Open Source Compliance: The Challenge of Managing Abundance. Peter Vescuso Black Duck Software
|
|
- Jemima Shields
- 8 years ago
- Views:
Transcription
1 Open Source Compliance: The Challenge of Managing Abundance Peter Vescuso Black Duck Software
2 Open Source Compliance: The Challenge of Managing Abundance Agenda The abundance The Challenges Meeting the Challenges: Best Practices Case Studies Summary
3 The Abundance of Open Source Open source projects: 220,000+ OSS projects Tens of billions of lines of code From a recently completed study of commercial developer projects: 22% of typical application/project is open source Avg project size: ~ 700MB of code Cost to develop the OSS used: ~$26M Dozens to hundreds of components Sampled hundreds of commercial projects Millions of files Hundreds of GB of code
4 Top 20 Most Commonly Used Licenses in Open Source Projects Rank License 1 GNU General Public License (GPL) GNU Lesser General Public License (LGPL) Artistic License (Perl) 4 BSD License GNU General Public License (GPL) Apache License MIT License 8 Code Project Open 1.02 License 9 Microsoft Public License (Ms-PL) 10 Mozilla Public License (MPL) Common Public License (CPL) 12 zlib/libpng License 13 Eclipse Public License (EPL) 14 GNU Lesser General Public License (LGPL) Academic Free License 16 Open Software License (OSL) 17 Common Development and Distribution License (CDDL) 18 Mozilla Public License (MPL) PHP License Version Ruby License Top 10 licenses account or 93% of OSS projects Top 20 licenses account for 97% Rank by # of OSS projects using the license Source: Black Duck Software Note: The table above illustrates the top 20 licenses that are used in open source projects, according to the Black Duck Software KnowledgeBase. This data is updated daily. See: //
5 Top Programming Languages Used By Open Source Projects (Share is calculated based on lines of code) Rank Language All Projects - Share (%) Trailing 12- Month Share (%) Trailing 12- Month Gain/Loss (%) 1C C Java Shell Javascript PHP Perl Python SQL Assembler C# Pascal Ruby Ada TCL % of open source is C, C++, Java, Shell and JavaScript Of the top 5, only JavaScript is gaining in share up almost 2 points Overall static languages losing share to dynamic languages Source: Black Duck Software. Note: The table above illustrates the top languages used in open source projects. This data is updated daily. See: //
6 Top 10 Encryption Algorithms Used in Open Source Projects Algorithm Percent of All Algorithms Type of Algorithm RSA 13% Asymmetric DSA* 9% Signature DES 9% Symmetric MD5* 8% Hash SHA* 8% Hash Blowfish 6% Symmetric Diffie Hellman 6% Keyman HMAC* 5% Mac ElGamal 5% Asymmetric AES 5% Symmetric sub total 74% Other 26% Total 100% * used for encryption only A Guide to Encryption Export Compliance for Open Source Open source projects are allowed to publish software containing encryption under license exception TSU. See: //
7 Potential of Open Source Gartner estimates the impact of open source: $37B in 2009 Infrastructure Software: $30 billion Application Software: $ 7 billion $77B by 2012: Infrastructure software: $58 billion Application software: $19 billion Source: Gartner November 2008 The fundamental economics of software development leads you to open-source software David Rivas, Nokia VP for S60 Software
8 The Future of Software Development is Open Software development has changed forever Community/global development Componentization and re-use Agile methods OSS has gone mainstream 85% of enterprises use OSS today 45% of OSS use is Running Mission-critical applications 80% of OSS contributors are corporate developers Microsoft OSS code repository (CodePlex) Large pool of proven, re-usable software
9 Making Abundance Manageable: What We re Hearing Goals for reuse/standardization of up to 80%; build / fix / fit 20% Scale ad hoc use of hundreds of OSS components has led to a management/tracking problem Increase agility, velocity of development Desire to take advantage of the benefits of open source but need to have oversight and control Manual governance, compliance and approval processes are cumbersome/burdensome to developers, prone to error, often ignored $7800/yr/component to manage OSS components (Source: Black Duck The Business Case for Automating Open Source Code Management )
