SlideShare a Scribd company logo

Implications of Open Source Software Use (or Let's Talk Open Source)

Gail Murphy
Gail Murphy

A talk given to the UBC Computer Science Alumni group discussing a number of implications of the use of open source as part of the global software supply chain.

1 of 35
Downloaded 10 times
Let’s Talk
 Open Source or… Implications of Open Source Software Use Gail C. Murphy
 University of British Columbia Tasktop Technologies @gail_murphy A restrictive license has been chosen given unpublished work, and descriptions of others work
2 Who Are You? Let’s Talk Open Source 
 Code multiple days a week Ü Mostly Organize Coding Ü Something Else Ü
3Let’s Talk Open Source Here’s My Plan Integral and Critical ! Managing Use á Implications „
4 The Take-Aways Let’s Talk Open Source Open source: does not mean free Open source:
 use requires
 knowledge Open source: the fabric on which software development occurs
START Keynote Presentation Template Welcome to the best experience ı have in this presentation Where a variety of sections, easy and to understand is demonstrated  ! Integral and Critical
6 Supply of Open Source Components Let’s Talk Open Source:
 Integral and Critical suppliers total 
 components >105K >834K (Java) central repository GitHub project dependences 2015 State of the Software: Supply Chain Report (Sonatype)
7 Why Use Open Source Components? Let’s Talk Open Source:
 Integral and Critical build products (and other components) faster
 
 higher-quality components
 
 lower cost to (re)use
 
 ongoing updates
8 Use of Open Source Components Let’s Talk Open Source:
 Integral and Critical 17.2 Billion 
 Requests Served Java components in 2014 to >106K organizations 2015 State of the Software: Supply Chain Report (Sonatype)
9 What Happens When Open Source Components Fail? Let’s Talk Open Source:
 Integral and Critical https://xkcd.com/1354/
10 What Happens When Open Source Components Fail? Let’s Talk Open Source:
 Integral and Critical https://xkcd.com/1354/
11 What Happens When Open Source Components Fail? Let’s Talk Open Source:
 Integral and Critical https://xkcd.com/1354/
12 What Happens When Open Source Components Fail? Let’s Talk Open Source:
 Integral and Critical Economist, Apr 12, 2014
13 Even When Better Versions of Components Exist… Let’s Talk Open Source:
 Integral and Critical CVE-2007-6721
 CVSS 10
 Exploitability 10 since identification… 11,236 organizations have downloaded the vulnerable component 214,484 times 2015 State of the Software: Supply Chain Report (Sonatype)
14 Even When Better Versions of Components Exist… Let’s Talk Open Source:
 Integral and Critical 2015 State of the Software: Supply Chain Report (Sonatype) of 240,757 component downloads by large financial or technology firms in 2014… were of known defective part and or those with a defective part, the defects were older than 2013 7.5% 66%
15 Availability Matters Too Let’s Talk Open Source:
 Integral and Critical
16 The Take-Aways: Integral and Critical Let’s Talk Open Source:
 Managing Use Open source: the fabric on which software development occurs
START Keynote Presentation Template Welcome to the best experience ı have in this presentation Where a variety of sections, easy and to understand is demonstrated   Managing Use á
18 Murphy, Personnel Correspondence, 2016 Interviews with Engineering Leaders SME 4 1 2
19 Interviews with Engineering Leaders Let’s Talk Open Source:
 Managing Use Open before Closed Investigate open source - who else is using? - how many contributors? - support model? - security profile? Know they might need to fork Some place committers on project Murphy, Personnel Correspondence, 2016
20 Need for Controls Let’s Talk Open Source:
 Managing Use
21 The Take-Aways: Managing Use Let’s Talk Open Source Open source: does not mean free
START Keynote Presentation Template Welcome to the best experience ı have in this presentation Where a variety of sections, easy and to understand is demonstrated   Implications „
START Keynote Presentation Template Welcome to the best experience ı have in this presentation Where a variety of sections, easy and to understand is demonstrated   Analysis of 1000s of GitHub Projects
24 What Kind of Component You Are Depending On? Let’s Talk Open Source:
 Implications Guava Vault Junit 0% 25% 50% 75% 100% 4 32 256 2048 Number of user projects Rs:Ratioofuserprojectshavingsocialinteractions Palyart, Murphy, Masrani 2016, in progress
25 Set Your Expectations Let’s Talk Open Source:
 Implications 0 500 1000 1500 4 32 256 2048 Number of user projects Medianinvolvementtime Palyart, Murphy, Masrani 2016, in progress
26 Set Your Expectations Let’s Talk Open Source:
 Implications Technical dependence before social interaction Social interaction before technical dependence Palyart, Murphy, Masrani 2016, in progress
27 Set Your Expectations Let’s Talk Open Source:
 Implications 1 10 100 1000 10000 Social before technical Technical before social Numberofcontributions Palyart, Murphy, Masrani 2016, in progress
START Keynote Presentation Template Welcome to the best experience ı have in this presentation Where a variety of sections, easy and to understand is demonstrated   Survey about Software Licenses
29 Know the Impact of Choosing an Open Source Component Let’s Talk Open Source:
 Implications John has been working on ToDoApp, his own personal task management
 application. ToDoApp is going to be a desktop-based application that will
 be used exclusively by John on his own computer. To make sure he does not
 lose any of his very special tasks, John is planning to use a lightweight
 library called LightDB to persist ToDoApp’s data.
 
