Open source software is growing, especially in IoT, but there is little understanding of license obligations. This presentation provides best practices for using open source software safely and effectively. It discusses open source licenses including GPL, LGPL, MIT and their terms. It emphasizes the importance of compliance to avoid liability issues seen in court cases. Developers must understand which licenses are acceptable and how to identify and address license requirements for all code used.
IoT Cloud Service & Partner IoT Solution harishgaur
Join this session to understand Oracle IoT Strategy and a phased approach to ROI with the Oracle Internet of Things Cloud Service, making IoT implementation straightforward, simple and effective. In this session, you will learn how the feature set will help you to quickly build IoT applications, connect and manage devices, configure and monitor security policies, manage and analyze massive amounts of data and integrate with your business processes and applications.
Hyper-connected apps: Hyper-Connected Apps: Testing Peripherals and Mobile Ap...Infostretch
Remember how apps used to be? They connected to the internet and incorporated one device at most. Sure, testers had to factor in performance under different usage conditions, but we had great testing toolsets in place to deal with that. Fast forward to the present. These days sensors enable much more diverse functionality from our connected devices or smartphones and that means mobile app testing is no longer just about testing the app. Smartphones now include many sensors that interface with the ecosystem around them. These software and hardware components can all too easily play havoc with the apps themselves. During his presentation, Sivakumar Anna will share the complexity of peripherals testing. He will demonstrate sensor testing scenarios including location, camera, TouchID and Bluetooth. Drawing on his years of experience in this testing domain, Sivakumar will describe current industry best practices, specific challenges and how to overcome them. He will illustrate these unique issues with a case study involving device peripheral automation for one the leading medical device & solution providers.
Forget Mobile-First … Move your customers to IoT-First, Drew Johnson, Aeris C...Alan Quayle
Forget Mobile-First … Move your customers to IoT-First
Presented at TADSummit Lisbon, 18th December 2015
Drew Johnson VP Engineering
Aeris Communications
Aeris is a global IoT connectivity, data, and analytics services provider. We will share key lessons on building a successful M2M/IoT business as a carrier and how to move customers toward an IoT-First approach.
Mobile Risk Analysis: Take Your Mobile App Security to the Next LevelCA Technologies
The mobile application is becoming the primary interface between your enterprise and end users — but what will be used to secure this access? Come learn how to leverage data from mobile devices to help identify the legitimacy of a user attempting to login or perform a sensitive transaction.
For more information, please visit http://cainc.to/Nv2VOe
Embien Technologies provides a complete IoT design services including device design, gateway design, cloud services and cloud analytics in many verticals such as healthcare, automotive, industrial, M2M, consumer, etc.
Our successful services includes Smart wearables, production management system, remote PLC management, cold truck management, smart flow metering, etc.
IoT Cloud Service & Partner IoT Solution harishgaur
Join this session to understand Oracle IoT Strategy and a phased approach to ROI with the Oracle Internet of Things Cloud Service, making IoT implementation straightforward, simple and effective. In this session, you will learn how the feature set will help you to quickly build IoT applications, connect and manage devices, configure and monitor security policies, manage and analyze massive amounts of data and integrate with your business processes and applications.
Hyper-connected apps: Hyper-Connected Apps: Testing Peripherals and Mobile Ap...Infostretch
Remember how apps used to be? They connected to the internet and incorporated one device at most. Sure, testers had to factor in performance under different usage conditions, but we had great testing toolsets in place to deal with that. Fast forward to the present. These days sensors enable much more diverse functionality from our connected devices or smartphones and that means mobile app testing is no longer just about testing the app. Smartphones now include many sensors that interface with the ecosystem around them. These software and hardware components can all too easily play havoc with the apps themselves. During his presentation, Sivakumar Anna will share the complexity of peripherals testing. He will demonstrate sensor testing scenarios including location, camera, TouchID and Bluetooth. Drawing on his years of experience in this testing domain, Sivakumar will describe current industry best practices, specific challenges and how to overcome them. He will illustrate these unique issues with a case study involving device peripheral automation for one the leading medical device & solution providers.
Forget Mobile-First … Move your customers to IoT-First, Drew Johnson, Aeris C...Alan Quayle
Forget Mobile-First … Move your customers to IoT-First
Presented at TADSummit Lisbon, 18th December 2015
Drew Johnson VP Engineering
Aeris Communications
Aeris is a global IoT connectivity, data, and analytics services provider. We will share key lessons on building a successful M2M/IoT business as a carrier and how to move customers toward an IoT-First approach.
Mobile Risk Analysis: Take Your Mobile App Security to the Next LevelCA Technologies
The mobile application is becoming the primary interface between your enterprise and end users — but what will be used to secure this access? Come learn how to leverage data from mobile devices to help identify the legitimacy of a user attempting to login or perform a sensitive transaction.