10 Challenges of Using Open Source at Scale Manual management methods are inadequate, prone to error when open source usage proliferates E.g., version proliferation raises complexity and likelihood of errors When managed poorly, use of open source can introduce risks and challenges: Legal exposure due to unmet license obligations Security vulnerabilities Unsupported open source Version proliferation
11 Meeting the Challenges
12 The New Pragmatism: Multi-Source Development with Open Source Outsourced Code Development Commercial 3 rd -Party Code Internally Developed Code Open Source Software Individuals Universities Corporate Developers Code Obligations Software Application YOUR COMPANY
13 Criteria for Making OSS Abundance Manageable 1. Enable Freedom of choice Choose the best code for the job: open, outsourced, proprietary 2. Support & automate making good selections Developer - Find the best code Dev Mgr Standardization, Reuse, Innovation Cross-functional Development, Legal, Security, CxO 3. Mitigate/eliminate the challenges Management and automation Compliance 220,000+ projects using 1,800+ licenses Security 4. Integrate with existing development tools 5. Policy and process must be integrated & automated 13
14 Open Source Program Elements 1. Published Policy Created via Cross Functional Team Organization is educated on the policy 2. Open Source Process Owner Keeps the wheels running Grant certain types of approvals 3. Approval Processes Component Review & Approval Sensitive to Use: internal/external/products License Review & Approval Release Plan Review & Approval 4. Monitoring & Tracking Process Component Verification Security Notifications Component Upgrade Notifications Application to contractors/outsource vendors 5. Validation Process Ensure using approved components and Meeting the license and business obligations Current reporting for responsive due diligence request OSS Policy Resource: FOSSbazaar
15 Sample Contents of A Concise Open Source Software Policy
16 Evaluating OSS Projects Current offering (maturity) Project governance Community participation License strategy Ecosystem Features, frequency and number of releases, bug fixes Leadership, structure, charter, goals, strategy Number of participants, activity level, frequency of commits Commercially friendly, viral, dual/ multi-license Service, support, extensions, add-ons, training, consulting Source: Jeff Hammond, Forrester Research, 2009
17 Case Studies Landmark Graphics Reliant Security Insurance Company
18 Case Study: Landmark Graphics Landmark Graphics supplies software to Oil and Gas industry across a broad variety of applications areas OSS Steward monitors policy compliance Prioritize standardization Restructured release process Ongoing compliance monitoring PM assumes responsibility for OSS Remediate if/as violations are found Contributes back to OSS community Result: Rapid adoption of the latest models and technologies, with accurate identification of OSS dependencies
19 Case Study: Reliant Security Reliant sells PCI compliant in-store systems that include many OSS subsystems. Set a clear policy for OSS use Tuned acquisition policies OSS first mandate Prioritized ilities Adjusted dev processes OSS use identified at design Developer on the hook for provenance Result: Significant savings over commercial alternatives
20 Case Study: Fortune 100 Insurance Company Problem Solution Benefits Identify open source software in commercial OEM s/w (company had been sued for distributing code with GPL license) Control OS use for internal development (compliance) Automated compliance integrated with build tools; Automates internal approval process Lowers risk of legal issues Automates manual process
21 Summary Making Abundance Manageable Easy access to information on open source projects to support development The new pragmatism: multisource development using open & proprietary code Successful management requires education, policy, automation
22 Resources Search for open source code to reuse White Papers (ROI, Agile and OSS, Best Practices) OSS Policy: FOSSbazaar Best Practices for Open Source Adoption with Jeff Hammond, Forrester Research //
Realizing the Breakthrough Economics of Linux and Open Source through Hybrid Development. Tim Yeaton, President and CEO Black Duck Software
Realizing the Breakthrough Economics of Linux and Open Source through Hybrid Development Tim Yeaton, President and CEO Black Duck Software Linux Collaboration Summit April 9, 2009 Agenda Current Market
More informationLegal Issues for FOSS-based Supply Chain Management. Herve Guyomard, Black Duck Software
