SlideShare ist ein Scribd-Unternehmen logo

How enterprises learned to stop worrying and love open source

Als PPTX, PDF herunterladen
Rogue Wave Software
Rogue Wave Software

The document discusses the history and adoption of open source software by enterprises. It describes how enterprises have evolved from being unaware of open source to fully embracing it. It also discusses the technical, security, and licensing challenges enterprises face with open source and how confidence and processes around open source have matured over time. The presentation covers key topics like the growth in packages, languages, and skills and how this impacts enterprises. It also addresses security vulnerabilities and the importance of monitoring for issues.

Technologie
1 von 31
1© 2016 Rogue Wave Software, Inc. All Rights Reserved. 1 Top open source lessons for every enterprise Episode I: How enterprises learned to stop worrying and love open source
2© 2016 Rogue Wave Software, Inc. All Rights Reserved. 2 Rod Cope, CTO Rogue Wave Software Presenter
3© 2016 Rogue Wave Software, Inc. All Rights Reserved. 3 Poll #1 What percentage of your code is free and open source software? A. 0 to 25% B. 26 to 50% C. 51 to 75% D. More than 75%
4© 2016 Rogue Wave Software, Inc. All Rights Reserved. 4
5© 2016 Rogue Wave Software, Inc. All Rights Reserved. 5 ”Open source has eaten the world.” Rod Cope, CTO Rogue Wave Software
6© 2016 Rogue Wave Software, Inc. All Rights Reserved. 6 1. A brief history of open source 2. Talking technical 3. Call security 4. Keys to licensing 5. A brief history of the future 6. Summary 7. Q&A Agenda
7© 2016 Rogue Wave Software, Inc. All Rights Reserved. 7 A brief history of open source
8© 2016 Rogue Wave Software, Inc. All Rights Reserved. 8 Open source evolution • Freeware/ shareware • BBS • Perl • GPL • “Open Source” • Apache, Tomcat, JBoss • PHP, Python, Ruby • Linux • FUD • OSS company explosion • Insurance plays • Git • Android 1980’s 1990’s 2000’s 2010’s 2016 • Package explosion • GitHub ascension • Full speed OSS adoption • Docker • Swift • “OSS first” policies • CentOS in enterprise • Cloud OSS • Cognitive computing OSS in the enterprise Unaware Early tests Keep out! Adoption Ubiquitous
9© 2016 Rogue Wave Software, Inc. All Rights Reserved. 9 3 evolutionary paths 1. Technical 2. Security 3. Licensing CHAO S NEUTRAL LOVE Spectrum of confidence
10© 2016 Rogue Wave Software, Inc. All Rights Reserved. 10 Poll #2 How well is your organization managing OSS? A. It’s chaotic: minimal process, no tracking, uncertain use B. It’s okay: some process & tracking, some license compliance C. It’s good: project-level processes, tracking, & compliance D. It’s great: processes and tools in place across organization
11© 2016 Rogue Wave Software, Inc. All Rights Reserved. 11 Talking technical
12© 2016 Rogue Wave Software, Inc. All Rights Reserved. 12 Technical confidence • Growth in number of packages / challenges • Growth in languages / challenges • Growth in skills / challenges By 2018, every enterprise will be a “software company” Recruiting developers will be a CEO top 5 strategy for success 0 10 20 30 40 2015 2020 Billions of IoT devices BI Intelligence 2 billion GB, 600 million queries/sec 278 billion messages/day
13© 2016 Rogue Wave Software, Inc. All Rights Reserved. 13 Packages • 1000’s of repositories • Everything rough around the edges • Venture capitalists: “There will be ~10 OSS packages” CHAO S • 1000’s of packages • Elevated repositories • Package management systems • Strong technical benefits • FUD around licensing • Millions of packages • Dominant repositories • Safe adoption of OSS • Commercial support options NEUTRAL LOVE
14© 2016 Rogue Wave Software, Inc. All Rights Reserved. 14 Languages • Few language choices • Everything written from scratch • No standards • Weak tool support CHAO S • New scripting languages for web development • Frameworks and other tools accelerate development • Web and other standards become common • Many languages: declarative, functional, statically typed • Strong competition among frameworks & tools • “Best tool for the job” is the norm • Possible downside: tyranny of choice NEUTRAL LOVE
15© 2016 Rogue Wave Software, Inc. All Rights Reserved. 15 Skills • Nobody knows OSS • Developer leaves  code is unmaintainable • No formal support or training available CHAO S • OSS becomes common, easier to find developers • Training available for some key packages • OSS experience appears on resumes • Formal training and certification available • Professional support, guidance, and migration help • OSS history and code is key to getting a job • Employers looking specifically for OSS experts NEUTRAL LOVE
