Open Source Risks & Rewards, GPL Declines, & NPR Visits Black Duck

Open Source Risks & Rewards, GPL Declines, and NPR Visits Black Duck

The NVD CVE report has nearly doubled for February with 650 vulnerability entries. Black Duck experts are in the news talking about the risks of not knowing what open source is in your code, and what practices you can take to manage and secure open source.

Why are businesses still concerned about open source? Is GPL on its last legs?  

Ten open source challenges. Why you should still embrace open source. And for a change of pace: an opinion piece by Black Duck CEO Lou Shipley on why businesses get “hired” and “fired” by customers and how Amazon instinctively gets it, and NPR takes a look inside the corporate culture of Black Duck Software.

Open Source Is Safe, but Not Risk Free

Open source risks come from not knowing what's in your codeOpen source software can accelerate development schedules, cut licensing costs and leverage a robust community of international developers. Still, those strengths can also be exploited as security weaknesses. It takes more than a crowd to secure platforms, said Mike Pittenger, vice president of security strategy at Black Duck Software, a Burlington, Mass., provider of specialized tools that secure and manage Open Source software. A Black Duck audit of vulnerabilities in Open Source solutions found that on average, most were more than five years old, yet still remained embedded in some solutions. It's important to be aware of both the open source risks and rewards when using open source.

Why Enterprises Shouldn’t Be Wary about Using Open Source Software

Open Source (OS) software has long since passed a tipping-point moment, says IT Pro Portal. Yet despite growing familiarity with what OS means – and usage even by the EU and the US Government – doubts among many businesses about the quality and reliability of OS software persist.

Ensuring Secure Practices around Open Source

The use of open source code in applications has increased dramatically over the years, with open source components now comprising as much as 50 percent (or more) of any given application, writes Black Duck’s Director of Product Marketing, Patrick Carey. While the benefits of using open source are clear – faster time-to-market, greater opportunities to innovate, lower development costs, the support of a global community – the security challenges related to open source use can’t be overlooked. 

The Decline of GPL?

Usage of the GPL 2.0 license, one of the purest copyleft licenses around, has more than halved in usage. I had seen an observational trend in the industry towards the Apache and MIT licenses, but this raised a red flag at the time about the understanding, acceptance, and comfort of the GPL in the open source industry. It seems that in recent years that trend has continued. Aside from the Black Duck research, a license study in GitHub in 2015 found that the MIT license was a dominant choice. Even observationally in my work at XPRIZE (where we chose a license for the Global Learning XPRIZE), and my work as a community leadership consultant, I have seen a similar trend with many of my clients who feel uncomfortable licensing their code under GPL.

10 Open Source Challenges

Via Datamation: For the open source movement, things seem to be going better than ever. Desktop Linux still hasn't caught on the way advocates had hoped, but within the enterprise, open source is becoming the norm. A Black Duck survey found that 65 percent of enterprises increased their use of open source software in 2016, and open source software is dominating in areas like big data analytics, containerization, development tools, cloud infrastructure, the Internet of things (IoT) and others. 

Why Enterprises Should Embrace Open Source

Via TheNextWeb: The good news is, there’s growth both in open source revenues and in participation across the board as shown in the Black Duck and North Bridge tenth annual open source survey. The number of companies participating in open source projects today has risen by 50 percent since 2014; with 66 percent of the survey respondents doing so – and this is expected to rise to 88 percent within the next three years. 

What The 'Vice President of Culture' Does at This Mass. Software Company  

“In the IT world, more and more managers are concerned about the culture of their workplaces. Greg Wayland of Boston NPR affiliate WBUR visits Black Duck Software in Burlington, a company that's taken workplace culture to a new level.

Announcing Open Source Guides

Participating in open source can be incredibly rewarding, but it's not always obvious how to make your first contribution, start a new project, or build an active community.

To make the journey easier, Google is launching the Open Source Guides, a collection of resources for individuals, communities, and companies who want to learn how to run and contribute to open source.

With “Go,” Amazon Identifies Another Job It Can Do Better

Black Duck CEO, Lou Shipley, with an opinion piece on Xconomy, writes, “Amazon’s initial target market with Go is the millions of consumers who make quick stops at different times during the work week for a bite to eat, to fill-in their grocery needs – i.e., milk, bread, snacks – and to purchase take-home meals for a family dinner. Regarding the latter, consider the square footage your grocery story devotes these days to higher-margin, pre-made meals – everything from breakfast and lunch offerings to soups, salads, and several-course meals.”

DIY Guide to Open Source

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Samba Vulnerability, Connected Car Risks, and Are You Ready for GDPR?

| May 26, 2017

Threat of the week is the newly discovered remote code execution vulnerability CVE-2017-7494. Chris Fearon, Research Director at Black Duck, advises: Samba is an open source SMB/CIFS implementation that allows interoperability between Linux and Windows hosts via file and print sharing. A remote

| MORE >

GDPR Deadline: Does “Appropriate Security” Include Open Source Risk?

| May 25, 2017

It’s May 25th, 2017, and the GDPR is bearing down on us like an express train. Personal data privacy is the impetus behind the EU General Data Protection Regulation (GDPR), which goes into effect in exactly one year — on May 25th, 2018. Will your business be impacted by the GDPR? Any organization

| MORE >

Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & WannaCry News

| May 19, 2017

This week’s news is dominated by fall-out and reaction from last week’s WannaCrypt/WannaCry attacks, of course, but other open source and cybersecurity stories you won’t want to miss include: An important open source ruling that confirms the enforceability of dual licensing. What New York’s new

| MORE >