SlideShare a Scribd company logo

Are open source and embedded software development on a collision course?

Download as PPTX, PDF
Rogue Wave Software
Rogue Wave Software

Presented at Embedded Systems Conference (ESC) Minneapolis 2018, this session discusses the most effective uses of open source software; how to maintain MISRA, CWE, OWASP, and other standards compliance across all code sources; how to avoid license risk; and reduce critical safety and security issues.

Software
1 of 28
1© 2017 Rogue Wave Software, Inc. All Rights Reserved. Are open source and embedded software development on a collision course? Rod Cope, CTO RogueWave Software
2© 2017 Rogue Wave Software, Inc. All Rights Reserved. Presenter Rod Cope CTO Rogue Wave Software rod.cope@roguewave.com Twitter: @rodcope
3© 2017 Rogue Wave Software, Inc. All Rights Reserved. Agenda 1. Introduction 2. Using OSS 3. License risk 4. MISRA, OWASP 5. Safety & security 6. Q & A
4© 2017 Rogue Wave Software, Inc. All Rights Reserved. Introduction
5© 2017 Rogue Wave Software, Inc. All Rights Reserved. Open source is everywhere GitHub 5 million+ OSS projects 80+ Licenses approved by OSI 98% of organizations use OSS https://guides.github.com/activities/contributing-to-open-source/ https://opensource.org/licenses/alphabetical http://www.roguewave.com/programs/open-source-support-report
7© 2017 Rogue Wave Software, Inc. All Rights Reserved. 67% of developers are not sure if there’s a policy for source code, or don’t know what it is. http://www.roguewave.com/resources/white-papers/software-security-begins-with-flaw-free,-standards
8© 2017 Rogue Wave Software, Inc. All Rights Reserved. Using OSS
9© 2017 Rogue Wave Software, Inc. All Rights Reserved. Support the implementation Self-support Committer support Community support Commercial support
10© 2017 Rogue Wave Software, Inc. All Rights Reserved. Why use commercial support Missing skillset Time constraints People change jobs
11© 2017 Rogue Wave Software, Inc. All Rights Reserved. Commercial support example The original implementation was not built for scale. We’ll help you build a workaround. We’re experiencing heavy latency and heavy resource utilization with ActiveMQ. The person who built this left.
12© 2017 Rogue Wave Software, Inc. All Rights Reserved. Support the selected software 80% of support issues are either a lack of product knowledge, or something in the environment outside of the package. http://www.roguewave.com/programs/open-source-support-report
13© 2017 Rogue Wave Software, Inc. All Rights Reserved. What can organizations do? Detect critical areas Investigate knowledge gaps Implement a plan
14© 2017 Rogue Wave Software, Inc. All Rights Reserved. Legal risk
15© 2017 Rogue Wave Software, Inc. All Rights Reserved. Free comes with restrictions Organizations may be at risk of violating legal obligations.
16© 2017 Rogue Wave Software, Inc. All Rights Reserved. Open source related legal action • Versata v. Ameriprise • XimpleWare v. Versata and Ameriprise • Oracle v. Google • Jacobsen v. Katzer • Welte v. Fantec
17© 2017 Rogue Wave Software, Inc. All Rights Reserved. Audit code Identify packages Bill of materials (BOM) Obligations
18© 2017 Rogue Wave Software, Inc. All Rights Reserved. MISRA, OWASP, etc.
19© 2017 Rogue Wave Software, Inc. All Rights Reserved. Maintain compliance
20© 2017 Rogue Wave Software, Inc. All Rights Reserved. MISRA recommends SCA “In order to ensure that the source code written does conform to the [MISRA] subset it is necessary to have measures in place which check that none of the rules have been broken. The most effective means of achieving this is to use one or more of the static checking tools that are available commercially.” - Section 4.3.1
21© 2017 Rogue Wave Software, Inc. All Rights Reserved. Analysis tools Identify bugs and vulnerabilities Compliance checkers
22© 2017 Rogue Wave Software, Inc. All Rights Reserved. Safety & security
23© 2017 Rogue Wave Software, Inc. All Rights Reserved. Vulnerabilities
24© 2017 Rogue Wave Software, Inc. All Rights Reserved. Remediation Establish processes Research issues Scan all code
25© 2017 Rogue Wave Software, Inc. All Rights Reserved. Community updates Monitor and implement community updates.
26© 2017 Rogue Wave Software, Inc. All Rights Reserved. Critical security announcements OPENUPDATE SIGN UP: roguewave.com/openupdate
27© 2017 Rogue Wave Software, Inc. All Rights Reserved. Monitor and test implementation
28© 2017 Rogue Wave Software, Inc. All Rights Reserved. Q & A
29© 2017 Rogue Wave Software, Inc. All Rights Reserved.