 If LightDB is distributed under the following licenses, would John be
 allowed to use it as part of ToDoApp?
 
 GNU GPL 3.0
 GNU LGPL 3.0
 MPL 2.0 UnsureNoYes UnsureNoYes UnsureNoYes Almedia, Murphy, Wilson, Hoye, 2016, under submission
30 Know the Impact of Choosing an Open Source Component Let’s Talk Open Source:
 Implications If LightDB is distributed under the following licenses, would John be
 allowed to use it as part of ToDoApp?
 
 GNU GPL 3.0
 GNU LGPL 3.0
 MPL 2.0 Yes Yes Yes 375
 respondents Almedia, Murphy, Wilson, Hoye, 2016, under submission
31 Know the Impact of Choosing an Open Source Component Let’s Talk Open Source:
 Implications As the lead developer of a new product at GreatSoftware Inc., Laura decided to
 use an existing authentication library she found on the web called SafeAuth.
 She realizes that SafeAuth could be improved using a stronger cryptographic
 algorithm when storing users’ information. The product is going to be released
 under a commercial software license, but Laura would like to release the
 improved version of SafeAuth as open source.
 
 If SafeAuth is distributed under MPL, would Laura and her team be allowed to release the improved version of SafeAuth as open source.
 
 GNU GPL 3.0
 GNU LGPL 3.0
 MPL 2.0 UnsureNoYes UnsureNoYes UnsureNoYes Almedia, Murphy, Wilson, Hoye, 2016, under submission
32 Know the Impact of Choosing an Open Source Component Let’s Talk Open Source:
 Implications If SafeAuth is distributed under MPL, would Laura and her team be allowed to release the improved version of SafeAuth as open source.
 
 GNU GPL 3.0
 GNU LGPL 3.0
 MPL 2.0 No No Yes 375
 respondents Almedia, Murphy, Wilson, Hoye, 2016, under submission
33 The Take-Aways: Implications Let’s Talk Open Source Open source:
 use requires
 knowledge
Illustration copyright Nenov Brothers Images /Shutterstock
35 The Take-Aways Let’s Talk Open Source Open source: does not mean free Open source:
 use requires
 knowledge Open source: the fabric on which software development occurs @gail_murphy
Ad

Recommended

The (Un) Expected Impact of Tools in Software Evolution
The (Un) Expected Impact of Tools in Software EvolutionThe (Un) Expected Impact of Tools in Software Evolution
The (Un) Expected Impact of Tools in Software Evolution
Gail Murphy
 
Icsme 2021-keynote-creating-usable-and-useful-software-tools
Icsme 2021-keynote-creating-usable-and-useful-software-toolsIcsme 2021-keynote-creating-usable-and-useful-software-tools
Icsme 2021-keynote-creating-usable-and-useful-software-tools
Gail Murphy
 
Developing Effective Software Productively
Developing Effective Software ProductivelyDeveloping Effective Software Productively
Developing Effective Software Productively
Gail Murphy
 
Beyond DevOps: Finding Value through Requirements
Beyond DevOps: Finding Value through RequirementsBeyond DevOps: Finding Value through Requirements
Beyond DevOps: Finding Value through Requirements
Gail Murphy
 
