SlideShare une entreprise Scribd logo

Related OSS Projects - Peter Rowe, Flexera Software

OpenStack
OpenStack

Audience Level Intermediate Synopsis Today’s fast-paced development environment has changed the compliance landscape. Many software projects consist of more than 50% Open Source Software (OSS) components, but as much as 99% are undocumented, increasing the complexities of managing your company’s software compliance process. Of particular concern is “Zombie software”, or software that is outdated and contains vulnerable versions of certain components. Zombies can live in your code forever if you’re not aware of them. The acceleration of modern development lifecycles and the breakdown of an undocumented software supply chain have opened up new pathways for zombies to enter your software – leaving you exposed to security threats. This presentation discusses best practices for implementing an Open Source Software management strategy that covers common pitfalls and commercial licence issues as well as the optimal way to track and eliminate the risks associated with Zombies! Speaker Bio: Involved in and around IT development for over 20 years, starting as a web developer using NotePad in 1995 when the most exciting thing online was Sun’s animated Java coffee cup, through Numega Pre-Sales selling BoundsChecker and now into the brave, new World of Open Source and software composition analysis.

Technologie
1  sur  29
Télécharger pour lire hors ligne
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential1 Attack of the Code Zombies II - The Lawyers’ Revenge Peter Rowe prowe@flexerasoftware.com @SLO_Djinn
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential2 Disclaimer! IANYL; // I am not _your_ lawyer; IANYP; // I am not _your_ programmer; Today’s session provides an introduction to managing Open Source Compliance and Vulnerabilities…. …But only your lawyers can tell you what you need to do!
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential3 Disclaimer! IANYL; // I am not _your_ lawyer; IANYP; // I am not _your_ programmer; Today’s session provides an introduction to managing Open Source Compliance and Vulnerabilities…. …But only your lawyers can tell you what you need to do!
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential4 Your Product Lives in a Deep Stack of OSS and Oh?$$ Web Services
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential5 A Typical Application is 50% Open Source OSS Code You DON’T Know About Code You Wrote OSS Code You DO Know About (2%)
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential6 Managing Vulnerabilities & Managing Compliance Code Zombies Lawyers?
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential7 Managing Vulnerabilities & Managing Compliance Code Zombies Lawyers?
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential8 What is a Code Zombie? A ‘Zombie’ is an Open Source Component that lives on long after it was declared dead! Other terms you will hear are: • Component with known vulnerabilities • Stale component Versions of components that have had security vulnerabilities reported against them, and patches or updated versions available that fix these problems!
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential9 We must be OK…. We’re using a static analysis tool.....? Static analysis is typically not used in a way to find these types of vulnerabilities. Licencing models for these tools often discourage scanning of large open source libraries. The number of hits and false positives is prohibitive even if used to scan everything. Vulnerabilities are not always caught via static analysis. Wasted effort for components with known vulnerabilities!
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential10 So what can you do? Review OSS components at lower levels to confirm compliance with the company’s OSS policies and detect Vulnerabilities Results from these reviews are used to: –Help make USE / DON’T USE decisions –Drive internal remediation activities to fix problems –Create bug reports for the upstream project
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential11 And What About the Lawyers?
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential12 Open Source – Your Obligations Open Source is commonly confused with “Free” as in no cost software! Open source may be Free of Cost, but is not Free of Obligations! “Free as in speech, NOT as in beer” Open Source licences have a list of obligations that users must follow in order to legally use the open source library under that licence Your Compliance actions depend on how you are using these OSS components and most licences have Multiple Obligations
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential13 Copyright law (in many places) means that all source is explicitly copyright EVEN if is not marked! You have no right to use someone else’s code without permission. Open Source (and commercial) licences are the way of giving permission to use source code. Lack of licence may indicate a lack of maturity for the OSS project? It is not Open Source if you don’t have a licence Why do you Need and Open Source Licence?
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential14 So What Does Compliance Look Like? • You provide copyright notices in your About Box, Documentation etc. • You pass along licence text to your users. • You provide the source code for GPL, LGPL modules etc. • You mark changes in source files. • You pay required Patent licensing. • You pay for commercial libraries as needed. • You respect web service SLAs. • You do this for every release.
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential15 And Your Compliance Depends on the Delivery Method Embedded Linux vs Application running on Linux – Are you shipping Linux or are your users bringing their own Client / Server – Some parts hosted, some parts distributed Mobile applications – Classic distribution with some possible Appstore implications Web / JavaScript front ends – JavaScript, HTML, CSS sent to users’ browsers xaaS vs shipping product (e.g. a distribution) – Most OSS licences only come into effect upon Distribution!
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential16 What’s different about xaaS? Traditionally software was distributed to end users through physical means – Classic open source and commercial licences were written with this in mind. Many open source licences only come into effect with classic distribution – Concerns about the GPL and the “ASP loophole” xaaS projects are not distributed in the classic way but instead run on a network server – Users come to the software instead of the software coming to the users.
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential17 So just what is the Affero GPL (AGPL) The AGPL was designed to close the ASP loophole by treating network access as similar to a distribution. The basic intent is to require source code for the entire application to be offered to the end users!
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential18 Common AGPL-Style Libraries The most common AGPL style libraries we see are: • iText PDF generation library (dual licenced AGPL or commercial) • MongoDB (Dual licence AGPL w/ exception or Commercial) • Berkeley DB/Sleepycat (now AGPL or Commercial) • Funambol (AGPL or Commercial) • Ghostscript (now AGPL or Commercial) • Noe4J (GPLv3/AGPL or commercial) • Magento (OSL – similar to the AGPL) Many of these are dual licenced with commercial options!
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential19 xAAS Compliance – Top Concerns The AGPL is the classic concern for xaaS vendors…. … but there are other “AGPL like” licences that include: • Common Public Attribution licence http://en.wikipedia.org/wiki/Common_Public_Attribution_licence • Open Software licence http://en.wikipedia.org/wiki/Open_Software_licence Plus, ALL the other licences the require review and compliance!
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential20 Other xAAS Compliance Issues Images, Icons, Fonts and Sounds JavaScript and CSS Patent licences Private Installations And…
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential21 Images, Icons, Fonts and Sounds JavaScript and CSS Patent licences Private Installations Untracked Libraries with Vulnerabilities – Old versions of OSS libraries Other xAAS Compliance Issues
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential22 So what can you do? Review OSS components at lower levels to confirm compliance with the company’s OSS policies and detect Vulnerabilities. Important components are looked at from a declared licence and discovered subcomponent analysis perspective. The declared licence may be compliant but the component may have unacceptable subcomponent licences. Results from these reviews are used to: –Help make USE / DON’T USE decisions. –Drive internal remediation activities to fix problems. –Create bug reports for the upstream project.
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential23 But…..How to get Developers to “Buy-In”? Developers want to ship and often route around processes…. …. Especially if it’s not clear why the process exists? • Attribution - “We should give credit where credit is due” • Legal / Audit / Good Practice – “We are required to!” • Quality / Security – “War stories” • The Open Source Ethos – “Help those who help us”
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential24 Create a Process That Works for Your Organisation… Steps for Implementing an Open Source Management System Audit Existing Code Against Policy Develop New Code Comply Use OSS Fix Issues Create Policy Review OSS Request Request Use of OSS
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential25 … And make it EASY, EFFICIENT and AUTOMATED! Steps for Implementing an Open Source Management System Audit Existing Code Against Policy Develop New Code Comply Use OSS Fix Issues Create Policy Review OSS Request Request Use of OSS
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential26 And Specifically for If you use Openstack, protect against vulnerabilities and IP concerns as you build your products. Analyse open source materials you may are submitting to Openstack. Analyse modules you get from Openstack and Openstack partners to validate IP and security checkpoints.
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential27 And if You Find Things You Should Not be Using….? Remove and Re-Write. Get new OSS components. Contact the author and ask for a licence. Wait and see!
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential28 Disclaimer! IANYL; // I am not _your_ lawyer; IANYP; // I am not _your_ programmer; Today’s session provides an introduction to managing Open Source Compliance and Vulnerabilities…. …But only your lawyers can tell you what you need to do!
© 2017 Flexera Software LLC. All rights reserved. | Company Confidential29 But here are a few suggestions…. Come and talk to us….. …. And possibly win a prize. Email: prowe@flexerasoftware.com Twitter: @SLO_Djinn Flexera Website: https://goo.gl/ZA2ecI