Recommended

Open source and embedded software development
Open source and embedded software developmentOpen source and embedded software development
Open source and embedded software developmentRogue Wave Software
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineGene Gotimer
 
Tony Hodgson (Brainwaive): Your Enterprise is Under Attack: Cyber Security Es...
Tony Hodgson (Brainwaive): Your Enterprise is Under Attack: Cyber Security Es...Tony Hodgson (Brainwaive): Your Enterprise is Under Attack: Cyber Security Es...
Tony Hodgson (Brainwaive): Your Enterprise is Under Attack: Cyber Security Es...AugmentedWorldExpo
 
Cybersecurity 101 for Ophthalmology & Physician Practices
Cybersecurity 101 for Ophthalmology & Physician PracticesCybersecurity 101 for Ophthalmology & Physician Practices
Cybersecurity 101 for Ophthalmology & Physician PracticesRavi D. Goel, MD
 
Become a Threat Hunter by Hamza Beghal
Become a Threat Hunter by Hamza BeghalBecome a Threat Hunter by Hamza Beghal
Become a Threat Hunter by Hamza BeghalNull Singapore
 
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...NetworkCollaborators
 
BGA Eğitim Kataloğu
BGA Eğitim KataloğuBGA Eğitim Kataloğu
BGA Eğitim KataloğuAsım Önder Kabataş
 
Web hacking using Cyber range
Web hacking using Cyber rangeWeb hacking using Cyber range
Web hacking using Cyber rangePriyanka Aash
 

Recommended

Open source and embedded software development
Open source and embedded software developmentOpen source and embedded software development
Open source and embedded software developmentRogue Wave Software
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineGene Gotimer
 
Tony Hodgson (Brainwaive): Your Enterprise is Under Attack: Cyber Security Es...
Tony Hodgson (Brainwaive): Your Enterprise is Under Attack: Cyber Security Es...Tony Hodgson (Brainwaive): Your Enterprise is Under Attack: Cyber Security Es...
Tony Hodgson (Brainwaive): Your Enterprise is Under Attack: Cyber Security Es...AugmentedWorldExpo
 
Cybersecurity 101 for Ophthalmology & Physician Practices
Cybersecurity 101 for Ophthalmology & Physician PracticesCybersecurity 101 for Ophthalmology & Physician Practices
Cybersecurity 101 for Ophthalmology & Physician PracticesRavi D. Goel, MD
 
Become a Threat Hunter by Hamza Beghal
Become a Threat Hunter by Hamza BeghalBecome a Threat Hunter by Hamza Beghal
Become a Threat Hunter by Hamza BeghalNull Singapore
 
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...NetworkCollaborators
 
BGA Eğitim Kataloğu
BGA Eğitim KataloğuBGA Eğitim Kataloğu
BGA Eğitim KataloğuAsım Önder Kabataş
 
Web hacking using Cyber range
Web hacking using Cyber rangeWeb hacking using Cyber range
Web hacking using Cyber rangePriyanka Aash
 
Tadej Hren: IOT Ransomware
Tadej Hren: IOT RansomwareTadej Hren: IOT Ransomware
Tadej Hren: IOT RansomwareDomen Savič
 
