Subscribe by Email

Your email:

Follow Protecode

Open Source Management Resource Blog

Current Articles | RSS Feed RSS Feed

US Army Uses Open Source on the Defensive

  
  
  

The U.S. Army is now leveraging open source code to analyze the nature of cyberattacks. Threats to cybersecurity are a chief concern for not only government entities but the mass public as well. In fact, a survey conducted by PwC, titled “Global State of Information Security Survey 2015,” revealed that, in 2014, 42.8 million security incidents were reported worldwide, up 48 percent from 2013. It’s numbers such as these that have heightened awareness of the cyberattack threat and driven the military to make development of better prevention methods a primary focus.

The Army began its cyberattack exploration by posting its 5-year-old security code named Dshell to the repository hosting site Github. In doing so, it hoped to gain feedback from the open source community around the world about the nature of nongovernment cyberattacks, since the Army Research Laboratory (ARL) believes that cyberthreats against the army are similar to those that target society as a whole. A primary goal of the Army initiative is to promote further collaboration with developers on digital forensic technology and incident response.

With this knowledge, the Army can accelerate detection and implement defense mechanisms to fight against future cybercrime—not only for the U.S. Army but for the Department of Defense and academia as well.

So, how is Dshell helping the ARL and the open source community unite in investigating the nature of cyberattacks? Dshell is a framework from which users can create custom analysis units based on issues—specifically cyber forensic security compromises—they have experienced. To that end, this open source platform is now allowing the ARL to aggregate as much information as possible from sources outside the government for a well-rounded and informed look at cyberattacks.

If you want to make your own contributions to Dshell, the floor is open.

Whale Watch: The Future Is All About Docker

  
  
  

Docker, an open platform for distributed applications, created a lasting impression on the open source community last year, and the buzz about the project wasn’t just hype. The open source software (OSS) is improving the distribution of applications as well as making waves in its community of open source innovators. Whether the project’s team members are out actively contributing to open source community awareness or working to further Docker’s contributions to container technology, it’s clear the we haven’t seen the last of its distinguished whale logo.

If you’re just now dipping your toe into the Docker pool, here a few noteworthy details about the software that will get you up to speed:

Strong community presence

This past February, Docker leveraged its blue whale logo in partnering with the Oceanic Society for an open-source-a-thon to support whale and marine wildlife conservation. At the event, team members of the Docker project mentored attendees on everything they needed to know about contributing to open source development—from code to documentation, to tutorials, to videos. The program brought the power of open source technology to the conservation of ocean and marine life health.

Background and updates

Docker is used in helping developers build, ship and run distributed applications over one platform using lightweight containers in lieu of virtual machines. The use of containers—specifically Linux Containers (LXC)—allows for universal adoption on all Linux distributions or hardware. The OSS operates on an Apache 2.0 license; so, when developers leverage Docker for application deployment, they must maintain open source license compliance to make legitimate contributions. The software recently updated to Docker 1.5, which includes features such as IPv6 support, bug fixes and viewable resource-usage statistics.

If you’re thinking about adopting this newly updated software into your business, then learn more about open source software license management so you can start reaping the benefits of one of today’s most disruptive OSS technologies.

A Key Rule of Open Source: Play Nice

  
  
  

The open source community is comprised of innovative collaborators whose goals are typically to contribute and positively influence today’s technology. But, even with that said, it’s not a free-for-all in terms of what you’re allowed to do when using open source code; there are rules and regulations to follow.  If you neglect licensing rules or forego the advantages of tools like intellectual property software audit services, open source adoption could become more complicated.

Below are few real situations that will demonstrate the importance of playing by the rules:

Google v. Yandex:  The recent conflict between Google and Russian search engine Yandex is a great example of how a set of clear boundaries could have avoided a legal catastrophe. According to Yandex, Android is installed on 86 percent of Russian smartphones. Android’s open source background allowed for Google to move in and ultimately monopolize the application—pushing Yandex out of the picture. Open source code is primarily effective and innovative due to its flexibility and modification possibilities. However, conflicts such as this lead one to wonder: if more concrete boundaries were set in place, would Google and Yandex be able to positively coexist?

