Embed Size (px)
Citation preview
1© 2016 Rogue Wave Software, Inc. All Rights Reserved.
1
Top open source lessonsfor every enterpriseEpisode I:
How enterprises learned to stop worrying and love open source
2© 2016 Rogue Wave Software, Inc. All Rights Reserved.
2
Rod Cope, CTORogue Wave Software
Presenter
3© 2016 Rogue Wave Software, Inc. All Rights Reserved.
3
Poll #1What percentage of your code is free and open source software?
A. 0 to 25%B. 26 to 50%C. 51 to 75%
D. More than 75%
4© 2016 Rogue Wave Software, Inc. All Rights Reserved.
4
5© 2016 Rogue Wave Software, Inc. All Rights Reserved.
5
”Open source has eaten the world.” Rod Cope, CTO
Rogue Wave Software
6© 2016 Rogue Wave Software, Inc. All Rights Reserved.
6
1. A brief history of open source2. Talking technical3. Call security4. Keys to licensing5. A brief history of the future6. Summary7. Q&A
Agenda
7© 2016 Rogue Wave Software, Inc. All Rights Reserved.
7
A brief history of open source
8© 2016 Rogue Wave Software, Inc. All Rights Reserved.
8
Open source evolution
• Freeware/shareware
• BBS• Perl• GPL
• “Open Source”
• Apache, Tomcat, JBoss
• PHP, Python, Ruby
• Linux
• FUD• OSS
company explosion
• Insurance plays
• Git• Android
1980’s
1990’s
2000’s
2010’s 2016
• Package explosion
• GitHub ascension
• Full speed OSS adoption
• Docker• Swift
• “OSS first” policies
• CentOS in enterprise
• Cloud OSS• Cognitive
computing
OSS in the enterprise
Unaware Early tests Keep out! Adoption Ubiquitous
9© 2016 Rogue Wave Software, Inc. All Rights Reserved.
9
3 evolutionary paths
1. Technical2. Security3. Licensing
CHAOS
NEUTRAL LOVE
Spectrum of confidence
10© 2016 Rogue Wave Software, Inc. All Rights Reserved.
10
Poll #2How well is your organization managing OSS?
A. It’s chaotic: minimal process, no tracking, uncertain useB. It’s okay: some process & tracking, some license compliance
C. It’s good: project-level processes, tracking, & complianceD. It’s great: processes and tools in place across organization
11© 2016 Rogue Wave Software, Inc. All Rights Reserved.
11
Talking technical
12© 2016 Rogue Wave Software, Inc. All Rights Reserved.
12
Technical confidence
• Growth in number of packages / challenges• Growth in languages / challenges• Growth in skills / challenges
By 2018, every enterprise will be a “software company”Recruiting developers will be a CEO top 5 strategy for
success
2015 2020010203040
Billions of IoT devices
BI Intelligence
2 billion GB, 600 million queries/sec
278 billion messages/da
y
13© 2016 Rogue Wave Software, Inc. All Rights Reserved.
13
Packages• 1000’s of repositories• Everything rough around the edges• Venture capitalists:
“There will be ~10 OSS packages”
CHAOS
• 1000’s of packages• Elevated repositories• Package management systems• Strong technical benefits• FUD around licensing
• Millions of packages• Dominant repositories• Safe adoption of OSS• Commercial support
options
NEUTRAL
LOVE
14© 2016 Rogue Wave Software, Inc. All Rights Reserved.
14
Languages• Few language choices• Everything written from scratch• No standards• Weak tool support
CHAOS
• New scripting languages for web development• Frameworks and other tools accelerate
development• Web and other standards become common
• Many languages: declarative, functional, statically typed
• Strong competition among frameworks & tools• “Best tool for the job” is the norm• Possible downside: tyranny of choice
NEUTRAL
LOVE
15© 2016 Rogue Wave Software, Inc. All Rights Reserved.
15
Skills
• Nobody knows OSS• Developer leaves code is
unmaintainable• No formal support or training available
CHAOS
• OSS becomes common, easier to find developers
• Training available for some key packages• OSS experience appears on resumes
• Formal training and certification available• Professional support, guidance, and migration
help• OSS history and code is key to getting a job• Employers looking specifically for OSS experts
NEUTRAL
LOVE
16© 2016 Rogue Wave Software, Inc. All Rights Reserved.