For more information, please visit http://cainc.to/Nv2VOe
Embien Technologies provides a complete IoT design services including device design, gateway design, cloud services and cloud analytics in many verticals such as healthcare, automotive, industrial, M2M, consumer, etc.
Our successful services includes Smart wearables, production management system, remote PLC management, cold truck management, smart flow metering, etc.
Embedded systems are becoming interconnected and accessible via the internet. Gartner Group estimates there will be nearly 26 billion devices that make up the Internet of Things by 2020. This results in a massive variety of connected devices with varying security, reliability, and authentication requirements. Cost sensitivity also figures into the equation. This mix of requirements and costs require IoT developers to identify sensor, processor, and software solutions that address the requirements and hit required price points. Join us as IoT solution experts discuss sensors, connectivity, processors, platforms, and software for IoT applications and overview applications of IoT in various markets.
Watch for free on-demand http://ecast.opensystemsmedia.com/511
TechWiseTV Workshop: Cisco Digital CeilingRobb Boyd
Would you believe the latest technology transformation is happening right now, right above your head? OK, maybe not yet, but as you’ll hear in our latest TechWiseTV Workshop, the digital ceiling is coming, and the potential benefits for your organization are huge.
Attend the workshop (or replay): http://cs.co/9003B9lkR
Don't miss the video:
Watch the TechWiseTV Episode: http://bit.ly/DigCeiling
The 'Semiconductor Blues: http://bit.ly/semiblues
This presentation goes through several topics areas that are of specific interest in developing IoT Gateway solutions. IoT is a popular area of development that presents unique challenges like hardware and operating system selection, product life-cycle support and maintainability, software architectural solutions, connectivity, security, secure updates, and API availability. We discuss technologies and concepts like Hardware acceleration support, Linux kernel maintenance, Edge networking, LXC/Docker/KVM, Zigbee, 6loPAN, BLE, IoTivity, Allseen Alliance, SELinux and Trusted boot.
The aim of the presentation is to give an overview of the challenges in building an IoT Gateway and the Solutions available using Embedded Linux.
This presentation was delivered at LinuxCon Japan 2016 by Jim Gallagher
As part of the Progress Exchange conference in Sao Paulo (Oct 2015) I presented on some key trends in IT: Mobile, IOT, Cloud and Data, talked about Systems of Record and Systems of Engagement, and described how the trends are relevant to creating Systems of Engagement
Inductive Automation introduces Ignition Edge, a new line of lightweight, limited, low-cost Ignition products designed specifically for embedding into field and OEM devices at the edge of the network. With Ignition Edge, it’s easier and more affordable than ever to extend Ignition all the way to the edge of your network.
In this webinar you’ll learn how to use the three new Ignition Edge Products — Edge Panel, Edge Enterprise, and Edge MQTT — to create local HMIs with client fallback, synchronize data to a central enterprise server, publish field-device data through MQTT, and much more.
Learn about:
• How to use Edge to access data from PLCs and OPC-UA servers
• The flexibility Edge gives you to build scalable enterprise architectures
• How you can use Ignition and Edge MQTT together to build a complete end-to-end IIoT infrastructure
• How to prevent the loss of field data with local client fallback and store-and-forward functionality
How to get started with IoT? Learn how Ayla Networks and mnubo integrate to bring product manufacturers with a turnkey IoT Connectivity and Analytics solution.
What connects BMW’s ultimate driving machines and IoT? Take a look at what went down at HARMAN’s Connected Services’ event, at a BMW performance track and understand how Data, Device and Design; the three key dimensions of disruption are revolutionizing different industries.
IOT Factory - Open IOT Platform & Startup StudioLionel Anciaux
IOT Factory is a Software Platform and a Project Studio providing Fast and Reliable IOT projects & Startups development capabilities.
At the core of IOT Factory is an Open Platform designed to easily build, deploy and operate Internet of Things projects & products. It is Devices and Telecommunication networks agnostic, provides easy dashboarding, reporting, alerting and back-end integrations capabilities, based on a Big Data repository and strong web services APIs.
As a Project Studio, IOT Factory aims at providing financing and business support to project owners willing to develop innovative companies.
IOT Factory is located in Brussels, Paris and Moscow. Through our Clients, Partners and Startups eco-system, we already offer solutions in Smart Metering, Pets Tracking, Industry 4.0, Smart Agriculture, etc.
Let’s talk about your challenges, and analyze together how IOT could solve it !
GetSenso was born with a clear mission of “enabling enterprises to connect their devices for optimal use of complex data collected from connected devices”
With our best-in-class IOT solution and analytics platform, we provide smart connected device solutions for Industrial, Commercial and non commercial applications.
