Cyber Deterrence or: How We Learned to Stop Worrying and ...
How enterprises learned to stop worrying and love open source
-
Upload
rogue-wave-software -
Category
Technology
-
view
187 -
download
1
Transcript of How enterprises learned to stop worrying and love open source
![Page 1: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/1.jpg)
1© 2016 Rogue Wave Software, Inc. All Rights Reserved.
1
Top open source lessonsfor every enterpriseEpisode I:
How enterprises learned to stop worrying and love open source
![Page 2: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/2.jpg)
2© 2016 Rogue Wave Software, Inc. All Rights Reserved.
2
Rod Cope, CTORogue Wave Software
Presenter
![Page 3: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/3.jpg)
3© 2016 Rogue Wave Software, Inc. All Rights Reserved.
3
Poll #1What percentage of your code is free and open source software?
A. 0 to 25%B. 26 to 50%C. 51 to 75%
D. More than 75%
![Page 4: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/4.jpg)
4© 2016 Rogue Wave Software, Inc. All Rights Reserved.
4
![Page 5: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/5.jpg)
5© 2016 Rogue Wave Software, Inc. All Rights Reserved.
5
”Open source has eaten the world.” Rod Cope, CTO
Rogue Wave Software
![Page 6: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/6.jpg)
6© 2016 Rogue Wave Software, Inc. All Rights Reserved.
6
1. A brief history of open source2. Talking technical3. Call security4. Keys to licensing5. A brief history of the future6. Summary7. Q&A
Agenda
![Page 7: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/7.jpg)
7© 2016 Rogue Wave Software, Inc. All Rights Reserved.
7
A brief history of open source
![Page 8: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/8.jpg)
8© 2016 Rogue Wave Software, Inc. All Rights Reserved.
8
Open source evolution
• Freeware/shareware
• BBS• Perl• GPL
• “Open Source”
• Apache, Tomcat, JBoss
• PHP, Python, Ruby
• Linux
• FUD• OSS
company explosion
• Insurance plays
• Git• Android
1980’s
1990’s
2000’s
2010’s 2016
• Package explosion
• GitHub ascension
• Full speed OSS adoption
• Docker• Swift
• “OSS first” policies
• CentOS in enterprise
• Cloud OSS• Cognitive
computing
OSS in the enterprise
Unaware Early tests Keep out! Adoption Ubiquitous
![Page 9: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/9.jpg)
9© 2016 Rogue Wave Software, Inc. All Rights Reserved.
9
3 evolutionary paths
1. Technical2. Security3. Licensing
CHAOS
NEUTRAL LOVE
Spectrum of confidence
![Page 10: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/10.jpg)
10© 2016 Rogue Wave Software, Inc. All Rights Reserved.
10
Poll #2How well is your organization managing OSS?
A. It’s chaotic: minimal process, no tracking, uncertain useB. It’s okay: some process & tracking, some license compliance
C. It’s good: project-level processes, tracking, & complianceD. It’s great: processes and tools in place across organization
![Page 11: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/11.jpg)
11© 2016 Rogue Wave Software, Inc. All Rights Reserved.
11
Talking technical
![Page 12: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/12.jpg)
12© 2016 Rogue Wave Software, Inc. All Rights Reserved.
12
Technical confidence
• Growth in number of packages / challenges• Growth in languages / challenges• Growth in skills / challenges
By 2018, every enterprise will be a “software company”Recruiting developers will be a CEO top 5 strategy for
success
2015 2020010203040
Billions of IoT devices
BI Intelligence
2 billion GB, 600 million queries/sec
278 billion messages/da
y
![Page 13: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/13.jpg)
13© 2016 Rogue Wave Software, Inc. All Rights Reserved.
13
Packages• 1000’s of repositories• Everything rough around the edges• Venture capitalists:
“There will be ~10 OSS packages”
CHAOS
• 1000’s of packages• Elevated repositories• Package management systems• Strong technical benefits• FUD around licensing
• Millions of packages• Dominant repositories• Safe adoption of OSS• Commercial support
options
NEUTRAL
LOVE
![Page 14: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/14.jpg)
14© 2016 Rogue Wave Software, Inc. All Rights Reserved.
14
Languages• Few language choices• Everything written from scratch• No standards• Weak tool support
CHAOS
• New scripting languages for web development• Frameworks and other tools accelerate
development• Web and other standards become common
• Many languages: declarative, functional, statically typed
• Strong competition among frameworks & tools• “Best tool for the job” is the norm• Possible downside: tyranny of choice
NEUTRAL
LOVE
![Page 15: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/15.jpg)
15© 2016 Rogue Wave Software, Inc. All Rights Reserved.
15
Skills
• Nobody knows OSS• Developer leaves code is
unmaintainable• No formal support or training available
CHAOS
• OSS becomes common, easier to find developers
• Training available for some key packages• OSS experience appears on resumes
• Formal training and certification available• Professional support, guidance, and migration
help• OSS history and code is key to getting a job• Employers looking specifically for OSS experts
NEUTRAL
LOVE
![Page 16: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/16.jpg)
16© 2016 Rogue Wave Software, Inc. All Rights Reserved.
