Open Source Program Offices collaborate on open source, policy, governance, and github to help developers improve successful outcomes for open source strategy. We describe why OSPOs are emerging, how they work, and what this means to the open source industry. We highlight a Linux Foundation sponsored collaboration called the TODOGroup where program office directors are meeting to coordinate efforts and ideas.
The presentation was delivered at LinuxCon and ContainerCon in Tokyo, Japan in July 2016.
This document discusses the need for companies to establish an Open Source Program Office (OSPO) to manage their open source governance processes. It outlines six key governance areas an OSPO must consider, including using open source in projects, publishing code to existing or new projects, and reviewing employee publications. The document also provides examples of common questions that arise regarding inbound and outbound open source activities and notes that an effective OSPO process involves cross-functional partners like legal and engineering. The overall message is that mid-to-large tech companies require an OSPO to successfully navigate open source governance, but each company can structure their OSPO differently depending on their needs.
Establishing an Open Source Program OfficeLee Calcote
The document discusses establishing an open source program office. It covers why companies create open source program offices, including increased awareness, influence, compliance, and development velocity. It discusses the prominence of open source in software innovation and outlines key benefits and strategies for an open source program office, including consumption, compliance, contribution, community engagement, and competition considerations. It also covers the role of an open source program office and challenges in establishing one.
Your company is using open source, even if you don’t know it. On average, enterprise organizations are utilizing 30% open source within their code bases, and industry leaders often report up to 80% of their software is open source. More importantly, they treat open source as a strategic asset, deliberately investing in open source as a brand differentiator and as a means of thwarting the competition, getting to market faster, and attracting the best talent.
Does your company have an open source strategy? Now is the time to ask this question, because more than likely your competitors do.
This 2014 All Things Open presentation by Samsung's Guy Martin and Black Duck Software's Shawn Briscoe, covers:
- Key dimensions of a comprehensive open source strategy
- Important business issues and intelligent decisioning
- How to mitigate legal and operational risk
- The value of aligning open source stakeholders towards the larger mission of corporate success
- An understanding of the role community dynamics play in a successful initiative
- Samsung – a real world case study
Dr. Ibrahim Haddad, Head of Open Source Group, Samsung Research America, talks about Samsung's focus on improving it's open source leadership through contribution to key projects used in it's products.
Open source is important to Samsung for three main reasons: (1) it allows shared development and lowers R&D costs, (2) it helps accelerate product development and innovation, and (3) it gives Samsung influence over the technologies used in its products. Samsung's open source group focuses on upstream development, supporting R&D teams, knowledge transfer, and being visible in the community. This involvement has increased Samsung's contributions to projects like the Linux kernel and Wayland. Samsung is also building its open source leadership through programs, mentorship, and involvement in standards organizations to continue benefiting from open source.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis ut imperdiet enim. Donec lectus eros, luctus quis dapibus ac, posuere sed dolor. Sed id orci at sapien hendrerit adipiscing et at enim. Nam eu adipiscing mauris. Nulla aliquam nisl nec risus viverra elementum. Maecenas facilisis.
Avoiding the DevOps Pit of Misery: Tips from the trenchesAll Things Open
Jason Hibbets discusses tips for avoiding the "DevOps pit of misery" based on experiences in the trenches. He covers identifying stakeholders, setting and measuring goals, establishing iterative processes, recognizing successes and failures, attending events, and recommended DevOps resources. The presentation includes insights from Chris Short on driving culture change, embracing failure, and overcoming resistance to change.
2019 12-10 ow2 - OSPO - Open Source Governance et grands utilisateursFrédéric Aatz
OSS & Corporate users: from awareness to sustainability.
Embrace, use, contribute and release .. lead to OSS Governance imperatives for Corporate users. #opensource #ospo #azure #microsoft #openatmicrosoft
This document discusses the need for companies to establish an Open Source Program Office (OSPO) to manage their open source governance processes. It outlines six key governance areas an OSPO must consider, including using open source in projects, publishing code to existing or new projects, and reviewing employee publications. The document also provides examples of common questions that arise regarding inbound and outbound open source activities and notes that an effective OSPO process involves cross-functional partners like legal and engineering. The overall message is that mid-to-large tech companies require an OSPO to successfully navigate open source governance, but each company can structure their OSPO differently depending on their needs.
Establishing an Open Source Program OfficeLee Calcote
The document discusses establishing an open source program office. It covers why companies create open source program offices, including increased awareness, influence, compliance, and development velocity. It discusses the prominence of open source in software innovation and outlines key benefits and strategies for an open source program office, including consumption, compliance, contribution, community engagement, and competition considerations. It also covers the role of an open source program office and challenges in establishing one.
Your company is using open source, even if you don’t know it. On average, enterprise organizations are utilizing 30% open source within their code bases, and industry leaders often report up to 80% of their software is open source. More importantly, they treat open source as a strategic asset, deliberately investing in open source as a brand differentiator and as a means of thwarting the competition, getting to market faster, and attracting the best talent.
Does your company have an open source strategy? Now is the time to ask this question, because more than likely your competitors do.
This 2014 All Things Open presentation by Samsung's Guy Martin and Black Duck Software's Shawn Briscoe, covers:
- Key dimensions of a comprehensive open source strategy
- Important business issues and intelligent decisioning
- How to mitigate legal and operational risk
- The value of aligning open source stakeholders towards the larger mission of corporate success
- An understanding of the role community dynamics play in a successful initiative
- Samsung – a real world case study
Dr. Ibrahim Haddad, Head of Open Source Group, Samsung Research America, talks about Samsung's focus on improving it's open source leadership through contribution to key projects used in it's products.