A Study of the Quality-Impacting Practices of Modern Code Review at Sony Mobile
A Study of the Quality-Impacting Practices of Modern Code Review at Sony MobileA Study of the Quality-Impacting Practices of Modern Code Review at Sony Mobile
A Study of the Quality-Impacting Practices of Modern Code Review at Sony Mobile
SAIL_QU
 
Open Engineering Framework
Open Engineering FrameworkOpen Engineering Framework
Open Engineering Framework
John Vogel
 
Opinion Mining for Software Engineering
Opinion Mining for Software EngineeringOpinion Mining for Software Engineering
Opinion Mining for Software Engineering
Alexander Serebrenik
 
Defect Prediction: Accomplishments and Future Challenges
Defect Prediction: Accomplishments and Future ChallengesDefect Prediction: Accomplishments and Future Challenges
Defect Prediction: Accomplishments and Future Challenges
Yasutaka Kamei
 
Put Your Hands in the Mud: What Technique, Why, and How
Put Your Hands in the Mud: What Technique, Why, and HowPut Your Hands in the Mud: What Technique, Why, and How
Put Your Hands in the Mud: What Technique, Why, and How
Massimiliano Di Penta
 
Early Detection of Collaboration Conflicts & Risks in Software Development
Early Detection of Collaboration Conflicts & Risks in Software DevelopmentEarly Detection of Collaboration Conflicts & Risks in Software Development
Early Detection of Collaboration Conflicts & Risks in Software Development
Roopesh Jhurani
 
Exploring the Use of Labels to Categorize Issues in Open-Source Software Pro...
Exploring the Use of Labels to Categorize Issues in Open-Source Software Pro...Exploring the Use of Labels to Categorize Issues in Open-Source Software Pro...
Exploring the Use of Labels to Categorize Issues in Open-Source Software Pro...
Javier Canovas
 
Enabling the Definition and Enforcement of Governance Rules in Open Source Sy...
Enabling the Definition and Enforcement of Governance Rules in Open Source Sy...Enabling the Definition and Enforcement of Governance Rules in Open Source Sy...
Enabling the Definition and Enforcement of Governance Rules in Open Source Sy...
Javier Canovas
 
SETTA'18 Keynote: Intelligent Software Engineering: Synergy between AI and So...
SETTA'18 Keynote: Intelligent Software Engineering: Synergy between AI and So...SETTA'18 Keynote: Intelligent Software Engineering: Synergy between AI and So...
SETTA'18 Keynote: Intelligent Software Engineering: Synergy between AI and So...
Tao Xie
 
Supporting Newcomers in Software Development Projects
Supporting Newcomers in Software Development ProjectsSupporting Newcomers in Software Development Projects
Supporting Newcomers in Software Development Projects
Sebastiano Panichella
 
Test-Driven Development in the Corporate Workplace
Test-Driven Development in the Corporate WorkplaceTest-Driven Development in the Corporate Workplace
Test-Driven Development in the Corporate Workplace
Ahmed Owian
 
Cser13.ppt
Cser13.pptCser13.ppt
Cser13.ppt
Ptidej Team
 
Wait for it: identifying “On-Hold” self-admitted technical debt
Wait for it: identifying “On-Hold” self-admitted technical debtWait for it: identifying “On-Hold” self-admitted technical debt
Wait for it: identifying “On-Hold” self-admitted technical debt
RungrojMaipradit1
 
Agile maintenance
Agile maintenanceAgile maintenance
Agile maintenance
aralikatte
 
Modeling and Analyzing Openness Trade-Offs in Software Platforms: A Goal-Orie...
Modeling and Analyzing Openness Trade-Offs in Software Platforms: A Goal-Orie...Modeling and Analyzing Openness Trade-Offs in Software Platforms: A Goal-Orie...
Modeling and Analyzing Openness Trade-Offs in Software Platforms: A Goal-Orie...
Mahsa H. Sadi
 
Advantages and Disadvantages of a Monolithic Repository
Advantages and Disadvantages of a Monolithic RepositoryAdvantages and Disadvantages of a Monolithic Repository
Advantages and Disadvantages of a Monolithic Repository
mustafa sarac
 
tem7
tem7tem7
tem7
guest69032c
 
Open Source Software Survivability Analysis Using Communication Pattern Valid...
Open Source Software Survivability Analysis Using Communication Pattern Valid...Open Source Software Survivability Analysis Using Communication Pattern Valid...
Open Source Software Survivability Analysis Using Communication Pattern Valid...
IOSR Journals
 
