Language Selection

English French German Italian Portuguese Spanish

Are Open Source Violations Lurking in Your Code?

Filed under
OSS

IT organizations that feel safe from open source licensing violations might be wise to check their code, as open source components are rapidly seeping into applications by way of offshore and in-house developers taking open source shortcuts, as well as a growing population of open source-savvy grads entering the workforce.

"With all of these new aspects, open source is something companies are going to have to get their heads around," says Anthony Armenta, vice president of engineering at Wyse Technology, a maker of thin clients.

It's not just about unearthing open source code that's in violation of licensing, either. Open source must be managed like any other software component, as security vulnerabilities arise and patches become available. Wyse has been using Palamida, which checks code bases against a 6TB library of known open source projects, fingerprints, and binary files, to track its open source usage for the past year.

Last year, Palamida added open source vulnerability alerts and other security-related features to its service. Today, the company announced both electronic delivery of vulnerability updates and unique identifiers to better manage open source code.

More Here




Had all s/w been free (libre)

Had all s/w been free (libre), this would not be an issue.

VMware: A "significant portion" of our technology may include open source

VMware seems to be dancing around the elephant in the room: its controversial use of Linux in its proprietary hypervisor technology. It's interesting that the company, which has refused to comment publicly on these specific allegations, is content to serve up a blanket advisory in its 10-Q.

If I were a VMware shareholder, I'd want clarity. The company suggests that it's complying with all open-source licenses, to the best of its knowledge. If this is true, it's perhaps time for the company to put those claims to a public sniff test.

The developer community hasn't been amused by VMware's use of embedded Linux in its hypervisor technology. Why not call out specifically why VMware feels it is in compliance with the GPL?

http://news.cnet.com/8301-13505_3-10044214-16.html

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Security: Reproducible Builds, Windows Phones, Debian, Mageia Identity Security Breach and More

  • Reproducible Builds: Weekly report #147
  • Windows Phones Get Cumulative Update KB4074592, PDF Support Now Broken
    Just when you thought Windows 10 Mobile is dead, here’s Microsoft rolling out a new cumulative update for the platform as part of its February patching cycle. Windows 10 cumulative update KB4074592, which is also released on PCs running the Creators Update (version 1703) – phones have never received the Fall Creators Update, comes with little changes for mobile devices, though it does something that many users might notice. Microsoft doesn’t provide a separate change log for mobile and PC, so the release notes that you can find at the end of the article include all the improvements and security fixes that Microsoft included in KB4074592 for both platforms.
  • Time to Join Extended Long Term Support for Debian 7 Wheezy
    Debian 7 Wheezy LTS period ends on May 31st and some companies asked Freexian if they could get security support past this date. Since about half of the current team of paid LTS contributors is willing to continue to provide security updates for Wheezy, I have started to work on making this possible.
  • Hackers Infiltrated Tesla to Mine Cryptocurrency
    While Elon Musk was busy planning how to launch his Tesla Roadster into the depths of space last month, a hacker was silently using Tesla’s computing power to mine an unknown amount of cryptocurrency. The unidentified attackers found their way in through cracks in Tesla’s cloud environment, according to a report issued by RedLock security on February 20. The miners were able to gain access via an unprotected Tesla Kubernete console—an open source system that manages applications. Included on this console were the access credentials to Tesla’s Amazon Web Service. Once they obtained access to the console, the attackers were able to run scripts that allowed them to stealthily mine cryptocurrency.
  • Hacking at EPFL Toastmasters, Lausanne, tonight
    ...remember to turn off your mobile device or leave it at home, you never know when it might ring or become part of a demonstration.
  • Mageia Identity Security Breach
    A user was able to gain access to our LDAP database and has published the email addresses and names, as well as apparent password hashes, of anyone who has signed up to identity.mageia.org. However, the published hashes do not match those on record, and all capitalisation has been removed, so it is not clear that the actual passwords have been compromised. All of the passwords have since been reset as a security precaution. New rules have been added to prevent access to the LDAP server. The sysadmins are investigating how the fields were read, as the configuration should have specifically prevented this. The passwords stored by the Mageia LDAP server are hashed and salted, meaning that the full decryption of the password, if they have actually been leaked, into a human-usable format would require significant computing power for safe and complex passwords.

today's howtos

Canonical Donates Ubuntu Phones to UBports to Continue Ubuntu Touch Development

UBports devs announced today on Twitter that Canonical sent them a few old Ubuntu Phone devices to continue the development of the Ubuntu Touch mobile operating system. Now that Canonical has ceased the development of its revolutionary Unity 8 user interface for the Ubuntu Touch mobile operating system used on smartphones from Meizu and BQ, the company decided to donate several devices to the UBports community. UBports is recreating Ubuntu Touch, maintaining, updating, and modifying its code to offer the world a free and open source mobile operating system for those who want to use something else than Android, iOS, and what else is still out there. Read more Also: Ubuntu Server 18.04 LTS Will Default To The New Installer The New Ubuntu 18.04 LTS Server Installer

LibreOffice 6.1 Arrives in August with Revamped Online Experience, New Features

Last week, we talked with The Document Foundation's marketing assistant Mike Saunders about the 1 million downloads milestone reached by the major LibreOffice 6.0 release in only two weeks after its launch, who told us that the team is already working on the next version, LibreOffice 6.1, due for release in August. LibreOffice 6.1 will be the first major update to the 6.x series of the office suite and will add yet another layer of new features and improvements to the open-source and cross-platform office suite used by millions of computer users worldwide, and we'd like you to be the first to know about them. Read more