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...ThreatConnect
 
How Silicon Valley startups are approaching security differently
How Silicon Valley startups are approaching security differentlyHow Silicon Valley startups are approaching security differently
How Silicon Valley startups are approaching security differentlyScott Cressman
 
Our Mission and Values
Our Mission and ValuesOur Mission and Values
Our Mission and ValuesAmber Sawhill
 
How Components Increase Speed and Risk
How Components Increase Speed and RiskHow Components Increase Speed and Risk
How Components Increase Speed and RiskCA Technologies
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyCyren, Inc
 
Netskope Overview
Netskope OverviewNetskope Overview
Netskope OverviewNetskope
 
NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi
NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi
NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi North Texas Chapter of the ISSA
 
Idc security roadshow may2015 Adrian Aron
Idc security roadshow may2015 Adrian AronIdc security roadshow may2015 Adrian Aron
Idc security roadshow may2015 Adrian AronDejan Jeremic
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowCyren, Inc
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportCyren, Inc
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
Rise of Crypto rRansomware
Rise of Crypto rRansomwareRise of Crypto rRansomware
Rise of Crypto rRansomwareNapier University
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 PresentationCyren, Inc
 
Mastering Next Gen SIEM Use Cases (Part 1)
Mastering Next Gen SIEM Use Cases (Part 1)Mastering Next Gen SIEM Use Cases (Part 1)
Mastering Next Gen SIEM Use Cases (Part 1)DNIF
 
TechWiseTV Workshop: Stealthwatch Cloud
TechWiseTV Workshop: Stealthwatch CloudTechWiseTV Workshop: Stealthwatch Cloud
TechWiseTV Workshop: Stealthwatch CloudRobb Boyd
 
When assets more valuable than system
When assets more valuable than system When assets more valuable than system
When assets more valuable than system Ardha Herdianto
 
Lastline RSAC 2018 Highlights
Lastline RSAC 2018 HighlightsLastline RSAC 2018 Highlights
Lastline RSAC 2018 HighlightsLastline, Inc.
 
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy Nur Shiqim Chok
 
When is free not free: The true costs of open source
When is free not free: The true costs of open sourceWhen is free not free: The true costs of open source
When is free not free: The true costs of open sourceRogue Wave Software
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleRogue Wave Software
 

More Related Content

What's hot

Tadej Hren: IOT Ransomware
Tadej Hren: IOT RansomwareTadej Hren: IOT Ransomware
Tadej Hren: IOT RansomwareDomen Savič
 
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...ThreatConnect
 
How Silicon Valley startups are approaching security differently
How Silicon Valley startups are approaching security differentlyHow Silicon Valley startups are approaching security differently
How Silicon Valley startups are approaching security differentlyScott Cressman
 
Our Mission and Values
Our Mission and ValuesOur Mission and Values
Our Mission and ValuesAmber Sawhill
 
How Components Increase Speed and Risk
How Components Increase Speed and RiskHow Components Increase Speed and Risk
How Components Increase Speed and RiskCA Technologies
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyCyren, Inc
 
Netskope Overview
Netskope OverviewNetskope Overview
Netskope OverviewNetskope
 
NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi
NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi
NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi North Texas Chapter of the ISSA
 
Idc security roadshow may2015 Adrian Aron
Idc security roadshow may2015 Adrian AronIdc security roadshow may2015 Adrian Aron
Idc security roadshow may2015 Adrian AronDejan Jeremic
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowCyren, Inc
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportCyren, Inc
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 PresentationCyren, Inc
 
Mastering Next Gen SIEM Use Cases (Part 1)
Mastering Next Gen SIEM Use Cases (Part 1)Mastering Next Gen SIEM Use Cases (Part 1)
Mastering Next Gen SIEM Use Cases (Part 1)DNIF
 
TechWiseTV Workshop: Stealthwatch Cloud
TechWiseTV Workshop: Stealthwatch CloudTechWiseTV Workshop: Stealthwatch Cloud
TechWiseTV Workshop: Stealthwatch CloudRobb Boyd
 
When assets more valuable than system
When assets more valuable than system When assets more valuable than system
When assets more valuable than system Ardha Herdianto
 
Lastline RSAC 2018 Highlights
Lastline RSAC 2018 HighlightsLastline RSAC 2018 Highlights
Lastline RSAC 2018 HighlightsLastline, Inc.
 