GPLv2 License Controversy: Versata originally went to court to stop its licensee, Ameriprise Financial Services, from modifying its commercial Distribution Channel Management (DCM) software.  Ameriprise counter claimed that since DCM included GPL code from XimpleWare, then they were allowed to make modifications. XimpleWare sued both of them, alleging that Versata's inclusion of XimpleWare code caused the whole of DCM to be licensed under the GPL and therefore they should both release their source code under GPL obligations. To make the matter more exciting, XimpleWare then claimed that they owned patents in their GPL-licensed code, and allowing the use of their code under GPL copyright license does not automatically mean a patent license permission. Operating in the dark is unwise as you could end up in legal trouble, >much like Versata.

The open source code community is growing and advancing every day, but only for those that abide by the rules. So before you jump in, >read up and remember to play nice.

Open Source: A Cross-Industry Hero

  
  
  

Open source code is no longer exclusively used by eager web developers in the tech industry. In fact, global industries that serve the healthcare, education, and government markets are now experiencing the benefits of open source code as well. Once they become familiar with the specifics of open source software license management, non-technology businesses are easily able to improve industry specific practices in new, innovative ways.

Below are a few industries reaping the benefits of open source code today:

Healthcare: In the UK, the NHS is leveraging the capabilities of open source code, openMAXIMS EPR suite, in order to develop an electronic patient record system. Healthcare industry experts hope to improve the speed and flexibility of services through implementing open source code. The integration of open source code in the healthcare industry is especially important because the community can continuously build and improve upon the current software with a necessary urgency.

Education: Gibbon is an open source software originated by an educator in Hong Kong. It’s a comprehensive platform that provides simplicity in the management of educators’ workload by way of digital planners, timelines and grade book among other features—including, but not limited to an instant messaging system. Open source code provides immediate learning solutions for educators, and in turn, stimulates the collaboration of other educators to create even more advanced types of software.

Government: In Canada, a group called Getting Open Source Logic Into Government (GOSLING) is dedicated to proving the benefits of open source code integration in the government. They argue that proprietary software is costing the government billions of dollars and open source code could provide a cost efficient solution. Meanwhile, in the U.S.—though the specifics remain under wraps—the Department of Defense leveraged open source code to their own advantages, according to the Chief Architect at Intelligent Software Solution.

It’s simple to see the trajectory of open source code usage across markets and industries in the future. Learn more about open source software license management so you can get your business up to speed.

Customer Service and Open Source Software: A Budding Relationship

  
  
  

In business today there is an emphasis on leveraging big data analytics in order to improve customer service. There is much to derive about consumer behavior and market trends that can all be found in the stacks of incoming data received by customer service industries such as contact centers, for example. So, how is open source software relevant to the customer service industry?  As of late, many organizations are opting for open source solutions, rather than proprietary software, to augment customer service data analysis.

Recently, HP developed Haven Predictive Analysis which uses the Distributed R open source project- based on the original R language. Incorporating open source into the organization’s newest data management system boasts the scale to which open source additions are entering even proprietary creations. HP’s predictive analysis tool offers business leaders in the customer service industry actionable data that once put into action and deciphered by analysts-will better illustrate customer trends, behavior and preferences.

Besides HP’s break-out contribution to leveraging big data, let’s look into a few more open source CRM tools poised to improve business intelligence in the future:

  • Sugar: This open source contribution from SugarCRM allows customer service businesses to function with higher efficiency. The technology offers assistance in tracking leads, contract management, reporting and sales-force automation, as well as other advantageous marketing tools.
  • Zurmo: Creative innovation shines through in this particular open source CRM platform. This software provides businesses with similar functions as Sugar, but set up in a game format. Each time Zurmo tools are deployed the user receives positive reinforcement, making it a beneficial and fun addition to individuals in the customer service industry.

