Language Selection

English French German Italian Portuguese Spanish

Are Open Source Violations Lurking in Your Code?

Filed under
OSS

IT organizations that feel safe from open source licensing violations might be wise to check their code, as open source components are rapidly seeping into applications by way of offshore and in-house developers taking open source shortcuts, as well as a growing population of open source-savvy grads entering the workforce.

"With all of these new aspects, open source is something companies are going to have to get their heads around," says Anthony Armenta, vice president of engineering at Wyse Technology, a maker of thin clients.

It's not just about unearthing open source code that's in violation of licensing, either. Open source must be managed like any other software component, as security vulnerabilities arise and patches become available. Wyse has been using Palamida, which checks code bases against a 6TB library of known open source projects, fingerprints, and binary files, to track its open source usage for the past year.

Last year, Palamida added open source vulnerability alerts and other security-related features to its service. Today, the company announced both electronic delivery of vulnerability updates and unique identifiers to better manage open source code.

More Here




Had all s/w been free (libre)

Had all s/w been free (libre), this would not be an issue.

VMware: A "significant portion" of our technology may include open source

VMware seems to be dancing around the elephant in the room: its controversial use of Linux in its proprietary hypervisor technology. It's interesting that the company, which has refused to comment publicly on these specific allegations, is content to serve up a blanket advisory in its 10-Q.

If I were a VMware shareholder, I'd want clarity. The company suggests that it's complying with all open-source licenses, to the best of its knowledge. If this is true, it's perhaps time for the company to put those claims to a public sniff test.

The developer community hasn't been amused by VMware's use of embedded Linux in its hypervisor technology. Why not call out specifically why VMware feels it is in compliance with the GPL?

http://news.cnet.com/8301-13505_3-10044214-16.html

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Packet radio lives on through open source software

Packet radio is an amateur radio technology from the early 1980s that sends data between computers. Linux has natively supported the packet radio protocol, more formally known as AX.25, since 1993. Despite its age, amateur radio operators continue to use and develop packet radio today. A Linux packet station can be used for mail, chat, and TCP/IP. It also has some unique capabilities, such as tracking the positions of nearby stations or sending short messages via the International Space Station (ISS). Read more

Linux 4.14-rc2

I'm back to my usual Sunday release schedule, and rc2 is out there in all the normal places. This was a fairly usual rc2, with a very quiet beginning of the week, and then most changes came in on Friday afternoon and Saturday (with the last few ones showing up Sunday morning). Normally I tend to dislike how that pushes most of my work into the weekend, but this time I took advantage of it, spending the quiet part of last week diving instead. Anyway, the only unusual thing worth noting here is that the security subsystem pull request that came in during the merge window got rejected due to problems, and so rc2 ends up with most of that security pull having been merged in independent pieces instead. Read more Also: Linux 4.14-rc2 Kernel Released

Manjaro Linux Phasing out i686 (32bit) Support

In a not very surprising move by the Manjaro Linux developers, a blog post was made by Philip, the Lead Developer of the popular distribution based off Arch Linux, On Sept. 23 that reveals that 32-bit support will be phased out. In his announcement, Philip says, “Due to the decreasing popularity of i686 among the developers and the community, we have decided to phase out the support of this architecture. The decision means that v17.0.3 ISO will be the last that allows to install 32 bit Manjaro Linux. September and October will be our deprecation period, during which i686 will be still receiving upgraded packages. Starting from November 2017, packaging will no longer require that from maintainers, effectively making i686 unsupported.” Read more

Korora 26 'Bloat' Fedora-based Linux distro available for download -- now 64-bit only

Fedora is my favorite Linux distribution, but I don't always use it. Sometimes I opt for an operating system that is based on it depending on my needs at the moment. Called "Korora," it adds tweaks, repositories, codecs, and packages that aren't found in the normal Fedora operating system. As a result, Korora deviates from Red Hat's strict FOSS focus -- one of the most endearing things about Fedora. While you can add all of these things to Fedora manually, Korora can save you time by doing the work for you. Read more