Tech media is awash in reporting and commentary about the ascendant power of open source – with good reason. Open source use is ubiquitous worldwide and it’s the lifeblood of application development.
Marius Moscovici, founder and CEO of Metric Insights, got it just right in a memorable and insightful late 2015 TechCrunch piece headlined The Golden Age Of Open Source Has Arrived:
The way to win at tech is no longer to own code, but to serve customers…
Open-source tools are cheaper, faster and more powerful, and they let companies apply data in unheard-of ways. The new batch of data-driven services will force mass production into a niche. Five years from now, customers will order and receive products and services anywhere. Company workers will change their activities to align with the company data feed.”
Delivering Secure and Compliant Open Source Applications
The possibilities and opportunities open source creates are indeed exciting. Among the greatest opportunities is more and better open source “research” – particularly cutting-edge research that will help organizations develop and deliver open source applications that are both more secure and also in compliance with licensing obligations.
The explosion in open source usage has been accompanied by significant – and very high-profile – challenges in maintaining the necessary visibility into the open source in use to control, secure and manage it effectively. No large consumer of open source can read or hear the word “heartbleed” without cringing.
Black Duck has been in the open source research and development business since its inception as a company nearly 15 years ago and its KnowledgeBase™ is the most complete, current and accurate repository and database of open source, associated licenses and other critical information, including known security vulnerabilities.
Black Duck has decided to double down on research initiatives both to improve its security and management software solutions and to provide useful, actionable research data, reports, surveys and analyses to customers and the open source community at large. Today it announced the creation of the Center for Open Source Research & Innovation (COSRI), which will be based in Burlington, MA and will comprise a number of security and applied research efforts underway worldwide.
Europe-based Black Duck Security Research, a component of COSRI, analyzes security issues and attack patterns in open source software to provide customers with actionable information on vulnerabilities, corrective actions to reduce risk, and strategies for using open source effectively. COSRI’s Vancouver, Canada group conducts applied research in data mining, machine learning, natural language processing, big data management and software engineering.
Through COSRI, Black Duck will continue to issue periodic Open Source Security Audit (OSSA) reports analyzing results of applications audited by the company’s On-Demand business as part of M&A activities. Black Duck published a revealing report earlier this year highlighting the challenges organizations face in securing and managing their open source. One eye-opening OSSA finding was that 67 percent of the applications contained security vulnerabilities in open source components.
Both teams’ work will enhance Black Duck’s KnowledgeBase™, the foundation for Black Duck’s security and management solutions, which will also be a part of COSRI.
Open Hub, its online community and public directory of free and open source software (FOSS), will also be part of COSRI. Open Hub – a community resource – provides analytics and search services for discovering, evaluating, tracking and comparing open source code and projects.
Open source – ubiquitous though its use is – is still in a nascent stage. Cutting-edge research is more vital than ever.