The Wall Street Journal recently reported that the Core Infrastructure Initiative, a group formed last year after the Heartbleed bug targeted vulnerabilities in OpenSSL encryption software, has invested $500,000 in three new projects aimed at improving the security of open source code. Participants in the Core Infrastructure Initiative include large corporations such as Microsoft, Facebook, and Cisco Systems; it is managed by the nonprofit Linux Foundation. This collaboration demonstrates a desire from both the open source community and technology leaders to preserve free and open standards while continuing to make security a top priority.
The three projects receiving support from this investment include a testing method that finds security vulnerabilities in software like OpenSSL; a tool that makes sure the software end users receive has not been tampered with; and testing tools that ensure the accuracy of software bug reporting. Combined, these three projects can help further security improvements in open source software, allowing developers to continue to employ open source standards and end-users to enjoy the benefits open source has to offer while limiting security vulnerabilities.
In the wake of recent cyber attacks and security breaches, many business leaders and proprietary software developers have expressed reservations about the security and safety of open source software. Nevertheless, open source has been gaining steady ground and investments of money and resources make it clear that the open source community and its supporters are committed to improving open source security measures.
Open source code is available to be studied, examined, thoroughly tested, and modified. While some may see this as a liability, it also represents a great strength. Various factors make open source software a secure choice:
- A wealth of technology knowledge: Open source, by its very nature, invites the best and brightest technology experts to participate fully in testing, modifying, viewing, and debugging code. Because experts can work in community to ensure the software stays secure from development through delivery to the end user, open source benefits from collaboration between individuals with a variety of skill sets and areas of expertise.
- Dedication to improving security: The open source community has the ability to learn from past breaches and directly use that information to make future offerings more secure, as evidenced by the exciting projects currently underway aimed at improving open source security.
- Ability to resolve breaches through patching: If vulnerability is identified in open source software, it can be remedied quickly, often immediately. This process is quicker than if users have to wait for a proprietary software vendor to find the issue and release a patch, and it can minimize damage and losses in the event of a breach. In this way, open source software can adapt quickly to increasing and changing security threats to become safer over time.
As investment and innovation in open source security increases, open source has the potential to become safer and more secure than ever before, making it more desirable for companies that are concerned about today’s changing threat landscape.
Open source software is bound for the open road—literally. As the automotive industry increases design and production of electric cars with an eye toward environmental responsibility, it is also adopting an open source standard for producing these vehicles.
Electric car manufacturer, Tesla Motors has recently been in the news as they have chosen to open source their electric vehicle patents. This is an unprecedented step in the automotive industry and has raised questions around Intellectual Property ownership. Another automotive company, OSVehicle, has its hopes set on creating a 'do-it-yourself' car kit and has released an open source car platform which is quick and inexpensive to build. We have looked at other industries like Telecom where they have embraced open source to deal with increasing complexities as they strive for agility and innovation while controlling costs.
Electric cars currently represent only a tiny slice of the automotive market. However, by offering an open source electric car kit to consumers, vehicle manufacturers could find themselves breathing new life into this segment. A complete open source kit that costs less than $10,000 and enables someone to build their own electric vehicle in an hour or two could find a home within many market segments, including automobile collectors, do-it-yourselfers and environmental activists.
Many people who might be put off by an electric car for reasons such as cost, lack of roadworthiness, availability, or design esthetic could be attracted to them in part by the open source model. An open source kit would enable car owners to imagine, modify and build their own vehicle and participate in the car's creation process on a level not currently available on the typical gas-powered vehicle lot.
Open source electric vehicles could also provide another transportation solution in urban areas. Gas-powered vehicles are often out of reach for people living on limited incomes, leaving them with few transportation options. An open source electric vehicle could provide a low-cost, accessible transportation option to help people get from one place to another, all without increasing the environmental burden on already-polluted cities.
Open source electric vehicles could provide great benefits to consumers, empowering people to “leverage the power of information to build, maintain, and modify accessible and working vehicles as they see fit.” Open sourcing these platforms expands their reach and creates endless possibilities for innovation, expanding our relationship with the Internet of Things (IoT).
No decent writer would blatantly steal a fellow author’s piece of work and call it their own, as that would be plagiarizing or intellectual property theft. Not only does this deceptive act have major legal repercussions—such as hefty lawsuits—but it also undermines the potential for future collaboration between two creators.