Recommandé

Migrating your infrastructure to OpenStack - Avi Miller, Oracle
Migrating your infrastructure to OpenStack - Avi Miller, OracleMigrating your infrastructure to OpenStack - Avi Miller, Oracle
Migrating your infrastructure to OpenStack - Avi Miller, Oracle
OpenStack
 
REST in an Async World
REST in an Async WorldREST in an Async World
REST in an Async World
David Delabassee
 
Java EE 8 - February 2017 update
Java EE 8 - February 2017 updateJava EE 8 - February 2017 update
Java EE 8 - February 2017 update
David Delabassee
 
JAX-RS 2.1 Reloaded
JAX-RS 2.1 ReloadedJAX-RS 2.1 Reloaded
JAX-RS 2.1 Reloaded
David Delabassee
 
Java @ Rio Meetup #1 - Java @ Oracle Cloud
Java @ Rio Meetup #1 - Java @ Oracle CloudJava @ Rio Meetup #1 - Java @ Oracle Cloud
Java @ Rio Meetup #1 - Java @ Oracle Cloud
Paulo Alberto Simoes ∴
 
MySQL Enterprise Cloud
MySQL Enterprise CloudMySQL Enterprise Cloud
MySQL Enterprise Cloud
Mark Swarbrick
 
TLV - Whats new in MySQL 8
TLV - Whats new in MySQL 8TLV - Whats new in MySQL 8
TLV - Whats new in MySQL 8
Mark Swarbrick
 
TLV - MySQL Enterprise Edition + Cloud
TLV - MySQL Enterprise Edition + CloudTLV - MySQL Enterprise Edition + Cloud
TLV - MySQL Enterprise Edition + Cloud
Mark Swarbrick
 

Recommandé

Migrating your infrastructure to OpenStack - Avi Miller, Oracle
Migrating your infrastructure to OpenStack - Avi Miller, OracleMigrating your infrastructure to OpenStack - Avi Miller, Oracle
Migrating your infrastructure to OpenStack - Avi Miller, Oracle
OpenStack
 
REST in an Async World
REST in an Async WorldREST in an Async World
REST in an Async World
David Delabassee
 
Java EE 8 - February 2017 update
Java EE 8 - February 2017 updateJava EE 8 - February 2017 update
Java EE 8 - February 2017 update
David Delabassee
 
JAX-RS 2.1 Reloaded
JAX-RS 2.1 ReloadedJAX-RS 2.1 Reloaded
JAX-RS 2.1 Reloaded
David Delabassee
 
Java @ Rio Meetup #1 - Java @ Oracle Cloud
Java @ Rio Meetup #1 - Java @ Oracle CloudJava @ Rio Meetup #1 - Java @ Oracle Cloud
Java @ Rio Meetup #1 - Java @ Oracle Cloud
Paulo Alberto Simoes ∴
 
MySQL Enterprise Cloud
MySQL Enterprise CloudMySQL Enterprise Cloud
MySQL Enterprise Cloud
Mark Swarbrick
 