Legal Issues for FOSS-based Supply Chain Management Herve Guyomard, Black Duck Software Agenda Legal Case in Supply Chain Open Source in Mobile Mobile devices Supply Chain Management Summary Copyright
More informationAndroid for the Enterprise and OEMs. Peter Vescuso Black Duck Software
Android for the Enterprise and OEMs Peter Vescuso Black Duck Software About Black Duck Software Build better software faster by automating and managing the acquisition and governance of open source OSS
More informationHow To Improve Your Software
Driving Quality, Security and Compliance in Third- Party Code Dave Gruber Director of Product Marketing, Black Duck Keri Sprinkle Sr Product Marketing Manager, Coverity Jon Jarboe Sr Technical Marketing
More informationManaging Open Source Software 2010: Best Practices
Managing Open Source Software 2010: Best Practices Mark Radcliffe, Partner DLA Piper, Silicon Valley Office mark.radcliffe@dlapiper.com www.lawandlifesiliconvalley.com/blog DLA Piper 3,500 attorneys Top
More informationnexb- Software Audit for Acquisition Due Diligence
nexb- Software Audit for Acquisition Due Diligence www.nexb.com Agenda About nexb What nexb does Our experience Software Audit: M&A License Violation Risks & Recent Audit Issues Software Audit Process
More informationThe Corporate Counsel s Guide to Open Source Software Policy Implementation
The Corporate Counsel s Guide to Open Source Software Policy Implementation How to Protect the Enterprise from Risk while Helping Your Company More Efficiently Develop and Maintain Applications Black Duck
More informationManaging Open Source Code Best Practices
Managing Open Source Code Best Practices September 24, 2008 Agenda Welcome and Introduction Eran Strod Open Source Best Practices Hal Hearst Questions & Answers Next Steps About Black Duck Software Accelerate
More informationAn Open Source Work Shop. Luciano Resende (lresende@apache.org) Haleh Mahbod (hmahbod@gmail.com) Aug. 2008
An Open Source Work Shop Luciano Resende (lresende@apache.org) Haleh Mahbod (hmahbod@gmail.com) Aug. 2008 1 Topics General knowledge about open source Importance of Open Source What is Open Source License
More informationOpen Source Governance in Highly Regulated Companies
Open Source Governance in Highly Regulated Companies 2013 Black Duck, Know Your Code, Ohloh, SpikeSource, Spike and the Black Duck logo are registered trademarks of Black Duck Software, Inc. in the United
More informationHow To Value Open Source Software
Application of Open Source Software in IT Services Dr. June Sung Park CTO Samsung SDS November 2008 Contents OSS Definition OSS Products OSS Value OSS Demand OSS Supply Samsung SDS Sponsored Anyframe Java
More informationOpen Source Software and the impact on Mergers & Acquisitions
Open Source Software and the impact on Mergers & Acquisitions Black Duck 2013 Speakers Russell Hartz VP of Corporate Development SAP Oliver Vivell Senior Director of Corporate Development SAP Matthew Jacobs
More informationFOSSBazaar A Governance Initiative to manage Free and Open Source Software life cycle
FOSSBazaar A Governance Initiative to manage Free and Open Source Software life cycle Table of contents Executive summary......2 What is FOSS Governance 3 The importance of open source governance...3 Why
More informationXEROX TALKS BEST PRACTICES FOR OPEN SOURCE GOVERNANCE
XEROX TALKS BEST PRACTICES FOR OPEN SOURCE GOVERNANCE November 2014 2014 Black Duck Software, Inc. All Rights Reserved. SPEAKERS Phil Odence Vice President and General Manager Black Duck Software Robert
More information2010 Forrester Research, Inc. Reproduction Prohibited
1 OSS Adoption Patterns In Enterprise IT Jeffrey Hammond, Principal Analyst August 11, 2010 2 2009 2010 Forrester Research, Inc. Reproduction Prohibited When it comes to Enterprise IT adoption, Open Source
More informationAccelerate deployment of mobile payments using Open Source
Whitepaper Accelerate deployment of mobile payments using Open Source sqs.com Understand the benefits and how to govern its use effectively Introduction Mark Driver of Gartner states that Open source is
More informationYour Cloud, Your Data, Your Way! owncloud Overview. Club IT - Private and Hybrid Cloud. Austrian Chambers of Commerce Vienna, January 28th, 2014
Your Cloud, Your Data, Your Way! owncloud Overview Club IT - Private and Hybrid Cloud Austrian Chambers of Commerce Vienna, January 28th, 2014 owncloud s Mission owncloud allows IT organizations to deliver
More informationOpen Source and the New Software Supply Chain. Mark Tolliver, CEO Palamida Inc.
