Last week we talked about the flaw in OpenSSL known as “Heartbleed” and it’s massive impact on websites and users around the world. We also mentioned how open-source scanning and support tools, such as OpenLogic, report this flaw. Today, we look at how Klocwork handles the issue.
By now, you’ve heard about the OpenSSL flaw that’s capturing the attention of anyone in the world that’s remotely connected with security. Known as “Heartbleed,” this vulnerability allows any enterprising individual to access memory within systems protected by certain versions of the OpenSSL cryptographic library. By accessing memory without authorization, data that you and your end-users care about, such as usernames, passwords, and credit card numbers, are potentially exposed. Given that Netcraft reports that nearly 66% of websites around the world use some form of SSL, this is a seriously bad problem.
It's a given that a successful and sustainable enterprise open source software strategy is going to require some amount of internal expertise. Today’s blog post will outline three options available that technical teams and management are likely to consider before diving in to a new (or existing) open source software initiative. Before we cover the options for improving expertise, a couple questions to socialize internally are:
My previous posts have usually viewed open source in a positive light, but there is a lot that is wrong in the open source community. There is a wide array of issues from legal to security to code quality. This article will dive into some of the issues that surround the open source community.
Note: This blog is a recap of an OpenLogic Webinar held in June of 2013.
Open source software is widely adopted and exists practically everywhere in most corporations and enterprises today. Business departments like marketing and human resources even have a need for and use for many open source tools and free software; and of course developers in corporations are using open source code. This is why many in business today need to be aware of and have a basic understanding of what open source is and what the legal ramifications of its use are.
Over the last six months, OpenLogic has been implementing SAML in production. We added support for SAML POST-binding for federation-enabled customers in our OLEX product, and our support services team has helped customers implement SAML in JBoss 7 environments through PicketLink. In my last article "Choosing an Open Federation Platform," I spoke about specific implementations of federation, and this time, I’m going to walk you through the successes and pitfalls that we have witnessed and one might expect.
The use of open source in website development has become mainstream - I dare say ubiquitous. Many developers utilize open source projects to build and scale dynamic websites. WordPress, Joomla, and Drupal are some of the more popular (you’ve probably heard of all three). LAMP stacks are used to run web servers. MySQL databases are used for website databases. Firefox is used to test and trouble shoot coding and rendering issues, as well as to browse; you may, in fact, be reading this post in it right now… I could go on and on. In the world of website application development you’d be hard pressed to find a site that doesn’t leverage open source code to some extent. Irrespective of size, organizations are running their websites using open source technology.
A critical consideration of a corporate open source software provisioning strategy revolves around the maturity of the community and longevity of that community continuing to develop their project.
Without an effective internal OSS governance strategy, enterprises both large and small are susceptible to problems and risks that can surface quickly when there is a lack of understanding and acceptance of open source software issues.
If you read a post on The Enterprise OSS Blog, please leave a comment. Let us know what you think, even if it's just a few words. Comments do not require approval, but they are moderated.OpenLogic reserves the right to remove any comments it deems inappropriate.