TLV - Whats new in MySQL 8
TLV - Whats new in MySQL 8TLV - Whats new in MySQL 8
TLV - Whats new in MySQL 8
Mark Swarbrick
 
TLV - MySQL Enterprise Edition + Cloud
TLV - MySQL Enterprise Edition + CloudTLV - MySQL Enterprise Edition + Cloud
TLV - MySQL Enterprise Edition + Cloud
Mark Swarbrick
 
OOW16 - Ready or Not: Applying Secure Configuration to Oracle E-Business Suit...
OOW16 - Ready or Not: Applying Secure Configuration to Oracle E-Business Suit...OOW16 - Ready or Not: Applying Secure Configuration to Oracle E-Business Suit...
OOW16 - Ready or Not: Applying Secure Configuration to Oracle E-Business Suit...
vasuballa
 
HTTP/2 comes to Java
HTTP/2 comes to JavaHTTP/2 comes to Java
HTTP/2 comes to Java
David Delabassee
 
Java EE 8 Overview (Japanese)
Java EE 8 Overview (Japanese)Java EE 8 Overview (Japanese)
Java EE 8 Overview (Japanese)
Logico
 
OOW16 - Oracle E-Business Suite: Technology Certification Primer and Roadmap ...
OOW16 - Oracle E-Business Suite: Technology Certification Primer and Roadmap ...OOW16 - Oracle E-Business Suite: Technology Certification Primer and Roadmap ...
OOW16 - Oracle E-Business Suite: Technology Certification Primer and Roadmap ...
vasuballa
 
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the business
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the businessCisco Connect Vancouver 2017 - Embedding IR into the DNA of the business
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the business
Cisco Canada
 
MySQL InnoDB + NDB Cluster - 2018 MySQL Days
MySQL InnoDB + NDB Cluster - 2018 MySQL DaysMySQL InnoDB + NDB Cluster - 2018 MySQL Days
MySQL InnoDB + NDB Cluster - 2018 MySQL Days
Mark Swarbrick
 
MySQL Enterprise Cloud
MySQL Enterprise Cloud MySQL Enterprise Cloud
MySQL Enterprise Cloud
Mark Swarbrick
 
Java EE 8 - Work in progress
Java EE 8 - Work in progressJava EE 8 - Work in progress
Java EE 8 - Work in progress
David Delabassee
 
Using Oracle Real Application Clusters (RAC) in Database as a Service
Using Oracle Real Application Clusters (RAC) in Database as a ServiceUsing Oracle Real Application Clusters (RAC) in Database as a Service
Using Oracle Real Application Clusters (RAC) in Database as a Service
Jean-Philippe PINTE
 
Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...
Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...
Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...
Cisco Canada
 
Permission Boundary Round: AWS Security Week at the San Francisco Loft
Permission Boundary Round: AWS Security Week at the San Francisco LoftPermission Boundary Round: AWS Security Week at the San Francisco Loft
Permission Boundary Round: AWS Security Week at the San Francisco Loft
Amazon Web Services
 
Cisco Connect 2018 Singapore - Cisco SD-WAN
Cisco Connect 2018 Singapore - Cisco SD-WANCisco Connect 2018 Singapore - Cisco SD-WAN
Cisco Connect 2018 Singapore - Cisco SD-WAN
NetworkCollaborators
 
Coherence 12.1.3 hidden gems
Coherence 12.1.3 hidden gemsCoherence 12.1.3 hidden gems
Coherence 12.1.3 hidden gems
harvraja
 
MySQL + GDPR
MySQL + GDPRMySQL + GDPR
MySQL + GDPR
Mark Swarbrick
 
TFI2014 Session II - Requirements for SDN - Jeff Doyle
TFI2014 Session II - Requirements for SDN - Jeff DoyleTFI2014 Session II - Requirements for SDN - Jeff Doyle
TFI2014 Session II - Requirements for SDN - Jeff Doyle
Colorado Internet Society (CO ISOC)
 
OOW16 - Faster and Better: Oracle E-Business Suite Desktop Integration Enhanc...
OOW16 - Faster and Better: Oracle E-Business Suite Desktop Integration Enhanc...OOW16 - Faster and Better: Oracle E-Business Suite Desktop Integration Enhanc...
OOW16 - Faster and Better: Oracle E-Business Suite Desktop Integration Enhanc...
vasuballa
 
Digitize Enterprise Assets for Mobility
Digitize Enterprise Assets for MobilityDigitize Enterprise Assets for Mobility
Digitize Enterprise Assets for Mobility
Sumit Sarkar
 
OOW16 - Build, Deploy, and Manage Smartphone Applications for Oracle E-Busine...
OOW16 - Build, Deploy, and Manage Smartphone Applications for Oracle E-Busine...OOW16 - Build, Deploy, and Manage Smartphone Applications for Oracle E-Busine...
OOW16 - Build, Deploy, and Manage Smartphone Applications for Oracle E-Busine...
vasuballa
 
Guia de Semana at GlassFish Community Event, JavaOne 2011
Guia de Semana at GlassFish Community Event, JavaOne 2011Guia de Semana at GlassFish Community Event, JavaOne 2011
Guia de Semana at GlassFish Community Event, JavaOne 2011
Arun Gupta
 
D3NY17 - Migrating to the Cloud
D3NY17 - Migrating to the CloudD3NY17 - Migrating to the Cloud
D3NY17 - Migrating to the Cloud
Imperva Incapsula
 
How to Keep Developers Happy and Lawyers Calm
How to Keep Developers Happy and Lawyers CalmHow to Keep Developers Happy and Lawyers Calm
How to Keep Developers Happy and Lawyers Calm
All Things Open
 