16© 2016 Rogue Wave Software, Inc. All Rights Reserved. 16 Call security
17© 2016 Rogue Wave Software, Inc. All Rights Reserved. 17 Security confidence • Growth in software complexity leads to more vulnerabilities • Large developer base doesn’t imply constant (or skilled) vigilance On Apache Struts: “It is not noteworthy that an open source project could have a severe vulnerability [it’s] that this flaw went undetected for at least seven years.” • Potentially millions of servers • “seeing 10 to 15 attacks per second”1 • Example loss: 4.5 million patient records2 • 8 other flaws in core packages the first week of 2015 1. CloudFlare 2. Reuters: U.S hospital breach biggest yet to exploit Heartbleed bug
18© 2016 Rogue Wave Software, Inc. All Rights Reserved. 18 Security evolution • No focus on security, unknown quality • Every project has own approach to security • Code is available: easy to attack CHAO S • “Given enough eyeballs, all bugs are shallow” • OSS is just code: similar to proprietary • Treat all code the same • Code is available: Static and dynamic code analysis • Security elevated to “critical feature” status • Initiatives to improve widely used infrastructure NEUTRAL LOVE
19© 2016 Rogue Wave Software, Inc. All Rights Reserved. 19 Poll #3 How does your team know when an OSS package has a vulnerability? A. We don’t B. We read the news C. We monitor vulnerability reports, databases, etc. D. We monitor reports and perform regular security scans
20© 2016 Rogue Wave Software, Inc. All Rights Reserved. 20 Keys to licensing
21© 2016 Rogue Wave Software, Inc. All Rights Reserved. 21 Licensing confidence • Growth in licensing • Top licenses on GitHub1: MIT (44.69%), GPL 2.0 (12.96%), Apache (11.19%), GPL 3.0 (8.88%) v.s XimpleWare Only 35 percent of companies have written policies requiring them to use properly licensed software v.s 1. GitHub: Open source license usage
22© 2016 Rogue Wave Software, Inc. All Rights Reserved. 22 Licensing evolution • No license • DIY licenses • ”Vanity” licenses • Non-OSS licenses CHAO S • ”Copyleft” • “Business-friendly” • Use case dependent obligations • Better developer awareness • Attorneys up-to-speed on OSS • Professional auditing services NEUTRAL LOVE
23© 2016 Rogue Wave Software, Inc. All Rights Reserved. 23 Poll #4
24© 2016 Rogue Wave Software, Inc. All Rights Reserved. 24 A brief history of the future
25© 2016 Rogue Wave Software, Inc. All Rights Reserved. 25 Future OSS technologies • VR/AR – Virtual Reality – Augmented Reality – Magic Leap • Cognitive computing – Artificial intelligence – Machine learning – Deep learning • Autonomous vehicles – osvehicle.com – CANtact – OSS code for driving
26© 2016 Rogue Wave Software, Inc. All Rights Reserved. 26 Summary A tyranny of choice Many license options, most don’t know how to manage or track • Awareness building • Audits becoming commonplace or mandatoryVulnerabilities go undetected, elevating security to a critical feature • Static and dynamic analysis help Packages and languages have exploded, requiring new skills • Rise of the “open source developer” • CEO top 5 strategy
27© 2016 Rogue Wave Software, Inc. All Rights Reserved. 27 Q & A
28© 2016 Rogue Wave Software, Inc. All Rights Reserved. 28 Watch on demand • Watch this webinar on demand • Read the recap blog to see the results of the polls and Q&A session
29© 2016 Rogue Wave Software, Inc. All Rights Reserved. 29 Follow up Free newsletter: vulnerabilities, industry news, and enterprise support stories openlogic.com/products-services/openlogic-exchange/openupdate For OpenLogic support customers: OSS Radio
30© 2016 Rogue Wave Software, Inc. All Rights Reserved. 30 Stay tuned Top open source lessons for every enterprise June 29: When is free not free: The true costs of open source Knowing the OSS in use is key to reducing technical, security, and licensing hurdles – how do you do it? July 13: Open source applied: Real-world uses Examine actual field issues, from architecture to production, to better select and use the right packages. July 27: Top issues in the top enterprise packages Dive into specific packages with two architects to discover what goes right and what goes wrong.
31© 2016 Rogue Wave Software, Inc. All Rights Reserved. 31

Empfohlen

OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015Rogue Wave Software
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Black Duck by Synopsys
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleRogue Wave Software
 
EuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through StandardsEuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through StandardsArthur Hicken
 
Q1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and BeyondQ1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and BeyondBlack Duck by Synopsys
 
PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?Black Duck by Synopsys
 
Application Security in the Age of Open Source
Application Security in the Age of Open SourceApplication Security in the Age of Open Source
Application Security in the Age of Open SourceBlack Duck by Synopsys
 
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...Parasoft
 

Empfohlen

OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015Rogue Wave Software
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Black Duck by Synopsys
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleRogue Wave Software
 
EuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through StandardsEuroSPI 2016 - Software Safety and Security Through Standards
EuroSPI 2016 - Software Safety and Security Through StandardsArthur Hicken
 
Q1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and BeyondQ1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and BeyondBlack Duck by Synopsys
 
PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?Black Duck by Synopsys
 
Application Security in the Age of Open Source
Application Security in the Age of Open SourceApplication Security in the Age of Open Source
Application Security in the Age of Open SourceBlack Duck by Synopsys
 
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...Parasoft
 
FROM OPEN SOURCE COMPLIANCE TO SECURITY
FROM OPEN SOURCE COMPLIANCE TO SECURITYFROM OPEN SOURCE COMPLIANCE TO SECURITY
FROM OPEN SOURCE COMPLIANCE TO SECURITYBlack Duck by Synopsys
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsIBM Security
 
September 13, 2016: Security in the Age of Open Source:
September 13, 2016: Security in the Age of Open Source: September 13, 2016: Security in the Age of Open Source:
September 13, 2016: Security in the Age of Open Source: Black Duck by Synopsys
 
(In)security in Open Source
(In)security in Open Source(In)security in Open Source
(In)security in Open SourceShane Coughlan
 
Continuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachContinuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachSonatype
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security Rogue Wave Software
 
Software Security Assurance for Devops
Software Security Assurance for DevopsSoftware Security Assurance for Devops
Software Security Assurance for DevopsJerika Phelps
 
Welcome & The State of Open Source Security
Welcome & The State of Open Source SecurityWelcome & The State of Open Source Security
Welcome & The State of Open Source SecurityJerika Phelps
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017Suman Sourav
 
Secure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStackSecure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStackTim Mackey
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source SecuritySander Temme
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Jerika Phelps
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOpsBlack Duck by Synopsys
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Klocwork
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementSonatype
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryTim Mackey
 
DevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresDevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresPriyanka Aash
 
Security in the Age of Open Source
Security in the Age of Open SourceSecurity in the Age of Open Source
Security in the Age of Open SourceBlack Duck by Synopsys
 
Findings Revealed: 2015 State of the Software Supply Chain
Findings Revealed: 2015 State of the Software Supply Chain Findings Revealed: 2015 State of the Software Supply Chain
Findings Revealed: 2015 State of the Software Supply Chain Sonatype
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Great Wide Open
 
Open source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsOpen source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsRogue Wave Software
 
Res cnm nec2013
Res cnm nec2013Res cnm nec2013
Res cnm nec2013ACAM ATLETISMO
 

Weitere ähnliche Inhalte

Was ist angesagt?

FROM OPEN SOURCE COMPLIANCE TO SECURITY
FROM OPEN SOURCE COMPLIANCE TO SECURITYFROM OPEN SOURCE COMPLIANCE TO SECURITY
FROM OPEN SOURCE COMPLIANCE TO SECURITYBlack Duck by Synopsys
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsIBM Security
 
September 13, 2016: Security in the Age of Open Source:
September 13, 2016: Security in the Age of Open Source: September 13, 2016: Security in the Age of Open Source:
September 13, 2016: Security in the Age of Open Source: Black Duck by Synopsys
 
(In)security in Open Source
(In)security in Open Source(In)security in Open Source
(In)security in Open SourceShane Coughlan
 
Continuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachContinuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachSonatype
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security Rogue Wave Software
 
Software Security Assurance for Devops
Software Security Assurance for DevopsSoftware Security Assurance for Devops
Software Security Assurance for DevopsJerika Phelps
 
Welcome & The State of Open Source Security
Welcome & The State of Open Source SecurityWelcome & The State of Open Source Security
Welcome & The State of Open Source SecurityJerika Phelps
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017Suman Sourav
 
Secure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStackSecure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStackTim Mackey
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source SecuritySander Temme
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Jerika Phelps
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOpsBlack Duck by Synopsys
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Klocwork
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementSonatype
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryTim Mackey
 
DevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresDevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresPriyanka Aash
 
