Open Source 360 Survey, DockerCon 2017, & More on the Cloudera IPO

Open Source 360 Survey, DockerCon 2017, & More on the Cloudera IPO

Near the halfway point for April 2017, and the NVD CVE listing for the month stands at 573 entries. Hot this week is CVE-2017-7605, a medium-high vulnerability affecting the HE-AAC+ v2 library (aka libaacplus).  

In open source security and cybersecurity news: Take the opportunity to join the Open Source 360 Survey and help give the world a snapshot of the state of open source in usage, risk, contributions and governance/policies. The top four sessions you don’t want to miss at Dockercon 2017. Does the Cloudera IPO really argue against open source business? TechCrunch creates a new index to track the explosive growth of open source. Why creating an open source ecosystem doesn't mean you're taking on security risks. And building containerized ecosystems with Ansible Container. 

Join the Open Source 360 Survey & Reflect the State of OSS Today

The 2017 Open Source 360 Survey launched earlier this week by Black Duck’s Center for Open Source Research & Innovation (COSRI) will play a role in informing and educating today’s open source consumers. 

Through the survey, COSRI will aggregate data from open source users throughout the world — and share it— and examine the state of open source in four key areas – usage, risk, contributions and governance/policies.

Take the Open Source 360 Survey Today

Top 4 DockerCon 2017 Sessions

DockerCon 2017 is around the corner, starting in a few short days. Like most attendees, Black Duck technology evangelist, Tim Mackey, likes to look for the sessions that most impact his professional life. Lately that’s container security at production scale, and if you’ve dug into the topic in the past you’ll know it’s a bit messy! The following are the top four sessions Tim plans on attending, and why he thinks they’re important.

Cloudera IPO: An Argument Against Open Source Business?

Open source is hot. Big data is hot. Proto-unicorn data management and learning company Cloudera is open source, big data and hot, hot, hot, recently announcing its plans to go public and filing an S-1 prospectus with the U.S. Securities and Exchange Commission on March 31st. Does Cloudera’s foundation of open source Apache Hadoop make it a risky business? Black Duck vice president of security strategy, Mike Pittenger, weighs in with a long-form article in Computer Business Review.

Tracking the Explosive Growth of Open-Source Software

via TechCruch: Many big companies — from financial giants to retailers to services firms — are building their businesses around new, community-based technology that represents a sea change from the IT practices of the past. That’s why we decided to create a new, detailed index to track popular open-source software projects, and gain some insights into the new companies powered by these technologies. 

Why Creating an Open-Source Ecosystem Doesn’t Mean You’re Taking on Security Risks

via Mobile Business Insights: Anyone who uses technology benefits from open-source software. Most applications you use have implemented open-source code to varying degrees. This isn’t just small-time developers that use this code, either. Many large enterprises rely on this software to build their own products and solutions. Open development may not be 100 percent safe in every situation, but no form of development is. Even commercially bought code brings its own challenges and risks. Developers need to conduct their due diligence on code, test aggressively and double-check their work to make sure they’re using an open ecosystem to fast-track innovation without increasing security threats.

Building Containerized Ecosystems with Ansible Container

Joshua "jag" Ginsberg, Chief Architect with Ansible, shares the story of the Ansible Container project, how it got started, what makes it unique, attracting a project team, and building a community.

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Global Response to COSRI 2017 Open Source Security and Risk Analysis

| Apr 21, 2017

Many Black Duck-related news stories in this week’s edition of Open Source Insight, thanks to the release of our 2017 Open Source Security and Risk Analysis detailing significant cross-industry risks related to open source vulnerabilities and license compliance challenges. Black Duck conducts

| MORE >

Apache Struts Exploits, Cloudera IPO Risks & the Next Cybercon Valley

| Apr 7, 2017

Seven days into the cruelest month and the redesigned NVD already has 255 CVEs listed, including a slew of discovered vulnerabilities in various Huawei devices as the screencap below reflects. It was a relatively slow week in open source security and cybersecurity news. Highlights: The German

| MORE >