Open Source Risks & Rewards, GPL Declines, & NPR Visits Black Duck

Open Source Risks & Rewards, GPL Declines, and NPR Visits Black Duck

The NVD CVE report has nearly doubled for February with 650 vulnerability entries. Black Duck experts are in the news talking about the risks of not knowing what open source is in your code, and what practices you can take to manage and secure open source.

Why are businesses still concerned about open source? Is GPL on its last legs?  

Ten open source challenges. Why you should still embrace open source. And for a change of pace: an opinion piece by Black Duck CEO Lou Shipley on why businesses get “hired” and “fired” by customers and how Amazon instinctively gets it, and NPR takes a look inside the corporate culture of Black Duck Software.

Open Source Is Safe, but Not Risk Free

Open source risks come from not knowing what's in your codeOpen source software can accelerate development schedules, cut licensing costs and leverage a robust community of international developers. Still, those strengths can also be exploited as security weaknesses. It takes more than a crowd to secure platforms, said Mike Pittenger, vice president of security strategy at Black Duck Software, a Burlington, Mass., provider of specialized tools that secure and manage Open Source software. A Black Duck audit of vulnerabilities in Open Source solutions found that on average, most were more than five years old, yet still remained embedded in some solutions. It's important to be aware of both the open source risks and rewards when using open source.

Why Enterprises Shouldn’t Be Wary about Using Open Source Software

Open Source (OS) software has long since passed a tipping-point moment, says IT Pro Portal. Yet despite growing familiarity with what OS means – and usage even by the EU and the US Government – doubts among many businesses about the quality and reliability of OS software persist.

Ensuring Secure Practices around Open Source

The use of open source code in applications has increased dramatically over the years, with open source components now comprising as much as 50 percent (or more) of any given application, writes Black Duck’s Director of Product Marketing, Patrick Carey. While the benefits of using open source are clear – faster time-to-market, greater opportunities to innovate, lower development costs, the support of a global community – the security challenges related to open source use can’t be overlooked. 

The Decline of GPL?

Usage of the GPL 2.0 license, one of the purest copyleft licenses around, has more than halved in usage. I had seen an observational trend in the industry towards the Apache and MIT licenses, but this raised a red flag at the time about the understanding, acceptance, and comfort of the GPL in the open source industry. It seems that in recent years that trend has continued. Aside from the Black Duck research, a license study in GitHub in 2015 found that the MIT license was a dominant choice. Even observationally in my work at XPRIZE (where we chose a license for the Global Learning XPRIZE), and my work as a community leadership consultant, I have seen a similar trend with many of my clients who feel uncomfortable licensing their code under GPL.

10 Open Source Challenges

Via Datamation: For the open source movement, things seem to be going better than ever. Desktop Linux still hasn't caught on the way advocates had hoped, but within the enterprise, open source is becoming the norm. A Black Duck survey found that 65 percent of enterprises increased their use of open source software in 2016, and open source software is dominating in areas like big data analytics, containerization, development tools, cloud infrastructure, the Internet of things (IoT) and others. 

Why Enterprises Should Embrace Open Source

Via TheNextWeb: The good news is, there’s growth both in open source revenues and in participation across the board as shown in the Black Duck and North Bridge tenth annual open source survey. The number of companies participating in open source projects today has risen by 50 percent since 2014; with 66 percent of the survey respondents doing so – and this is expected to rise to 88 percent within the next three years. 

What The 'Vice President of Culture' Does at This Mass. Software Company  

“In the IT world, more and more managers are concerned about the culture of their workplaces. Greg Wayland of Boston NPR affiliate WBUR visits Black Duck Software in Burlington, a company that's taken workplace culture to a new level.

Announcing Open Source Guides

Participating in open source can be incredibly rewarding, but it's not always obvious how to make your first contribution, start a new project, or build an active community.

To make the journey easier, Google is launching the Open Source Guides, a collection of resources for individuals, communities, and companies who want to learn how to run and contribute to open source.

With “Go,” Amazon Identifies Another Job It Can Do Better

Black Duck CEO, Lou Shipley, with an opinion piece on Xconomy, writes, “Amazon’s initial target market with Go is the millions of consumers who make quick stops at different times during the work week for a bite to eat, to fill-in their grocery needs – i.e., milk, bread, snacks – and to purchase take-home meals for a family dinner. Regarding the latter, consider the square footage your grocery story devotes these days to higher-margin, pre-made meals – everything from breakfast and lunch offerings to soups, salads, and several-course meals.”

DIY Guide to Open Source

0 Comments
Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.
0 Comments

MORE BY THIS AUTHOR

Devil’s Ivy, Bad Taste, & New SambaCry Vulnerability

| Jul 21, 2017

We have two CVEs of the week this week, CVE-2017-9765, better-known as “Devil’s Ivy,” and CVE-2017-11421, dubbed “Bad Taste” by its discoverer. Devil’s Ivy results in remote code execution, and was found in an open source third-party code library from gSOAP. When exploited, it allows an attacker

| MORE >

Black Duck Teams with Google, Connected Cars, FinTech Compliance

| Jul 14, 2017

Black Duck and Google partner so that open source vulnerability management can be integrated directly with build and deployment activities in the cloud. Connected car news includes BMW adding on to its connected car services; concerns on how code vulnerabilities might lead to driving dangers; and

| MORE >

Top Picks for Black Hat, GDPR & Open Source Webinar, UN Cybersecurity Report

| Jul 7, 2017

Our vulnerability of the week is CVE-2017-7526, which resides in the Libgcrypt cryptographic library used by GnuPG. Exploiting the vulnerability, security researchers were able to successfully extract the secret RSA-1024 key to decrypt data. Libgcrypt has released a fix for the issue in Libgcrypt

| MORE >