Findings Revealed: 2015 State of the Software Supply Chain
Findings Revealed: 2015 State of the Software Supply Chain Findings Revealed: 2015 State of the Software Supply Chain
Findings Revealed: 2015 State of the Software Supply Chain Sonatype
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Great Wide Open
 

Was ist angesagt? (20)

FROM OPEN SOURCE COMPLIANCE TO SECURITY
FROM OPEN SOURCE COMPLIANCE TO SECURITYFROM OPEN SOURCE COMPLIANCE TO SECURITY
FROM OPEN SOURCE COMPLIANCE TO SECURITY
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
 
September 13, 2016: Security in the Age of Open Source:
September 13, 2016: Security in the Age of Open Source: September 13, 2016: Security in the Age of Open Source:
September 13, 2016: Security in the Age of Open Source:
 
(In)security in Open Source
(In)security in Open Source(In)security in Open Source
(In)security in Open Source
 
Continuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachContinuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain Approach
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security
 
Software Security Assurance for Devops
Software Security Assurance for DevopsSoftware Security Assurance for Devops
Software Security Assurance for Devops
 
Welcome & The State of Open Source Security
Welcome & The State of Open Source SecurityWelcome & The State of Open Source Security
Welcome & The State of Open Source Security
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017
 
Secure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStackSecure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStack
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Security
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOps
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain Management
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
DevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresDevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructures
 
Security in the Age of Open Source
Security in the Age of Open SourceSecurity in the Age of Open Source
Security in the Age of Open Source
 
Findings Revealed: 2015 State of the Software Supply Chain
Findings Revealed: 2015 State of the Software Supply Chain Findings Revealed: 2015 State of the Software Supply Chain
Findings Revealed: 2015 State of the Software Supply Chain
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
 

Andere mochten auch

Open source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsOpen source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsRogue Wave Software
 
Shelf help final presentation (eecs 441)
Shelf help final presentation (eecs 441)Shelf help final presentation (eecs 441)
Shelf help final presentation (eecs 441)Humza Siddiqui
 
Hu sb maersk_5.3_final
Hu sb maersk_5.3_finalHu sb maersk_5.3_final
Hu sb maersk_5.3_finalTerry Mackin
 
Fortaleciendo las competencias de los lideres
Fortaleciendo las competencias de los lideresFortaleciendo las competencias de los lideres
Fortaleciendo las competencias de los lideresIsabel Gonzalez
 
Tips for Fixing A Hacked WordPress Site - Vlad Lasky
Tips for Fixing A Hacked WordPress Site - Vlad LaskyTips for Fixing A Hacked WordPress Site - Vlad Lasky
Tips for Fixing A Hacked WordPress Site - Vlad LaskyWordCamp Sydney
 
Managing Open Source software in the Docker era
Managing Open Source software in the Docker era Managing Open Source software in the Docker era
Managing Open Source software in the Docker era nexB Inc.
 
Ahmed Anwar Senior Architect
Ahmed Anwar Senior Architect Ahmed Anwar Senior Architect
Ahmed Anwar Senior Architect Ahmed Anwar
 
Mahmoud Mostafa Mohamed Lashen
Mahmoud Mostafa Mohamed LashenMahmoud Mostafa Mohamed Lashen
Mahmoud Mostafa Mohamed Lashenmahmoud lashen
 
9 Tips om te groeien op Instagram - Interieur branche
9 Tips om te groeien op Instagram - Interieur branche 9 Tips om te groeien op Instagram - Interieur branche
9 Tips om te groeien op Instagram - Interieur branche Kirsten Jassies justK
 
климатични пояси и области в европа
климатични пояси и области в европаклиматични пояси и области в европа
климатични пояси и области в европаMilena Petkova
 
Hallmark Business Connections
Hallmark Business ConnectionsHallmark Business Connections
Hallmark Business ConnectionsBrenna French
 
OSS - enterprise adoption strategy and governance
OSS - enterprise adoption strategy and governanceOSS - enterprise adoption strategy and governance
OSS - enterprise adoption strategy and governancePrabir Kr Sarkar
 

Andere mochten auch (19)

Open source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsOpen source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the details
 
Res cnm nec2013
Res cnm nec2013Res cnm nec2013
Res cnm nec2013
 
GlassFish v3 Prelude Aquarium Paris
GlassFish v3 Prelude Aquarium ParisGlassFish v3 Prelude Aquarium Paris
GlassFish v3 Prelude Aquarium Paris
 
new cv najah
new cv najahnew cv najah
new cv najah
 
Shelf help final presentation (eecs 441)
Shelf help final presentation (eecs 441)Shelf help final presentation (eecs 441)
Shelf help final presentation (eecs 441)
 