Open source is important to Samsung for three main reasons: (1) it allows shared development and lowers R&D costs, (2) it helps accelerate product development and innovation, and (3) it gives Samsung influence over the technologies used in its products. Samsung's open source group focuses on upstream development, supporting R&D teams, knowledge transfer, and being visible in the community. This involvement has increased Samsung's contributions to projects like the Linux kernel and Wayland. Samsung is also building its open source leadership through programs, mentorship, and involvement in standards organizations to continue benefiting from open source.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis ut imperdiet enim. Donec lectus eros, luctus quis dapibus ac, posuere sed dolor. Sed id orci at sapien hendrerit adipiscing et at enim. Nam eu adipiscing mauris. Nulla aliquam nisl nec risus viverra elementum. Maecenas facilisis.
Avoiding the DevOps Pit of Misery: Tips from the trenchesAll Things Open
Jason Hibbets discusses tips for avoiding the "DevOps pit of misery" based on experiences in the trenches. He covers identifying stakeholders, setting and measuring goals, establishing iterative processes, recognizing successes and failures, attending events, and recommended DevOps resources. The presentation includes insights from Chris Short on driving culture change, embracing failure, and overcoming resistance to change.
2019 12-10 ow2 - OSPO - Open Source Governance et grands utilisateursFrédéric Aatz
OSS & Corporate users: from awareness to sustainability.
Embrace, use, contribute and release .. lead to OSS Governance imperatives for Corporate users. #opensource #ospo #azure #microsoft #openatmicrosoft
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...Black Duck by Synopsys
Harman designs, manufactures and markets premier audio, visual, infotainment and integrated control solutions for the automotive, consumer and professional markets.
One of Harman’s biggest challenges when supplying its systems is ensuring it can prove its code complies with applicable license terms. The code must also be free of security and quality risks that could impact the integrity of the finished products.
But what happens when the code is open source? While software developed in-house can be closely monitored, software that comes in through third parties is harder to track. How can Harman accurately report on operational and legal risks for components and projects it didn’t develop?
Join this presentation from Alyssa Harvey Dawson, Vice President Legal, Global Intellectual Property at Harman, and Black Duck Software, covers:
- Current open source trends
- An in-depth review of popular licenses (including GPL)
- Harman's take on open source compliance
- The impact of security and technical risks beyond compliance
While Android and open source software not-so-quietly revolutionized the mobile industry, Enterprise IT organizations have taken notice. “The consumerization of IT” and ubiquity of mobile devices are forcing a transformation of Enterprise IT infrastructures, something that Geoffrey Moore refers to as “Systems of Record” and “Systems of Engagement.” These new infrastructures will be built largely with open source components. But whether developing a new device or new IT infrastructure, development with open source software is not business as usual. Choosing and modifying components from external sources, integrating with proprietary code, evaluating licenses and community viability, etc., require new processes for choosing components and new ways of providing control and visibility.
In this presentation Peter Vescuso will discuss the issues of OEM development with Android and open source, where and how it impacts Enterprise IT, and for both how to provide the control and visibility required by management while giving developers the freedom they need to create and innovate.
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...Black Duck by Synopsys
The Head of Open Source Governance at Thomson Reuters joins Black Duck's CEO in this webinar sharing real-world insights into how to strategically bring open source methods within your development organization to improving speed and quality of development, while simultaneously impacting your business’ bottom line.
View this presentation for examples of how Thomson Reuters enable new levels of collaboration inside and outside the company, with a pro-open source development strategy that helps them recruit and retain top developer talent, while also facilitating social creativity.
2014 was a big year for open source, and a particularly exciting year for Black Duck Software! With new faces, new awards, and new funding, this presentation highlights the many milestones and accomplishments we enjoyed this past year.
Free Open Source Software over Proprietary SoftwareKawshalya Dushyan
This document discusses different types of office software programs including spreadsheets, word processors, and presentation programs. It provides definitions and examples of each type of program. Key features of spreadsheets include visual design, automatic calculations, dynamic updates, and data analysis. Core features of word processors are text formatting, multimedia capabilities, spelling and grammar checks, and layout adjustments. Central features of presentation programs are ready templates, animation effects, slide customization, and animation/sound manipulation. The document also compares free and open source software versus proprietary software, noting advantages and disadvantages of each.
Making an Existing Software Project Open Source - examples of how AOL and Yahoo! decide to open source internal projects and the steps they take to help manage the community.
OpenChain Continual Improvement Case StudiesShane Coughlan
This document discusses continual improvement of open source license compliance programs. It suggests that companies can refine their compliance programs after adopting the OpenChain ISO 5230 standard in several steps such as adding a software bill of materials, automation tools, and independent auditing processes. Companies are encouraged to consider their size, organization, and market to determine the best path for evolving their compliance program. Asking questions about current processes and goals can help identify effective next steps.
This presentation is regarding open source technologies. Open Source technology can be defined as Computer Software for which the source code is made available under a copyright License(GPL), enabling anyone from anywhere to copy, modify and redistribute the source code without paying any fees.
OpenChain Automation Case Study - September to December 2021Shane Coughlan
This document announces a multi-part automation case study from September to December 2021. It will explore how a new graphical tool from Facebook/TNG can simplify using open source tools like ORT and ScanCode. The case study will include demonstrations of the tool, interviews on its design, and deep dives into ORT and TERN. It will also cover Software Bill of Materials and SPDX support. The goal is to showcase the easiest approaches to deployment and use of supply chain automation tools.
This RVAsec presentation by Black Duck Software's Bill Weinberg explores the role of and requirements for secure development and deployment with open source software.
Free and Open Source Software - Challenges for the Automotive Supply ChainShane Coughlan
The document discusses challenges that the automotive supply chain faces with open source software and how the OpenChain project provides solutions. OpenChain defines requirements for quality open source compliance programs and allows companies to self-certify or obtain third-party certification that they meet the requirements. This helps companies address licensing issues and predictably manage open source code in business-to-business contexts.
Open Source Impact on Digital TransformationHarsha Kumara
Digital transformation is key for an organization to evolve and remain competitive in the market. It is about building digital experiences that make the life of your consumers easier and more efficient. With digital transformation, organizations are required to adopt to rapid technology changes. This requires support from both the organization and vendors who provide tools to build enterprise systems. Software vendors also face major challenges to build software tools as fast as the market demands it. Open source software has the power to speed up rapid adoption of technology changes with the support from the community.