16
Call security
![Page 17: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/17.jpg)
17© 2016 Rogue Wave Software, Inc. All Rights Reserved.
17
Security confidence
• Growth in software complexity leads to more vulnerabilities• Large developer base doesn’t imply constant (or skilled) vigilance
On Apache Struts: “It is not noteworthy that an open source project could have a severe vulnerability [it’s] that this flaw went
undetected for at least seven years.”
• Potentially millions of servers• “seeing 10 to 15 attacks per
second”1
• Example loss: 4.5 million patient records2
• 8 other flaws in core packages the first week of 2015
1. CloudFlare2. Reuters: U.S hospital breach biggest yet to exploit Heartbleed bug
![Page 18: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/18.jpg)
18© 2016 Rogue Wave Software, Inc. All Rights Reserved.
18
Security evolution
• No focus on security, unknown quality• Every project has own approach to
security• Code is available: easy to attack
CHAOS
• “Given enough eyeballs, all bugs are shallow”
• OSS is just code: similar to proprietary• Treat all code the same
• Code is available: Static and dynamic code analysis
• Security elevated to “critical feature” status• Initiatives to improve widely used
infrastructure
NEUTRAL
LOVE
![Page 19: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/19.jpg)
19© 2016 Rogue Wave Software, Inc. All Rights Reserved.
19
Poll #3How does your team know when an OSS package has a
vulnerability?A. We don’t
B. We read the newsC. We monitor vulnerability reports, databases, etc.
D. We monitor reports and perform regular security scans
![Page 20: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/20.jpg)
20© 2016 Rogue Wave Software, Inc. All Rights Reserved.
20
Keys to licensing
![Page 21: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/21.jpg)
21© 2016 Rogue Wave Software, Inc. All Rights Reserved.
21
Licensing confidence
• Growth in licensing• Top licenses on GitHub1: MIT (44.69%), GPL 2.0 (12.96%), Apache
(11.19%), GPL 3.0 (8.88%)
v.s
XimpleWare
Only 35 percent of companies have written policies requiring them to use properly licensed software
v.s
1. GitHub: Open source license usage
![Page 22: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/22.jpg)
22© 2016 Rogue Wave Software, Inc. All Rights Reserved.
22
Licensing evolution• No license• DIY licenses• ”Vanity”
licenses• Non-OSS
licenses
CHAOS
• ”Copyleft”• “Business-friendly”• Use case dependent
obligations
• Better developer awareness• Attorneys up-to-speed on
OSS• Professional auditing
services
NEUTRAL
LOVE
![Page 23: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/23.jpg)
23© 2016 Rogue Wave Software, Inc. All Rights Reserved.
23
Poll #4
![Page 24: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/24.jpg)
24© 2016 Rogue Wave Software, Inc. All Rights Reserved.
24
A brief history of the future
![Page 25: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/25.jpg)
25© 2016 Rogue Wave Software, Inc. All Rights Reserved.
25
Future OSS technologies
• VR/AR– Virtual Reality– Augmented Reality– Magic Leap
• Cognitive computing– Artificial intelligence– Machine learning– Deep learning
• Autonomous vehicles– osvehicle.com– CANtact– OSS code for driving
![Page 26: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/26.jpg)
26© 2016 Rogue Wave Software, Inc. All Rights Reserved.
26
SummaryA tyranny of choice
Many license options, most don’t know how to manage or track
• Awareness building
• Audits becoming commonplace or mandatory
Vulnerabilities go undetected, elevating security to a critical feature
• Static and dynamic analysis help
Packages and languages have exploded, requiring new skills
• Rise of the “open source developer”
• CEO top 5 strategy
![Page 27: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/27.jpg)
27© 2016 Rogue Wave Software, Inc. All Rights Reserved.
27
Q & A
![Page 28: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/28.jpg)
28© 2016 Rogue Wave Software, Inc. All Rights Reserved.
28
Watch on demand
• Watch this webinar on demand
• Read the recap blog to see the results of the polls and Q&A session
![Page 29: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/29.jpg)
29© 2016 Rogue Wave Software, Inc. All Rights Reserved.
29
Follow up
Free newsletter: vulnerabilities, industry news, and enterprise support stories
openlogic.com/products-services/openlogic-exchange/openupdate
For OpenLogic support customers:
OSS Radio
![Page 30: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/30.jpg)
30© 2016 Rogue Wave Software, Inc. All Rights Reserved.
30
Stay tuned
Top open source lessons for every enterpriseJune 29: When is free not free: The true costs of open sourceKnowing the OSS in use is key to reducing technical, security, and licensing hurdles – how do you do it?
July 13: Open source applied: Real-world usesExamine actual field issues, from architecture to production, to better select and use the right packages.
July 27: Top issues in the top enterprise packagesDive into specific packages with two architects to discover what goes right and what goes wrong.
![Page 31: How enterprises learned to stop worrying and love open source](https://reader035.fdocuments.in/reader035/viewer/2022070516/5873f3f91a28abb1528b5c89/html5/thumbnails/31.jpg)
31© 2016 Rogue Wave Software, Inc. All Rights Reserved.
31