Open Source and the New Software Supply Chain Mark Tolliver, CEO Palamida Inc. Could You Sign This? Typical Software Project Metrics 2.9 GB 87,863 Files 8,535,345 LOC Copyright holders ~350 Archives 178
More informationFor Application Development & Program Management Professionals
Case Study: Reliant Security Innovates With Open Source Software by Jeffrey S. Hammond with John R. Rymer and Justinas Sileikis Executive Summary Retailers that want to accept credit cards need to demonstrate
More informationOur Technology.NET Development services by Portweb Inc.
View Yourself Anywhere TM Our Technology.NET Development services by Portweb Inc. Portweb Inc. is working in Microsoft.NET technology since 2009. We have extensive experience in.net Development Technologies
More informationCSPA. Common Statistical Production Architecture Descritption of the Business aspects of the architecture: business models for sharing software
CSPA Common Statistical Production Architecture Descritption of the Business aspects of the architecture: business models for sharing software Carlo Vaccari Istat (vaccari@istat.it) Index Costs categories
More informationOSS LOGISTICS: DRIVING INNOVATIVE SOFTWARE FROM DEVELOPER TO CUSTOMER Alex Bigmore Senior Architect & Open Source Governance Programme Manager SITA
OSS LOGISTICS: DRIVING INNOVATIVE SOFTWARE FROM DEVELOPER TO CUSTOMER Alex Bigmore Senior Architect & Open Source Governance Programme Manager SITA Phil Granof EVP & Chief Marketing Officer Black Duck
More informationAdapting IT Governance Frameworks to Ensure Control and Visibility of Open Source
Adapting IT Governance Frameworks to Ensure Control and Visibility of Open Source Dave Lounsbury, CTO & Vice President, The Open Group Peter Vescuso, EVP of Marketing & Business Development, Black Duck
More informationUnderstanding and Calculating the Cost Benefits of Open Source Monitoring
Understanding and Calculating the Cost Benefits of Open Source Monitoring Jeffrey Hammond Principal Analyst, Forrester When it comes to Enterprise IT adoption, Open Source Has Crossed the Chasm 2009 was
More informationScanning Open Source Software and Managing License Obligations on IBM SmartCloud. Because code travels
Scanning Open Source Software and Managing License Obligations on IBM SmartCloud Because code travels 1 Webinar Agenda Protecode & IBM SmartCloud Company IBM Partnership Solutions Managing Code Obligations
More information5 Steps for a Winning Open Source Compliance Program
5 Steps for a Winning Open Source Compliance Program Kellan Ponikiewicz Peter Vescuso @black_duck_sw Black Duck 2013 Speakers Peter Vescuso EVP of Marketing Black Duck Software Kellan Ponikiewicz IP Counsel
More informationOpen Source and Legal Issues
In-House Lawyers: Shaping New Legislation, Case-Law and Government Plans into Practical Company Policies Open Source and Legal Issues Rodolphe Michel, British Telecommunications plc This presentation contains
More informationOpen-Source Business Models:
Open-Source Business Models: Making money by giving it away Andrew J. Hall February 20, 2015 Linux Collaboration Summit Santa Rosa, CA 2015 Hall Law. All rights reserved. This presentation is licensed
More informationOpen Source Drives Innovation in Financial Services
Open Source Drives Innovation in Financial Services 2013 Black Duck, Know Your Code, Ohloh, SpikeSource, Spike and the Black Duck logo are registered trademarks of Black Duck Software, Inc. in the United
More informationIntellectual Property Group Presentation. Using Open Source Software Issues to Consider. Peter J. Guffin, Esq. Pierce Atwood LLP January 22, 2009
Intellectual Property Group Presentation Using Open Source Software Issues to Consider Peter J. Guffin, Esq. Pierce Atwood LLP January 22, 2009 I. Agenda Select key terms in various open source licenses
More informationSection 1 CREDIT UNION Member Information Security Due Diligence Questionnaire
SAMPLE CREDIT UNION INFORMATION SECURITY DUE DILIGENCE QUESTIONNAIRE FOR POTENTIAL VENDORS Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire 1. Physical security o Where is
More informationOpen Source Software: Recent Developments and Public Policy Implications. World Information Technology and Services Alliance
December 2004 Open Source Software: Recent Developments and Public Policy Implications Open source software has become a topic of great interest in the press and among policymakers. Open source software
More informationBusiness Intelligence on a Budget: Open Source BI. Paul O Rorke
Business Intelligence on a Budget: Open Source BI Paul O Rorke Goals provide background & motivation discuss business models & licenses survey open source BI compare open versus closed BI identify trends
More informationGoogle and Open Source. Jeremy Allison Google Open Source Programs Office jra@google.com
Google and Open Source Jeremy Allison Google Open Source Programs Office jra@google.com Who Am I? Engineer in Google Open Source Programs Office What do we do? License Compliance Code Release The Summer
More informationPresentation. Open Source is NOT Free. For ISACA. By Dave Yip / Gamatech Ltd. Agenda
Presentation Open Source is NOT Free For ISACA By Dave Yip / Gamatech Ltd Agenda Gamatech Introduction to Open Source Open Source and Enterprises Open Source Licensing Open Source Risks Open Source Management
More informationAlliance Key Manager Solution Brief
Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major
More informationDOES OPEN MEAN VULNERABLE?