Journey to Establish an Open Source Policy in a Fortune 20 Health Care Company
Journey to Establish an Open Source Policy in a Fortune 20 Health Care CompanyJourney to Establish an Open Source Policy in a Fortune 20 Health Care Company
Journey to Establish an Open Source Policy in a Fortune 20 Health Care Company
All Things Open
 

Contenu connexe

Tendances

OOW16 - Ready or Not: Applying Secure Configuration to Oracle E-Business Suit...
OOW16 - Ready or Not: Applying Secure Configuration to Oracle E-Business Suit...OOW16 - Ready or Not: Applying Secure Configuration to Oracle E-Business Suit...
OOW16 - Ready or Not: Applying Secure Configuration to Oracle E-Business Suit...
vasuballa
 
OOW16 - Oracle E-Business Suite: Technology Certification Primer and Roadmap ...
OOW16 - Oracle E-Business Suite: Technology Certification Primer and Roadmap ...OOW16 - Oracle E-Business Suite: Technology Certification Primer and Roadmap ...
OOW16 - Oracle E-Business Suite: Technology Certification Primer and Roadmap ...
vasuballa
 
Using Oracle Real Application Clusters (RAC) in Database as a Service
Using Oracle Real Application Clusters (RAC) in Database as a ServiceUsing Oracle Real Application Clusters (RAC) in Database as a Service
Using Oracle Real Application Clusters (RAC) in Database as a Service
Jean-Philippe PINTE
 
OOW16 - Faster and Better: Oracle E-Business Suite Desktop Integration Enhanc...
OOW16 - Faster and Better: Oracle E-Business Suite Desktop Integration Enhanc...OOW16 - Faster and Better: Oracle E-Business Suite Desktop Integration Enhanc...
OOW16 - Faster and Better: Oracle E-Business Suite Desktop Integration Enhanc...
vasuballa
 

Tendances (20)

OOW16 - Ready or Not: Applying Secure Configuration to Oracle E-Business Suit...
OOW16 - Ready or Not: Applying Secure Configuration to Oracle E-Business Suit...OOW16 - Ready or Not: Applying Secure Configuration to Oracle E-Business Suit...
OOW16 - Ready or Not: Applying Secure Configuration to Oracle E-Business Suit...
 
HTTP/2 comes to Java
HTTP/2 comes to JavaHTTP/2 comes to Java
HTTP/2 comes to Java
 
Java EE 8 Overview (Japanese)
Java EE 8 Overview (Japanese)Java EE 8 Overview (Japanese)
Java EE 8 Overview (Japanese)
 
OOW16 - Oracle E-Business Suite: Technology Certification Primer and Roadmap ...
OOW16 - Oracle E-Business Suite: Technology Certification Primer and Roadmap ...OOW16 - Oracle E-Business Suite: Technology Certification Primer and Roadmap ...
OOW16 - Oracle E-Business Suite: Technology Certification Primer and Roadmap ...
 
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the business
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the businessCisco Connect Vancouver 2017 - Embedding IR into the DNA of the business
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the business
 
MySQL InnoDB + NDB Cluster - 2018 MySQL Days
MySQL InnoDB + NDB Cluster - 2018 MySQL DaysMySQL InnoDB + NDB Cluster - 2018 MySQL Days
MySQL InnoDB + NDB Cluster - 2018 MySQL Days
 
MySQL Enterprise Cloud
MySQL Enterprise Cloud MySQL Enterprise Cloud
MySQL Enterprise Cloud
 
Java EE 8 - Work in progress
Java EE 8 - Work in progressJava EE 8 - Work in progress
Java EE 8 - Work in progress
 
Using Oracle Real Application Clusters (RAC) in Database as a Service
Using Oracle Real Application Clusters (RAC) in Database as a ServiceUsing Oracle Real Application Clusters (RAC) in Database as a Service
Using Oracle Real Application Clusters (RAC) in Database as a Service
 
Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...
Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...
Creating a Collaborative Workplace Culture Webinar Series: “How can remote wo...
 
Permission Boundary Round: AWS Security Week at the San Francisco Loft
Permission Boundary Round: AWS Security Week at the San Francisco LoftPermission Boundary Round: AWS Security Week at the San Francisco Loft
Permission Boundary Round: AWS Security Week at the San Francisco Loft
 
Cisco Connect 2018 Singapore - Cisco SD-WAN
Cisco Connect 2018 Singapore - Cisco SD-WANCisco Connect 2018 Singapore - Cisco SD-WAN
Cisco Connect 2018 Singapore - Cisco SD-WAN
 
Coherence 12.1.3 hidden gems
Coherence 12.1.3 hidden gemsCoherence 12.1.3 hidden gems
Coherence 12.1.3 hidden gems
 
MySQL + GDPR
MySQL + GDPRMySQL + GDPR
MySQL + GDPR
 
TFI2014 Session II - Requirements for SDN - Jeff Doyle
TFI2014 Session II - Requirements for SDN - Jeff DoyleTFI2014 Session II - Requirements for SDN - Jeff Doyle
TFI2014 Session II - Requirements for SDN - Jeff Doyle
 
OOW16 - Faster and Better: Oracle E-Business Suite Desktop Integration Enhanc...
OOW16 - Faster and Better: Oracle E-Business Suite Desktop Integration Enhanc...OOW16 - Faster and Better: Oracle E-Business Suite Desktop Integration Enhanc...
OOW16 - Faster and Better: Oracle E-Business Suite Desktop Integration Enhanc...
 
Digitize Enterprise Assets for Mobility
Digitize Enterprise Assets for MobilityDigitize Enterprise Assets for Mobility
Digitize Enterprise Assets for Mobility
 
OOW16 - Build, Deploy, and Manage Smartphone Applications for Oracle E-Busine...
OOW16 - Build, Deploy, and Manage Smartphone Applications for Oracle E-Busine...OOW16 - Build, Deploy, and Manage Smartphone Applications for Oracle E-Busine...
OOW16 - Build, Deploy, and Manage Smartphone Applications for Oracle E-Busine...
 