16
Call security
17© 2016 Rogue Wave Software, Inc. All Rights Reserved.
17
Security confidence
• Growth in software complexity leads to more vulnerabilities• Large developer base doesn’t imply constant (or skilled) vigilance
On Apache Struts: “It is not noteworthy that an open source project could have a severe vulnerability [it’s] that this flaw went
undetected for at least seven years.”
• Potentially millions of servers• “seeing 10 to 15 attacks per
second”1
• Example loss: 4.5 million patient records2
• 8 other flaws in core packages the first week of 2015
1. CloudFlare2. Reuters: U.S hospital breach biggest yet to exploit Heartbleed bug
18© 2016 Rogue Wave Software, Inc. All Rights Reserved.
18
Security evolution
• No focus on security, unknown quality• Every project has own approach to
security• Code is available: easy to attack
CHAOS
• “Given enough eyeballs, all bugs are shallow”
• OSS is just code: similar to proprietary• Treat all code the same
• Code is available: Static and dynamic code analysis
• Security elevated to “critical feature” status• Initiatives to improve widely used
infrastructure
NEUTRAL
LOVE
19© 2016 Rogue Wave Software, Inc. All Rights Reserved.
19
Poll #3How does your team know when an OSS package has a
vulnerability?A. We don’t
B. We read the newsC. We monitor vulnerability reports, databases, etc.
D. We monitor reports and perform regular security scans
20© 2016 Rogue Wave Software, Inc. All Rights Reserved.
20
Keys to licensing
21© 2016 Rogue Wave Software, Inc. All Rights Reserved.
21
Licensing confidence
• Growth in licensing• Top licenses on GitHub1: MIT (44.69%), GPL 2.0 (12.96%), Apache
(11.19%), GPL 3.0 (8.88%)
v.s
XimpleWare
Only 35 percent of companies have written policies requiring them to use properly licensed software
v.s
1. GitHub: Open source license usage
22© 2016 Rogue Wave Software, Inc. All Rights Reserved.
22
Licensing evolution• No license• DIY licenses• ”Vanity”
licenses• Non-OSS
licenses
CHAOS
• ”Copyleft”• “Business-friendly”• Use case dependent
obligations
• Better developer awareness• Attorneys up-to-speed on
OSS• Professional auditing
services
NEUTRAL
LOVE
23© 2016 Rogue Wave Software, Inc. All Rights Reserved.
23
Poll #4
24© 2016 Rogue Wave Software, Inc. All Rights Reserved.
24
A brief history of the future
25© 2016 Rogue Wave Software, Inc. All Rights Reserved.
25
Future OSS technologies
• VR/AR– Virtual Reality– Augmented Reality– Magic Leap
• Cognitive computing– Artificial intelligence– Machine learning– Deep learning
• Autonomous vehicles– osvehicle.com– CANtact– OSS code for driving
26© 2016 Rogue Wave Software, Inc. All Rights Reserved.
26
SummaryA tyranny of choice
Many license options, most don’t know how to manage or track
• Awareness building
• Audits becoming commonplace or mandatory
Vulnerabilities go undetected, elevating security to a critical feature
• Static and dynamic analysis help
Packages and languages have exploded, requiring new skills
• Rise of the “open source developer”
• CEO top 5 strategy
27© 2016 Rogue Wave Software, Inc. All Rights Reserved.
27
Q & A
28© 2016 Rogue Wave Software, Inc. All Rights Reserved.
28
Watch on demand
• Watch this webinar on demand
• Read the recap blog to see the results of the polls and Q&A session
29© 2016 Rogue Wave Software, Inc. All Rights Reserved.
29
Follow up
Free newsletter: vulnerabilities, industry news, and enterprise support stories
openlogic.com/products-services/openlogic-exchange/openupdate
For OpenLogic support customers:
OSS Radio
30© 2016 Rogue Wave Software, Inc. All Rights Reserved.
30
Stay tuned
Top open source lessons for every enterpriseJune 29: When is free not free: The true costs of open sourceKnowing the OSS in use is key to reducing technical, security, and licensing hurdles – how do you do it?
July 13: Open source applied: Real-world usesExamine actual field issues, from architecture to production, to better select and use the right packages.
July 27: Top issues in the top enterprise packagesDive into specific packages with two architects to discover what goes right and what goes wrong.
31© 2016 Rogue Wave Software, Inc. All Rights Reserved.
31