Epics qt application peer reviews
Epics qt application peer reviewsEpics qt application peer reviews
Epics qt application peer reviews
Robert-Emmanuel Mayssat
 
Wcre13b.ppt
Wcre13b.pptWcre13b.ppt
Wcre13b.ppt
Ptidej Team
 
Software bug prediction
Software bug prediction Software bug prediction
Software bug prediction
Muthukumaran Kasinathan
 
A Mono- and Multi-objective Approach for Recommending Software Refactoring
A Mono- and Multi-objective Approach for Recommending Software RefactoringA Mono- and Multi-objective Approach for Recommending Software Refactoring
A Mono- and Multi-objective Approach for Recommending Software Refactoring
Ali Ouni
 
Leveraging HPC Resources to Improve the Experimental Design of Software Analy...
Leveraging HPC Resources to Improve the Experimental Design of Software Analy...Leveraging HPC Resources to Improve the Experimental Design of Software Analy...
Leveraging HPC Resources to Improve the Experimental Design of Software Analy...
Chakkrit (Kla) Tantithamthavorn
 
Eclipse community survey 2014 v2
Eclipse community survey 2014 v2Eclipse community survey 2014 v2
Eclipse community survey 2014 v2
Ian Skerrett
 
Open Source vs Proprietary
Open Source vs ProprietaryOpen Source vs Proprietary
Open Source vs Proprietary
M. Antoinette Jerom
 
Open Source Lecture
Open Source LectureOpen Source Lecture
Open Source Lecture
iTawy Community
 
Ad

More Related Content

What's hot (20)

Put Your Hands in the Mud: What Technique, Why, and How
Put Your Hands in the Mud: What Technique, Why, and HowPut Your Hands in the Mud: What Technique, Why, and How
Put Your Hands in the Mud: What Technique, Why, and How
Massimiliano Di Penta
 
Early Detection of Collaboration Conflicts & Risks in Software Development
Early Detection of Collaboration Conflicts & Risks in Software DevelopmentEarly Detection of Collaboration Conflicts & Risks in Software Development
Early Detection of Collaboration Conflicts & Risks in Software Development
Roopesh Jhurani
 
Exploring the Use of Labels to Categorize Issues in Open-Source Software Pro...
Exploring the Use of Labels to Categorize Issues in Open-Source Software Pro...Exploring the Use of Labels to Categorize Issues in Open-Source Software Pro...
Exploring the Use of Labels to Categorize Issues in Open-Source Software Pro...
Javier Canovas
 
Enabling the Definition and Enforcement of Governance Rules in Open Source Sy...
Enabling the Definition and Enforcement of Governance Rules in Open Source Sy...Enabling the Definition and Enforcement of Governance Rules in Open Source Sy...
Enabling the Definition and Enforcement of Governance Rules in Open Source Sy...
Javier Canovas
 
SETTA'18 Keynote: Intelligent Software Engineering: Synergy between AI and So...
SETTA'18 Keynote: Intelligent Software Engineering: Synergy between AI and So...SETTA'18 Keynote: Intelligent Software Engineering: Synergy between AI and So...
SETTA'18 Keynote: Intelligent Software Engineering: Synergy between AI and So...
Tao Xie
 
Supporting Newcomers in Software Development Projects
Supporting Newcomers in Software Development ProjectsSupporting Newcomers in Software Development Projects
Supporting Newcomers in Software Development Projects
Sebastiano Panichella
 
Test-Driven Development in the Corporate Workplace
Test-Driven Development in the Corporate WorkplaceTest-Driven Development in the Corporate Workplace
Test-Driven Development in the Corporate Workplace
Ahmed Owian
 
Cser13.ppt
Cser13.pptCser13.ppt
Cser13.ppt
Ptidej Team
 
Wait for it: identifying “On-Hold” self-admitted technical debt
Wait for it: identifying “On-Hold” self-admitted technical debtWait for it: identifying “On-Hold” self-admitted technical debt
Wait for it: identifying “On-Hold” self-admitted technical debt
RungrojMaipradit1
 
Agile maintenance
Agile maintenanceAgile maintenance
Agile maintenance
aralikatte
 
