How enterprises learned to stop worrying and love open source

1© 2016 Rogue Wave Software, Inc. All Rights Reserved. 1
Top open source lessons
for every enterprise
Episode I:
How enterprises learned to stop
worrying and love open source

Rod Cope, CTO
Rogue Wave Software
Presenter

Poll #1
What percentage of your code is free and open source software?
A. 0 to 25%
B. 26 to 50%
C. 51 to 75%
D. More than 75%

”Open source has eaten the world.”
Rod Cope, CTO
Rogue Wave Software

1. A brief history of open source
2. Talking technical
3. Call security
4. Keys to licensing
5. A brief history of the future
6. Summary
7. Q&A
Agenda

A brief history of open
source

Open source evolution
• Freeware/
shareware
• BBS
• Perl
• GPL
• “Open
Source”
• Apache,
Tomcat,
JBoss
• PHP,
Python,
Ruby
• Linux
• FUD
• OSS
company
explosion
• Insurance
plays
• Git
• Android
1980’s 1990’s 2000’s 2010’s 2016
• Package
explosion
• GitHub
ascension
• Full speed
OSS
adoption
• Docker
• Swift
• “OSS first”
policies
• CentOS in
enterprise
• Cloud OSS
• Cognitive
computing
OSS in the enterprise
Unaware Early tests Keep out! Adoption Ubiquitous

3 evolutionary paths
1. Technical
2. Security
3. Licensing
CHAO
S
NEUTRAL LOVE
Spectrum of confidence

Poll #2
How well is your organization managing OSS?
A. It’s chaotic: minimal process, no tracking, uncertain use
B. It’s okay: some process & tracking, some license compliance
C. It’s good: project-level processes, tracking, & compliance
D. It’s great: processes and tools in place across organization

Talking technical

Technical confidence
• Growth in number of packages / challenges
• Growth in languages / challenges
• Growth in skills / challenges
By 2018, every enterprise will be a “software company”
Recruiting developers will be a CEO top 5 strategy for success
0
10
20
30
40
2015 2020
Billions of IoT devices
BI Intelligence
2 billion GB, 600 million
queries/sec
278 billion
messages/day

Packages
• 1000’s of repositories
• Everything rough around the edges
• Venture capitalists:
“There will be ~10 OSS packages”
CHAO
S
• 1000’s of packages
• Elevated repositories
• Package management systems
• Strong technical benefits
• FUD around licensing
• Millions of packages
• Dominant repositories
• Safe adoption of OSS
• Commercial support options
NEUTRAL
LOVE

Languages
• Few language choices
• Everything written from scratch
• No standards
• Weak tool support
CHAO
S
• New scripting languages for web development
• Frameworks and other tools accelerate development
• Web and other standards become common
• Many languages: declarative, functional, statically typed
• Strong competition among frameworks & tools
• “Best tool for the job” is the norm
• Possible downside: tyranny of choice
NEUTRAL
LOVE

Skills
• Nobody knows OSS
• Developer leaves  code is unmaintainable
• No formal support or training available
CHAO
S
• OSS becomes common, easier to find developers
• Training available for some key packages
• OSS experience appears on resumes
• Formal training and certification available
• Professional support, guidance, and migration help
• OSS history and code is key to getting a job
• Employers looking specifically for OSS experts
NEUTRAL
LOVE

Call security

Security confidence
• Growth in software complexity leads to more vulnerabilities
• Large developer base doesn’t imply constant (or skilled) vigilance
On Apache Struts: “It is not noteworthy that an open source project could
have a severe vulnerability [it’s] that this flaw went undetected for at least
seven years.”
• Potentially millions of servers
• “seeing 10 to 15 attacks per second”1
• Example loss: 4.5 million patient records2
• 8 other flaws in core packages the first week of 2015
1. CloudFlare
2. Reuters: U.S hospital breach biggest yet to exploit Heartbleed bug

Security evolution
• No focus on security, unknown quality
• Every project has own approach to security
• Code is available: easy to attack
CHAO
S
• “Given enough eyeballs, all bugs are shallow”
• OSS is just code: similar to proprietary
• Treat all code the same
• Code is available: Static and dynamic code analysis
• Security elevated to “critical feature” status
• Initiatives to improve widely used infrastructure
NEUTRAL
LOVE

Poll #3
How does your team know when an OSS package has a vulnerability?
A. We don’t
B. We read the news
C. We monitor vulnerability reports, databases, etc.
D. We monitor reports and perform regular security scans

Keys to licensing

Licensing confidence
• Growth in licensing
• Top licenses on GitHub1: MIT (44.69%), GPL 2.0 (12.96%), Apache
(11.19%), GPL 3.0 (8.88%)
v.s
XimpleWare
Only 35 percent of companies have written policies requiring them to use
properly licensed software
v.s
1. GitHub: Open source license usage

Licensing evolution
• No license
• DIY licenses
• ”Vanity” licenses
• Non-OSS licenses
CHAO
S
• ”Copyleft”
• “Business-friendly”
• Use case dependent obligations
• Better developer awareness
• Attorneys up-to-speed on OSS
• Professional auditing services
NEUTRAL
LOVE

Poll #4

A brief history of the
future

Future OSS technologies
• VR/AR
– Virtual Reality
– Augmented Reality
– Magic Leap
• Cognitive computing
– Artificial intelligence
– Machine learning
– Deep learning
• Autonomous vehicles
– osvehicle.com
– CANtact
– OSS code for driving

Summary
A tyranny of choice
Many license options, most
don’t know how to manage
or track
• Awareness building
• Audits becoming
commonplace or
mandatoryVulnerabilities go
undetected, elevating
security to a critical feature
• Static and dynamic
analysis help
Packages and languages have
exploded, requiring new skills
• Rise of the “open source
developer”
• CEO top 5 strategy

Q & A

Watch on demand
• Watch this webinar on demand
• Read the recap blog to see the results of the
polls and Q&A session

Follow up
Free newsletter: vulnerabilities, industry news, and enterprise support stories
openlogic.com/products-services/openlogic-exchange/openupdate
For OpenLogic support customers:
OSS Radio

Stay tuned
Top open source lessons for every enterprise
June 29: When is free not free: The true costs of open source
Knowing the OSS in use is key to reducing technical, security, and licensing hurdles – how do you
do it?
July 13: Open source applied: Real-world uses
Examine actual field issues, from architecture to production, to better select and use the right
packages.
July 27: Top issues in the top enterprise packages
Dive into specific packages with two architects to discover what goes right and what goes wrong.

How enterprises learned to stop worrying and love open source

More Related Content

What's hot

Viewers also liked

Similar to How enterprises learned to stop worrying and love open source

More from Rogue Wave Software

Recently uploaded

How enterprises learned to stop worrying and love open source

Editor's Notes