Buddy, partnered with industry leaders such as Amazon, Docker, Github, Microsoft, and Google, is a winning development automation platform that serves a rapidly growing market valued to become $345 billion by 2022. Over 7,000 developers use Buddy every day across 120+ countries. Featured customers: INC. Magazine, CGI.com & ING Bank. Our vision is to become the backbone on which talented people can build world-altering apps & services. Our goal is to take the load off millions of developers by offloading everything that can be automated – giving them back the time for being creative.
This document summarizes a talk about the challenges facing the open source model today. The talk discusses how open source has become more complex with most contributors being paid and questions around company loyalty versus community. Modern engagement is different with increased governance, licenses and vendor lock-in through cloud providers. It suggests ways to stay passionate including contributing to a small personal project, mentoring newcomers, donating money, and using knowledge to advocate against vendor lock-in. Overall it addresses how the open source landscape has changed and ways to continue supporting open source ideals.
One company's journey to an open culture and innersourceJay Hopia
This document summarizes one company's journey to establishing an open and collaborative culture called "innersource". It discusses how the company, CWT, encouraged cross-team collaboration and contribution through practices like configuration as code and infrastructure as code. It also describes how CWT used tools like GitHub and held events like lunch-and-learns and internal conferences to help build a community of practice and facilitate knowledge sharing. The benefits discussed include increased velocity, code reuse, and innovation through component teams collaborating in this more open way of working internally.
FOSSLight is an open source project that provides an all-in-one tool and system for open source compliance and vulnerability management. It includes scanners to detect open source components in source code, dependencies, and binaries. It also provides features for bill of materials management, open source notices, and OpenChain conformance. The FOSSLight project is available on GitHub and aims to help software teams streamline their open source governance process.
Microsoft has changed its perspective on open source software and now supports open source models and ecosystems. It competes with open source products as it does any other competing products. Microsoft promotes customer choice by participating in ecosystems that include both open source and proprietary software. Microsoft engages with the open source community through partnerships, communities, technology research, and commitments to transparency and innovation. However, open source software is not always the best solution and different types of software and different stakeholder needs must be considered to determine what solution provides the best value.
Filipe Barroso - Google Developers Group - OSL19marketingsyone
Title: What the Flutter?
The Flutter SDK by Google, is the new Open Source UI SDK to create native applications in one codebase.
But, what is Flutter and why should you care about it? What are the implications and key differences from all other mobile development SDKs? How is the community reacting to it?
At the end of the talk, you’ll understand the decisions behind Flutter, why is it so different from others mobile development tools and platforms and why so many developers are already addicted to it. Let’s understand together the power of a community that grabbed a new open-source project to help others.
Open Source development funding. OpenLayers 3 - 2013Moullet
1) The document discusses funding models for open source software development, including feature-oriented and community-oriented models.
2) It describes the challenges of federating developers and funders under each model and formalizing relationships between parties.
3) As a case study, it outlines how Switzerland's Federal Office of Topography crowdfunded 350k CHF to develop OpenLayers 3 using a community-oriented model with over 100 contributors.
Guy Martin, Senior Strategist with the Samsung Open Source Group, discusses how successful Open Source Projects need balance between their different areas of 'anatomy'.
Salesforce Partner Marketing Power Hour - Mai Tran - February 18, 2015Eddy Perez
The document summarizes a Partner Marketing Power Hour session that included presentations and Q&A on customer marketing insights, Salesforce marketing updates, and AppExchange listing reviews. Mai Tran from Salesforce's Customer Engagement & Marketing team discussed their focus on celebrating customer success through stories and marketing campaigns. Partners were encouraged to engage in the community and promote their apps through the AppExchange Marketing Program.
5 Steps to Ensuring Compliance in the Software Supply Chain: The Harman Case ...Black Duck by Synopsys
Harman designs, manufactures and markets premier audio, visual, infotainment and integrated control solutions for the automotive, consumer and professional markets.
One of Harman’s biggest challenges when supplying its systems is ensuring it can prove its code complies with applicable license terms. The code must also be free of security and quality risks that could impact the integrity of the finished products.
But what happens when the code is open source? While software developed in-house can be closely monitored, software that comes in through third parties is harder to track. How can Harman accurately report on operational and legal risks for components and projects it didn’t develop?
Join this presentation from Alyssa Harvey Dawson, Vice President Legal, Global Intellectual Property at Harman, and Black Duck Software, covers:
- Current open source trends
- An in-depth review of popular licenses (including GPL)
- Harman's take on open source compliance
- The impact of security and technical risks beyond compliance
While Android and open source software not-so-quietly revolutionized the mobile industry, Enterprise IT organizations have taken notice. “The consumerization of IT” and ubiquity of mobile devices are forcing a transformation of Enterprise IT infrastructures, something that Geoffrey Moore refers to as “Systems of Record” and “Systems of Engagement.” These new infrastructures will be built largely with open source components. But whether developing a new device or new IT infrastructure, development with open source software is not business as usual. Choosing and modifying components from external sources, integrating with proprietary code, evaluating licenses and community viability, etc., require new processes for choosing components and new ways of providing control and visibility.
In this presentation Peter Vescuso will discuss the issues of OEM development with Android and open source, where and how it impacts Enterprise IT, and for both how to provide the control and visibility required by management while giving developers the freedom they need to create and innovate.
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...Black Duck by Synopsys
The Head of Open Source Governance at Thomson Reuters joins Black Duck's CEO in this webinar sharing real-world insights into how to strategically bring open source methods within your development organization to improving speed and quality of development, while simultaneously impacting your business’ bottom line.
View this presentation for examples of how Thomson Reuters enable new levels of collaboration inside and outside the company, with a pro-open source development strategy that helps them recruit and retain top developer talent, while also facilitating social creativity.