Hu sb maersk_5.3_final
Hu sb maersk_5.3_finalHu sb maersk_5.3_final
Hu sb maersk_5.3_final
 
Fortaleciendo las competencias de los lideres
Fortaleciendo las competencias de los lideresFortaleciendo las competencias de los lideres
Fortaleciendo las competencias de los lideres
 
Tips for Fixing A Hacked WordPress Site - Vlad Lasky
Tips for Fixing A Hacked WordPress Site - Vlad LaskyTips for Fixing A Hacked WordPress Site - Vlad Lasky
Tips for Fixing A Hacked WordPress Site - Vlad Lasky
 
Autos, Wi-Fi, and IoT
Autos, Wi-Fi, and IoTAutos, Wi-Fi, and IoT
Autos, Wi-Fi, and IoT
 
Managing Open Source software in the Docker era
Managing Open Source software in the Docker era Managing Open Source software in the Docker era
Managing Open Source software in the Docker era
 
Ahmed Anwar Senior Architect
Ahmed Anwar Senior Architect Ahmed Anwar Senior Architect
Ahmed Anwar Senior Architect
 
Future of blogging 2016
Future of blogging 2016Future of blogging 2016
Future of blogging 2016
 
Fanless Embedded PCs for Outdoor Kiosks Applications Guide
Fanless Embedded PCs for Outdoor Kiosks Applications GuideFanless Embedded PCs for Outdoor Kiosks Applications Guide
Fanless Embedded PCs for Outdoor Kiosks Applications Guide
 
Mahmoud Mostafa Mohamed Lashen
Mahmoud Mostafa Mohamed LashenMahmoud Mostafa Mohamed Lashen
Mahmoud Mostafa Mohamed Lashen
 
9 Tips om te groeien op Instagram - Interieur branche
9 Tips om te groeien op Instagram - Interieur branche 9 Tips om te groeien op Instagram - Interieur branche
9 Tips om te groeien op Instagram - Interieur branche
 
климатични пояси и области в европа
климатични пояси и области в европаклиматични пояси и области в европа
климатични пояси и области в европа
 
Hallmark Business Connections
Hallmark Business ConnectionsHallmark Business Connections
Hallmark Business Connections
 
FMUK - E-business & E-marketing 3.10.2016: Webdesign: čo treba pre úspešný we...
FMUK - E-business & E-marketing 3.10.2016: Webdesign: čo treba pre úspešný we...FMUK - E-business & E-marketing 3.10.2016: Webdesign: čo treba pre úspešný we...
FMUK - E-business & E-marketing 3.10.2016: Webdesign: čo treba pre úspešný we...
 
OSS - enterprise adoption strategy and governance
OSS - enterprise adoption strategy and governanceOSS - enterprise adoption strategy and governance
OSS - enterprise adoption strategy and governance
 

Ähnlich wie How enterprises learned to stop worrying and love open source

When is free not free: The true costs of open source
When is free not free: The true costs of open sourceWhen is free not free: The true costs of open source
When is free not free: The true costs of open sourceRogue Wave Software
 
Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRogue Wave Software
 
Identifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersIdentifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersRogue Wave Software
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldRogue Wave Software
 
Rise of the Open Source Program Office for LinuxCon 2016
Rise of the Open Source Program Office for LinuxCon 2016Rise of the Open Source Program Office for LinuxCon 2016
Rise of the Open Source Program Office for LinuxCon 2016Gil Yehuda
 
Gimme shelter: Tips on protecting proprietary and open source code
Gimme shelter: Tips on protecting proprietary and open source codeGimme shelter: Tips on protecting proprietary and open source code
Gimme shelter: Tips on protecting proprietary and open source codeRogue Wave Software
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Top 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareTop 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareRogue Wave Software
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impactRogue Wave Software
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurityRogue Wave Software
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...FINOS
 
Hidden Speed Bumps on the Road to "Continuous"
Hidden Speed Bumps on the Road to "Continuous"Hidden Speed Bumps on the Road to "Continuous"
Hidden Speed Bumps on the Road to "Continuous"Sonatype
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...WhiteSource
 
Collaborative security : Securing open source software
Collaborative security : Securing open source softwareCollaborative security : Securing open source software
Collaborative security : Securing open source softwarePriyanka Aash
 