GetSenso a product initiative of Sidhma.
For many, web-scale IT is an alien and drastic approach being met with fear and resistance. So the first question for any organization should be; what is it? Cameron Haight, Gartner’s chief of research for infrastructure and operations, coined the term “Web-scale IT” earlier 2014 as a way to describe the new ways organizations leverage technology to provide their customers with content quickly and at massive scale.
Presented by Brooks Kushman and Rogue Wave Software at the Embedded Systems Conference. It provides both legal and practical considerations in developing embedded systems using open source software (OSS). It discusses open source development tools, how to integrate OSS into embedded systems and different OSS licenses, and provide a road map to compliance.
Embedded systems are becoming interconnected and accessible via the internet. Gartner Group estimates there will be nearly 26 billion devices that make up the Internet of Things by 2020. This results in a massive variety of connected devices with varying security, reliability, and authentication requirements. Cost sensitivity also figures into the equation. This mix of requirements and costs require IoT developers to identify sensor, processor, and software solutions that address the requirements and hit required price points. Join us as IoT solution experts discuss sensors, connectivity, processors, platforms, and software for IoT applications and overview applications of IoT in various markets.
Watch for free on-demand http://ecast.opensystemsmedia.com/511
TechWiseTV Workshop: Cisco Digital CeilingRobb Boyd
Would you believe the latest technology transformation is happening right now, right above your head? OK, maybe not yet, but as you’ll hear in our latest TechWiseTV Workshop, the digital ceiling is coming, and the potential benefits for your organization are huge.
Attend the workshop (or replay): http://cs.co/9003B9lkR
Don't miss the video:
Watch the TechWiseTV Episode: http://bit.ly/DigCeiling
The 'Semiconductor Blues: http://bit.ly/semiblues
This presentation goes through several topics areas that are of specific interest in developing IoT Gateway solutions. IoT is a popular area of development that presents unique challenges like hardware and operating system selection, product life-cycle support and maintainability, software architectural solutions, connectivity, security, secure updates, and API availability. We discuss technologies and concepts like Hardware acceleration support, Linux kernel maintenance, Edge networking, LXC/Docker/KVM, Zigbee, 6loPAN, BLE, IoTivity, Allseen Alliance, SELinux and Trusted boot.
The aim of the presentation is to give an overview of the challenges in building an IoT Gateway and the Solutions available using Embedded Linux.
This presentation was delivered at LinuxCon Japan 2016 by Jim Gallagher
As part of the Progress Exchange conference in Sao Paulo (Oct 2015) I presented on some key trends in IT: Mobile, IOT, Cloud and Data, talked about Systems of Record and Systems of Engagement, and described how the trends are relevant to creating Systems of Engagement
Inductive Automation introduces Ignition Edge, a new line of lightweight, limited, low-cost Ignition products designed specifically for embedding into field and OEM devices at the edge of the network. With Ignition Edge, it’s easier and more affordable than ever to extend Ignition all the way to the edge of your network.
In this webinar you’ll learn how to use the three new Ignition Edge Products — Edge Panel, Edge Enterprise, and Edge MQTT — to create local HMIs with client fallback, synchronize data to a central enterprise server, publish field-device data through MQTT, and much more.
Learn about:
• How to use Edge to access data from PLCs and OPC-UA servers
• The flexibility Edge gives you to build scalable enterprise architectures
• How you can use Ignition and Edge MQTT together to build a complete end-to-end IIoT infrastructure
• How to prevent the loss of field data with local client fallback and store-and-forward functionality
How to get started with IoT? Learn how Ayla Networks and mnubo integrate to bring product manufacturers with a turnkey IoT Connectivity and Analytics solution.
What connects BMW’s ultimate driving machines and IoT? Take a look at what went down at HARMAN’s Connected Services’ event, at a BMW performance track and understand how Data, Device and Design; the three key dimensions of disruption are revolutionizing different industries.
IOT Factory - Open IOT Platform & Startup StudioLionel Anciaux
IOT Factory is a Software Platform and a Project Studio providing Fast and Reliable IOT projects & Startups development capabilities.
At the core of IOT Factory is an Open Platform designed to easily build, deploy and operate Internet of Things projects & products. It is Devices and Telecommunication networks agnostic, provides easy dashboarding, reporting, alerting and back-end integrations capabilities, based on a Big Data repository and strong web services APIs.
As a Project Studio, IOT Factory aims at providing financing and business support to project owners willing to develop innovative companies.
IOT Factory is located in Brussels, Paris and Moscow. Through our Clients, Partners and Startups eco-system, we already offer solutions in Smart Metering, Pets Tracking, Industry 4.0, Smart Agriculture, etc.
Let’s talk about your challenges, and analyze together how IOT could solve it !
