When you buy software, you probably trust that you’re getting a secure product that runs well. This faith may come from the fact that the source code - the digital DNA that tells the program how to work and what to do - is hidden from consumers. In most cases, only the select programmers tasked with maintenance and security can see it and make changes.
Closed or proprietary code is the engine of legions of vendor-made products. Many of them, like Microsoft’s nearly ubiquitous Windows software, are closed code to prevent piracy and duplication by competitors or users. And for some license owners, the perceived benefit of closed code is that if no one sees it, those who intend to do harm can’t see the software’s vulnerabilities easily and how to exploit them.
Complete story here
The GNU General Public License (GPL) used to dominate open-source licensing, its hold appears to be slipping according to new research from Black Duck Software. While GPLv3 has seen a 400-percent increase in adoption, and though the GPL and its variants still claim over 65 percent of all open-source projects, Black Duck reports a 5-percent decline in GPL adoption.
Top 10 Open-source Licenses
(Credit: Black Duck Software)
complete article here
When Dyanne Walker, the CEO of Web Teks Inc., heard her name called at the 2009 Hampton Roads Tech Nite Awards, she didn’t get up. The win, for High Tech Entrepreneur of the Year, didn’t register. She had nothing prepared.
“I was speechless,” she said. “I never thought I’d win.”
Choosing her was a no-brainer for the judges.
“Dyanne was proactive in adopting open-source technology before most people had that foresight,” said Jarrett Early, who helped judge the event, sponsored by the Hampton Roads Technology Council. “A lot of people looked down on open source as an unregulated mess, but she saw it as an untapped tool with a lot of potential.”
Complete story here
Government agencies looking to save money by using software with no up-front purchase cost should fully consider the long-term expenditures for using those products, a new report said.
During the current global recession, all levels of government may be tempted to explore software that’s free to obtain, said the report, released Tuesday by the Association for Competitive Technology (ACT), a trade group generally supportive of proprietary software models. But the ACT report doesn’t specifically discourage government agencies from using open-source or free software; instead it encourages agencies to consider costs such as support, downtime and management.
The report’s goal is to help “avoid creating any kind of expectations that there is such a thing as a free lunch in IT,” said Braden Cox, a co-author of the report and research and policy counsel at ACT.
The total cost of ownership for open-source and free software has been long debated, but the report also looks at advertising-supported software and software bundled with hardware that’s sold. In some cases, software available for free collects data about users, the report said, and users should consider their privacy and security, as well as the sustainability of the software’s business model, before adopting the freely available products.
Complete article here
For years, open-source advocates like myself have fixated on freedom. “Don’t get locked in!” has been our rallying cry to the teeming masses, yearning to be free from the shackles of proprietary lock-in. “Stop feeding your firstborn sons to the beast in Redmond!”
At Tuesday’s Open Source Forum in London, however, “freedom” took a back seat to cost reduction, performance, and IT efficiency. Not surprisingly, the message was even more warmly received, and probably will result in far greater uptake of open-source software than the freedom cry.
The reason is simple: people get paid to get work done. The chief information officer of Company X has a job to do, and that job doesn’t entail weekday freedom fighting, battling software overlords down on Canary Wharf. Rather, her job is to make the IT trains run on time, and while open source likely plays an increasingly prominent role in this, its importance has less to do with high ideals than high performance.
Open source, in other words, is winning because it works, not because it’s saving the planet.
Complete story here
A recent survey of IT professionals by IDG, revealed that nearly two-thirds were using open source software or planned to within the next year. The benefits to the enterprise are many: lower costs, relief on overextended development resources, access to cutting-edge technology, freedom from vendor development schedules, open standards and rapid deployment.
…what is the best course of action for IT professionals to take?
- Maintain a software inventory for all applications supported by those within the scope of CISO responsibility. Require application inventory records to include component details including source code location and/or open source version.
- Maintain accountability for accurate and complete software component listings by source repository.
- Hold open source to the same standard of source code control as software developed in-house. This should include requirements for a documented patch process prior to production use of source code (open or not). It should also require preproduction vulnerability scans.
- Where open source fails vulnerability scans, work with developers to see if the vulnerable feature is in use in application software running in house. Also assist in the identification of compensating controls.
- Do not allow vulnerable code to run in production without compensating controls.
- Train developers on common source code vulnerabilities in such a way that they are directly accountable for any easily identified vulnerability found in their code.