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy Nur Shiqim Chok
 

What's hot (20)

Tadej Hren: IOT Ransomware
Tadej Hren: IOT RansomwareTadej Hren: IOT Ransomware
Tadej Hren: IOT Ransomware
 
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
 
How Silicon Valley startups are approaching security differently
How Silicon Valley startups are approaching security differentlyHow Silicon Valley startups are approaching security differently
How Silicon Valley startups are approaching security differently
 
Our Mission and Values
Our Mission and ValuesOur Mission and Values
Our Mission and Values
 
How Components Increase Speed and Risk
How Components Increase Speed and RiskHow Components Increase Speed and Risk
How Components Increase Speed and Risk
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking survey
 
Netskope Overview
Netskope OverviewNetskope Overview
Netskope Overview
 
NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi
NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi
NTXISSACSC3 - Managing Cyber Security Across the Enterprise by Asif Effendi
 
Idc security roadshow may2015 Adrian Aron
Idc security roadshow may2015 Adrian AronIdc security roadshow may2015 Adrian Aron
Idc security roadshow may2015 Adrian Aron
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to know
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat report
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array works
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
 
Rise of Crypto rRansomware
Rise of Crypto rRansomwareRise of Crypto rRansomware
Rise of Crypto rRansomware
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 Presentation
 
Mastering Next Gen SIEM Use Cases (Part 1)
Mastering Next Gen SIEM Use Cases (Part 1)Mastering Next Gen SIEM Use Cases (Part 1)
Mastering Next Gen SIEM Use Cases (Part 1)
 
TechWiseTV Workshop: Stealthwatch Cloud
TechWiseTV Workshop: Stealthwatch CloudTechWiseTV Workshop: Stealthwatch Cloud
TechWiseTV Workshop: Stealthwatch Cloud
 
When assets more valuable than system
When assets more valuable than system When assets more valuable than system
When assets more valuable than system
 
Lastline RSAC 2018 Highlights
Lastline RSAC 2018 HighlightsLastline RSAC 2018 Highlights
Lastline RSAC 2018 Highlights
 
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
 

Similar to Are open source and embedded software development on a collision course?

When is free not free: The true costs of open source
When is free not free: The true costs of open sourceWhen is free not free: The true costs of open source
When is free not free: The true costs of open sourceRogue Wave Software
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleRogue Wave Software
 
How to Keep Developers Happy and Lawyers Calm
How to Keep Developers Happy and Lawyers CalmHow to Keep Developers Happy and Lawyers Calm
How to Keep Developers Happy and Lawyers CalmAll Things Open
 
Open source software: Diligence, compliance, and future trends
Open source software: Diligence, compliance, and future trendsOpen source software: Diligence, compliance, and future trends
Open source software: Diligence, compliance, and future trendsRogue Wave Software
 
Related OSS Projects - Peter Rowe, Flexera Software
Related OSS Projects - Peter Rowe, Flexera SoftwareRelated OSS Projects - Peter Rowe, Flexera Software
Related OSS Projects - Peter Rowe, Flexera SoftwareOpenStack
 
How enterprises learned to stop worrying and love open source
How enterprises learned to stop worrying and love open sourceHow enterprises learned to stop worrying and love open source
How enterprises learned to stop worrying and love open sourceRogue Wave Software
 
Identifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersIdentifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersRogue Wave Software
 
5 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 20185 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 2018NowSecure
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
 