GetSenso was born with a clear mission of “enabling enterprises to connect their devices for optimal use of complex data collected from connected devices”
With our best-in-class IOT solution and analytics platform, we provide smart connected device solutions for Industrial, Commercial and non commercial applications.
GetSenso a product initiative of Sidhma.
For many, web-scale IT is an alien and drastic approach being met with fear and resistance. So the first question for any organization should be; what is it? Cameron Haight, Gartner’s chief of research for infrastructure and operations, coined the term “Web-scale IT” earlier 2014 as a way to describe the new ways organizations leverage technology to provide their customers with content quickly and at massive scale.
Presented by Brooks Kushman and Rogue Wave Software at the Embedded Systems Conference. It provides both legal and practical considerations in developing embedded systems using open source software (OSS). It discusses open source development tools, how to integrate OSS into embedded systems and different OSS licenses, and provide a road map to compliance.
A primer on adapting open source software to an IT service organization. Focuses on how open source licenses are different and how it may affect your business model and intellectual property.
Best practice recommendations for utilizing open source software (from a lega...Rogue Wave Software
Presented at Sensors Expo and Conference 2015, this session covers: Trends in open source software (OSS); The open source audit and license identification; Developing an OSS process and policy; Compliance; and Legal implications.
Open source is gleefully rewriting the rules of IT development at all levels of industry and government. Adoption of open source in government is well underway, with success stories illustrating the benefits.
This decade we are going further - fostering a healthy, sustainable, working relationship between government and open source:
* This presentation digs into the flexibility of open source licensing and how government organizations can meet the challenges of developing with open source.
* We will look at the advantages of government participation in open source at the project, institutional, and foundation level.
Attend this talk to understand how your organization cannot only benefit from open source, but be open source.
Managing the Software Supply Chain: Policies that Promote Innovation While Op...FINOS
Jeff Luszcz, Flexera Software: Managing the Software Supply Chain: Policies that Promote Innovation While Optimizing Security and Compliance.
Do you build software, sell software consulting services, or contribute to the open source community? Understanding your software supply chain and learning the best way to manage them is worth your time. As the consumption of open source and other third party software increases, companies who know how to manage and influence the supply chain have a competitive advantage over those who don’t do it as well. Developers, Architects, and IP attorneys need to understand the long term impact of leveraging Open Source and Third Party software in their enterprise software, internal tools and web services. Join Jeff Luszcz, VP of Product Management at Flexera, as he walks through best practices to manage OSS in the financial services world.
More than ever, open source software is at the heart of modern online businesses and technology companies. Open source is nearly everywhere: web browsers, smartphones, home wireless routers, databases, web servers, and countless components of free, commercial, and large enterprise software. But most open source software comes with strings attached, and if misunderstood, they can trip up the unwary.
Recently Ansel Halliburton held a webinar to discuss the common pitfalls in open source licensing, and the best practices for avoiding them.
More than ever, open source software is at the heart of modern online businesses and technology companies. Open source is nearly everywhere: web browsers, smartphones, home wireless routers, databases, web servers, and countless components of free, commercial, and large enterprise software. But most open source software comes with strings attached, and if misunderstood, they can trip up the unwary.
Topics:
• The most common sources of non-compliance with open source licenses
• The key differences between the most popular licenses
• The basis in intellectual property law for open source licensing
• How courts in the US and abroad have enforced open source licenses
These slides are from a webinar by attorney Ansel Halliburton on September 22, 2015.
Presented at Embedded Systems Conference 2016 by Richard Leach, Brooks Kushman P.C. and Rod Cope, Rogue Wave Software. This session provides both legal and practical considerations in developing embedded systems using open source software (OSS). We discusss open source development tools, how to integrate OSS into embedded systems and different OSS licenses, and provide a road map to compliance. We will also explore how recent court decisions like Oracle v. Google and XimpleWare v. Versata and Ameriprise have altered the landscape by which developers navigate.
Open Source Licensing: Types, Strategies and ComplianceAll Things Open
Presented by: Jeff Luszcz, ZebraCatZebra
Presented at All Things Open 2020
Abstract: Open Source powers the world, but you need to do more than use it.
In this talk we will provide background on the most common types of open source licenses, business models, security issues and the processes required to help you remain secure and in compliance. We will discuss best practices, scanning tools, remediation, customer and partner expectations around OSS compliance and how to manage OSS during events such as a product release or M&A.
Open source licenses can be more than a little confusing for those of us that just want to write a little bit of code. However, with open source components playing such a big part in the products that we create, open source licenses and compliance simply can’t be ignored.
We’ve compiled the one stop resource guide for working compliantly with open source components, including answers to FAQs about the most popular licenses in 2018. Read all about the hottest licensing trends that you need to be following and some predictions for 2019.
