I just returned from the 2013 SuperComputing conference and exposition in Denver, Colorado. It was a great event with ample opportunity to talk with a lot of fascinating high performance computing (HPC) community members in a small amount of time.
There is a story, possibly apocryphal, that during Mahatma Gandhi’s first visit to England, a journalist asked him, “What do you think of western civilization?” to which he replied, “I think it would be a good idea.” Whenever someone asks me about software security, I often hear in my mind an echo of Gandhi’s clever response. Software, by its nature, will always have security flaws, and moreover, software users will continue to make bad decisions, reveal passwords, and release information that is supposed to be kept confidential.
When I look at the landscape of open source governance and compliance, I am reminded how much fear drives the industry today. We often see the pitch of governance and compliance services as a way to root out unfavorable licenses, especially licenses from the GPL family. Sometimes in discussions, open source scanning is compared to computer virus scanning. Unfortunately, too many people seem to feel this is an appropriate comparison, and approach open source compliance as a search-and-destroy mission. Despite the term "viral," used for copyleft license models, open source is not a virus to be hunted down and exterminated.
Matt Asay’s article earlier this year highlights the fact that the so-called "Github generation" has taken "permissive licensing" to its logical extreme: that is, the lack of any license whatsoever.
The goal of this post is to discuss at a high level the radical change in the class-loading mechanism used by JBoss, and some of the benefits of this change. Since the inception of JBoss, issues around how Java classes are discovered and loaded into the server have never been fully addressed. For those of us who have faced an unexpected ‘ClassCastException;’ troubleshooting those issues has often been a mystifying experience. Especially since the class-loading strategy has changed over multiple releases of JBoss through the years. Additionally, most developers do not wish to spend their time investigating how their classes are loaded and isolated from other applications running on the server. Our focus is on getting the business logic right, in compliance with the Java EE spec.
I want to scan my codebase to detect open source; how long will it take?
In the time that I have spent with OpenLogic, I have worked with companies across many industries, and with companies ranging from a handful of developers to thousands of developers. One thing they have in common is that they typically have some type of open source policy, some far more developed than others.
How would you answer that question? Here are four typical answers we hear when we ask our customers this question:
Today’s post concludes this article; Parts 1 and 2 of which can be found in series on this blog page.
Today’s post continues Part 1 from yesterday, which can be found here.
If you read a post on The Enterprise OSS Blog, please leave a comment. Let us know what you think, even if it's just a few words. Comments do not require approval, but they are moderated.OpenLogic reserves the right to remove any comments it deems inappropriate.