What if you could eliminate the hidden costs of development?
What if you could eliminate the hidden costs of development?What if you could eliminate the hidden costs of development?
What if you could eliminate the hidden costs of development?Rogue Wave Software
 
Where Open Source Meets Audit Analytics - ISACA North America CACS 2017
Where Open Source Meets Audit Analytics - ISACA North America CACS 2017Where Open Source Meets Audit Analytics - ISACA North America CACS 2017
Where Open Source Meets Audit Analytics - ISACA North America CACS 2017Andrew Clark
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015Rogue Wave Software
 
Journey to Establish an Open Source Policy in a Fortune 20 Health Care Company
Journey to Establish an Open Source Policy in a Fortune 20 Health Care CompanyJourney to Establish an Open Source Policy in a Fortune 20 Health Care Company
Journey to Establish an Open Source Policy in a Fortune 20 Health Care CompanyAll Things Open
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...WhiteSource
 
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Black Duck by Synopsys
 
How to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less timeHow to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less timeRogue Wave Software
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOpsBlack Duck by Synopsys
 

Similar to Are open source and embedded software development on a collision course? (20)

When is free not free: The true costs of open source
When is free not free: The true costs of open sourceWhen is free not free: The true costs of open source
When is free not free: The true costs of open source
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycle
 
How to Keep Developers Happy and Lawyers Calm
How to Keep Developers Happy and Lawyers CalmHow to Keep Developers Happy and Lawyers Calm
How to Keep Developers Happy and Lawyers Calm
 
Open source software: Diligence, compliance, and future trends
Open source software: Diligence, compliance, and future trendsOpen source software: Diligence, compliance, and future trends
Open source software: Diligence, compliance, and future trends
 
Ongoing management of your PHP 7 application
Ongoing management of your PHP 7 applicationOngoing management of your PHP 7 application
Ongoing management of your PHP 7 application
 
Related OSS Projects - Peter Rowe, Flexera Software
Related OSS Projects - Peter Rowe, Flexera SoftwareRelated OSS Projects - Peter Rowe, Flexera Software
Related OSS Projects - Peter Rowe, Flexera Software
 
How enterprises learned to stop worrying and love open source
How enterprises learned to stop worrying and love open sourceHow enterprises learned to stop worrying and love open source
How enterprises learned to stop worrying and love open source
 
Découvrez le Rugged DevOps
Découvrez le Rugged DevOpsDécouvrez le Rugged DevOps
Découvrez le Rugged DevOps
 
Speed and security for your PHP application
Speed and security for your PHP applicationSpeed and security for your PHP application
Speed and security for your PHP application
 
Identifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developersIdentifying and managing the risks of open source software for PHP developers
Identifying and managing the risks of open source software for PHP developers
 
5 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 20185 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 2018
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization
 
What if you could eliminate the hidden costs of development?
What if you could eliminate the hidden costs of development?What if you could eliminate the hidden costs of development?
What if you could eliminate the hidden costs of development?
 
Where Open Source Meets Audit Analytics - ISACA North America CACS 2017
Where Open Source Meets Audit Analytics - ISACA North America CACS 2017Where Open Source Meets Audit Analytics - ISACA North America CACS 2017
Where Open Source Meets Audit Analytics - ISACA North America CACS 2017
 
OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015OSS has taken over the enterprise: The top five OSS trends of 2015
OSS has taken over the enterprise: The top five OSS trends of 2015
 
Journey to Establish an Open Source Policy in a Fortune 20 Health Care Company
Journey to Establish an Open Source Policy in a Fortune 20 Health Care CompanyJourney to Establish an Open Source Policy in a Fortune 20 Health Care Company
Journey to Establish an Open Source Policy in a Fortune 20 Health Care Company
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
 
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
 
How to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less timeHow to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less time
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOps
 

More from Rogue Wave Software

The Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveThe Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveRogue Wave Software
 
No liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureNo liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureRogue Wave Software
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationRogue Wave Software
 
Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Rogue Wave Software
 
Adding layers of security to an API in real-time
Adding layers of security to an API in real-timeAdding layers of security to an API in real-time
Adding layers of security to an API in real-timeRogue Wave Software
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyRogue Wave Software
 
Advanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsAdvanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsRogue Wave Software
 
The forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youThe forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youRogue Wave Software
 
Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Rogue Wave Software
 
5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure successRogue Wave Software
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliancePSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and complianceRogue Wave Software
 
Java 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureJava 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureRogue Wave Software
 
How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)Rogue Wave Software
 
Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Rogue Wave Software
 
How to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxHow to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxRogue Wave Software
 
Approaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsApproaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsRogue Wave Software
 
Enterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSEnterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSRogue Wave Software
 
Walk through an enterprise Linux migration
Walk through an enterprise Linux migrationWalk through an enterprise Linux migration
Walk through an enterprise Linux migrationRogue Wave Software
 
How to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmHow to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmRogue Wave Software
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impactRogue Wave Software
 

More from Rogue Wave Software (20)

The Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveThe Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data Perspective
 
No liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureNo liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failure
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformation
 
Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...
 
Adding layers of security to an API in real-time
Adding layers of security to an API in real-timeAdding layers of security to an API in real-time
Adding layers of security to an API in real-time
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case study
 
Advanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsAdvanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applications
 
The forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youThe forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for you
 
Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices
 
5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliancePSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliance
 
Java 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureJava 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the future
 
How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)
 
Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)
 
How to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxHow to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to Linux
 
Approaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsApproaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC apps
 
Enterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSEnterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOS
 
Walk through an enterprise Linux migration
Walk through an enterprise Linux migrationWalk through an enterprise Linux migration
Walk through an enterprise Linux migration
 
How to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmHow to keep developers happy and lawyers calm
How to keep developers happy and lawyers calm
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impact
 

Recently uploaded

Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 

Recently uploaded (20)

Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 

Are open source and embedded software development on a collision course?