Introduction to open source licensing, using examples from Boundless Suite and Boundless Desktop to illustrate how to build your own software using open source components.
This presentation by Sam Ip, an associate in Osler’s Technology Group, details key considerations for emerging and high growth companies regarding OSS.
Apache or GPL? MIT or BSD? These are just some of the licenses that attach to open source software. Do you know the important distinctions between them?
Similar to Open source software for IoT – The devil’s in the details (20)
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveRogue Wave Software
Open Banking is being driven by regulation in Europe, however, it is ultimately about expanding consumer choice in financial services. Open Banking provides opportunities for financial services and FinTech companies as well as consumers. In this webinar, we’ll examine the influence of Open Banking across the globe and the key differences between regulation-led and market-led initiatives. We’ll also explore essential security standards in Open Banking and how they contribute to a secure Open Banking API interface.
No liftoff, touchdown, or heartbeat shall miss because of a software failureRogue Wave Software
Presented at Embedded World 2019, Walter Capitani, director of product management, discusses static code analysis technology and the applications in safety-critical development. Topics covered include coding standards, development processes and methodologies, and ideas for the future.
Disrupt or be disrupted – Using secure APIs to drive digital transformationRogue Wave Software
In today’s economy, companies of all kinds are looking to disrupt their own and other industries across everything from banking through logistics and retail. Disruption and innovation are typically built on the back of a digital transformation strategy; disrupting a market is all about finding new ways of servicing customers through innovative channels or approaches. APIs have become the foundation of disruption, innovation, and digital transformation.
This presentation will help you understand the necessary components of a well-constructed API strategy, with particular attention paid to security.
Leveraging open banking specifications for rigorous API security – What’s in...Rogue Wave Software
Presented at APIdays Paris.
API security is the principal concern when it comes to establishing a trusted API ecosystem. Rightly so, because opening up business systems through APIs by definition expands the attack surface that can be exploited. Although many threat vectors and vulnerabilities are well known, we have to remain on the lookout for new threats continuously.
On the positive side, open standards that help defend against security threats are constantly being created and refined. What is even more helpful are the specifications that aggregate relevant standards into a comprehensive API security profile. Excellent examples of these are the current specifications that support open banking initiatives like UK Open Banking and PSD2. Could these specifications not have a wider applicability? In other words, would we be able to benefit from the security guidelines captured in these specifications in other verticals like logistics, retail, energy, healthcare and government, too?
In this talk, we will compare security guidelines covered in the specifications and see to what extent they may benefit the wider enterprise API developer community.
Getting the most from your API management platform: A case studyRogue Wave Software
API management plays an important role in many large enterprises as it sets up the foundation for accelerating the integration of applications, databases, and key processes to derive business value from your APIs. How do you know if your organization is getting the most value out of your API management platform?
Ian Goldsmith from Rogue Wave for an in-depth discussion of the importance of an enterprise-class API architecture and key considerations to ensure you are getting the most from your API management platform. As well as a case study that demonstrates how one organization uses the Akana API Platform to create a secure, integrated system to mitigate the risks of business on a public cloud network.
Advanced technologies and techniques for debugging HPC applicationsRogue Wave Software
Presented at Supercomputing 18. Debugging and analyzing today's HPC applications requires a tool with capabilities and features to support the demands of today’s complex HPC applications. Debugging tools must be able to handle the extensive use of C++ templates and the STL, use of many shared libraries, optimized code, code leveraging GPU accelerators and applications constructed with multiple languages.
This presentation walks through the different advanced technologies provided by the debugger, TotalView for HPC, and shows how they can be used to easily understand complex code and quickly solve difficult problems. Showcasing TotalView’s new user interface, you will learn how to leverage the amazing technology of reverse debugging to replay how your program ran. You will also see how TotalView provides a unified view across applications that utilize Python and C++, debug CUDA applications, find memory leaks in your HPC codes and other powerful techniques for improving the quality of your code.
This is a classic example of older technology not being used to its fullest, which Justin proves by walking through little-known configuration and optimization tricks that get data flowing reliably and efficiently – even for today’s complexity and scale. This session covers:
A – Camel basics, understanding Exchanges, Routes, and how to implement EIPs with them
B – Examples of real implementations of common EIPs like Content Based Routers and Recipient Lists
C – Integration of Camel with common endpoints, like JMS, FTP, and HTTP
Are open source and embedded software development on a collision course?Rogue Wave Software
Presented at Embedded Systems Conference (ESC) Minneapolis 2018, this session discusses the most effective uses of open source software; how to maintain MISRA, CWE, OWASP, and other standards compliance across all code sources; how to avoid license risk; and reduce critical safety and security issues.