How temenos manages open source use, the easy way combined
How temenos manages open source use, the easy way combinedHow temenos manages open source use, the easy way combined
How temenos manages open source use, the easy way combinedWhiteSource
 
Five ways to protect your software supply chain from hacks, quacks, and wrecks
Five ways to protect your software supply chain from hacks, quacks, and wrecksFive ways to protect your software supply chain from hacks, quacks, and wrecks
Five ways to protect your software supply chain from hacks, quacks, and wrecksRogue Wave Software
 

Ähnlich wie How enterprises learned to stop worrying and love open source (20)

When is free not free: The true costs of open source
When is free not free: The true costs of open sourceWhen is free not free: The true costs of open source
When is free not free: The true costs of open source
 
Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysis
 
Open Source Support
Open Source SupportOpen Source Support
Open Source Support
 
Identifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersIdentifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developers
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT world
 
Rise of the Open Source Program Office for LinuxCon 2016
Rise of the Open Source Program Office for LinuxCon 2016Rise of the Open Source Program Office for LinuxCon 2016
Rise of the Open Source Program Office for LinuxCon 2016
 
Gimme shelter: Tips on protecting proprietary and open source code
Gimme shelter: Tips on protecting proprietary and open source codeGimme shelter: Tips on protecting proprietary and open source code
Gimme shelter: Tips on protecting proprietary and open source code
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Top 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareTop 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle software
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impact
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurity
 
Open Source vs Proprietary
Open Source vs ProprietaryOpen Source vs Proprietary
Open Source vs Proprietary
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
 
Hidden Speed Bumps on the Road to "Continuous"
Hidden Speed Bumps on the Road to "Continuous"Hidden Speed Bumps on the Road to "Continuous"
Hidden Speed Bumps on the Road to "Continuous"
 
Découvrez le Rugged DevOps
Découvrez le Rugged DevOpsDécouvrez le Rugged DevOps
Découvrez le Rugged DevOps
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
 
Collaborative security : Securing open source software
Collaborative security : Securing open source softwareCollaborative security : Securing open source software
Collaborative security : Securing open source software
 
How temenos manages open source use, the easy way combined
How temenos manages open source use, the easy way combinedHow temenos manages open source use, the easy way combined
How temenos manages open source use, the easy way combined
 
Five ways to protect your software supply chain from hacks, quacks, and wrecks
Five ways to protect your software supply chain from hacks, quacks, and wrecksFive ways to protect your software supply chain from hacks, quacks, and wrecks
Five ways to protect your software supply chain from hacks, quacks, and wrecks
 

Mehr von Rogue Wave Software

The Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveThe Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveRogue Wave Software
 
No liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureNo liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureRogue Wave Software
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationRogue Wave Software
 
Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Rogue Wave Software
 
Adding layers of security to an API in real-time
Adding layers of security to an API in real-timeAdding layers of security to an API in real-time
Adding layers of security to an API in real-timeRogue Wave Software
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyRogue Wave Software
 
Advanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsAdvanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsRogue Wave Software
 
The forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youThe forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youRogue Wave Software
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Rogue Wave Software
 
Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Rogue Wave Software
 
5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure successRogue Wave Software
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliancePSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and complianceRogue Wave Software
 
Java 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureJava 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureRogue Wave Software
 
How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)Rogue Wave Software
 
Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Rogue Wave Software
 
How to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxHow to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxRogue Wave Software
 
Approaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsApproaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsRogue Wave Software
 
Enterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSEnterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSRogue Wave Software
 
Walk through an enterprise Linux migration
Walk through an enterprise Linux migrationWalk through an enterprise Linux migration
Walk through an enterprise Linux migrationRogue Wave Software
 
How to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmHow to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmRogue Wave Software
 

Mehr von Rogue Wave Software (20)

The Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveThe Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data Perspective
 
No liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureNo liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failure
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformation
 
Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...
 
Adding layers of security to an API in real-time
Adding layers of security to an API in real-timeAdding layers of security to an API in real-time
Adding layers of security to an API in real-time
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case study
 
Advanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsAdvanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applications
 
The forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youThe forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for you
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?
 
Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices
 
5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliancePSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliance
 
Java 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureJava 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the future
 
How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)
 
Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)
 
How to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxHow to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to Linux
 
Approaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsApproaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC apps
 
Enterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSEnterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOS
 
Walk through an enterprise Linux migration
Walk through an enterprise Linux migrationWalk through an enterprise Linux migration
Walk through an enterprise Linux migration
 
How to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmHow to keep developers happy and lawyers calm
How to keep developers happy and lawyers calm
 

Kürzlich hochgeladen

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

How enterprises learned to stop worrying and love open source

  • 1. 1© 2016 Rogue Wave Software, Inc. All Rights Reserved. 1 Top open source lessons for every enterprise Episode I: How enterprises learned to stop worrying and love open source
  • 2. 2© 2016 Rogue Wave Software, Inc. All Rights Reserved. 2 Rod Cope, CTO Rogue Wave Software Presenter
  • 3. 3© 2016 Rogue Wave Software, Inc. All Rights Reserved. 3 Poll #1 What percentage of your code is free and open source software? A. 0 to 25% B. 26 to 50% C. 51 to 75% D. More than 75%
  • 4. 4© 2016 Rogue Wave Software, Inc. All Rights Reserved. 4
  • 5. 5© 2016 Rogue Wave Software, Inc. All Rights Reserved. 5 ”Open source has eaten the world.” Rod Cope, CTO Rogue Wave Software
  • 6. 6© 2016 Rogue Wave Software, Inc. All Rights Reserved. 6 1. A brief history of open source 2. Talking technical 3. Call security 4. Keys to licensing 5. A brief history of the future 6. Summary 7. Q&A Agenda
  • 7. 7© 2016 Rogue Wave Software, Inc. All Rights Reserved. 7 A brief history of open source
  • 8. 8© 2016 Rogue Wave Software, Inc. All Rights Reserved. 8 Open source evolution • Freeware/ shareware • BBS • Perl • GPL • “Open Source” • Apache, Tomcat, JBoss • PHP, Python, Ruby • Linux • FUD • OSS company explosion • Insurance plays • Git • Android 1980’s 1990’s 2000’s 2010’s 2016 • Package explosion • GitHub ascension • Full speed OSS adoption • Docker • Swift • “OSS first” policies • CentOS in enterprise • Cloud OSS • Cognitive computing OSS in the enterprise Unaware Early tests Keep out! Adoption Ubiquitous
  • 9. 9© 2016 Rogue Wave Software, Inc. All Rights Reserved. 9 3 evolutionary paths 1. Technical 2. Security 3. Licensing CHAO S NEUTRAL LOVE Spectrum of confidence
  • 10. 10© 2016 Rogue Wave Software, Inc. All Rights Reserved. 10 Poll #2 How well is your organization managing OSS? A. It’s chaotic: minimal process, no tracking, uncertain use B. It’s okay: some process & tracking, some license compliance C. It’s good: project-level processes, tracking, & compliance D. It’s great: processes and tools in place across organization
  • 11. 11© 2016 Rogue Wave Software, Inc. All Rights Reserved. 11 Talking technical
  • 12. 12© 2016 Rogue Wave Software, Inc. All Rights Reserved. 12 Technical confidence • Growth in number of packages / challenges • Growth in languages / challenges • Growth in skills / challenges By 2018, every enterprise will be a “software company” Recruiting developers will be a CEO top 5 strategy for success 0 10 20 30 40 2015 2020 Billions of IoT devices BI Intelligence 2 billion GB, 600 million queries/sec 278 billion messages/day
  • 13. 13© 2016 Rogue Wave Software, Inc. All Rights Reserved. 13 Packages • 1000’s of repositories • Everything rough around the edges • Venture capitalists: “There will be ~10 OSS packages” CHAO S • 1000’s of packages • Elevated repositories • Package management systems • Strong technical benefits • FUD around licensing • Millions of packages • Dominant repositories • Safe adoption of OSS • Commercial support options NEUTRAL LOVE
  • 14. 14© 2016 Rogue Wave Software, Inc. All Rights Reserved. 14 Languages • Few language choices • Everything written from scratch • No standards • Weak tool support CHAO S • New scripting languages for web development • Frameworks and other tools accelerate development • Web and other standards become common • Many languages: declarative, functional, statically typed • Strong competition among frameworks & tools • “Best tool for the job” is the norm • Possible downside: tyranny of choice NEUTRAL LOVE