2014 was a big year for open source, and a particularly exciting year for Black Duck Software! With new faces, new awards, and new funding, this presentation highlights the many milestones and accomplishments we enjoyed this past year.
Free Open Source Software over Proprietary SoftwareKawshalya Dushyan
This document discusses different types of office software programs including spreadsheets, word processors, and presentation programs. It provides definitions and examples of each type of program. Key features of spreadsheets include visual design, automatic calculations, dynamic updates, and data analysis. Core features of word processors are text formatting, multimedia capabilities, spelling and grammar checks, and layout adjustments. Central features of presentation programs are ready templates, animation effects, slide customization, and animation/sound manipulation. The document also compares free and open source software versus proprietary software, noting advantages and disadvantages of each.
Making an Existing Software Project Open Source - examples of how AOL and Yahoo! decide to open source internal projects and the steps they take to help manage the community.
OpenChain Continual Improvement Case StudiesShane Coughlan
This document discusses continual improvement of open source license compliance programs. It suggests that companies can refine their compliance programs after adopting the OpenChain ISO 5230 standard in several steps such as adding a software bill of materials, automation tools, and independent auditing processes. Companies are encouraged to consider their size, organization, and market to determine the best path for evolving their compliance program. Asking questions about current processes and goals can help identify effective next steps.
This presentation is regarding open source technologies. Open Source technology can be defined as Computer Software for which the source code is made available under a copyright License(GPL), enabling anyone from anywhere to copy, modify and redistribute the source code without paying any fees.
OpenChain Automation Case Study - September to December 2021Shane Coughlan
This document announces a multi-part automation case study from September to December 2021. It will explore how a new graphical tool from Facebook/TNG can simplify using open source tools like ORT and ScanCode. The case study will include demonstrations of the tool, interviews on its design, and deep dives into ORT and TERN. It will also cover Software Bill of Materials and SPDX support. The goal is to showcase the easiest approaches to deployment and use of supply chain automation tools.
This RVAsec presentation by Black Duck Software's Bill Weinberg explores the role of and requirements for secure development and deployment with open source software.
Free and Open Source Software - Challenges for the Automotive Supply ChainShane Coughlan
The document discusses challenges that the automotive supply chain faces with open source software and how the OpenChain project provides solutions. OpenChain defines requirements for quality open source compliance programs and allows companies to self-certify or obtain third-party certification that they meet the requirements. This helps companies address licensing issues and predictably manage open source code in business-to-business contexts.
Open Source Impact on Digital TransformationHarsha Kumara
Digital transformation is key for an organization to evolve and remain competitive in the market. It is about building digital experiences that make the life of your consumers easier and more efficient. With digital transformation, organizations are required to adopt to rapid technology changes. This requires support from both the organization and vendors who provide tools to build enterprise systems. Software vendors also face major challenges to build software tools as fast as the market demands it. Open source software has the power to speed up rapid adoption of technology changes with the support from the community.
Buddy, partnered with industry leaders such as Amazon, Docker, Github, Microsoft, and Google, is a winning development automation platform that serves a rapidly growing market valued to become $345 billion by 2022. Over 7,000 developers use Buddy every day across 120+ countries. Featured customers: INC. Magazine, CGI.com & ING Bank. Our vision is to become the backbone on which talented people can build world-altering apps & services. Our goal is to take the load off millions of developers by offloading everything that can be automated – giving them back the time for being creative.
This document summarizes a talk about the challenges facing the open source model today. The talk discusses how open source has become more complex with most contributors being paid and questions around company loyalty versus community. Modern engagement is different with increased governance, licenses and vendor lock-in through cloud providers. It suggests ways to stay passionate including contributing to a small personal project, mentoring newcomers, donating money, and using knowledge to advocate against vendor lock-in. Overall it addresses how the open source landscape has changed and ways to continue supporting open source ideals.
One company's journey to an open culture and innersourceJay Hopia
This document summarizes one company's journey to establishing an open and collaborative culture called "innersource". It discusses how the company, CWT, encouraged cross-team collaboration and contribution through practices like configuration as code and infrastructure as code. It also describes how CWT used tools like GitHub and held events like lunch-and-learns and internal conferences to help build a community of practice and facilitate knowledge sharing. The benefits discussed include increased velocity, code reuse, and innovation through component teams collaborating in this more open way of working internally.
FOSSLight is an open source project that provides an all-in-one tool and system for open source compliance and vulnerability management. It includes scanners to detect open source components in source code, dependencies, and binaries. It also provides features for bill of materials management, open source notices, and OpenChain conformance. The FOSSLight project is available on GitHub and aims to help software teams streamline their open source governance process.
Microsoft has changed its perspective on open source software and now supports open source models and ecosystems. It competes with open source products as it does any other competing products. Microsoft promotes customer choice by participating in ecosystems that include both open source and proprietary software. Microsoft engages with the open source community through partnerships, communities, technology research, and commitments to transparency and innovation. However, open source software is not always the best solution and different types of software and different stakeholder needs must be considered to determine what solution provides the best value.
Filipe Barroso - Google Developers Group - OSL19marketingsyone
Title: What the Flutter?
The Flutter SDK by Google, is the new Open Source UI SDK to create native applications in one codebase.
But, what is Flutter and why should you care about it? What are the implications and key differences from all other mobile development SDKs? How is the community reacting to it?
At the end of the talk, you’ll understand the decisions behind Flutter, why is it so different from others mobile development tools and platforms and why so many developers are already addicted to it. Let’s understand together the power of a community that grabbed a new open-source project to help others.
Open Source development funding. OpenLayers 3 - 2013Moullet
1) The document discusses funding models for open source software development, including feature-oriented and community-oriented models.
2) It describes the challenges of federating developers and funders under each model and formalizing relationships between parties.
3) As a case study, it outlines how Switzerland's Federal Office of Topography crowdfunded 350k CHF to develop OpenLayers 3 using a community-oriented model with over 100 contributors.
