Software Integrity Blog


Open Source 360 Survey, DockerCon 2017, and more on the Cloudera IPO

Near the halfway point for April 2017, and the NVD CVE listing for the month stands at 573 entries. Hot this week is CVE-2017-7605, a medium-high vulnerability affecting the HE-AAC+ v2 library (aka libaacplus).

In open source security and cybersecurity news: Take the opportunity to join the Open Source 360 Survey and help give the world a snapshot of the state of open source in usage, risk, contributions and governance/policies. The top four sessions you don’t want to miss at DockerCon 2017. Does the Cloudera IPO really argue against open source business? TechCrunch creates a new index to track the explosive growth of open source. Why creating an open source ecosystem doesn’t mean you’re taking on security risks. And building containerized ecosystems with Ansible Container.

Join the Open Source 360 Survey & reflect the state of OSS today

The 2017 Open Source 360 Survey launched earlier this week by Black Duck’s Center for Open Source Research & Innovation (COSRI) will play a role in informing and educating today’s open source consumers.

Through the survey, COSRI will aggregate data from open source users throughout the world — and share it— and examine the state of open source in four key areas – usage, risk, contributions and governance/policies.

Top 4 DockerCon 2017 sessions

DockerCon 2017 is around the corner, starting in a few short days. Like most attendees, Black Duck technology evangelist, Tim Mackey, likes to look for the sessions that most impact his professional life. Lately that’s container security at production scale, and if you’ve dug into the topic in the past you’ll know it’s a bit messy! The following are the top four sessions Tim plans on attending, and why he thinks they’re important.

Cloudera IPO: An argument against open source business?

Open source is hot. Big data is hot. Proto-unicorn data management and learning company Cloudera is open source, big data and hot, hot, hot, recently announcing its plans to go public and filing an S-1 prospectus with the U.S. Securities and Exchange Commission on March 31st. Does Cloudera’s foundation of open source Apache Hadoop make it a risky business? Black Duck vice president of security strategy, Mike Pittenger, weighs in with a long-form article in Computer Business Review.

Tracking the explosive growth of open-source software

via TechCrunch: Many big companies — from financial giants to retailers to services firms — are building their businesses around new, community-based technology that represents a sea change from the IT practices of the past. That’s why we decided to create a new, detailed index to track popular open-source software projects, and gain some insights into the new companies powered by these technologies.

Why creating an open-source ecosystem doesn’t mean you’re taking on security risks

via Mobile Business Insights: Anyone who uses technology benefits from open-source software. Most applications you use have implemented open-source code to varying degrees. This isn’t just small-time developers that use this code, either. Many large enterprises rely on this software to build their own products and solutions. Open development may not be 100 percent safe in every situation, but no form of development is. Even commercially bought code brings its own challenges and risks. Developers need to conduct their due diligence on code, test aggressively and double-check their work to make sure they’re using an open ecosystem to fast-track innovation without increasing security threats.

Building containerized ecosystems with Ansible container

Joshua “jag” Ginsberg, Chief Architect with Ansible, shares the story of the Ansible Container project, how it got started, what makes it unique, attracting a project team, and building a community.


More by this author