In this same vein, members of the open source community must abide by certain regulations so that the free flow of ideas and innovation can continue without facing potential controversy. For example, an open source Web developer can modify previously established open source code, but only if it adheres to the code’s licensing guidelines and always originates back to the base source code. In doing so, Web developers credit the individual that originally created the code, just as writers must quote and include citations for words taken from another authors piece of work.
In order to standardize a sound collaboration, members of the open source community employ what’s called “copyleft”. This is a policy which states that software can be used, modified and distributed but only so long as it is in compliance with an established set of ground rules and conditions. As such, developers can easily add their own contributions to existing code and integrate it with other software.
Additionally, the policy allows companies to distribute software that contains this source code. This is how open source code could easily land within a business’s IT infrastructure without them ever being aware, which raises another issue. When organizations use open source software they might not be fully aware of the many components of that particular technology. For instance, the software may contain several third-party elements that couldn’t initially be detected. As such, businesses run the risk of becoming incompliant with a particular code’s licensing or intellectual property agreement.
To mitigate the risks associated with incompliance in open source licensing agreements, organizations must make it their standard operating procedure to utilize intellectual property software audit services. By using this advanced auditing service organizations can raise the awareness of potential vulnerabilities and hightlight risks.
So, it’s a Web developer’s duty to ensure they aren’t acting as the plagiarists of the technology world and it’s a business’s duty to ensure they are compliant with open source rules and regulations.
A merger and acquisition (M&A) can be an exciting time for businesses as it represents growth and new capital. But in addition to the myriad of business guidelines that must be adhered to—financial or legal procedures, for instance— a comprehensive software audit must take place, especially when open source software is part of one or both businesses’ IT infrastructure.
While the principal of open source is that it’s free for public modification, contribution and sharing of code, there are still licensing and intellectual property rights policies that must be followed to avoid legal repercussions. For example, if a developer creates an original source code under a general public license (GPL) subsequent contribution or modification to the code must always include and refer back to that original source code. If a code contributor fails to comply with the rules and restrictions set in place by the license, he or she could be faced with serious consequences—like a hefty lawsuit.
And while this situation is most pertinent for the code developers themselves, anyone who uses open source code that isn’t compliant could potentially suffer penalties. It is important to audit your IT infrastructure’s code—and that of the business with which you are merging or subsidizing— so you can understand its internal components. For example, you may very well—unknowingly—use open source applications that contain third-party elements or that are not in compliance with licensing guidelines. As such, it’s important to mitigate the possible vulnerabilities of adopting another business’s incompliant software before executing the M&A.
So before the deal is sealed, be sure to leverage today’s intellectual property software audit services as well as open source software license compliance audits that can automatically scan your organization’s code and provide a full, detailed report about its composition. In doing so, you can address potential risks before they surface, saving you time and money.
In a recent webinar we outlined the best practices for streamlining your software audit - a great resource for those approaching an M&A.
NASA recently released its source code to the public. The agency did not release its code through an open source model; however, its willingness to release the code for software for aeronautics, propulsion, testing and other processes demonstrates a commitment to private sector involvement in the aeronautics and space industry.
An article in Softpedia states, “NASA is the only agency in the world dealing with space matters that has taken this step. This is part of a coordinated effort to give private enterprises a push in the right direction. It’s much easier to get things off the ground if you don’t start from scratch.” Developers cannot modify or improve upon NASA’s original code, but they can use the newly available code as a benchmark to help increase innovation in the private sector and provide a welcome head start when creating new software.
NASA’s recent move is a major step for both enterprise and government organizations toward embracing open source. NASA may have chosen not to make its code completely open source, but the fact that it is allowing developers to look inside its proprietary software shows a new attitude that’s open to future collaboration. This willingness to share in order to foster progress and innovation in software development and applications is a hallmark of the open source community. A large government agency taking a step in this direction is positive news for software developers and the open source community at large.
NASA’s release of its code may also signal a greater shift toward open source in the future for organizations that have traditionally kept a tight lid on their code. However, the advantages of open source software can only be realized if its adoption is managed. This will potentially allow for greater development opportunities and software applications across various fields, without requiring developers to reinvent the wheel every time.