Guy Martin, Senior Strategist with the Samsung Open Source Group, discusses how successful Open Source Projects need balance between their different areas of 'anatomy'.
Salesforce Partner Marketing Power Hour - Mai Tran - February 18, 2015Eddy Perez
The document summarizes a Partner Marketing Power Hour session that included presentations and Q&A on customer marketing insights, Salesforce marketing updates, and AppExchange listing reviews. Mai Tran from Salesforce's Customer Engagement & Marketing team discussed their focus on celebrating customer success through stories and marketing campaigns. Partners were encouraged to engage in the community and promote their apps through the AppExchange Marketing Program.
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
The document discusses exploiting TrueType font (TTF) vulnerabilities to achieve kernel code execution on Windows systems. It begins by describing the discovery of exploitable bugs in a TTF fuzzer. Despite mitigations like KASLR, NX, SMAP, and CFG, the researchers were able to bypass these protections through techniques like controlled overflows, abusing plain kernel structures, and function-driven attacks. They show how to leverage wild overflows, control kernel memory layout, and hijack control flow to achieve arbitrary code execution. The document emphasizes that OS design weaknesses allow bypassing modern defenses through clever bug chaining and memory manipulation.
Bringing Down the House - How One Python Script Ruled Over AntiVirusCTruncer
This talk is about how a single python tool (Veil aka Veil-Evasion) is able to render AntiVirus useless. Veil's goal is to bypass antivirus products on workstations and servers.
This is the talk given at NullCon 2017. This talk give s history of the Veil Framework, and showcases the differences between 2.0 and the newly released 3.0. Veil 3.0 is released in this talk
The document discusses techniques for obfuscating PowerShell commands to evade detection. It begins by motivating the need for improved PowerShell logging and detection capabilities as PowerShell is increasingly used by attackers. It then outlines ways to prepare systems for PowerShell investigations through process auditing and command line logging. One section focuses on obfuscating the common technique of using New-Object Net.WebClient to perform remote downloads. It demonstrates how this command can be broken up and variables used to avoid detection based solely on the presence of certain strings.
OSS - enterprise adoption strategy and governancePrabir Kr Sarkar
The document discusses open source software (OSS), including its benefits and risks. It covers four main parts:
1. What is OSS and its benefits, such as lower costs, access to source code, and continued innovation.
2. The risks of using OSS, including technical issues, regulatory compliance, security vulnerabilities, legal risks, and impacts to brand.
3. The need for an OSS strategy and policy to maximize benefits while minimizing risks. Critical policy elements are discussed.
4. The importance of governance to ensure effective OSS management, avoid legal issues, and address security and support challenges. Lack of governance can result in technical failures, security breaches and legal action.
Creating Authentic Value: Open Source vs. Open CoreDeborah Bryant
Recent emphasis on cloud technologies has brought a lot of attention to how software companies work in today’s business and technical environments. Some companies have chosen to try to protect their software through creative licenses. Unlike open source, where value is placed on community, collaboration, and services, open core businesses place their value on software features. Red Hat’s successful experience as a completely open source company has shown that value is not in the code, but in the support and expertise by being a part of a true community. In this talk, Red Hat’s Deb Bryant will share observations and cautionary tales from the world’s most successful open source company on how the idea of open core has time and again been demonstrated to not be truly open, limits community innovation, and delivers essentially proprietary software to customers
This document provides an overview of open source software including definitions, pros and cons, business models, and considerations for switching between open source and closed source models. It discusses key topics such as the open source community, customers' decision factors, popular licenses, market trends of open source projects and investments. Business models covered include services, SaaS, commercial plugins, dual licensing, and freemium. The document concludes with recommendations for open source companies regarding community engagement, transparency, and balancing commercial interests.
This document presents a statistical study and analysis of open-source software. It analyzes data from 482 projects across 24 countries to identify factors that contribute to open-source software success. The document finds that large tech companies like Microsoft, Google, and Red Hat have significantly increased their contributions to open-source software from 2016 to 2021. However, many open-source projects still fail due to lack of interest, resources, or internal issues. The document also discusses the importance of open-source software in providing transparency, flexibility, speed of development, and security compared to proprietary alternatives.
APIdays Paris 2018 - The Open Source Impact on Digital Transformation Harsha ...apidays
The Open Source Impact on Digital Transformation
Harsha Kumara, Associate Technical Lead, WSO2
Apply to be a speaker here - https://apidays.typeform.com/to/J1snsg
How enterprises learned to stop worrying and love open sourceRogue Wave Software
The document discusses the history and adoption of open source software by enterprises. It describes how enterprises have evolved from being unaware of open source to fully embracing it. It also discusses the technical, security, and licensing challenges enterprises face with open source and how confidence and processes around open source have matured over time. The presentation covers key topics like the growth in packages, languages, and skills and how this impacts enterprises. It also addresses security vulnerabilities and the importance of monitoring for issues.
Open Source Governance in Highly Regulated Companiesiasaglobal
The document discusses the importance and risks of open source governance for highly regulated companies. It outlines that open source now represents an average of 29% of code deployed by IT and is used by 60-80% of technology innovators. However, uncontrolled use of open source can expose companies to technical, regulatory, security, legal and brand risks. The document advocates for formal open source governance processes to maximize the benefits of open source while minimizing risks.
OSS has taken over the enterprise: The top five OSS trends of 2015Rogue Wave Software
It’s everywhere. From your phone to the enterprise, open source software (OSS) is running far and wide. Gartner predicts that by 2016, 99 percent of Global 2000 enterprises will use open source in mission-critical software. While it’s free, easy to find, and pushes software to the market faster, it’s vital to understand how to use OSS safely.
Join Richard Sherrard, director of product management at Rogue Wave, for a live webinar reviewing the top five OSS trends of 2015. From OSS discovery, to risk, and governance, we’ll take a deep dive into the trends we’ve noticed this year while providing you with some predictions for 2016.
