Jacobsen v. Katzer • Welte v. Fantec
  • 16.
    17© 2017 RogueWave Software, Inc. All Rights Reserved. Audit code Identify packages Bill of materials (BOM) Obligations
  • 17.
    18© 2017 RogueWave Software, Inc. All Rights Reserved. MISRA, OWASP, etc.
  • 18.
    19© 2017 RogueWave Software, Inc. All Rights Reserved. Maintain compliance
  • 19.
    20© 2017 RogueWave Software, Inc. All Rights Reserved. MISRA recommends SCA “In order to ensure that the source code written does conform to the [MISRA] subset it is necessary to have measures in place which check that none of the rules have been broken. The most effective means of achieving this is to use one or more of the static checking tools that are available commercially.” - Section 4.3.1
  • 20.
    21© 2017 RogueWave Software, Inc. All Rights Reserved. Analysis tools Identify bugs and vulnerabilities Compliance checkers
  • 21.
    22© 2017 RogueWave Software, Inc. All Rights Reserved. Safety & security
  • 22.
    23© 2017 RogueWave Software, Inc. All Rights Reserved. Vulnerabilities
  • 23.
    24© 2017 RogueWave Software, Inc. All Rights Reserved. Remediation Establish processes Research issues Scan all code
  • 24.
    25© 2017 RogueWave Software, Inc. All Rights Reserved. Community updates Monitor and implement community updates.
  • 25.
    26© 2017 RogueWave Software, Inc. All Rights Reserved. Critical security announcements OPENUPDATE SIGN UP: roguewave.com/openupdate
  • 26.
    27© 2017 RogueWave Software, Inc. All Rights Reserved. Monitor and test implementation
  • 27.
    28© 2017 RogueWave Software, Inc. All Rights Reserved. Q & A
  • 28.
    29© 2017 RogueWave Software, Inc. All Rights Reserved.

Editor's Notes

  • #4 Shorten titles
  • #8 Source: http://www.roguewave.com/resources/white-papers/software-security-begins-with-flaw-free,-standards Risks of embracing OSS include: Late releases Over budget projects Casualties to life and limb Blending newly-written, legacy, and open source code With a complex – and lengthy – supply chain for most embedded development, each software contributor needs to better understand the landscape, the true costs, risks, and how to make the right decisions for when – and how – to use open source software. Knowing how to manage and support open source software, as well as making sure that licenses, standards compliance, and critical safety and security issues are addressed has taken on a life of its own.
  • #26 To stay ahead of the best practices and ongoing updates in open source software, an organization needs to have one or two employees dedicated to that task. However, most organizations don’t have the resources to maintain that role, so there needs to be a process, exercising extreme caution around monitoring and implementing community updates. Some open source updates aren’t as critical as other updates, but it’s a risky game to wait to see what matters. As there are such a high number of updates with open source software, not all of the issues get a lot of media coverage and internet searches fall short of true discovery. This means that organizations can sit for months – or longer – exposed and unaware that a crucial update is available. These updates should be taken as high priority when tracking open source software updates and announcements.