Recently, Apple released its programming language, Swift 2, to the public. By releasing Swift to the open source community, Apple is giving software developers more access to and control over the programming language. This release opens up a myriad of exciting possibilities for application development, software advancements and increased functionality.
The immediate result of Apple’s decision regarding Swift is that more developers will be able to leverage this code to create apps and software. However, Swift is simply the latest language to become open sourced, and this event points to a larger and deeper ongoing trend that affects more than Web developers. This release re-emphasizes the fact that open source is fast becoming a technology standard, and suggests that more prominent technology companies will be embracing open source in the near future, rather than resisting it.
Widespread adoption of open source has positive implications for developers as well as for the public at large provided it is properly managed, including:
- More resources and freedom: Open source gives developers access to the inner workings of the code and more options for working with it. Rather than engaging in risky and non-compliant practices to further innovation, developers can focus energy on creating useful apps and software with the unprecedented freedom that open source provides.
- New platforms: More open source code means that apps and programs don’t have to be confined to one or two platforms, but can be designed to work on any platform and device. This will lead to additional options for technology consumers as well as for developers, and will increase healthy competition in the marketplace.
- Increased opportunity for innovation: Open source gives developers free reign to use their creativity and knowledge to tinker with code and create something entirely new. They can be led by their own imaginations as well as by consumer demand, rather than being restricted by proprietary or platform-based software.
Interested in reading more about Apple’s involvement with open source? Read one of our previous blogs where we looked at another open source app recently released by Apple.
Facebook is no stranger to the world of open source. In fact, the developers behind the larger-than-life social media platform make their source code publicly available regularly. As such, Web developers beyond the walls of the Facebook headquarters benefit from the innovative technology produced by the social media giant and use it to improve or expand upon their own open source projects.
Most recently, Facebook released the source code for its new static analyzer dubbed “Facebook Infer.” This platform will aid fellow Web developers detect bugs within insufficiently produced source code. For instance, the Facebook Infer platform, when deployed, will automatically scan a developer’s source code and alert the creator of unforeseen vulnerabilities. With such assistance from the analyzer, software innovators will be able to resolve any shortcomings in their products before market release. In this way, Facebook code developers are helping their fellow technologists produce better software, faster.
One of the greatest advantages touted by users of open source software is its ability to speed up time to market without reducing product quality. Facebook has proven this point with open source software that, when shared with and subsequently deployed by the greater open source community, has improved both developer productivity and end-user satisfaction.
Furthermore, Facebook’s new bug-detecting platform stands to raise awareness of another important initiative for open source developers and software end users alike: regularly auditing code to mitigate future risks. And while this newly open sourced platform can help prevent unsecure software from going to market in its nascent stage, businesses must still complete due diligence on any open source software they adopt into their IT infrastructure to mitigate future vulnerabilities..
To do so, organizations can seek assistance from open source code auditing service providers to assess vulnerabilities and third-party elements that, otherwise, might not be detected inside the open source software. An open source license management platform, for instance, can specifically ensure that an organization’s use of open source software is compliant with the software’s licensing guidelines and regulations.
So, let Facebook help with mitigating bugs and vulnerabilities in the beginning stages of software development, and then add a best-in-class open source auditing service to combat potential risks for the rest of the software’s life.
Want more information on Facebook’s involvement with open source? Read this blog.
The rate at which our society, on a global scale, is becoming more digitally inclined means that the generations to come will be more dependent on technology than at any other time in our evolution. Even now, children must gain technology knowledge at an early age to succeed in school and in their future careers. In classrooms, technology is heavily used on a daily basis by students to perform their daily tasks and complete work. To this end, many open source organizations are contributing to open source education for today’s youth.
Open source software (OSS) is becoming a standard in the technology market, and much of today’s youth will find themselves using open source in their future educational and professional endeavors. But to do so, this younger generation will first need to develop the skills that will allow them to build, create and explore OSS technology effectively down the road. This calls for education in open source.
An eBook from opensource.com outlines how today’s youth are getting involved in open source and stresses the role of open source education during childhood development to create a familiarity with the concept. The eBook explores the role of open source in the following areas:
Education: Implementing open source at educational institutions allows for the facilities to enjoy heightened accessibility and availability when it comes to their technology resources. Compared to proprietary solutions, open source offers many advantages for education, including reduced costs associated with support, maintenance and operation. What’s more, open source at the organizational level gives schools the opportunity to waste fewer resources on infrastructure and put more toward the students themselves.