In this webinar you’ll learn how to:
-Discover the OSS in your codebase to ensure that code is free of bugs, security vulnerabilities, and license conflicts
-Implement controls on OSS usage at your organization
-Create a multi-tier approach to OSS risk reduction with open source tools, static code analysis and dynamic analysis
Watch the webinar recording now: https://www.brighttalk.com/webcast/12285/164531
You Can’t Live Without Open Source - Results from the Open Source 360 SurveyBlack Duck by Synopsys
Today, open source drives technology and development, and its worldwide adoption ranges from companies with a single employee to large corporations like Microsoft and Apple. All of these organizations rely on open source to innovate, reduce development costs, and speed time to market. Recent research reports point out that open source comprises 80% to 90% of the code in a typical application. Our Open Source 360° survey provides an update on the rapid evolution of open source development, use and management.
The 2017 Open Source 360° survey was conducted through Black Duck’s Center for Open Source Research & Innovation (COSRI), focusing on four important areas of open source – usage, risk, contributions and governance/policies. Our respondents include input from new players, established leaders, and influencers across vertical markets and communities. This range of respondents drives broad industry awareness and discussions of these key issues.
This document discusses open-source based business models. It identifies several models including externally funded ventures like public funding and "needed improvement" funding. It also discusses internally funded models like using open-source software for a company's internal needs before releasing it publicly. The document outlines specialized service-based business models providing services like installation, integration, and support around open-source software. It also notes business models like dual licensing, where a company offers both open-source and commercial licenses.
This document discusses Cisco's involvement with and support for open source technologies. Some key points:
- Open source is increasingly important for businesses, with most companies using open source in some way. It provides advantages like faster innovation, lower costs, and an edge in recruiting.
- Cisco contributes significant code to open source projects, with over 27 million lines of code across GitHub and other sites. They participate in projects around IoT, data analytics, networking, and more.
- In 2016, some of Cisco's notable open source contributions included projects like Mantl and Open Networking Architecture. They expect to continue growing investments in new open source projects and monetizing existing ones.
- Cisco works with the
Managing the Software Supply Chain: Policies that Promote Innovation While Op...FINOS
Jeff Luszcz, Flexera Software: Managing the Software Supply Chain: Policies that Promote Innovation While Optimizing Security and Compliance.
Do you build software, sell software consulting services, or contribute to the open source community? Understanding your software supply chain and learning the best way to manage them is worth your time. As the consumption of open source and other third party software increases, companies who know how to manage and influence the supply chain have a competitive advantage over those who don’t do it as well. Developers, Architects, and IP attorneys need to understand the long term impact of leveraging Open Source and Third Party software in their enterprise software, internal tools and web services. Join Jeff Luszcz, VP of Product Management at Flexera, as he walks through best practices to manage OSS in the financial services world.
Providing Services to our Remote Users: Open Source SolutionsNicole C. Engard
This document discusses open source solutions that can be used to provide services to remote library users. It begins with an outline and definitions of open source software. It then discusses specific open source products that libraries commonly use, including content management systems like Drupal, Joomla and WordPress, as well as communication tools, media tools and library applications. Examples of library applications mentioned include the Blacklight OPAC. Throughout it addresses common concerns about open source software and provides statistics on open source use.
The document discusses how the CIO can help deliver value through embracing new technologies and processes related to agile development, mobile, cloud, big data, and security. It provides examples of how IT is changing to focus on systems of engagement that are personalized, social, and analytics-driven. The document advocates involving information security early in the development process through representative in development teams and establishing security budgets at the start of projects to help improve organizational processes and security.
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing ScamBlack Duck by Synopsys
On Wednesday, a worm started spreading around Gmail that suggested to users a friend or colleague was trying to share a Google Doc. Google has already disabled the offending accounts (only 0.1 percent were affected), and that it was able to stop the worm within an hour. We should take this as a wake-up that we're all potentially vulnerable to attack.
This week’s open source and open source security news includes stories on the eternal “open source good / bad” debate; 5 reasons why enterprises should be using open source; news from Red Hat Summit; and what CISOs need to known about cybersecurity.
CVE Numbers from the NVD: 1590 entries for April 2017; 50 entries currently for the month of May; a total of 5,238 reports to date for 2017.
Empowering Financial Institutions to Use Open Source With ConfidenceWhiteSource
The days when financial institutions relied solemnly on proprietary code are over. Today, even the largest financial services firms have realized the benefits of using open source technology to build powerful, innovative applications at a reduced time-to-market. However, the financial services industry faces strict regulatory requirements that present it with a unique set of challenges, especially when it comes to open source usage (both consumption and contribution).
FINOS is a non-profit organization whose purpose is to accelerate collaboration and innovation in financial services through the adoption of open source software, standards and best practices. Together with WhiteSource, they are able to provide a safe environment for developers to use open source components freely and fearlessly.
Join FINOS and WhiteSource as they discuss:
The challenges of open source usage
The state of open source vulnerabilities management
How FINOS uses WhiteSource to ensure the security and IP compliance of FINOS-produced open source software
WhiteSource and FINOS: Empowering Financial Institutions to use Open Source W...DevOps.com
The days when financial institutions relied solemnly on proprietary code are over. Today, even the largest financial services firms have realized the benefits of using open source technology to build powerful, innovative applications at a reduced time-to-market. However, the financial services industry faces strict regulatory requirements that present it with a unique set of challenges, especially when it comes to open source usage (both consumption and contribution).
FINOS is a non-profit organization whose purpose is to accelerate collaboration and innovation in financial services through the adoption of open source software, standards and best practices. Together with WhiteSource, they are able to provide a safe environment for developers to use open source components freely and fearlessly.
Join FINOS and WhiteSource as they discuss:
The challenges of open source usage
The state of open source vulnerabilities management
How FINOS uses WhiteSource to ensure the security and IP compliance of FINOS-produced open source software
Open Source can be a great foundation for building a business. That being said, keeping the balance between community building and commercial activities can be tricky. In this talk I want to share my experience and practical tips, which can help you leverage OS and boost your business, while meeting fantastic people and learning a lot in the process.
