For the past two days I've been back and forth between the OSBC event and the office. I've been particularly interested in the sessions on governance and legal challenges related to open source adoption. What's fascinating about these talks isn't so much what's in the content, but what's missing. There is a lot of talk, still, about open source licensing issues but very few lawyers made the connection between due diligence in security and legal issues for the organization.
As we sit on the cusp of Q2 2008, we are far enough along in the year to see that we are indeed traveling in the right direction as an industry, as a community and as an organization. The question is no longer "What is open source?" nor is it "Am I using open source?" it is now, "How can I best manage my open source?" It has moved from its past as backroom Voodoo programming to become common place. The significant shift in both understanding and use can best be described as the "next generation of open source" - more prevalent, more robust, more secure.
One of the most oft asked questions in 2007 had to be, "What are the barriers to open source adoption?" It was asked by analysts, lawyers, IT Managers, security executives, developers, potential customers, and industry veterans. I know we asked it several times ourselves. There are many definitions of the word "adoption", and as you'd probably guess most have to do with the parent-child relationship. Even in that context though, there is still an aspect of the definition that fits.
By now you’ve probably seen HP’s FOSSology announcement. It’s an initiative that they say will, “…facilitate the study of Free and Open Source Software by providing free data analysis toolsâ€. It’s a welcome addition to the open source world, and is evidence of the growth of a robust ecosystem of tools and information. Open source is how software is done today.
New Year’s Greetings from all of us at Palamida!
2007 was certainly a busy year for open source. From the release of the GPLv3 to the slew of Busybox lawsuits , open source enjoyed mainstream coverage like never before. The elevated profile propelled it from the online developer communities to daily posts in popular tech blogs. Almost overnight legal, business and security folks that normally didn’t know, or weren’t involved with how much open source they were using became concerned with its affect on their organizations. That said, the biggest trend we saw last year was awareness.
For year-end 2007, we have compiled the Top 5 Most Overlooked Open Source Vulnerabilities encountered during 2007. We came up with this list after reviewing over 300 million lines of code and spending literally thousands of hours of analysis across a wide range of industries - including technology, financial services and government, among others.
…And it was vague or unintelligible, would it still be enforceable?
Martin LaMonica's article, "Linux defenders go after more alleged GPL3 offenders," marks the line drawn in the sand between, "What the heck is open source?" and "We better not be using any GPL3!"
While I can't intelligently comment on whether the content of the GPL is good or bad, oppressive or otherwise, I will say that these lawsuits are proof positive that the purported "FUD" surrounding the importance of open source license audits is in fact, real.
Matt Asay wrote a very compelling blog last week regarding open source use in the Federal Government. From my standpoint, the content of the blog served as much more than a topic of discussion it was a call to action for the open source community.
Every so often I think about how fortunate we are as a company to be part of such a dynamic and thriving open source community. Our physical location is fantastic and even better, our "back yard" boasts some of the most innovative open source organizations in the nation. Less than a block to the right is Jaspersoft , around the corner is Groundwork Open Source and a bit further up are Hyperic and Mulesource among others. The area is a hot bed of activity and enables us to keep our finger on the pulse of what's happening in open source evolution.