Microservices and APIs might sound like fairy dust you sprinkle on applications to make them “agile,” judging by today’s industry talk. The reality is that they work as the critical foundations for digital transformation only when done right. The goal isn’t simply to build agile apps, it’s for businesses to gain agility and thrive against the onslaught of digital disruption – and this requires going deeper. Organizations must ensure microservices and APIs add value, and also understand how to put the two together. Walk away with a better understanding of microservices and APIs and be better prepared to drive the right solutions for your organization. Watch on-demand webinar at www.roguewave.com
Whether starting from greenfield or modernizing existing infrastructure, how do you remove the guesswork in deploying and maintaining cloud-based, business-critical workloads?
From architectural decisions to fine-tuning scale and performance, our open source architects explain how top enterprises build and maintain their open source stacks, focusing on operational agility and cost-effectiveness.
You will walk away with real use case examples and five ways to better plan and deliver your next cloud strategy.
PSD2 & Open Banking: How to go from standards to implementation and complianceRogue Wave Software
PSD2-driven Open Banking is here, and with it comes challenges in understanding what it means, choosing which standards organizations to follow, which practices are right for you, and whether to aim for regulatory compliance only or use the regulation as an opportunity to differentiate and transform. From a strategic and technical point of view, compliance dictates that now is the time to chart a precise implementation for your organization – do you know where to begin?
Java 10 and beyond: Keeping up with the language and planning for the futureRogue Wave Software
With the release of Java 10, the impact of Java 9, and the spread of multiple emerging technologies, the biggest questions for high-performing development teams is: How do we keep up and take advantage of the features relevant to us?
Java experts, Toomas Romer and Rod Cope, discuss recent changes to the language and how they impact tools, development velocity, and the ability to innovate; along with industry insights to better plan for more complex systems, the inevitable modernization, and adapting to scale.
How to keep developers happy and lawyers calm (Presented at ESC Boston)Rogue Wave Software
On the path to innovation, development teams fear nothing but try to avoid three things: Re-work, lawyers, and, missing deadlines. In this talk, Rod Cope will discuss what to do when software is not license compliant, to help avoid lawyers getting involved, disrupting schedules and potential architectural or code changes.
The initial step in helping make sure teams are in compliance with open source licenses is education.
The goal is to provide concrete steps towards development teams adopting a vested interest in paying attention to what open source they download and how it's used.
Open source applied - Real world use cases (Presented at Open Source 101)Rogue Wave Software
This isn’t your typical case study, this is the reality of open source: One hundred percent of organizations use varying degrees of OSS, yet we still focus on one particular package or layer when it comes to sharing best practices. The reality is, when we get stuck, it’s the configuration and operational interrelationships between packages that matter.
This session takes open source support data across multiple organizations to examine three different scenarios that represent the most common issues we see today (in fact, 80% of the cases we see are due to configuration and package interrelationship issues). Justin Reock covers e-commerce, mobile PaaS, and high performance computing examples to illustrate top problems and solutions for stack selection, infrastructure implementation, and production troubleshooting.
For users of SourcePro and Tools.h++, the future of Solaris is uncertain, as seen by the recent reductions of the Oracle Solaris team and an increase in inquiries we're receiving on how to migrate applications from Solaris to Linux.
Prepare for your future by joining this webinar on how to best plan and execute a successful migration for your SourcePro or Tools.h++ components.
Our technical experts walk through:
- Options to migrate code that contains Tools 7 or Tools.h++ libraries
- Tips and tricks to migrate code to Linux
- How to determine whether you can do it yourself
- What to tell your service provider
Whether you plan to do it yourself or enlist Rogue Wave professional services, at the end of this webinar you will understand the best path for migration.
The HPC community is embracing the advantages of mixed-language development environments, presenting challenges for debugging and testing when application execution and data flow cross languages. How can we take advantage of the unique features offered by different languages while minimizing the impact on bug reproduction, root-cause analysis, and solution?
This presentation walks through the current mixed-language HPC landscape to describe the problems with testing these types of applications and best-practice solutions using TotalView for HPC. You will learn how these architectures make it easy to “steer” computation between modules of different languages, to accelerate prototyping and development, and how advanced testing techniques provide visibility into the call stack and data for efficient debugging.
Enterprise Linux: Justify your migration from Red Hat to CentOSRogue Wave Software
Red Hat Enterprise Linux (RHEL) is the dominant distribution used by commercial organizations today. But did you know that there's a functionally-compatible alternative that offers options when it comes to licensing, support, and cost effectiveness? Whether you're thinking about moving away from RHEL or have already made the decision, this webinar gives you the background, proof points, and data to justify why moving to CentOS makes sense. At the end of this presentation, you will have all the data you need to consider for an enterprise Linux migration activity and reasons why CentOS is a viable, cost-effective solution.