Similar to Rise of the Open Source Program Office for LinuxCon 2016 (20)
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Project Management Semester Long Project - Acuityjpupo2018
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Programming Foundation Models with DSPy - Meetup Slides
Rise of the Open Source Program Office for LinuxCon 2016
1. The Rise of the
Open Source
Program Office
Gil Yehuda
Sr. Director of Open Source @ Yahoo Inc.
July 2016
2. We declare Open Source has won
“Open Source is more secure”
“Developers prefer Open Source”
“Open Source attracts better talent”
“Open Source means lower tech debt”
3. Yet…
Most code written is not Open Source
Most Open Source code is not in a thriving
community
Many companies lack an explicit strategy to get Open
Source benefits
4. This is not a technology
problem
http://www.memecenter.com/fun/91608/Hat-Fail
5. Open Source offers the potential...
• To reduce tech debt
• To improve interoperability
• To reduce costs
• To make software more secure
• To attract better talent
• To create de facto standards
• To “make the world a better place”
6. Realizing potential in
a dynamic system
requires coordination.
Otherwise, expect chaos.
CC-BY https://flic.kr/p/eZNHGh
7. THE RISE OF
THE OPEN
SOURCE
PROGRAM
OFFICE
CC-BY https://flic.kr/p/mP9y6R
8. Consider the many players in the
Open Source Ecosystem
• Individual Developers
• Software Foundations
• Open Source Businesses
• Academia
• Governments
• Vendors
• …
• and Corporate Open Source
Individuals
Companies
Foundations
Institutions
9. The Center of Thought for everything Open
Source at your company
• Horizontal
• Senior
• Staffed
Strategy
Governance
Operations
10. You have a strategy, it might be implicit.
Make it explicit.
Strategy
Governance
Operations
Technology strategy
Technology
assets
Industry trends
Technical debt
Technology
standards
Business strategy
Patent strategy
Partnerships
Acquisitions
Foundations
Talent
strategy
11. Develop a consistent approach for each of
the many cases you face
Strategy
Governance
Operations
Inbound
Using Open
Source code in
projects
Open Source
Tooling
Review of
Acquisitions
Outbound publications
Publishing code
to existing open
source projects
(CLA Review)
Publishing code
to new open
source projects
Outbound services
Product pre-
release obligation
review
Employee’s
“private”
publications
Unauthorized
publications
14. Make Open Source part of the standard
development process.
Strategy
Governance
Operations
Code Management Tooling
Code
scanning
Code
mirroring
Incident Management
Internal
Security
3rd party
Github.com
Access and
removals
Teams and
repos
Metrics portals
15. Program Offices are governance,
yet nobody wants governance
Open Source Project Office is a service
Educate with
each interaction
License and code
whitelists don’t
work
Simplify:
Ask & Get Help
16. How this impacts you:
• Does your company have an Open Source Program?
Are you the contact?
• Do you wish to interact with corporate developers?
• Open Source Program Offices help companies
coordinate the activity of thousands of developers.
• Eventually, we may help coordinate the many
overlapping open source projects too.
Thank You. My name is Gil Yehuda and I am responsible for Open Source at Yahoo.
In this morning’s keynote, Jim Zemlin said that if there was one thing to remember about his talk, it was this. Does anyone remember what that was? Anyone!?
He said to remember the growing importance of the Open Source Program Offices within the Corporate sector of the Open Source movement. Not only are we seeing the rise of the “Open Source professional” as a formal role, we find that companies, in order to remain competitive, are gearing up with formal approaches toward open source.
So today I will speak about this important role in the overall Open Source Ecosystem. It is the role of Corporate Open Source Projects, and the Open Source Program Offices that enable them to happen. This role has not drawn much attention in the past, but as Jim said, we are beginning to pay more attention to it now, and we’ll discuss how it impacts the Open Source industry.
In this presentation I’ll share why we see what we see, how these programs work, and what you need to know about this to improve your company and your open source projects.
Let us declare that Open Source has won the battle.
We might all agree on this, or at least we agree that we hear these claims being made by many.
That: Open Source is better: for developers, for users, for companies, for everyone.
It is more secure and more desired. Companies who leverage open source can attract better talent and lower their software management costs.
Some might even say the world becomes a better place if we all used Open Source software!!
But isn’t is strange:
Most code is not open source. Most code written this year will not be published as open source. The legal default for code is that it is closed.
Even when it comes to code published as Open Source, most of that code is simply published somewhere as a forked project on Github. It’s not actually integrated into a community-managed project. It probably can’t be found.
And although we agree that companies can benefit from Open Source, the reality is that most companies fail to have an explicit strategy to get those benefits. Who in the company is responsible to ensure that they are participating in Open Source in the most effective way?
To be fair, some companies do have a strategy, and some do have a way to get to the benefits of Open Source.
What do they do that others don’t? What do they know that we can learn?
They know that success in Open Source is not a technology problem.
As engineers, we often look at problems and think of engineering solutions. But many of our problems are created by people, and solved by people.
When putting technology aside for a moment, and looking at the cultural aspects of Open Source, we realize the following truths:
Open Source is better because of its potential to be better.
But to realize that potential, we have to do something to make it happen.
Yes, Open Source can save money, improve code quality, make people happier and more productive, make companies more successful, and…
Yes, it can even make the world a better place.
But none of the these benefits happen automatically.
The Open Source ecosystem is a complex dynamic system of many players with competing interests.
Without coordination, these systems turn to chaos.
For this reason, many tech companies are now formalizing a function in their company called the Open Source Program Office.
Moreover, many of the Open Source Program Offices are now working together in the TODO Group, thanks to the Linux Foundation.
We see more companies hire Open Source Program Directors, and more of them are working together to improve the state of Corporate Open Source.
What do I mean by “Corporate Open Source?”
When we say that a company “does Open Source” or “is an Open Source friendly business” we mean one of many very different things. So to be precise, I’ll focus on one type of participant, and one set of activities.