Guia de Semana at GlassFish Community Event, JavaOne 2011
Guia de Semana at GlassFish Community Event, JavaOne 2011Guia de Semana at GlassFish Community Event, JavaOne 2011
Guia de Semana at GlassFish Community Event, JavaOne 2011
 
D3NY17 - Migrating to the Cloud
D3NY17 - Migrating to the CloudD3NY17 - Migrating to the Cloud
D3NY17 - Migrating to the Cloud
 

Similaire à Related OSS Projects - Peter Rowe, Flexera Software

Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
FINOS
 
Open source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsOpen source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the details
Rogue Wave Software
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
Rogue Wave Software
 
Choosing the right business model and license - OW2con'19, June 12-13, 2019, ...
Choosing the right business model and license - OW2con'19, June 12-13, 2019, ...Choosing the right business model and license - OW2con'19, June 12-13, 2019, ...
Choosing the right business model and license - OW2con'19, June 12-13, 2019, ...
OW2
 

Similaire à Related OSS Projects - Peter Rowe, Flexera Software (20)

How to Keep Developers Happy and Lawyers Calm
How to Keep Developers Happy and Lawyers CalmHow to Keep Developers Happy and Lawyers Calm
How to Keep Developers Happy and Lawyers Calm
 
Journey to Establish an Open Source Policy in a Fortune 20 Health Care Company
Journey to Establish an Open Source Policy in a Fortune 20 Health Care CompanyJourney to Establish an Open Source Policy in a Fortune 20 Health Care Company
Journey to Establish an Open Source Policy in a Fortune 20 Health Care Company
 
Understanding open source licenses
Understanding open source licensesUnderstanding open source licenses
Understanding open source licenses
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
 
Identifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersIdentifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developers
 
Open source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsOpen source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the details
 
Open source software: Diligence, compliance, and future trends
Open source software: Diligence, compliance, and future trendsOpen source software: Diligence, compliance, and future trends
Open source software: Diligence, compliance, and future trends
 
Best practice recommendations for utilizing open source software (from a lega...
Best practice recommendations for utilizing open source software (from a lega...Best practice recommendations for utilizing open source software (from a lega...
Best practice recommendations for utilizing open source software (from a lega...
 
Introduction To Open Source Licenses
Introduction To Open Source LicensesIntroduction To Open Source Licenses
Introduction To Open Source Licenses
 
Open-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackOpen-Source Software Panel - IP Track
Open-Source Software Panel - IP Track
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
 
Selecting an Open Source License and Business Model for Your Project to Have ...
Selecting an Open Source License and Business Model for Your Project to Have ...Selecting an Open Source License and Business Model for Your Project to Have ...
Selecting an Open Source License and Business Model for Your Project to Have ...
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
 
FOSSology and OSS-Tools for License Compliance and Automation
FOSSology and OSS-Tools for License Compliance and AutomationFOSSology and OSS-Tools for License Compliance and Automation
FOSSology and OSS-Tools for License Compliance and Automation
 
Choosing the right business model and license - OW2con'19, June 12-13, 2019, ...
Choosing the right business model and license - OW2con'19, June 12-13, 2019, ...Choosing the right business model and license - OW2con'19, June 12-13, 2019, ...
Choosing the right business model and license - OW2con'19, June 12-13, 2019, ...
 
Fundamentals of Free and Open Source Software
Fundamentals of Free and Open Source SoftwareFundamentals of Free and Open Source Software
Fundamentals of Free and Open Source Software
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?
 
Fosss
FosssFosss
Fosss
 
My Seminar
My SeminarMy Seminar
My Seminar
 
Understanding Open Source
Understanding Open SourceUnderstanding Open Source
Understanding Open Source
 

Plus de OpenStack

Swinburne University of Technology - Shunde Zhang & Kieran Spear, Aptira
Swinburne University of Technology - Shunde Zhang & Kieran Spear, AptiraSwinburne University of Technology - Shunde Zhang & Kieran Spear, Aptira
Swinburne University of Technology - Shunde Zhang & Kieran Spear, Aptira
OpenStack
 
Supercomputing by API: Connecting Modern Web Apps to HPC
Supercomputing by API: Connecting Modern Web Apps to HPCSupercomputing by API: Connecting Modern Web Apps to HPC
Supercomputing by API: Connecting Modern Web Apps to HPC
OpenStack
 
Federation and Interoperability in the Nectar Research Cloud
Federation and Interoperability in the Nectar Research CloudFederation and Interoperability in the Nectar Research Cloud
Federation and Interoperability in the Nectar Research Cloud
OpenStack
 
Simplifying the Move to OpenStack
Simplifying the Move to OpenStackSimplifying the Move to OpenStack
Simplifying the Move to OpenStack
OpenStack
 
Hyperconverged Cloud, Not just a toy anymore - Andrew Hatfield, Red Hat
Hyperconverged Cloud, Not just a toy anymore - Andrew Hatfield, Red HatHyperconverged Cloud, Not just a toy anymore - Andrew Hatfield, Red Hat
Hyperconverged Cloud, Not just a toy anymore - Andrew Hatfield, Red Hat
OpenStack
 
A glimpse into an industry Cloud using Open Source Technologies - Adrian Koh,...
A glimpse into an industry Cloud using Open Source Technologies - Adrian Koh,...A glimpse into an industry Cloud using Open Source Technologies - Adrian Koh,...
A glimpse into an industry Cloud using Open Source Technologies - Adrian Koh,...
OpenStack
 