DOES OPEN MEAN VULNERABLE? GENIVI All Members Meeting, Seoul Korea - October 2015 Bill Weinberg, Senior Director, Open Source Strategy Black Duck Software 2015 Black Duck Software, Inc. All Rights Reserved.
More informationPhil Marshall Black Duck Software. 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved.
Open Source Component Governance and Management Using COBIT Phil Marshall Black Duck Software 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved. Welcome Type in questions using the Ask A Question
More informationOpen Source Software. The Foundation for Tomorrow s Infrastructure. Al Gillen. Program VP, System Software IDC April 2013
Open Source Software The Foundation for Tomorrow s Infrastructure Al Gillen Program VP, System Software IDC April 2013 Agenda 1. Industry Trends 2. Understanding the Open Source Development Model 3. The
More informationIT Legacy Migration from Proprietary to Open Source Software. Bill Weinberg, Black Duck Software Jay Lyman, 451 Research
IT Legacy Migration from Proprietary to Open Source Software Bill Weinberg, Black Duck Software Jay Lyman, 451 Research Black Duck 2013 Speakers Jay Lyman Senior Analyst 451 Research Bill Weinberg Senior
More informationPolicy Driven Continuous Software Intellectual Property Management
Policy Driven Continuous Software Intellectual Property Management DETECT LOG IDENTIFY REPORT Session # 227 Tuesday 13:30 Room 207 Richard Mayer Protecode Inc. mayer@protecode.com Come see us at Pedestal
More informationCryptographic and Security Testing Laboratory. Deputy Laboratory Director, CST Laboratory Manager
Cryptographic and Security Testing Laboratory Deputy Laboratory Director, CST Laboratory Manager About our Cryptographic and Security Testing Laboratory Bringing together a suite of conformance testing
More informationWebinar on Dec 9, 2009. Presented by Kim Weins, Sr. VP of Marketing and Rod Cope, CTO and Founder of OpenLogic
Top 10 Ways to Stretch Your Budget by Using Top 10 Ways to Stretch Your Budget by Using More Open Source Software in 2010 More Open Source Software in 2010 Webinar on Dec 9, 2009 Presented by Kim Weins,
More informationAn Open Source SCADA Toolkit
An Open Source SCADA Toolkit Stanley A. Klein Open Secure Energy Control Systems, LLC (301) 565 4025 sklein@cpcug.org This work was supported by the United States Department of Homeland Security Agenda
More informationAccellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.
Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0 Accellion, Inc. December 24, 2009 Copyright Accellion, Inc. 2009. May be reproduced only in its original entirety
More informationHow To Use Open Source Software
Open Source Software: What You Need to Know Presented By: Lisa Abe, Ian Kyer and Marek Nitoslawski September 15, 2005 Open source software ( OSS ): What you need to know Understanding the business and
More informationOpen Source Software: Strategies and Risk Management
Open Source Software: Strategies and Risk Management Elisabeth Esner i DLA Pper i Rudnick Gray Cary US LLP (858) 677-1484 elisabeth.e isner@dlap iper.com Mark Lehberg DLA Pper i Rudnick Gray Cary US LLP
More informationHOW TO UTILIZE OPEN SOURCE IN YOUR CODE BASE AND BUILD PROCESS. 2015 Black Duck Software, Inc. All Rights Reserved.