Corporate Open Source is the code published and used by developers who work in a corporation. The code is “work for hire” and is part of the company’s intellectual property. However, many companies realize value in publishing that code to be open.
This is not code that an individual publishes on her own. This is not code that underlies a product being sold by an open source company. Rather, this is code that companies publish for the benefit of the Open Source industry, as well as themselves. This is code that employees write to solve problems that have not yet been solved, and we want to share those solutions.
To help us publish code and use code properly, tech companies create Open Source Program Offices. These are the center of thought for everything related to Open Source in the company.
The program office is responsible for strategy, and must have a horizontal view across the technology groups at the company. For this reason, some open source program offices report into a CTO or Chief Architect position.
The program office sets the policies for how the company uses Open Source, how it publishes code, and how it participates in Open Source communities. For this reason, the program director is not simply a program manager or marketing person, but a senior technical leader within the company.
The program office is also responsible for getting things done. They must have at least a small staff, or the ability to work with others in the company, to execute and report on their work.
It may help to share some details.
The Open Source Program Office sets the strategy for Open Source. This encompasses many different aspects of your company strategy.
On the technology side of things, we consider the current technology standards within the company as well as the market trends. Working with the CTO, we want to leverage Open Source to help reduce debt and churn.
You get debt when you spend more time addressing the decisions of the past, and you get more churn when you are constantly chasing new things but never getting complete benefit of the code you already have. We have to find a balance, and that balance comes from having a healthy conversation about our current assets and resources as a technology company.
We are also responsible for those parts of the business strategy that intersect with Open Source. For example: Patents. Your Open Source activities have a direct relationship with your patent assets – and your company’s patent strategy needs to be coordinated with your Open Source strategy.
Your partnerships with others will involve questions about who owns the code that results from the projects. Your acquisition of other companies means that you now own the Open Source decisions they made.
You also know that companies want to use Open Source to attract talent. This is a nice goal, but requires coordination with the people in your company who do the hiring in order to make this actually happen.
The central role for the Open Source Program Office is addressing the many situations your engineers deal with when using open source code.
We get asked: “Can we use this Open Source code in our project?” The answer is probably “yes” - but are there are any licensing issues we need to be aware of?
We get asked: “Can I publish this fix to a project?” again the answer is probably “yes” - but does the project have a CLA? Is it being supported or abandoned?
We get asked: “Who owns this code?” or “why is our proprietary code published on Github?”
We get asked: “When we release a product, have we complied with the license terms? Who is responsible to verify?
Engineers and project managers have a lot on their plate already. License compliance can get rather complex, but with a simple set of processes in place, it’s not that difficult to get it right. This is very do-able. But much like many things in Open Source, the potential is there. To make open source work at your company, someone needs to coordinate things so that the potential becomes a reality.
Let me share a specific example about decisions you make when you use code in your products:
When using open source code in your mobile apps, you are obligated to give attribution to the code in your app. You must know what is in your app. You can’t cut and paste code you find on the Internet and put it in your products. Someone makes sure that your open source credits are correct and on every app you publish.
For many web companies, this is new. We used to publish websites without worrying about open source credits. But now the way we deliver software has changed so that the distribution requirements on the licenses apply to things we did not consider before.
I think this is good for the state of technology, but it adds an extra step to the deployment process.
Let me share the questions we ask when we publish open source code: We often ask, “where should I publish the code in order to attract the community, so that we can be successful with the project?”
Yahoo published Hadoop and developed one of the most effective communities around Big Data in the Apache community. We publish many projects there, but not all go there. Some projects have their own communities. Some expect that we run the community, and some want to make sure that we don’t run it.
Getting good at open source publications is not only about putting code on Github, but also about becoming an excellent Open Source partner. Becoming a good partner means that you learn to understand your community and work with them, wherever they are.
To make things work, the Open Source Program Office has to help developers deal with real code, not just policies.
This includes getting people the proper access to code projects, and removing them when it’s time for them to move on.
We deal with code that should not have been published – leaks, code theft, mistakes and other situations where code was not supposed to be open.
We also help projects with a code scanning and code mirroring strategy so that they have what they need to be successful in using updated open source, without risking a situation where their builds fail if a project moves.
Most importantly, the Open Source Program Office is a service, not government bureaucracy. Our job is to enable developers at our company to be successful with open source. This means we have the lightest and least invasive processes.
We don’t block, we educate. We don’t publish outdated guidelines, but we work with projects to make sure that each one is doing the best they can do.
At Yahoo, I have a two-step process for everything open source:
Step 1: ask me for help. Step 2: get help
It’s never more complicated. If it were, the engineers would avoid it.
What this means to you:
If you work at a tech company, you should have an Open Source Program Office.
Maybe it’s only one person, but it’s the one person who has the role to help everyone with open source. It’s the person who thinks beyond the license, beyond risks, and sees the opportunity to make your company successful using open source effectively.
If you seek to interact with corporate developers, use a company’s Open Source Program Office as an entry point to our developers. We are usually very well connected and are looking to work with others in open source.
If you are the person who is running your Open Source Program Office – either in the formal sense as your official role, or in the informal sense, since it is what you do at work anyway, then visit the TODO Group online at TODOGroup.org. We are developing a small community of people who do this role and we share best practices with each other. We believe in open source and we believe in being open with each other.
What this means to the industry.
Open Source is at the point of maturity where we need more coordination in order to manage our growth. Open Source Program Offices help companies coordinate the activity of thousands of developers. We, along with foundations, user groups, and affiliate communities, are one of the many points of coordination that will help make a more coherent open source future.
The TODO group is one point of coordination that we are using to make sure we are as effective as we can be. I thank the Linux Foundation for their leadership and support of the TODO group. I see this as an important part of building our open future together.
Thank you for taking the time to listen about the growing importance of the Open Source Program Office at your company and the role of professional, corporate open source in general.
My name is Gil Yehuda, you can read my answers about open source on Quora and reach out to me online.
Thank you again.