Dive deep into an actual enterprise Linux migration by walking through the planning and execution of the process as seen by our customers. Our enterprise architects will break down the key migration steps to explain the available options, decisions made, and demonstrate actions on a live system. This episode gives you a representative migration experience before you actually migrate, illustrating: Side-by-side comparisons between Red Hat Enterprise Linux and CentOS; steps to consider for the operating system; and
steps to consider for common application stacks and packages.
On the path to innovation, development teams fear nothing but try to avoid three things: Re-work, lawyers, and, missing deadlines. In this presentation, Rod Cope will discuss what to do when software is not license compliant, to help avoid lawyers getting involved, disrupting schedules and potential architectural or code changes.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
3. Title: Open source software for IoT –
The devil’s in the details.
Open source software (OSS) is growing in software development today, especially in
the IoT space, driving technical innovation, enabling productivity gains, and touching
everything from big data and cloud to mobile and embedded. The use of OSS is
favorable, because it decreases the time to market and reduces cost. Despite its
importance and reach, there’s little understanding within the development
community regarding OSS license obligations and what is requested for compliance.
Gartner predicts that by 2016, 99 percent of Global 2000 enterprises will use open
source in mission-critical software. While it’s free, easy to find, and pushes software to
the market faster, it’s vital to understand how to use OSS safely. This seminar will
provide best practices to enable developers to effectively address the challenges and
opportunities related to open source software, creating the greatest benefit from the
proper and safe use of OSS in their next generation IoT devices.
4. Agenda
• OSS compliance: Should I care?
• Copyright Law overview
• Introduction to ‘Copyleft’
• OSS licenses and terms
• Avoiding liability
• OSS strategy – Where to start
• Case law
– Jacobsen v. Katzer
– Oracle v. Google
– Welte v. Fantec GmbH
– XimpleWare v. Versata et al
5. OSS compliance: Should I care?
• Diversion of time,
talent, resources
• Impact to customers
& reputation
• Potential waiver of IP
rights
• Potential damages
6. Copyright: What is it?
• Protection of artistic expressions,
not ideas or functionality
• Music
• Movies
• Artwork
• Literature
• Software
7. Rights of a copyright owner
• Exclusive rights
– Distribute – Sell
– Reproduce – Copy
– Adapt – Create derivative work
– Perform
– Display
– Transmit
• Neither registration nor notice required to create protection
8. Copyright introduction
License
$$$
Copyright
Owner User
• Owner chooses to enter into a contract with User
• Owner grants rights to Sell, Copy, Adapt, . . .
• User provides some consideration ($$$)
• User agrees to abide by the license terms
• Other people not allowed to Sell, Copy, Adapt, . . .
10. Concept of Copyleft
• “To understand the concept, you should think of ‘free’ as in
‘free speech,’ not as in ‘free beer’.” – RMS (Author of GPL)
• To keep open source software “free,” terms and conditions
apply requiring steps to preserve that “freedom” for
downstream users.
11. Copyleft – The cost of freedom
• Copyleft: a copyright licensing scheme for making a program
(or other work) free, and requiring all modified and extended
versions of the program to be free as well
http://www.gnu.org/copyleft/copyleft.en.html
13. Common open source licenses
https://www.blackducksoftware.com/resources/data/top-20-open-source-licenses
What’s the
difference?
> 75% of software uses 5
licenses
14. MIT License
The MIT License (MIT)
Copyright (c) [year] [fullname]
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files
(the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.
http://opensource.org/licenses/MIT
15. GPLv3 license select sections
1. "The ‘Corresponding Source’ for a work in object code form means all the source code
needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to
control those activities. . . . ”
6. Conveying Non-Source Forms: You may convey a covered work in object code form under the terms of sections 4 and 5,
provided that you also convey the machine-readable Corresponding Source
under the terms of this License
10. Automatic Licensing of Downstream Recipients: "...and you may not initiate litigation (including a cross-
claim or counterclaim in a lawsuit) alleging that any patent claim is infringedby making, using,
selling, offering for sale, or importing the Program or any portion of it."
11. Patents: . . . Each contributor grants you a non-exclusive, worldwide, royalty-
free patent license. . .
http://www.gnu.org/licenses/gpl.txt
17. Thoughts on derivative works?
Proprietary
Software
MIT
License
Static OR Dynamic Linking
• Provide Copyright Notice
• Provide License
Proprietary
Software
LGPL
v2.1
Dynamic Linking
LibraryExecutable
Proprietary
Software
LGPL
v2.1
Static Linking
Executable
Proprietary
Software
GPL v3
Static OR Dynamic Linking
• Provide Copyright Notice
• Provide License
• Provide Open Source code
• Provide modifications &
change log
• Provide Disclaimer of
warranty in the OSS
• Provide Library Source
Code
• Provide Copyright Notice
• Provide License
• Provide Open Source code
• Provide modifications &
change log
• Provide Disclaimer of
warranty in the OSS
• Provide proprietary Object
Code and/or Source Code
so that a modified Library
can generate an executable
• Provide Copyright Notice
• Provide License
• Provide Open Source code
• Provide modifications &
change log
• Provide Disclaimer of
warranty for all GPL code
• Provide proprietary
Object Code and/or
Source Code
• Provide License to all IP in
the proprietary code that
uses or is linked to GPL
Related to
linking or
something
else?