HOW TO UTILIZE OPEN SOURCE IN YOUR CODE BASE AND BUILD PROCESS 2015 Black Duck Software, Inc. All Rights Reserved. TODAY S PRESENTERS Baruch Sadogursky JFrog Dave Gruber Black Duck 2 2015 Black Duck Software,
More informationHow to Ensure IT Compliance Without Compromising Innovation. Nik Teshima, IBM Phil Odence, Black Duck
How to Ensure IT Compliance Without Compromising Innovation Nik Teshima, IBM Phil Odence, Black Duck Black Duck 2013 Speakers Phil Odence VP of Business Development Black Duck Software Nik Teshima Senior
More informationFL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SFTP (Secure File Transfer Protocol)
FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE This troubleshooting guide covers secure file transfers using the SFTP file transfer protocols for Claims, POC, and Medical EDI transmissions. SFTP
More informationAn Introduction to Cryptography as Applied to the Smart Grid
An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric
More information4 Open Source Software Evaluation Models
4 Open Source Software Evaluation Models To this point, we have shown the basic elements and highlighted their importance when considering new software acquisition. The OSS selection process in any organization
More informationContents. Intended Audience for This Book How This Book Is Structured. Acknowledgements
Preface Intended Audience for This Book How This Book Is Structured xvii xviii xix Acknowledgements xxi 1 Open Source Software: Definitions and History 1 1.1 Definition of Terms 1 1.1.1 What Is Free Software?
More informationSharing Secrets Using Encryption Facility
Sharing Secrets Using Encryption Facility Eysha S. Powers IBM Corporation Insert Custom Session QR if Desired Tuesday, August 11, 2015: 6:00pm 7:00pm Session Number 17624 Cryptography is used in a variety
More informationFree and Open-Source Software Diligence in Mergers, Acquisitions, and Investments
Free and Open-Source Software Diligence in Mergers, Acquisitions, and Investments Andrew J. Hall Fenwick & West LLP April 16, 2013 Linux Foundation Collaboration Summit Presentation Topics Introduction
More informationLSC @ LDAPCON. 2011. Sébastien Bahloul
LSC @ LDAPCON. 2011 Sébastien Bahloul About me Developer and software architect 10 years experience in IAM Recently hired as product manager by a French security editor, Dictao, providing : personal and
More informationOpen Source Software Test Tools. Norbert Jansen Capgemini
Open Source Software Test Tools Norbert Jansen Capgemini TE3 Open Source Test Tools Norbert Jansen Introduction Managing consultant at Capgemini Netherlands. Active in IT and testing for 14 years. Experience
More informationRelease: 1. ICANWK502A Implement secure encryption technologies
Release: 1 ICANWK502A Implement secure encryption technologies ICANWK502A Implement secure encryption technologies Modification History Release Release 1 Comments This Unit first released with ICA11 Information
More informationGetting Started with Open Source Compliance
Getting Started with Open Source Compliance August 9, 2006 www.hro.com Denver Boulder Colorado Springs London Los Angeles Munich Salt Lake City San Francisco Copyright 2006 Holme, Roberts & Owen LLP Where
More informationYour Open Source Investment Know. Manage. Protect.
Using open source software provides a compelling business case, but if companies violate the software s licenses, the consequences can be more severe than they think. Open Source Risk Management s services
More informationOpen Source Software and Copyright Infringement Law
What Every GC and CTO Should Know about Open Source Software David Mirchin July 14, 2015 David Mirchin Chair, Meitar Technology Transactions and IP Group Tel Aviv, Israel Open Source sometimes also a
More informationThe KPMG-NL Big Data team 16 March 2015
The KPMG-NL Big Data team 16 March 2015 Core analysis tools SQL Anaconda SciPy Matplotlib CERN C++ for advanced data science Statistical tools widely used in social sciences The development line ETL ETL
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationOPEN SOURCE SECURITY
OPEN SOURCE SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More information25.2. Cloud computing, Sakari Luukkainen
1 Agenda 14.1. Introduction, Sakari Luukkainen 21.1. Theoretical frameworks, Sakari Luukkainen 28.1. Business model design, Sakari Luukkainen 4.2. ICT in business process, Sakari Luukkainen 11.2. STOF
More informationTop 10 Questions to Ask Before Exporting Software Containing Encryption
