Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

OSS has taken over the enterprise: The top five OSS trends of 2015

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Wird geladen in …3
×

Hier ansehen

1 von 44 Anzeige

OSS has taken over the enterprise: The top five OSS trends of 2015

Herunterladen, um offline zu lesen

It’s everywhere. From your phone to the enterprise, open source software (OSS) is running far and wide. Gartner predicts that by 2016, 99 percent of Global 2000 enterprises will use open source in mission-critical software. While it’s free, easy to find, and pushes software to the market faster, it’s vital to understand how to use OSS safely.

Join Richard Sherrard, director of product management at Rogue Wave, for a live webinar reviewing the top five OSS trends of 2015. From OSS discovery, to risk, and governance, we’ll take a deep dive into the trends we’ve noticed this year while providing you with some predictions for 2016.

In this webinar you’ll learn how to:
-Discover the OSS in your codebase to ensure that code is free of bugs, security vulnerabilities, and license conflicts
-Implement controls on OSS usage at your organization
-Create a multi-tier approach to OSS risk reduction with open source tools, static code analysis and dynamic analysis

Watch the webinar recording now: https://www.brighttalk.com/webcast/12285/164531

It’s everywhere. From your phone to the enterprise, open source software (OSS) is running far and wide. Gartner predicts that by 2016, 99 percent of Global 2000 enterprises will use open source in mission-critical software. While it’s free, easy to find, and pushes software to the market faster, it’s vital to understand how to use OSS safely.

Join Richard Sherrard, director of product management at Rogue Wave, for a live webinar reviewing the top five OSS trends of 2015. From OSS discovery, to risk, and governance, we’ll take a deep dive into the trends we’ve noticed this year while providing you with some predictions for 2016.

In this webinar you’ll learn how to:
-Discover the OSS in your codebase to ensure that code is free of bugs, security vulnerabilities, and license conflicts
-Implement controls on OSS usage at your organization
-Create a multi-tier approach to OSS risk reduction with open source tools, static code analysis and dynamic analysis

Watch the webinar recording now: https://www.brighttalk.com/webcast/12285/164531

Anzeige
Anzeige

Weitere Verwandte Inhalte

Diashows für Sie (20)

Ähnlich wie OSS has taken over the enterprise: The top five OSS trends of 2015 (20)

Anzeige

Weitere von Rogue Wave Software (20)

Aktuellste (20)

