Open Source 360 Survey, DockerCon 2017, & More on the Cloudera IPO

Open Source 360 Survey, DockerCon 2017, & More on the Cloudera IPO

Near the halfway point for April 2017, and the NVD CVE listing for the month stands at 573 entries. Hot this week is CVE-2017-7605, a medium-high vulnerability affecting the HE-AAC+ v2 library (aka libaacplus).  

In open source security and cybersecurity news: Take the opportunity to join the Open Source 360 Survey and help give the world a snapshot of the state of open source in usage, risk, contributions and governance/policies. The top four sessions you don’t want to miss at Dockercon 2017. Does the Cloudera IPO really argue against open source business? TechCrunch creates a new index to track the explosive growth of open source. Why creating an open source ecosystem doesn't mean you're taking on security risks. And building containerized ecosystems with Ansible Container. 

Join the Open Source 360 Survey & Reflect the State of OSS Today

The 2017 Open Source 360 Survey launched earlier this week by Black Duck’s Center for Open Source Research & Innovation (COSRI) will play a role in informing and educating today’s open source consumers. 

Through the survey, COSRI will aggregate data from open source users throughout the world — and share it— and examine the state of open source in four key areas – usage, risk, contributions and governance/policies.

Take the Open Source 360 Survey Today

Top 4 DockerCon 2017 Sessions

DockerCon 2017 is around the corner, starting in a few short days. Like most attendees, Black Duck technology evangelist, Tim Mackey, likes to look for the sessions that most impact his professional life. Lately that’s container security at production scale, and if you’ve dug into the topic in the past you’ll know it’s a bit messy! The following are the top four sessions Tim plans on attending, and why he thinks they’re important.

Cloudera IPO: An Argument Against Open Source Business?

Open source is hot. Big data is hot. Proto-unicorn data management and learning company Cloudera is open source, big data and hot, hot, hot, recently announcing its plans to go public and filing an S-1 prospectus with the U.S. Securities and Exchange Commission on March 31st. Does Cloudera’s foundation of open source Apache Hadoop make it a risky business? Black Duck vice president of security strategy, Mike Pittenger, weighs in with a long-form article in Computer Business Review.

Tracking the Explosive Growth of Open-Source Software

via TechCruch: Many big companies — from financial giants to retailers to services firms — are building their businesses around new, community-based technology that represents a sea change from the IT practices of the past. That’s why we decided to create a new, detailed index to track popular open-source software projects, and gain some insights into the new companies powered by these technologies. 

Why Creating an Open-Source Ecosystem Doesn’t Mean You’re Taking on Security Risks

via Mobile Business Insights: Anyone who uses technology benefits from open-source software. Most applications you use have implemented open-source code to varying degrees. This isn’t just small-time developers that use this code, either. Many large enterprises rely on this software to build their own products and solutions. Open development may not be 100 percent safe in every situation, but no form of development is. Even commercially bought code brings its own challenges and risks. Developers need to conduct their due diligence on code, test aggressively and double-check their work to make sure they’re using an open ecosystem to fast-track innovation without increasing security threats.

Building Containerized Ecosystems with Ansible Container

Joshua "jag" Ginsberg, Chief Architect with Ansible, shares the story of the Ansible Container project, how it got started, what makes it unique, attracting a project team, and building a community.

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


GDPR Deadline: Does “Appropriate Security” Include Open Source Risk?

| May 25, 2017

It’s May 25th, 2017, and the GDPR is bearing down on us like an express train. Personal data privacy is the impetus behind the EU General Data Protection Regulation (GDPR), which goes into effect in exactly one year — on May 25th, 2018. Will your business be impacted by the GDPR? Any organization

| MORE >

Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & WannaCry News

| May 19, 2017

This week’s news is dominated by fall-out and reaction from last week’s WannaCrypt/WannaCry attacks, of course, but other open source and cybersecurity stories you won’t want to miss include: An important open source ruling that confirms the enforceability of dual licensing. What New York’s new

| MORE >

Protecting Against Ransomware Like WannaCry Means Timely Patching

| May 16, 2017

According to the FBI, ransomware was the fastest-growing malware across all industries in 2016, and is on track to be an $1 billion crime in 2017. The “WannaCry ransomware” (aka “Wana Decrypt0r” “WCrypt” and “WannaCrypt” among ITS various other aliases) has affected an estimated 200,000 computers

| MORE >