Top 10 Questions to Ask Before Exporting Software Containing Encryption January 14, 2009 Agenda Introduction FOSSBazaar Top Ten Questions Before Exporting Encryption Questions & Answers Speakers Eran Strod
More informationOpen Source in the Real World: Beyond the Rhetoric
Open Source in the Real World: Beyond the Rhetoric Maureen Dorney Partner, DLA Piper Kat McCabe Board of Advisors, Black Duck Software, Inc. Gemma Dreher Senior Counsel, BAE Systems Introduction Widespread
More informationOpen Source Software: the Intersection of IP and Security
Open Source Software: the Intersection of IP and Security Greg Kelton, Managing Director EMEA, Palamida Inc. 1995 F22 software (avionics only) ~1.7M LOC 2009 F22 software (avionics only) ~1.7M LOC It takes
More informationThe 7 Myths of IP Risk: The Real Exposure Issues with Free and Open Source Software. Black Duck Software White Paper
The 7 Myths of IP Risk: The Real Exposure Issues with Free and Open Source Software Black Duck Software White Paper FOSS is widely recognized as providing significant technology, innovation and financial
More informationWhat You Should Know About Open Source Software
What You Should Know About Open Source Software J.D. Marple Silicon Valley Latham & Watkins operates as a limited liability partnership worldwide with an affiliate in the United Kingdom and Italy, where
More informationManaging Open Source Software Supply Chains
Managing Open Source Software Supply Chains Agenda Introduction Identify the ten most common open source license obligations Explain what you need to do to comply with these obligations Discuss the key
More informationFortify. Securing Your Entire Software Portfolio
Fortify 360 Securing Your Entire Software Portfolio Fortify Fortify s holistic approach to application security truly safeguards our enterprise against today s ever-changing security threats. Craig Schumard,
More informationWriting Open Source Software for BlackBerry
Writing Open Source Software for BlackBerry Derek Konigsberg, Software Engineer B10 Introduction About Me Derek Konigsberg Desktop developer by day (C#, with some Java and C++) Mobile developer by night
More informationHow to Avoid 5 Common Pitfalls in Open Source Utilization. July 2013
How to Avoid 5 Common Pitfalls in Open Source Utilization July 2013 Today s Presenters Phil Odence Black Duck Baruch Sadogursky JFrog 2 Agenda Open Source Trends Avoiding 5 Common Pitfalls JFrog Artifactory
More informationIntroduction to Open Source. Marco Zennaro mzennaro@ictp.it Carlo Fonda cfonda@ictp.it
Introduction to Open Source Marco Zennaro mzennaro@ictp.it Carlo Fonda cfonda@ictp.it Agenda Open Source Linux Linux history Distributions License Types OS and Development OS Definition Why is it called
More informationSafeNet DataSecure vs. Native Oracle Encryption
SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises
More informationHow To Manage An Open Source Software
Executive Briefing: Four Steps to Creating an Effective Open Source Policy Greg Olson Sr. Director OSS Management Olliance Group Speaker Greg Olson Sr. Director, Open Source Management Over 30 years of
More informationA Method for Open Source License Compliance of Java Applications
FOCUS: Software Engineering for Compliance A Method for Open Source Compliance of Java Applications Daniel M. German, University of Victoria Massimiliano Di Penta, University of Sannio // Kenen is a semiautomatic
More informationRozwiązanie SaaS w zakresie bezpieczeństwa teleinformatycznego i ochrony danych dla przedsiębiorstw
Rozwiązanie SaaS w zakresie bezpieczeństwa teleinformatycznego i ochrony danych dla przedsiębiorstw Andrzej Kleśnicki, CISM Technical Account Manager for Central Eastern Europe!! Qualys at a Glance Software-as-a-Service
More informationDriving Business Agility with the Use of Open Source Software
Driving Business Agility with the Use of Open Source Software Speakers Peter Vescuso EVP of Marketing & Business Development Black Duck Software Melinda Ballou Program Director, Application Life-Cycle
More informationCertification Report
Certification Report EAL 4+ Evaluation of ncipher nshield Family of Hardware Security Modules Firmware Version 2.33.60 Issued by: Communications Security Establishment Canada Certification Body Canadian
More informationSecurity in Android apps
Security in Android apps Falco Peijnenburg (3749002) August 16, 2013 Abstract Apps can be released on the Google Play store through the Google Developer Console. The Google Play store only allows apps
More information90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
More informationRequest for Proposal (RFP)