Enabling OpenStack for Enterprise - Tarso Dos Santos, Veritas
Enabling OpenStack for Enterprise - Tarso Dos Santos, VeritasEnabling OpenStack for Enterprise - Tarso Dos Santos, Veritas
Enabling OpenStack for Enterprise - Tarso Dos Santos, Veritas
OpenStack
 
Understanding blue store, Ceph's new storage backend - Tim Serong, SUSE
Understanding blue store, Ceph's new storage backend - Tim Serong, SUSEUnderstanding blue store, Ceph's new storage backend - Tim Serong, SUSE
Understanding blue store, Ceph's new storage backend - Tim Serong, SUSE
OpenStack
 
OpenStack Networks the Web-Scale Way - Scott Laffer, Cumulus Networks
OpenStack Networks the Web-Scale Way - Scott Laffer, Cumulus NetworksOpenStack Networks the Web-Scale Way - Scott Laffer, Cumulus Networks
OpenStack Networks the Web-Scale Way - Scott Laffer, Cumulus Networks
OpenStack
 
Diving in the desert: A quick overview into OpenStack Sahara capabilities - A...
Diving in the desert: A quick overview into OpenStack Sahara capabilities - A...Diving in the desert: A quick overview into OpenStack Sahara capabilities - A...
Diving in the desert: A quick overview into OpenStack Sahara capabilities - A...
OpenStack
 
Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...
Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...
Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...
OpenStack
 
OpenStack and Red Hat: How we learned to adapt with our customers in a maturi...
OpenStack and Red Hat: How we learned to adapt with our customers in a maturi...OpenStack and Red Hat: How we learned to adapt with our customers in a maturi...
OpenStack and Red Hat: How we learned to adapt with our customers in a maturi...
OpenStack
 
Meshing OpenStack and Bare Metal Networks with EVPN - David Iles, Mellanox Te...
Meshing OpenStack and Bare Metal Networks with EVPN - David Iles, Mellanox Te...Meshing OpenStack and Bare Metal Networks with EVPN - David Iles, Mellanox Te...
Meshing OpenStack and Bare Metal Networks with EVPN - David Iles, Mellanox Te...
OpenStack
 
The Why and How of HPC-Cloud Hybrids with OpenStack - Lev Lafayette, Universi...
The Why and How of HPC-Cloud Hybrids with OpenStack - Lev Lafayette, Universi...The Why and How of HPC-Cloud Hybrids with OpenStack - Lev Lafayette, Universi...
The Why and How of HPC-Cloud Hybrids with OpenStack - Lev Lafayette, Universi...
OpenStack
 
Traditional Enterprise to OpenStack Cloud - An Unexpected Journey
Traditional Enterprise to OpenStack Cloud - An Unexpected JourneyTraditional Enterprise to OpenStack Cloud - An Unexpected Journey
Traditional Enterprise to OpenStack Cloud - An Unexpected Journey
OpenStack
 
Building a GPU-enabled OpenStack Cloud for HPC - Lance Wilson, Monash University
Building a GPU-enabled OpenStack Cloud for HPC - Lance Wilson, Monash UniversityBuilding a GPU-enabled OpenStack Cloud for HPC - Lance Wilson, Monash University
Building a GPU-enabled OpenStack Cloud for HPC - Lance Wilson, Monash University
OpenStack
 
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStackContainers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
OpenStack
 
Moving to Cloud for Good: Alexander Tsirel, HiveTec
Moving to Cloud for Good: Alexander Tsirel, HiveTecMoving to Cloud for Good: Alexander Tsirel, HiveTec
Moving to Cloud for Good: Alexander Tsirel, HiveTec
OpenStack
 

Plus de OpenStack (20)

Swinburne University of Technology - Shunde Zhang & Kieran Spear, Aptira
Swinburne University of Technology - Shunde Zhang & Kieran Spear, AptiraSwinburne University of Technology - Shunde Zhang & Kieran Spear, Aptira
Swinburne University of Technology - Shunde Zhang & Kieran Spear, Aptira
 
Supercomputing by API: Connecting Modern Web Apps to HPC
Supercomputing by API: Connecting Modern Web Apps to HPCSupercomputing by API: Connecting Modern Web Apps to HPC
Supercomputing by API: Connecting Modern Web Apps to HPC
 
Federation and Interoperability in the Nectar Research Cloud
Federation and Interoperability in the Nectar Research CloudFederation and Interoperability in the Nectar Research Cloud
Federation and Interoperability in the Nectar Research Cloud
 
Simplifying the Move to OpenStack
Simplifying the Move to OpenStackSimplifying the Move to OpenStack
Simplifying the Move to OpenStack
 
Hyperconverged Cloud, Not just a toy anymore - Andrew Hatfield, Red Hat
Hyperconverged Cloud, Not just a toy anymore - Andrew Hatfield, Red HatHyperconverged Cloud, Not just a toy anymore - Andrew Hatfield, Red Hat
Hyperconverged Cloud, Not just a toy anymore - Andrew Hatfield, Red Hat
 
A glimpse into an industry Cloud using Open Source Technologies - Adrian Koh,...
A glimpse into an industry Cloud using Open Source Technologies - Adrian Koh,...A glimpse into an industry Cloud using Open Source Technologies - Adrian Koh,...
A glimpse into an industry Cloud using Open Source Technologies - Adrian Koh,...
 
