Language Selection

English French German Italian Portuguese Spanish

Are Open Source Violations Lurking in Your Code?

Filed under
OSS

IT organizations that feel safe from open source licensing violations might be wise to check their code, as open source components are rapidly seeping into applications by way of offshore and in-house developers taking open source shortcuts, as well as a growing population of open source-savvy grads entering the workforce.

"With all of these new aspects, open source is something companies are going to have to get their heads around," says Anthony Armenta, vice president of engineering at Wyse Technology, a maker of thin clients.

It's not just about unearthing open source code that's in violation of licensing, either. Open source must be managed like any other software component, as security vulnerabilities arise and patches become available. Wyse has been using Palamida, which checks code bases against a 6TB library of known open source projects, fingerprints, and binary files, to track its open source usage for the past year.

Last year, Palamida added open source vulnerability alerts and other security-related features to its service. Today, the company announced both electronic delivery of vulnerability updates and unique identifiers to better manage open source code.

More Here




Had all s/w been free (libre)

Had all s/w been free (libre), this would not be an issue.

VMware: A "significant portion" of our technology may include open source

VMware seems to be dancing around the elephant in the room: its controversial use of Linux in its proprietary hypervisor technology. It's interesting that the company, which has refused to comment publicly on these specific allegations, is content to serve up a blanket advisory in its 10-Q.

If I were a VMware shareholder, I'd want clarity. The company suggests that it's complying with all open-source licenses, to the best of its knowledge. If this is true, it's perhaps time for the company to put those claims to a public sniff test.

The developer community hasn't been amused by VMware's use of embedded Linux in its hypervisor technology. Why not call out specifically why VMware feels it is in compliance with the GPL?

http://news.cnet.com/8301-13505_3-10044214-16.html

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

4 things governments need to know to adopt open source cloud - Red Hat

Open source cloud platforms, like OpenStack, can allow public sector agencies to connect systems and share data easily. Here are four things governments need to know to make open source cloud a success. Read more

Open source key to preserving human history, argues Vatican

Ammenti explained that, in order for the manuscripts to be readable, the Vatican Library opted for open source tools that do not require proprietary platforms, such as Microsoft Office, to be read. "We save it as a picture as it's longer life than a file. You don't rely on PowerPoint or Word. In 50 years they can still just look at it," he said. Read more

Open Source Router Connects US, Australia

The ONOS Project and partners said Wednesday they have demonstrated the real-world practicality of using a router with open source software to connect networks in Australia and the US. The test validates the vision of SDN, open source for carriers, as well as ON.Lab's ONOS network operating system, according to one of its coordinators. "SDN is about disaggregation of closed, proprietary boxes and separating of forwarding planes, control planes and applications," says Guru Parulkar, executive director and board member of ON.Lab , which coordinates ONOS development. The communications test between Australia and the US achieved just that, he says. (See ON.Lab Aims to Make White Boxes Carrier-Grade , ON.Lab Intros Open Source SDN OS and SK Telecom Bets on SDN for Wireless.) Read more

Xubuntu Core 15.04 Officially Released, Not Related to Ubuntu Core

A new official Xubuntu flavor called "core" has been announced by developers. It's based on Ubuntu, and it integrates the Xfce desktop environment and nothing else. Read more