  • 15. 15© 2016 Rogue Wave Software, Inc. All Rights Reserved. 15 Skills • Nobody knows OSS • Developer leaves  code is unmaintainable • No formal support or training available CHAO S • OSS becomes common, easier to find developers • Training available for some key packages • OSS experience appears on resumes • Formal training and certification available • Professional support, guidance, and migration help • OSS history and code is key to getting a job • Employers looking specifically for OSS experts NEUTRAL LOVE
  • 16. 16© 2016 Rogue Wave Software, Inc. All Rights Reserved. 16 Call security
  • 17. 17© 2016 Rogue Wave Software, Inc. All Rights Reserved. 17 Security confidence • Growth in software complexity leads to more vulnerabilities • Large developer base doesn’t imply constant (or skilled) vigilance On Apache Struts: “It is not noteworthy that an open source project could have a severe vulnerability [it’s] that this flaw went undetected for at least seven years.” • Potentially millions of servers • “seeing 10 to 15 attacks per second”1 • Example loss: 4.5 million patient records2 • 8 other flaws in core packages the first week of 2015 1. CloudFlare 2. Reuters: U.S hospital breach biggest yet to exploit Heartbleed bug
  • 18. 18© 2016 Rogue Wave Software, Inc. All Rights Reserved. 18 Security evolution • No focus on security, unknown quality • Every project has own approach to security • Code is available: easy to attack CHAO S • “Given enough eyeballs, all bugs are shallow” • OSS is just code: similar to proprietary • Treat all code the same • Code is available: Static and dynamic code analysis • Security elevated to “critical feature” status • Initiatives to improve widely used infrastructure NEUTRAL LOVE
  • 19. 19© 2016 Rogue Wave Software, Inc. All Rights Reserved. 19 Poll #3 How does your team know when an OSS package has a vulnerability? A. We don’t B. We read the news C. We monitor vulnerability reports, databases, etc. D. We monitor reports and perform regular security scans
  • 20. 20© 2016 Rogue Wave Software, Inc. All Rights Reserved. 20 Keys to licensing
  • 21. 21© 2016 Rogue Wave Software, Inc. All Rights Reserved. 21 Licensing confidence • Growth in licensing • Top licenses on GitHub1: MIT (44.69%), GPL 2.0 (12.96%), Apache (11.19%), GPL 3.0 (8.88%) v.s XimpleWare Only 35 percent of companies have written policies requiring them to use properly licensed software v.s 1. GitHub: Open source license usage
  • 22. 22© 2016 Rogue Wave Software, Inc. All Rights Reserved. 22 Licensing evolution • No license • DIY licenses • ”Vanity” licenses • Non-OSS licenses CHAO S • ”Copyleft” • “Business-friendly” • Use case dependent obligations • Better developer awareness • Attorneys up-to-speed on OSS • Professional auditing services NEUTRAL LOVE
  • 23. 23© 2016 Rogue Wave Software, Inc. All Rights Reserved. 23 Poll #4
  • 24. 24© 2016 Rogue Wave Software, Inc. All Rights Reserved. 24 A brief history of the future
  • 25. 25© 2016 Rogue Wave Software, Inc. All Rights Reserved. 25 Future OSS technologies • VR/AR – Virtual Reality – Augmented Reality – Magic Leap • Cognitive computing – Artificial intelligence – Machine learning – Deep learning • Autonomous vehicles – osvehicle.com – CANtact – OSS code for driving
  • 26. 26© 2016 Rogue Wave Software, Inc. All Rights Reserved. 26 Summary A tyranny of choice Many license options, most don’t know how to manage or track • Awareness building • Audits becoming commonplace or mandatoryVulnerabilities go undetected, elevating security to a critical feature • Static and dynamic analysis help Packages and languages have exploded, requiring new skills • Rise of the “open source developer” • CEO top 5 strategy
  • 27. 27© 2016 Rogue Wave Software, Inc. All Rights Reserved. 27 Q & A
  • 28. 28© 2016 Rogue Wave Software, Inc. All Rights Reserved. 28 Watch on demand • Watch this webinar on demand • Read the recap blog to see the results of the polls and Q&A session
  • 29. 29© 2016 Rogue Wave Software, Inc. All Rights Reserved. 29 Follow up Free newsletter: vulnerabilities, industry news, and enterprise support stories openlogic.com/products-services/openlogic-exchange/openupdate For OpenLogic support customers: OSS Radio
  • 30. 30© 2016 Rogue Wave Software, Inc. All Rights Reserved. 30 Stay tuned Top open source lessons for every enterprise June 29: When is free not free: The true costs of open source Knowing the OSS in use is key to reducing technical, security, and licensing hurdles – how do you do it? July 13: Open source applied: Real-world uses Examine actual field issues, from architecture to production, to better select and use the right packages. July 27: Top issues in the top enterprise packages Dive into specific packages with two architects to discover what goes right and what goes wrong.
  • 31. 31© 2016 Rogue Wave Software, Inc. All Rights Reserved. 31

Hinweis der Redaktion

  1. For open source included in software that you’re releasing, are you compliant with all license obligations? Yes No Probably not Don’t know (talk about code for internal and external releases)