Modeling and Analyzing Openness Trade-Offs in Software Platforms: A Goal-Orie...
Modeling and Analyzing Openness Trade-Offs in Software Platforms: A Goal-Orie...Modeling and Analyzing Openness Trade-Offs in Software Platforms: A Goal-Orie...
Modeling and Analyzing Openness Trade-Offs in Software Platforms: A Goal-Orie...
Mahsa H. Sadi
 
Advantages and Disadvantages of a Monolithic Repository
Advantages and Disadvantages of a Monolithic RepositoryAdvantages and Disadvantages of a Monolithic Repository
Advantages and Disadvantages of a Monolithic Repository
mustafa sarac
 
tem7
tem7tem7
tem7
guest69032c
 
Open Source Software Survivability Analysis Using Communication Pattern Valid...
Open Source Software Survivability Analysis Using Communication Pattern Valid...Open Source Software Survivability Analysis Using Communication Pattern Valid...
Open Source Software Survivability Analysis Using Communication Pattern Valid...
IOSR Journals
 
Epics qt application peer reviews
Epics qt application peer reviewsEpics qt application peer reviews
Epics qt application peer reviews
Robert-Emmanuel Mayssat
 
Wcre13b.ppt
Wcre13b.pptWcre13b.ppt
Wcre13b.ppt
Ptidej Team
 
Software bug prediction
Software bug prediction Software bug prediction
Software bug prediction
Muthukumaran Kasinathan
 
A Mono- and Multi-objective Approach for Recommending Software Refactoring
A Mono- and Multi-objective Approach for Recommending Software RefactoringA Mono- and Multi-objective Approach for Recommending Software Refactoring
A Mono- and Multi-objective Approach for Recommending Software Refactoring
Ali Ouni
 
Leveraging HPC Resources to Improve the Experimental Design of Software Analy...
Leveraging HPC Resources to Improve the Experimental Design of Software Analy...Leveraging HPC Resources to Improve the Experimental Design of Software Analy...
Leveraging HPC Resources to Improve the Experimental Design of Software Analy...
Chakkrit (Kla) Tantithamthavorn
 
Eclipse community survey 2014 v2
Eclipse community survey 2014 v2Eclipse community survey 2014 v2
Eclipse community survey 2014 v2
Ian Skerrett
 
Put Your Hands in the Mud: What Technique, Why, and How
Put Your Hands in the Mud: What Technique, Why, and HowPut Your Hands in the Mud: What Technique, Why, and How
Put Your Hands in the Mud: What Technique, Why, and How
Massimiliano Di Penta
 
Early Detection of Collaboration Conflicts & Risks in Software Development
Early Detection of Collaboration Conflicts & Risks in Software DevelopmentEarly Detection of Collaboration Conflicts & Risks in Software Development
Early Detection of Collaboration Conflicts & Risks in Software Development
Roopesh Jhurani
 
Exploring the Use of Labels to Categorize Issues in Open-Source Software Pro...
Exploring the Use of Labels to Categorize Issues in Open-Source Software Pro...Exploring the Use of Labels to Categorize Issues in Open-Source Software Pro...
Exploring the Use of Labels to Categorize Issues in Open-Source Software Pro...
Javier Canovas
 
Enabling the Definition and Enforcement of Governance Rules in Open Source Sy...
Enabling the Definition and Enforcement of Governance Rules in Open Source Sy...Enabling the Definition and Enforcement of Governance Rules in Open Source Sy...
Enabling the Definition and Enforcement of Governance Rules in Open Source Sy...
Javier Canovas
 
SETTA'18 Keynote: Intelligent Software Engineering: Synergy between AI and So...
SETTA'18 Keynote: Intelligent Software Engineering: Synergy between AI and So...SETTA'18 Keynote: Intelligent Software Engineering: Synergy between AI and So...
SETTA'18 Keynote: Intelligent Software Engineering: Synergy between AI and So...
Tao Xie
 
Supporting Newcomers in Software Development Projects
Supporting Newcomers in Software Development ProjectsSupporting Newcomers in Software Development Projects
Supporting Newcomers in Software Development Projects
Sebastiano Panichella
 
Test-Driven Development in the Corporate Workplace
Test-Driven Development in the Corporate WorkplaceTest-Driven Development in the Corporate Workplace
Test-Driven Development in the Corporate Workplace
Ahmed Owian
 