Anzeige

OSS has taken over the enterprise: The top five OSS trends of 2015

  1. 1. OSS has taken over the enterprise: The top five OSS trends of 2015 Richard Sherrard director of product management
  2. 2. Richard Sherrard director of product management Presenters Rogue Wave Software 2© 2015 Rogue Wave Software, Inc. All Rights Reserved.
  3. 3. Top five open source trends of 2015
  4. 4. Open source trends we’ve seen in 2015 © 2015 Rogue Wave Software, Inc. All Rights Reserved. • Open source has taken over the enterprise • Open source discovery challenges • Open source risk management • Open source governance • Multi-tiered approach to open source management 4
  5. 5. #1 Open source has taken over the enterprise
  6. 6. Growth of open source © 2015 Rogue Wave Software, Inc. All Rights Reserved. 6 Use of open source continues to grow at a fast pace! 90% of companies use OSS components in commercial software (Gartner) >80% of a typical Java application is open- source components and frameworks (TechCrunch) 11 million developers worldwide make 13 billion open source requests each year
  7. 7. Innovation drives open source adoption 7  Open source components provide critical functionality  Improves developer productivity No license fees  “More eyes” improves quality & security Leveraged development effort  Apache, Tomcat, Wildfly, Jakarta Commons, jQuery  Communities continuously improve features Mature, commoditized applications and libraries Community peer review © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  8. 8. Open source in the enterprise 8 “By 2016, open source software will be in mission-critical software portfolios within 99% of all Global 1,000 enterprises.” Innovate • Opens up code options • Deploy applications with any combination of code source • Optimize developer effort and time • Quicker time to market Identify and mitigate risk • Technical risk • Business risk • Security risk • Legal and compliance risk Balance risk and reward © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  9. 9. How open source enters your codebase 9 “90% of code in modern applications is open source” and “31% of companies have had or suspect a breach in an open source component“ Open source community Legacy code Internally developed code Reused code Third party code Supply chain code Outsource code © 2015 Rogue Wave Software, Inc. All Rights Reserved. Delivered code
  10. 10. Mixed source risks 10© 2015 Rogue Wave Software, Inc. All Rights Reserved. Loss of intellectual property Defects and quality issues License restrictions and obligations Support costs Security vulnerabilities Injunctions
  11. 11. What organizations are looking to answer? 11 Dev VP & Mgr OSS Compliance Mgr CTO/ CIO/CISO Security Mgr Legal What open source am I using Where are we using open source across the organization How can I increase the security of the open source What are my legal obligations Are we able to participate in the open source communities © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  12. 12. Embrace OSS and automate the governance process 12 Create an automated organization-wide OSS policy and leverage the benefits • Increase developer productivity • Educate and develop OSS policies for the developers to follow • Marshal the resources of the OSS community • Accelerate software development Understand, manage, and govern OSS comprehensively Inventory Support Govern © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  13. 13. #2 Open source discovery
  14. 14. Large codebases: Open source is everywhere 14 • Companies today have extremely large codebases made up of 1000’s of developed applications. • Lots of different technologies in play – web, mobile, embedded • Larger number of 3rd party software suppliers being used today Over 100 million lines of code goes into a average high end car today! © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  15. 15. Into the “unknown” 15 • Once DISCOVERY of the open source is known you can then better understand it – What license(s) is it distributed under – GPL, Apache, BSD… – What version(s) are being used; are they outdated! – Are there known security risks – Do I have quality issues with it – Is their a strong community behind it! • A plan of action can then be worked on to resolve identified risks and issues – There will be many! Biggest open source challenge organizations face today is the “Not knowing” what they have and “Where they have it” © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  16. 16. How are they doing discovery today? 16 • Companies find it extremely hard if not impossible to uncover where open source is being used across the organization • It is a very ad hoc process across the organization • Manual code reviews can take multiple man years to complete. • Surveying or interviewing the development teams is slow and inaccurate as developers leave and move on • Larger number of 3rd party software suppliers being used today © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  17. 17. Automate the discovery of open source 17 Automated OSS Scanning SDLC Integrations OSS Approvals © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  18. 18. Automate discovery of your open source 18 • Discovery by scanning your code • Conduct scan in-place – access code where it is • Run baseline and delta scans on your code • Identify the “right” project • Multiple matching techniques to find projects, files, snippets, modified code • Patented noise reduction techniques to avoid false positives, pinpoint the “right” project • Search for the “right” OSS for your needs • Large knowledgebase of OSS • Rich information about the package • Automated approval policy for OSS usage • Integrate into the SDLC • Continuous Integration builds enable on-going automation of your code scanning Get a comprehensive view of OSS across projects & teams © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  19. 19. #3 Open source risk
  20. 20. Assessing risk in open source 20 For all its benefits, risks exist Legal risk Using the wrong license can compromise IP Security risk The OSS component can include vulnerabilities Support risk Who do you call for help? © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  21. 21. Cisco’s loss of IP 21 •Used GPL code to customize Broadcom's Linux distribution CyberTan • Embedded the code in chipset Broadcom • Adopted this into its WRT54G router Linksys •Bought Linksys for $500m •FSF Accused Cisco of license violation •Source code made available CISCO Developers modified firmware turning a low- end ($60) device into a high functioning router © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  22. 22. Unknown OSS and security issues 22© 2015 Rogue Wave Software, Inc. All Rights Reserved.