19. Step 1: Have a license policy
• You must decide which licenses are acceptable for your
company (and potentially your customers).
• The policy depends on how you plan to use the software.
• GENIVI has the following policy
– Red – GPLv3; LGPLv2/3; BSD 4; MPL1.1; Flora
– Yellow – GPLv2; LGPL2.1; AFL 3; OSL 3; OpenSSL; Public domain
– Green – MPL 2.0; BSD 2/3; MIT/X11; Apache 1.1/2; Artistic 2/1
http://docs.projects.genivi.org/License/Public_Policy_for_GENIVI_Licensing_and_Copyright_v_1.0.pdf
NO
OK
???
20. Step 2: Educate your developers
• Which software/licenses are acceptable and not
• Which software licenses need to be discussed
• How and who to contact with questions – Point Person
• Disclosure of software use to Point Person
23. Infringement – consequences
• § 504 – Damages (Actual or Statutory)
– Actual damages to Owner and profits of the Infringer
– Statutory (Timely Registered required) $750 - $30,000 per
infringement, If Willful up to $150,000!
• § 505 – Costs and Attorney Fees
– Usually linked with Willfullness (Pre-Registration required)
• § 502 – Injunction, § 503 – Impounding, and § 506 – Criminal
Prosecution
27. 27
Dependency issues impact licensing
• OSS often depends on or bundles other OSS
• Need to look at all the dependencies and bundled
projects and their licenses
– Important: The licenses may not be the same!
• Example:
– Geronimo (Apache license) uses MySQL (GPL) through the
MySQL driver (formerly LGPL but now GPL)
29. Bundling OSS into other code
Project Foo:
GPL v2
Project Time:
BSD
Project Commercial:
Restrictive EULA
Project Foo:
GPL v2
Project
Time:
BSD
What if I take a file that is under one license and I distribute
it under a different license–do I have to comply with the
original license?
30. Use of
OSS under GPL
Revisions made to FOSS
Linked to or bundled with
proprietary code Use by wholly
owned sub
Sub is sold to a
3rd party
Internal Use
Use by an
outsourcer or
contractor
Software shared
with “partner”
during further
development
Software
distributed to
end users
Using OSS Distributing OSS
Changes in how FOSS is used can impact license compliance
Example: How OSS is used may change...
31. Jacobsen v. Katzer: Opens the door
• Model train software under Artistic License
• Distribution without notice (non-compliance)
• Question: contract or copyright
• Contract – State Court and no consideration (OSS is free)
• Copyright – Federal Court,
– OSS license obligations are conditions precedent to the license.
– Failure to comply with obligations extinguishes license.
• Case settled
32. Google v. Oracle: Make or Buy?
Which Development
Platform should I choose ?
35. Google v. Oracle: 9 lines is enough
“the jury reasonably found
that Google’s copying of the
rangeCheck files was more
than de minimis;” - CAFC
36. APIs/taxonomy are copyrightable
• “the declaring code and the structure,
sequence, and organization of the API
packages are entitled to copyright
protection” – CAFC (Google v. Oracle)
37. Welte v. Fantec – Germany
• GPLv2.0 software used in a media player
• Fantec : Fantec’s supplier assured them compliance with GPL terms.
• Result: Welte was awarded Attorney’s fees and damages.
• German Court stated:
– “Here, Defendant was not allowed to rely merely on its suppliers’ assurances
that the works supplied did not infringe any third-party rights.
– In any case, Defendant should have performed its own review of the software,
or have someone preform, by hiring knowledgable third parties, such a review of the
software offered and provided by Defendant – even if this would have resulted in
additional costs.”
38. Versata, Ameriprise, Ximpleware
• “the GPL is a ‘viral’ license in the sense the incorporation of a GPL-covered
software program into a new program ‘infects’ the new program and
requires it to become open source , too” – District Court W.D. Texas
• Take away: Compliance is important even for customers (Ameriprise)
39. Roadmap to compliance
• 1st appreciate open source software’s benefits
• 2nd develop an open source software strategy
• 3rd know your code: education, Point Person
• 4th know the licenses associated with your code
• 5th comply or use different software