In my last two posts, I discussed the evolution of open source knowledge: where we came from, where are we now, and how did we get here. I provided some examples of common misunderstandings and knowledge gaps and suggested that such gaps may be due to the need to take action without taking as much time to prepare and plan as is optimal. The sum total is that misconceptions and misunderstandings about open source persist both within and outside the software industry.
What is an open source software (OSS) bill of materials (BOM)? In the simplest terms, it is a list of the OSS components used in an application. But, it can actually be much more. Most OSS BOMs will, at a minimum, also contain the licensing information associated with each OSS component.
I am asked two very reasonable questions, on a very regular basis, by some very interesting people.
As a developer I'm always keeping my eye out for new technologies that can help me do my job better or faster. There's a saying in this industry: "work smarter, not harder." If I can use a piece of existing code instead of writing it from scratch, I will, unless there's a good reason not to. And diving into a new language, library, framework, or database can be like wearing a brand new pair of jeans. The novelty is exciting.
Commercial source code scanning tools have become quite the hot topic for CIO’s, software development managers, in-house counsel, and enterprise architecture teams over the last eight to ten years. The emergence of these new technologies obviously has direct correlation to the maturity of open source software, which is now just as common as commercially-licensed software in medium to large enterprise data centers. Additionally, the distribution of open source into the consumer market is undeniable making source code scanning a critical risk mitigation measure for all companies that are buying or selling modern technology. Today’s article will briefly explain “noise reduction” and the process of using multiple matching techniques in a source code scanning tool.
In the first two weeks of April, I attended four distinct open source related events in three different cities and two countries. It will take months to ponder, absorb, and follow-up on all of the thought-provoking presentations, conversations, and feedback I participated in or received. In spite of the range of topics and agendas being covered along the way, there were a couple themes that reverberated.
If you read a post on The Enterprise OSS Blog, please leave a comment. Let us know what you think, even if it's just a few words. Comments do not require approval, but they are moderated.OpenLogic reserves the right to remove any comments it deems inappropriate.