Exploration: Students can learn to manipulate and create open technologies when open source is available to them. Children today are unafraid of technology, and many are growing up familiar with video game modifications, cheat codes and workarounds for nearly every type of device and program. Open source allows—and even encourages—this type of exploration and discovery. Rather than being discouraged from examining the inner workings of a program or, worse, adopting a hacking mindset, students using open source are free to satisfy their curiosity and learn by doing.
Coding: Experts estimate that hundreds of thousands of jobs go unfilled in the technology sector due to a lack of qualified applicants. As such, today’s youth must be equipped to fill that void, ensuring future success for themselves, the economy and technological development. Open source is a tool that teaches kids how to code from the ground up, enabling them to see what’s behind the scenes in the software and games they encounter every day, giving them the power to manipulate, create and test to become active participants in technology.
Technology skills: Even children as young as three and four play on smartphones and tablets. Open source gives young children much more opportunity than simply being exposed to a screen as a user. Instead, using open source allows even very young learners to create their own learning environments and customize technology for their own use. These are important skills that they will need as they grow to adulthood in a technology-driven world.
Cybercrime is an unfortunate reality of today’s business world, and it represents a threat for many companies’ bottom lines. A recent study based on 257 benchmarked organizations, found that the mean cost of cybercrime is $7.6 million per year. Faced with the threat of these high costs, companies must work harder to ensure their data and networks are secure in order to avoid devastating financial losses and potentially enduring damage to their reputations.
Using open source software is a way for organizations to maximize their output and can be a tool to safeguard their private information and defend against cybercrime. Open source software makes it possible to create stronger code that is less vulnerable to attacks as it is developed by a community of dedicated coders. As such, defense against cybercrime starts at the code level.
Furthermore, regular software audits are a comprehensive way to identify and reduce the vulnerabilities that can leave a company open to cybercrime. A company that performs regular open source software audits is taking a crucial step in keeping their information safe and secure. Performing regular open source software audits can also:
- Identify irregularities and flaws in code that could open up vulnerability to a cyberattack. Open source allows for close examination and auditing at the code level to find potential weaknesses.
- Find injection flaws that could enable cybercriminals to insert commands into the code that could access information, put the software or hardware under criminal control, or even bring down the whole system.
- Ensure that code is correctly encrypted to prevent hackers from presenting false authentication to bypass security measures and gain access to servers.
- Check for necessary authorizations in open source code that can guarantee only the appropriate people are able to view, access and manipulate the code.
Companies that use open source software can work towards safeguarding their information by regularly auditing software in order to locate and remedy vulnerabilities that could lead to more complex problems down the road.
Still have more questions? In a previous blog post we have discussed some common code mistakes and how to avoid security breaches.
Today’s workers are more mobile than ever before, having Smartphone applications that keep them informed and in-sync with their colleagues when they are on-the-go a critical business tool. Full-featured, mobile apps are on every worker’s 'wish list', and the race is on to produce Smartphone apps that include messaging features to provide workers a robust set of capabilities enabling them to communicate instantly, from anywhere.
Mobile platform provider Magnet Systems Inc. recently stepped up to the plate by releasing its Magnet Message. This Apache open source solution enables developers to add messaging to any mobile app they create. Magnet Message enables developers to include push messaging, in-app chat, rich message payloads, message delivery confirmation and publish-subscribe capabilities to the Smartphone apps they are creating.
These types of messaging features are in high-demand among mobile workers, presenting an opportunity for app developers to create a larger market for their products. Open source accelerates the delivery of these features and thereby satisfies the immediate needs of the marketplace.
This is a prime example of how open source is changing the way developers create Smartphone apps. Capabilities like the ones offered by Magnet Message are in demand, but including them in an app could add weeks or months to development time. By using open source, development time is accelerated and products are more quickly taken to market. The flexibility open source provides enables developers to solve problems and meet market demand quickly so they can seize the moment rather than letting it slip away.
Thanks to open source, developers can respond more intuitively to segments similar to the mobile app market that are experiencing rapid change and have high demands. Creating apps that use open source allows developers to focus their efforts on innovation, creativity and problem solving, rather than spending months building infrastructure.
Let us know your go-to apps for business in the comment section.