Medem, Inc. 649 Mission Street 2nd Floor San Francisco, CA 94105 Tel 415-644- 3800 Fax 415-644-3950 www.medem.com Request for Proposal (RFP) Outsourced Software Development and Maintenance Services Contact:
More information10/21/10. Formatvorlage des Untertitelmasters durch Klicken bearbeiten
Formatvorlage des Untertitelmasters durch Klicken bearbeiten Introduction Who is Pramari? Leading US Based RFID Software and Consulting Company Member of EPCGlobal (Standards Group for RFID) Partnered
More informationLinux, Open Source, and IBM: The Next Decade
Linux, Open Source, and IBM: The Next Decade Bob Sutor VP, Open Source and Standards Today's talk In order to set the context for the next ten years, we'll start by looking back over the last decade. From
More informationKLC Consulting, Inc. All Rights Reserved. 1 THIRD PARTY (VENDOR) SECURITY RISK MANAGEMENT
1 THIRD PARTY (VENDOR) SECURITY RISK MANAGEMENT About Kyle Lai 2 Kyle Lai, CIPP/G/US, CISSP, CISA, CSSLP, BSI Cert. ISO 27001 LA President of KLC Consulting, Inc. Over 20 years in IT and Security Security
More informationImpacts of Open Source and the EUPL on software IP
Steam 6 Industry Challenges C) Software patents, open source, business methods Patrice-Emmanuel Schmitz Legal expert www.osor.eu Licence compatibility and interoperability in FLOSS procurement and distribution.
More informationWhat Developers, Cars & Banks Have in Common: Best Practices for Open Source Governance
What Developers, Cars & Banks Have in Common: Best Practices for Open Source Governance Shoken Kim Black Duck Software June 7, 2012 Linux Con Japan Compliance Mini-Track Overview Trends Strategic use of
More informationResearch & Development Software Training - 2016
Research & Development Software Training - 2016 Software Excellence Network March 15, 2016 Overview Introduction: why are we here? swdev.epri.com & you: review of website resources 2015 trends & lessons
More informationStreamlining Open Source License Compliance with SPDX
Streamlining Open Source License Compliance with SPDX Kirsten Newcomer Black Duck Software June 7, 2012 Linux Con Japan Compliance Mini Track Overview Software is everywhere How SPDX helps the supply chain
More informationRuby on Rails. a high-productivity web application framework. blog.curthibbs.us/ http://blog. Curt Hibbs <curt@hibbs.com>
Ruby on Rails a high-productivity web application framework http://blog blog.curthibbs.us/ Curt Hibbs Agenda What is Ruby? What is Rails? Live Demonstration (sort of ) Metrics for Production
More informationGPL, MIT, BSD, GEHC (and me)
GPL, MIT, BSD, GEHC (and me) Introduction to Open Source Therese Catanzariti author reproduce literary employer COPYRIGHT OWNER commission work for hire has the exclusive right to distribute prepare derivatives
More informationOpen-source business models: Creating value from free stuff'
Best Practice in Innovation, Entrepreneurship & Design Open-source business models: Creating value from free stuff' 31 March 2010-18.00 to 19.30 Panellists: Prof. Bart Clarysse - Chair in Entrepreneurship,
More informationDelivering Quality Service with IBM Service Management
Delivering Quality Service with IBM Service Milos Nikolic, Global Technology Services Manager Dragan Jeremic, Technical Sales Specialist for Tivoli December 10th 2008 Innovation is the Process, Success
More informationMoving a Commercial Forecasting Product to Open Source
American Immunization Registry Conference October 7 9, 2013 Denver, CO Moving a Commercial Forecasting Product to Open Source Judy Merritt, Scientific Technologies Corporation Nathan Bunker, Dandelion
More informationMobile Test Automation Framework
Mobile Test Automation Framework Shankar Garg Senior Consultant - Testing Problem Statement Features of Test Automation Framework Tech stack and why Demo Did we still miss something Page Objects Why Mobile
More informationCiphire Mail. Abstract
Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the
More informationTest Automation Tool comparison HP UFT/QTP vs. Selenium - Prashant Malhotra
Test Automation Tool comparison HP UFT/QTP vs. Selenium - Prashant Malhotra Test Automation Tool comparison HP UFT/QTP vs. Selenium This whitepaper has been created as a guide to help QA Heads understand,
More informationRelease Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues
NCP Secure Entry Mac Client Service Release 2.05 Build 14711 December 2013 Prerequisites Apple OS X Operating System: The following Apple OS X operating system versions are supported with this release:
More information