  • 1. 1© 2017 Rogue Wave Software, Inc. All Rights Reserved. Are open source and embedded software development on a collision course? Rod Cope, CTO RogueWave Software
  • 2. 2© 2017 Rogue Wave Software, Inc. All Rights Reserved. Presenter Rod Cope CTO Rogue Wave Software rod.cope@roguewave.com Twitter: @rodcope
  • 3. 3© 2017 Rogue Wave Software, Inc. All Rights Reserved. Agenda 1. Introduction 2. Using OSS 3. License risk 4. MISRA, OWASP 5. Safety & security 6. Q & A
  • 4. 4© 2017 Rogue Wave Software, Inc. All Rights Reserved. Introduction
  • 5. 5© 2017 Rogue Wave Software, Inc. All Rights Reserved. Open source is everywhere GitHub 5 million+ OSS projects 80+ Licenses approved by OSI 98% of organizations use OSS https://guides.github.com/activities/contributing-to-open-source/ https://opensource.org/licenses/alphabetical http://www.roguewave.com/programs/open-source-support-report
  • 6. 7© 2017 Rogue Wave Software, Inc. All Rights Reserved. 67% of developers are not sure if there’s a policy for source code, or don’t know what it is. http://www.roguewave.com/resources/white-papers/software-security-begins-with-flaw-free,-standards
  • 7. 8© 2017 Rogue Wave Software, Inc. All Rights Reserved. Using OSS
  • 8. 9© 2017 Rogue Wave Software, Inc. All Rights Reserved. Support the implementation Self-support Committer support Community support Commercial support
  • 9. 10© 2017 Rogue Wave Software, Inc. All Rights Reserved. Why use commercial support Missing skillset Time constraints People change jobs
  • 10. 11© 2017 Rogue Wave Software, Inc. All Rights Reserved. Commercial support example The original implementation was not built for scale. We’ll help you build a workaround. We’re experiencing heavy latency and heavy resource utilization with ActiveMQ. The person who built this left.
  • 11. 12© 2017 Rogue Wave Software, Inc. All Rights Reserved. Support the selected software 80% of support issues are either a lack of product knowledge, or something in the environment outside of the package. http://www.roguewave.com/programs/open-source-support-report
  • 12. 13© 2017 Rogue Wave Software, Inc. All Rights Reserved. What can organizations do? Detect critical areas Investigate knowledge gaps Implement a plan
  • 13. 14© 2017 Rogue Wave Software, Inc. All Rights Reserved. Legal risk
  • 14. 15© 2017 Rogue Wave Software, Inc. All Rights Reserved. Free comes with restrictions Organizations may be at risk of violating legal obligations.
  • 15. 16© 2017 Rogue Wave Software, Inc. All Rights Reserved. Open source related legal action • Versata v. Ameriprise • XimpleWare v. Versata and Ameriprise • Oracle v. Google • Jacobsen v. Katzer • Welte v. Fantec
  • 16. 17© 2017 Rogue Wave Software, Inc. All Rights Reserved. Audit code Identify packages Bill of materials (BOM) Obligations
  • 17. 18© 2017 Rogue Wave Software, Inc. All Rights Reserved. MISRA, OWASP, etc.
  • 18. 19© 2017 Rogue Wave Software, Inc. All Rights Reserved. Maintain compliance
  • 19. 20© 2017 Rogue Wave Software, Inc. All Rights Reserved. MISRA recommends SCA “In order to ensure that the source code written does conform to the [MISRA] subset it is necessary to have measures in place which check that none of the rules have been broken. The most effective means of achieving this is to use one or more of the static checking tools that are available commercially.” - Section 4.3.1
  • 20. 21© 2017 Rogue Wave Software, Inc. All Rights Reserved. Analysis tools Identify bugs and vulnerabilities Compliance checkers
  • 21. 22© 2017 Rogue Wave Software, Inc. All Rights Reserved. Safety & security
  • 22. 23© 2017 Rogue Wave Software, Inc. All Rights Reserved. Vulnerabilities
  • 23. 24© 2017 Rogue Wave Software, Inc. All Rights Reserved. Remediation Establish processes Research issues Scan all code
  • 24. 25© 2017 Rogue Wave Software, Inc. All Rights Reserved. Community updates Monitor and implement community updates.
  • 25. 26© 2017 Rogue Wave Software, Inc. All Rights Reserved. Critical security announcements OPENUPDATE SIGN UP: roguewave.com/openupdate
  • 26. 27© 2017 Rogue Wave Software, Inc. All Rights Reserved. Monitor and test implementation
  • 27. 28© 2017 Rogue Wave Software, Inc. All Rights Reserved. Q & A
  • 28. 29© 2017 Rogue Wave Software, Inc. All Rights Reserved.

Editor's Notes

  1. Shorten titles
  2. Source: http://www.roguewave.com/resources/white-papers/software-security-begins-with-flaw-free,-standards Risks of embracing OSS include: Late releases Over budget projects Casualties to life and limb Blending newly-written, legacy, and open source code With a complex – and lengthy – supply chain for most embedded development, each software contributor needs to better understand the landscape, the true costs, risks, and how to make the right decisions for when – and how – to use open source software. Knowing how to manage and support open source software, as well as making sure that licenses, standards compliance, and critical safety and security issues are addressed has taken on a life of its own.
  3. To stay ahead of the best practices and ongoing updates in open source software, an organization needs to have one or two employees dedicated to that task. However, most organizations don’t have the resources to maintain that role, so there needs to be a process, exercising extreme caution around monitoring and implementing community updates. Some open source updates aren’t as critical as other updates, but it’s a risky game to wait to see what matters. As there are such a high number of updates with open source software, not all of the issues get a lot of media coverage and internet searches fall short of true discovery. This means that organizations can sit for months – or longer – exposed and unaware that a crucial update is available. These updates should be taken as high priority when tracking open source software updates and announcements.