- Appoint a security expert with the power to veto releases from getting into production.
- Build security in by mandating processes that integrate security proactively throughout the software development lifecycle. Include relevant non-coding activities, such as threat modeling and the development of abuse cases.
- Idenitify security vulnerabilities in open source software. See http://opensource.fortify.com
- Leverage technologies to get security right, which includes static analysis in development and dynamic analysis during security testing in quality assurance.
Complete article here
The open source movement gave rise to Linux and spawned a generation of collaborative coders. Now it’s extending its reach to the hardware industry. 
Open source hardware is designed to be reprogrammed or physically modified to make it easy to install custom firmware and software to create entirely new products. The big idea: crowdsourcing hardware development will encourage innovation in unforeseen ways, much like how Creative Commons licenses have enabled artists to remix existing content to create new works.
The field of open source hardware is increasingly diverse and includes programmable gadgets, and DIY kits. There is even an open source chip-processor architecture. Some of these experiments have been highly successful and others have failed, but all have served as valuable learning experiences for the communities that emerged to leverage the resulting technology.
Take Bug Labs. The New York-based company makes modular open source hardware components that can be snapped together and programmed to build custom devices with specialized functions. The central building block of the BUG hardware stack is the BUGbase, a $250 portable computing device with an ARM processor, memory, a rechargeable battery and various ports. Additional modules, which are sold separately and snap into the BUGbase, can be used to add speakers, GPS, camera, motion sensors and an LCD touch screen. They have also announced support for new modules that will add WiFi, 3-G and a tiny video projector.
Complete story here
WALTHAM, MA–(Marketwire - June 10, 2009) - Open source projects created for use in health care and medical applications promise to significantly reduce costs and contribute efficiencies to health care organizations, according to Black Duck Software, the leading global provider of products and services for accelerating software development through the managed use of open source software.
Using a well-known cost estimation model (COCOMO) to determine the cost to produce software, Black Duck estimates that the nearly 800 health care open source software projects it identified represent $6 billion USD of software development costs, and would require 31,000 staff years of development to replicate. These projects represent a significant potential stimulus resource available to the healthcare industry.
Projects dealing with electronic health records management, practice management and VistA, the health care information management system developed by the US Veterans Administration, lead in project community activity. Projects such as PatientOS, a patient management system; OpenEMR; an electronic medical record application, and OpenVista, an open-source version of VistA, are among the most active health care projects in the open source community as tracked by the Black Duck KnowledgeBase.
Complete story here
Even as CIOs accelerate adoption of open source in an effort to trim costs and improve innovation, the world’s top system integrators (SIs) have largely played it safe on the sidelines. Accenture, given its close partnership with Microsoft, has perhaps been one of the most conservative SIs when it comes to open source.
Or so it has appeared. Despite a partnership with SpringSource, an open-source infrastructure leader, Accenture’s open-source activities have largely gone unnoticed. Even Accenture’s Innovation Center for Open Source, a collaboration with Red Hat and other open-source vendors, was more whispered about than promoted.
I caught up with Alex Wied, senior manager at Accenture and head of its Innovation Center for Open Source, and Tony Roby, partner in Accenture’s Global Architecture and Core Technologies group, to find out what, exactly, Accenture has been doing with open source, and how the global consulting firm expects to use open source going forward.
Complete story here
The Homeland Security Department is funding a program that will help federal, state and local agencies better understand their options for using open-source software.
DHS’ Science and Technology Directorate will fund the Homeland Open Security Technology (HOST) project, which will start with a one-year, $1.5 million contract and possible additional years to follow. The University of Southern Mississippi and the Open Source Software Institute (OSSI) will conduct the work, and the Navy’s Space and Naval Warfare Systems Command will handle the contracting and help with guidance for the program.
HOST will provide a way for agencies, particularly at the state and local level, to better understand how to use open-source software, said Doug Maughan, a cybersecurity program leader in DHS’ Science and Technology Directorate. Open-source software could make first responder and other homeland security agencies more responsive in their software development.
The potential advantage of open-source software “comes down to agility and cost-savings,” Maughan said.
The first year of the project will focus on “figuring out what we have, how we can get the pieces to interoperate better and how to make [sure] these resources [are] available to those who need them,” said John Weathersby, OSSI’s executive director.
Complete story here