Enabling OpenStack for Enterprise - Tarso Dos Santos, Veritas
Enabling OpenStack for Enterprise - Tarso Dos Santos, VeritasEnabling OpenStack for Enterprise - Tarso Dos Santos, Veritas
Enabling OpenStack for Enterprise - Tarso Dos Santos, Veritas
 
Understanding blue store, Ceph's new storage backend - Tim Serong, SUSE
Understanding blue store, Ceph's new storage backend - Tim Serong, SUSEUnderstanding blue store, Ceph's new storage backend - Tim Serong, SUSE
Understanding blue store, Ceph's new storage backend - Tim Serong, SUSE
 
OpenStack Networks the Web-Scale Way - Scott Laffer, Cumulus Networks
OpenStack Networks the Web-Scale Way - Scott Laffer, Cumulus NetworksOpenStack Networks the Web-Scale Way - Scott Laffer, Cumulus Networks
OpenStack Networks the Web-Scale Way - Scott Laffer, Cumulus Networks
 
Diving in the desert: A quick overview into OpenStack Sahara capabilities - A...
Diving in the desert: A quick overview into OpenStack Sahara capabilities - A...Diving in the desert: A quick overview into OpenStack Sahara capabilities - A...
Diving in the desert: A quick overview into OpenStack Sahara capabilities - A...
 
Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...
Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...
Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...
 
OpenStack and Red Hat: How we learned to adapt with our customers in a maturi...
OpenStack and Red Hat: How we learned to adapt with our customers in a maturi...OpenStack and Red Hat: How we learned to adapt with our customers in a maturi...
OpenStack and Red Hat: How we learned to adapt with our customers in a maturi...
 
Meshing OpenStack and Bare Metal Networks with EVPN - David Iles, Mellanox Te...
Meshing OpenStack and Bare Metal Networks with EVPN - David Iles, Mellanox Te...Meshing OpenStack and Bare Metal Networks with EVPN - David Iles, Mellanox Te...
Meshing OpenStack and Bare Metal Networks with EVPN - David Iles, Mellanox Te...
 
The Why and How of HPC-Cloud Hybrids with OpenStack - Lev Lafayette, Universi...
The Why and How of HPC-Cloud Hybrids with OpenStack - Lev Lafayette, Universi...The Why and How of HPC-Cloud Hybrids with OpenStack - Lev Lafayette, Universi...
The Why and How of HPC-Cloud Hybrids with OpenStack - Lev Lafayette, Universi...
 
Ironically, Infrastructure Doesn't Matter - Quinton Anderson, Commonwealth Ba...
Ironically, Infrastructure Doesn't Matter - Quinton Anderson, Commonwealth Ba...Ironically, Infrastructure Doesn't Matter - Quinton Anderson, Commonwealth Ba...
Ironically, Infrastructure Doesn't Matter - Quinton Anderson, Commonwealth Ba...
 
Traditional Enterprise to OpenStack Cloud - An Unexpected Journey
Traditional Enterprise to OpenStack Cloud - An Unexpected JourneyTraditional Enterprise to OpenStack Cloud - An Unexpected Journey
Traditional Enterprise to OpenStack Cloud - An Unexpected Journey
 
Building a GPU-enabled OpenStack Cloud for HPC - Lance Wilson, Monash University
Building a GPU-enabled OpenStack Cloud for HPC - Lance Wilson, Monash UniversityBuilding a GPU-enabled OpenStack Cloud for HPC - Lance Wilson, Monash University
Building a GPU-enabled OpenStack Cloud for HPC - Lance Wilson, Monash University
 
Monitoring Uptime on the NeCTAR Research Cloud - Andy Botting, University of ...
Monitoring Uptime on the NeCTAR Research Cloud - Andy Botting, University of ...Monitoring Uptime on the NeCTAR Research Cloud - Andy Botting, University of ...
Monitoring Uptime on the NeCTAR Research Cloud - Andy Botting, University of ...
 
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStackContainers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
 
Moving to Cloud for Good: Alexander Tsirel, HiveTec
Moving to Cloud for Good: Alexander Tsirel, HiveTecMoving to Cloud for Good: Alexander Tsirel, HiveTec
Moving to Cloud for Good: Alexander Tsirel, HiveTec
 

Dernier

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Dernier (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Related OSS Projects - Peter Rowe, Flexera Software