As we forge ahead into the future of business intelligence and big data management, organizations are sure to find the benefits of adopting open source CRM tools in favor of inflexible proprietary software. Interested in using open source CRM in your own business? Make sure you look into the do’s and don’ts of open source license compliance before you begin.

FREAK Vulnerability Highlights Importance of Open Source Management

  
  
  

The recently uncovered security vulnerability CVE-2015-0204 dubbed Factoring RSA Export Keys ( FREAK), has left thousands of websites, OpenSSL as well as Apple and Android products vulnerable for over a decade.

It started way back in the 90s when the NSA wanted to be able to read secured traffic from foreign sources. This prompted the US government to mandate that software companies use a weaker 40-bit “export grade” encryption on software shipped internationally while reserving stronger 128-bit encryption for domestic uses.  By the end of that decade the practise was abandoned but it turns out that the weaker encryption code is still in use today.

Researchers from the group State Machine Attacks (SMACK) discovered that many web servers and browsers still support the old export grade encryption. Vulnerable systems can exploited using man-in-the-middle attacks in which hackers force sites into using the easily-cracked encryption code allowing them to steal sensitive information and highjack web page elements.  Some of the more prominent websites that are vulnerable to attack include the NSA’s own site along with other government sites such as whitehouse.gov and FBI.gov.  Apple’s Safari browser and the default browser included with Android phones are also at risk.

The FREAK vulnerability, which was referred to as a “Zombie from the 90s” by University of Pennsylvania cryptographer Nadia Heninger, is a glaring example of how software development organizations can quickly lose track of what is in their code.  With the complexity of software growing every day, it is no wonder that organizations did not realize their products still supported the old export grade code. 

To minimize the impact of vulnerabilities like FREAK organizations can implement processes to track all third party and open source code used in their software portfolios.  Products that scan, catalogue and identify software components not only help in open source compliance, they can also report on open source security vulnerabilities.  A proactive approach to open source management enables organizations to minimize any potential fallout from these vulnerabilities.

freak openssl

Tags: 

Open Source Software Applications Helping Businesses Today

  
  
  

Open source software is more than just a trend; it’s a practice among developers that is here for the long haul. Perhaps, as a business leader, you know the basics of open source. You may even be familiar with open source software license management if your IT team has ever looked into adopting new software. The question at hand, therefore, is how can open source code transform your business?


Here are few ways that organizations are leveraging the potential of open source around the world:

Planning

  • Tuleap Open ALM- This open source technology not only fosters collaboration but it manages the lifecycle of all projects. Large enterprises, small businesses, and open source developers use this project management interface for superior planning maintenance. 
  • OrangeScrum- Great for small and midsize business due to its clarity and efficiency. This software aids in project management by providing a summary, aggregating information into visual reports, and even indicating to the user areas that could use improvement.

Security

  • Spideroak- The cloud can sometimes get a bad rap due to security fumbles. Businesses that use cloud storage, however, can turn to open source security solutions such as Spideroak to ease the worry. This is a “zero knowledge” software meaning files stored in the cloud are protected by a mega encryption key.
  • KeePass- This password safe software might sound simpler than the security software above. However password security is crucial to business protection- it’s easier than you think to fall victim to hackers due to poor password protection. KeePass is a digital, encrypted safe for password storage.

Your competition is enjoying the immense benefits provided by open source planning and security advancements. Don’t let another minute pass you by, learn even more about open source adoption here.

An Open Source Investment Realizes Sizable Results

  
  
  

An open source project is getting significant investment from a major American corporation.

Believe it or not Walmart, the mega retailer, has spent more than $2 million on the Hapi project, which is a “rich framework for building applications and services” that “enables developers to focus on writing reusable application logic instead of spending time building infrastructure” according to its website.

In a blog post, Senior Developer at Walmart Labs Eran Hammer explained the company’s decision to pursue open source. Every decision the company makes is done after performing a cost-benefit analysis, and it appears as though the mega retailer expects to see a return on its investment.