  23. 23. Code vulnerabilities 23© 2015 Rogue Wave Software, Inc. All Rights Reserved.
  24. 24. Lack of open source support 24 • Open source software does not come with commercial support; you are dependent upon the OSS communities to provide you help and fixes • Who do you call when your “Mission Critical” open source application has an issue?...“No throat to choke”! • Developers have to negotiate wasted cycles and downtime while waiting for fixes from the community • Developers do not have anyone to help with risks and development pitfalls • No formal training provided on the OSS package © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  25. 25. Managing OSS risk 25 20% of organizations lack meaningful controls over OSS selection and use of developers need not prove security of OSS they are using of the organizations claim to track vulnerabilities in OSS over time 76% 80% Increased use + few controls = unmanaged risk © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  26. 26. Open source support 26 • With the ubiquity of open source, enterprises need commercial-grade support. • We are the only vendor offering 24x7 support across hundreds of OSS packages. • Our “Tier 4” support gives you one call access to enterprise architects, tackling a range of challenging and critical issues. • We are thought leaders in the industry, and can provide enormous value to any business that utilizes open source software. © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  27. 27. Value of open source support 27 Support offerings range across hundreds of open source products. We help customers:  Avoid downtime and wasted cycles  Navigate complex OSS packages requiring broad and deep expertise  Mitigate risks and development pitfalls  Receive formal, instructor-led training across several OSS packages  Gain the peace of mind that comes with 24X7 support coverage © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  28. 28. We support the best of open source 28© 2015 Rogue Wave Software, Inc. All Rights Reserved.
  29. 29. #4 Open source governance
  30. 30. OSS best practices 30 Acquisition & Approval Support & Maintenance Tracking Audit & Governance Training Legal Compliance Community Interaction Acquisition & Approval Support & Maintenance Tracking Audit & Governance Training Legal Compliance Community Interaction Consulting Certified library request & approval process SLA support OpenUpdate Project tracking Auditing services License obligation audit Certification services Technical and OSS training OSS Policy © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  31. 31. Manual OSS process 31 Web search Ask around Check the spreadsheet Answer questions Security review Update spreadsheet Contact legal Fill out form Advocate Monitor security alerts Where Used? Code Review Rewrite Wait Wait Arch. review Other approval boards Monitor updates to components Select Approve Monitor Discover Inventory © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  32. 32. OSS management process 32 Select Discover ApproveInventory Monitor © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  33. 33. Approve your OSS 33 Requirement: Workflows reflect policies Request and approval workflow – Fully customizable, flexible workflow engine • Create workflows that match the way teams work • Forms that ask the questions you need to approve requests • Support complex workflows with serial or parallel reviewers • Track OSS by use, what, where, when, how and who Flexible OSS policy management – Effectively communicate policies to all employees • Easily create policies based on combination of OSS package, version and license • Auto approve or deny requests based on usage model © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  34. 34. Inventory and monitor your OSS 34 Requirement: Understand what you have, learn about it and where you have it See OSS inventory by project – Policy violations – Combined lists of both approved, known OSS, and newly discovered OSS via scanning – Comprehensive OSS Bill of Materials Continuously monitor OSS for security vulnerabilities and updates – Automatic: Daily updates via link to National Vulnerability Database (NVD) to list all know CVEs by OSS package – Manual: Daily updates on new security vulnerabilities from OSS experts after reviewing of hundreds of packages © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  35. 35. #5 Multi tiered approach to open source management
  36. 36. Multiple approaches to managing open source 36 • Finding issues late and maybe in production are very expensive to resolve • Not able to dig deeper into your code to find potential problems • Not able to fix issues on open source in use • Continuous architecture and package reviews to stay on top of the latest technology © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  37. 37. Static code analysis 37 Significantly reduces the cost of reliable, secure software • Complements existing testing approaches • Automated and repeatable analysis Enforces key industry standards • DISA STIG, CWE, MISRA • CERT, SAMATE • OWASP, DO-178B, FDA validation • ...and more © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  38. 38. Dynamic code analysis 38 • Interactive debugging • Interactive memory debugging • Reverse debugging • Unattended debugging • Serial and parallel applications © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  39. 39. To wrap up
  40. 40. Open source is everywhere! 40 Open source can no longer be avoided in your application development Learn to embrace the usage of open source Need to understand what you have and where you have it Open source is not “FREE” and comes with it own risks and rewards With out checks & balances in place, open source chaos will arise Take a multi pronged approach to managing open source © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  41. 41. Rogue Wave capabilities 41© 2015 Rogue Wave Software, Inc. All Rights Reserved.
  42. 42. What we do 42 Rogue Wave helps organizations simplify complex software development, improve code quality, and shorten cycle times © 2015 Rogue Wave Software, Inc. All Rights Reserved.
  43. 43. See us in action: www.roguewave.com Richard Sherrard richard.sherrard@roguewave.com

×