  • 1. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential1 Attack of the Code Zombies II - The Lawyers’ Revenge Peter Rowe prowe@flexerasoftware.com @SLO_Djinn
  • 2. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential2 Disclaimer! IANYL; // I am not _your_ lawyer; IANYP; // I am not _your_ programmer; Today’s session provides an introduction to managing Open Source Compliance and Vulnerabilities…. …But only your lawyers can tell you what you need to do!
  • 3. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential3 Disclaimer! IANYL; // I am not _your_ lawyer; IANYP; // I am not _your_ programmer; Today’s session provides an introduction to managing Open Source Compliance and Vulnerabilities…. …But only your lawyers can tell you what you need to do!
  • 4. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential4 Your Product Lives in a Deep Stack of OSS and Oh?$$ Web Services
  • 5. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential5 A Typical Application is 50% Open Source OSS Code You DON’T Know About Code You Wrote OSS Code You DO Know About (2%)
  • 6. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential6 Managing Vulnerabilities & Managing Compliance Code Zombies Lawyers?
  • 7. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential7 Managing Vulnerabilities & Managing Compliance Code Zombies Lawyers?
  • 8. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential8 What is a Code Zombie? A ‘Zombie’ is an Open Source Component that lives on long after it was declared dead! Other terms you will hear are: • Component with known vulnerabilities • Stale component Versions of components that have had security vulnerabilities reported against them, and patches or updated versions available that fix these problems!
  • 9. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential9 We must be OK…. We’re using a static analysis tool.....? Static analysis is typically not used in a way to find these types of vulnerabilities. Licencing models for these tools often discourage scanning of large open source libraries. The number of hits and false positives is prohibitive even if used to scan everything. Vulnerabilities are not always caught via static analysis. Wasted effort for components with known vulnerabilities!
  • 10. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential10 So what can you do? Review OSS components at lower levels to confirm compliance with the company’s OSS policies and detect Vulnerabilities Results from these reviews are used to: –Help make USE / DON’T USE decisions –Drive internal remediation activities to fix problems –Create bug reports for the upstream project
  • 11. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential11 And What About the Lawyers?
  • 12. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential12 Open Source – Your Obligations Open Source is commonly confused with “Free” as in no cost software! Open source may be Free of Cost, but is not Free of Obligations! “Free as in speech, NOT as in beer” Open Source licences have a list of obligations that users must follow in order to legally use the open source library under that licence Your Compliance actions depend on how you are using these OSS components and most licences have Multiple Obligations
  • 13. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential13 Copyright law (in many places) means that all source is explicitly copyright EVEN if is not marked! You have no right to use someone else’s code without permission. Open Source (and commercial) licences are the way of giving permission to use source code. Lack of licence may indicate a lack of maturity for the OSS project? It is not Open Source if you don’t have a licence Why do you Need and Open Source Licence?
  • 14. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential14 So What Does Compliance Look Like? • You provide copyright notices in your About Box, Documentation etc. • You pass along licence text to your users. • You provide the source code for GPL, LGPL modules etc. • You mark changes in source files. • You pay required Patent licensing. • You pay for commercial libraries as needed. • You respect web service SLAs. • You do this for every release.
  • 15. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential15 And Your Compliance Depends on the Delivery Method Embedded Linux vs Application running on Linux – Are you shipping Linux or are your users bringing their own Client / Server – Some parts hosted, some parts distributed Mobile applications – Classic distribution with some possible Appstore implications Web / JavaScript front ends – JavaScript, HTML, CSS sent to users’ browsers xaaS vs shipping product (e.g. a distribution) – Most OSS licences only come into effect upon Distribution!
  • 16. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential16 What’s different about xaaS? Traditionally software was distributed to end users through physical means – Classic open source and commercial licences were written with this in mind. Many open source licences only come into effect with classic distribution – Concerns about the GPL and the “ASP loophole” xaaS projects are not distributed in the classic way but instead run on a network server – Users come to the software instead of the software coming to the users.
  • 17. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential17 So just what is the Affero GPL (AGPL) The AGPL was designed to close the ASP loophole by treating network access as similar to a distribution. The basic intent is to require source code for the entire application to be offered to the end users!
  • 18. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential18 Common AGPL-Style Libraries The most common AGPL style libraries we see are: • iText PDF generation library (dual licenced AGPL or commercial) • MongoDB (Dual licence AGPL w/ exception or Commercial) • Berkeley DB/Sleepycat (now AGPL or Commercial) • Funambol (AGPL or Commercial) • Ghostscript (now AGPL or Commercial) • Noe4J (GPLv3/AGPL or commercial) • Magento (OSL – similar to the AGPL) Many of these are dual licenced with commercial options!
  • 19. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential19 xAAS Compliance – Top Concerns The AGPL is the classic concern for xaaS vendors…. … but there are other “AGPL like” licences that include: • Common Public Attribution licence http://en.wikipedia.org/wiki/Common_Public_Attribution_licence • Open Software licence http://en.wikipedia.org/wiki/Open_Software_licence Plus, ALL the other licences the require review and compliance!
  • 20. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential20 Other xAAS Compliance Issues Images, Icons, Fonts and Sounds JavaScript and CSS Patent licences Private Installations And…
  • 21. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential21 Images, Icons, Fonts and Sounds JavaScript and CSS Patent licences Private Installations Untracked Libraries with Vulnerabilities – Old versions of OSS libraries Other xAAS Compliance Issues
  • 22. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential22 So what can you do? Review OSS components at lower levels to confirm compliance with the company’s OSS policies and detect Vulnerabilities. Important components are looked at from a declared licence and discovered subcomponent analysis perspective. The declared licence may be compliant but the component may have unacceptable subcomponent licences. Results from these reviews are used to: –Help make USE / DON’T USE decisions. –Drive internal remediation activities to fix problems. –Create bug reports for the upstream project.
  • 23. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential23 But…..How to get Developers to “Buy-In”? Developers want to ship and often route around processes…. …. Especially if it’s not clear why the process exists? • Attribution - “We should give credit where credit is due” • Legal / Audit / Good Practice – “We are required to!” • Quality / Security – “War stories” • The Open Source Ethos – “Help those who help us”
  • 24. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential24 Create a Process That Works for Your Organisation… Steps for Implementing an Open Source Management System Audit Existing Code Against Policy Develop New Code Comply Use OSS Fix Issues Create Policy Review OSS Request Request Use of OSS
  • 25. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential25 … And make it EASY, EFFICIENT and AUTOMATED! Steps for Implementing an Open Source Management System Audit Existing Code Against Policy Develop New Code Comply Use OSS Fix Issues Create Policy Review OSS Request Request Use of OSS
  • 26. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential26 And Specifically for If you use Openstack, protect against vulnerabilities and IP concerns as you build your products. Analyse open source materials you may are submitting to Openstack. Analyse modules you get from Openstack and Openstack partners to validate IP and security checkpoints.
  • 27. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential27 And if You Find Things You Should Not be Using….? Remove and Re-Write. Get new OSS components. Contact the author and ask for a licence. Wait and see!
  • 28. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential28 Disclaimer! IANYL; // I am not _your_ lawyer; IANYP; // I am not _your_ programmer; Today’s session provides an introduction to managing Open Source Compliance and Vulnerabilities…. …But only your lawyers can tell you what you need to do!
  • 29. © 2017 Flexera Software LLC. All rights reserved. | Company Confidential29 But here are a few suggestions…. Come and talk to us….. …. And possibly win a prize. Email: prowe@flexerasoftware.com Twitter: @SLO_Djinn Flexera Website: https://goo.gl/ZA2ecI