Posted on

Log4Shell: A Case for Trusting Open Source – With Guardrails

Along with a host of frenzied updates and patches, Log4Shell brought something else to the table: an intense renewed scrutiny among business leaders and governments around “open source.” What most of these critics are not aware of is that much of the software powering their success isn’t created by commercial vendors, but is created by volunteers and that some of their most critical systems use open-source software. Furthermore, most critics can’t confidently point to a list of all the open-source software powering their own success. 

Similar to the response we’ve seen to major incidents like HeartBleed, Dirty Cow, and the Equifax experience with Apache Struts, governmental reviews are underway, and some are seeking to replace the “bad open-source component” – in this case, log4j – with a “more secure alternative.” But there is an important aspect of open source in modern society that is being overlooked in these scenarios – it’s highly trusted.

Posted on

Making an IoT Developer’s Life Easier With Eclipse IoT Packages

As an IoT developer, one is often tasked with putting together a solution that includes one or more open source components. I remember, even as far back as 2014, using components like Eclipse Mosquitto MQTT broker and Eclipse Paho MQTT client for a pilot project with IoT Gateway at Intel. Fast forward a few years at Red Hat, where I used components like Eclipse Kura and Eclipse Kapua for a European industrial automation project. Without realizing it then, I was using these components from Eclipse IoT open source projects.

Eclipse IoT Packages logoImage courtesy of Eclipse Foundation

Posted on

OS Framework Selection: How to Read Subliminal Messages in Framework Marketing

These are signals to pick up on and investigate during framework selection.

When you select frameworks, you check their website first, which is part of their marketing. There's a lot more information in this marketing than you might realize.

This article will take you through some good, bad, and warning signs in framework marketing. These are signals to pick up on and investigate during framework selection.

Posted on

Why Do Only 37% of Companies Have Open Source Management Solutions?

Open source turned 21 this year, following the launch of the Open Source Initiative in February 1998. With that milestone comes maturity: resilience, responsibility, approachability, and growth. Open source software (OSS) is ubiquitous and for a very good reason: it helps companies innovate better and faster. But there are still risks inherent in version updates, bug reports, patches and more.

These risks can be identified and managed through open source audits. I’ve been working in open source software (OSS) for a very long time. Just ten years ago, audits of OSS were considered optional parts of due diligence or adjunct to acquisitions. Today, they’re no longer optional. They reveal answers about who wrote the OSS, where it is deployed, any existing issues, and whether or not the issues have been fixed.