Here’s how: Because Hapi is open source, any company is free to use the code, primarily developed by Walmart’s programmers, for its specific purposes. As other companies use the code, their developers are likely to customize the code further to better suit their specific needs. Because those developers strive to improve the code when they go about changing it, they are likely to request that their additions be included in the project trunk.

In other words, Walmart is developing Hapi in hopes that external companies will adopt the framework. In turn, those companies will improve the code even more, and Walmart will benefit as a result.

“For example, every five startups using Hapi translated to the value of one full-time developer, while every 10 large companies translated to one full-time senior developer,” Hammer writes.

Essentially, by investing in Hapi, Walmart aims to benefit from high-quality improvements in code while not having to spend money associated with recruiting, hiring and training new internal staff. By paying a few coders to work on Hapi, the company is essentially getting the work of three individuals instead, for example.

Many businesses are attracted to open source technology because of its generally non-existent price tag. But businesses that see beyond that benefit are sure to see a better return on their investments, as Walmart has demonstrated.

Why Close Your Software to the Public?

  
  
  

There is something to be said for products that are born out of collaboration between developers. Take the newly introduced Origibot, for example, which when paired with users’ Android tablets incorporates the open source WebRTC software for minimalistic, real-time functionality. As Origibot shows, open source coding opens the door to the futuristic innovations only yet conceived of in eager programmers’ minds.

Why, then, would any developer choose to shy away from open source software? From the developer’s stand point, he or she could be satisfied with the product and see no need for further innovation from outside minds. After all, there is much to consider in terms of open source license compliance. Handing off your original concept to the public for modification can be reason enough for skepticism. But, with that said let’s look further into why software developers may want to expand their horizons and unlock the door to open sourcing.

Take Advantage of the Community: The open source community is an outstanding model of thriving collaboration. Organizations such as OSI (Open Source Initiative), for example, provide a home for developers and other interested members of the public. They offer a similar function as a town hall for the open source society. Here, developers can meet, ideate and raise awareness for the cause of open source coding. Complete with a board of directors, this non-profit organization is on a steady path towards further development.

It’s More than a Trend: Those who remain unconvinced of the beneficial possibilities presented by open sourcing should take into consideration its increasing popularity. Plenty of big name technology enterprises are choosing to open source their latest software, with the realization that this new method of code sharing is the way of the future. Take HP for instance, they’ve recently gone open source for their newest predictive analytics software.

Here are a few things to consider when making your project open source.  

Facebook and Open Source: A Technological Love Affair

  
  
  

Facebook is among the most recognizable and advanced social media enterprises today. A major part of its success story is its professed love for open source software, which the company uses as means of augmenting innovation across multiple projects. In fact, open source is a key resource among Facebook’s web developers due to its flexibility in providing immediate security patches and collaboration across platforms.

Facebook’s open source projects integrate a slew of purposes from security to big data management.

Let’s dive into a few:

Osquery: The social platform uses this source code to combat software hacks. Check out this recent post from Wired that discusses how large operations like Facebook require more than just run-of-the-mill security software. For this reason, Facebook implements open source code innovations of its own in order to leverage appropriate security solutions. The organization also aims to help others improve the security of their software as well by open sourcing Osquery.

Conceal: This project will help developers create more secure apps for the Android phone. While encryption provides a solution to the secrecy of data, Conceal aims to implement security even further by using the algorithm HMAC, explained Subodh Iyengar a software engineer at Facebook. This open source code will boost caching and storage for mobile apps.

Presto: This open source technology is meant to augment big data analytics. It’s been adopted by other Internet name brands, such as Netflix and Dropbox, further indicating Facebook’s dedication to the development of companies besides their own. Presto provides speed and scale over an SQL query engine which matches the data sorting needs required by large organizations. This tool will help manage the wealth of data that is received by such large scale corporations in order to analyze their respective user interactions.

Facebook’s innovations have provided solutions for not only themselves, but an abundance of other organizations. To that end, their open source software is available for public use; however, always refer back to these important tips.

All Posts