Open Source: 7 Legal Devs, 10 Cool Products & 5 Challenges


We kick off the New Year with 83 NVD entries found for January 2017, including CVE-2014-9912, logged as a critical flaw in PHP.  An upstream patch can be found here.

In this week’s open source and cybersecurity news: TechRepublic takes a look at why the earliest open source licenses are still the most relevant. has an interesting, albeit clickbaity, opinion piece on how open source mismanagement nearly killed the writer’s business. Tim Mackey, Black Duck Technology Evangelist, makes a resolution for prosperity in product development in the coming year. Utsav Sanghani, Product Manager at Black Duck, explains the similarities between binary risk management and managing your wardrobe (color coordination?).

Google and Fiat Chrysler Automobiles showcase a new in-auto open source infotainment platform at CES in Las Vegas with commentary from Mike Pittenger, vice president of security strategy at Black Duck.  ZDNet channels Spiderman’s Uncle Ben with a thought piece on Linux in 2017. What were the seven notable legal developments in open source and the 10 coolest open source products in 2016? And what are open source software’s top 5 challenges for 2017? Read on to find out…

Why the earliest open source licenses are still the most relevant

Via ZDNet: The industry's most poisonous (and pointless) battles used to be waged between free versus permissive licensing for open source projects. But, buried in those battles is a more interesting point than whether user or developer freedom should be privileged: the fact is that our earliest licenses have been more than enough, even as the industry has shifted to the cloud. According to Black Duck’s graph on “Top Open Source Licenses in Use,” it's clear that the small group of original licenses have endured, rendering the dozens upon dozens of silly additions obsolete.

How Open Source Nearly Killed My Business

“Despite its advantages, open source can become troublesome for a small business owner, like myself,” writes John Rampton in “Here's how open source can destroy your business, like it has one of my businesses in the past, as well as a few tips to protect yourself.”

A Resolution for Prosperity in Product Development

“Minimum Viable Product (MVP) is a concept from the Agile world that states ‘A Minimum Viable Product is that version of a new product which allows a team to collect the maximum amount of validated learning about customers with the least effort,'notes Black Duck Technology Evangelist Tim Mackey. “I would love to see 2017 be the year where MVP is translated into ‘Minimum Success Criteria.’”

Why Binary Risk Management is Similar to Managing Your Wardrobe

“You don't launder clothes that you don’t like... artifacts and components need to be treated in the same way,” blogs Black Duck product manager Utsav Sanghani.  “Not all artifacts housed in the repository have to be scanned.”

Google, FCA Test-Drive New Open Source Infotainment System

From CES, Google and Fiat Chrysler Automobiles this week showcased a new in-auto infotainment platform, reports LinuxInsider. The innovation is based on an open source operating system that includes some proven apps. “Open source is going to play a bigger role in all software," observed Mike Pittenger, vice president of security strategy at Black Duck. "New automobiles have hundreds of millions of lines of software, making automotive companies large developers and integrators. Using more open source, and thereby reducing costs and accelerating time to market, makes a lot of sense."

This eWEEK slide show, using the industry expertise of Lars Herrmann, general manager of the Integrated Solutions Business Unit at Red Hat, and Forrester Research offers key data points enterprises should put on their evaluation checklists for container platforms and products.

eBook: How Mature is Your Open Source Risk Maturity Model?

Linux 2017: With great power comes great responsibility

Linux and open-source software now run the world, says ZDnet. And that means we need to work harder than ever to make sure that both Linux and all open source software is trustworthy.

7 notable legal developments in open source in 2016 looks at a few of the many open source-related legal developments that made headlines in 2016, including a victory for Google on fair use in the Java API case and the censure and more information on the allegations of GPL enforcement lawsuits being brought against many companies in Germany by Patrick McHardy, a Linux kernel developer who was formerly the chair of the Netfilter core team.

The 10 Coolest Open Source Products of 2016

In 2016, open source products were front-and-center. A number of new offerings in containers, networking, storage and other major areas were among those that debuted during the year. During the Red Hat Summit in June – where the theme was "The Power of Participation" – Red Hat president and CEO Jim Whitehurst described the open source movement this way: "Our ability to harness and distill the best ideas will determine human progress for the next century … Our future depends on participation." Here are the 10 coolest open-source products CRN tracked in 2016. 

Open Source Software's Top Five Challenges for 2017

It's a new year, and open source software is more popular than ever. But the open source community is also confronting a new set of challenges. Here's what open source programmers and companies will need to do to keep thriving in 2017.

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Equifax, Apache Struts, & CVE-2017-5638 Vulnerability

| Sep 15, 2017

It’s an all Equifax breach/Apache Struts/ CVE-2017-5638 issue of Open Source Insight this week as we examine how an unpatched open source flaw and an apparent lack of diligence exposed sensitive data for over 140 million US consumers. We look at what happened, how you can see if you’ve been

| MORE >

CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses

| Sep 8, 2017

Our vulnerability of the week is CVE-2017-9805, which resides in Apache Struts’ REST plugin, a must-have in almost all Struts enterprise deployments. Attackers can exploit the bug via HTTP requests or via any other socket connection, with a public exploit published on Thursday. Happily, on Monday

| MORE >

Securing Software Stacks, Election Security, FDA Pacemaker Recall

| Sep 1, 2017

News is slight as the US prepares to bore into the Labor Day weekend and the unofficial end of Summer 2017. Yet our crack staff of editors has scoured the Webbernets to produce the best in cybersecurity and open source security news for your reading pleasure. Enjoy, and if you celebrate Labor Day,

| MORE >