Cser13.ppt
Cser13.pptCser13.ppt
Cser13.ppt
Ptidej Team
 
Wait for it: identifying “On-Hold” self-admitted technical debt
Wait for it: identifying “On-Hold” self-admitted technical debtWait for it: identifying “On-Hold” self-admitted technical debt
Wait for it: identifying “On-Hold” self-admitted technical debt
RungrojMaipradit1
 
Agile maintenance
Agile maintenanceAgile maintenance
Agile maintenance
aralikatte
 
Modeling and Analyzing Openness Trade-Offs in Software Platforms: A Goal-Orie...
Modeling and Analyzing Openness Trade-Offs in Software Platforms: A Goal-Orie...Modeling and Analyzing Openness Trade-Offs in Software Platforms: A Goal-Orie...
Modeling and Analyzing Openness Trade-Offs in Software Platforms: A Goal-Orie...
Mahsa H. Sadi
 
Advantages and Disadvantages of a Monolithic Repository
Advantages and Disadvantages of a Monolithic RepositoryAdvantages and Disadvantages of a Monolithic Repository
Advantages and Disadvantages of a Monolithic Repository
mustafa sarac
 
tem7
tem7tem7
tem7
guest69032c
 
Open Source Software Survivability Analysis Using Communication Pattern Valid...
Open Source Software Survivability Analysis Using Communication Pattern Valid...Open Source Software Survivability Analysis Using Communication Pattern Valid...
Open Source Software Survivability Analysis Using Communication Pattern Valid...
IOSR Journals
 
Epics qt application peer reviews
Epics qt application peer reviewsEpics qt application peer reviews
Epics qt application peer reviews
Robert-Emmanuel Mayssat
 
Wcre13b.ppt
Wcre13b.pptWcre13b.ppt
Wcre13b.ppt
Ptidej Team
 
Software bug prediction
Software bug prediction Software bug prediction
Software bug prediction
Muthukumaran Kasinathan
 
A Mono- and Multi-objective Approach for Recommending Software Refactoring
A Mono- and Multi-objective Approach for Recommending Software RefactoringA Mono- and Multi-objective Approach for Recommending Software Refactoring
A Mono- and Multi-objective Approach for Recommending Software Refactoring
Ali Ouni
 
Leveraging HPC Resources to Improve the Experimental Design of Software Analy...
Leveraging HPC Resources to Improve the Experimental Design of Software Analy...Leveraging HPC Resources to Improve the Experimental Design of Software Analy...
Leveraging HPC Resources to Improve the Experimental Design of Software Analy...
Chakkrit (Kla) Tantithamthavorn
 
Eclipse community survey 2014 v2
Eclipse community survey 2014 v2Eclipse community survey 2014 v2
Eclipse community survey 2014 v2
Ian Skerrett
 

Similar to Implications of Open Source Software Use (or Let's Talk Open Source) (20)

Open Source vs Proprietary
Open Source vs ProprietaryOpen Source vs Proprietary
Open Source vs Proprietary
M. Antoinette Jerom
 
Open Source Lecture
Open Source LectureOpen Source Lecture
Open Source Lecture
iTawy Community
 
Open Source SW Business
Open Source SW Business Open Source SW Business
Open Source SW Business
SANGHEE SHIN
 
Can end user apps also be open source? OW2online'20, June 2020
Can end user apps also be open source? OW2online'20, June 2020Can end user apps also be open source? OW2online'20, June 2020
Can end user apps also be open source? OW2online'20, June 2020
OW2
 
A kick-start into Open Source
A kick-start into Open SourceA kick-start into Open Source
A kick-start into Open Source
Abhiram Ravikumar
 
Aliens in Your Apps!
Aliens in Your Apps!Aliens in Your Apps!
Aliens in Your Apps!
All Things Open
 
Establishing an Open Source Program Office
Establishing an Open Source Program OfficeEstablishing an Open Source Program Office
Establishing an Open Source Program Office
Lee Calcote
 
FrOSCon: The business value of open source
FrOSCon: The business value of open sourceFrOSCon: The business value of open source
FrOSCon: The business value of open source
Simon Phipps
 
OPEN SOURCE SEMINAR PRESENTATION
OPEN SOURCE SEMINAR PRESENTATIONOPEN SOURCE SEMINAR PRESENTATION
OPEN SOURCE SEMINAR PRESENTATION
Ritwick Halder
 
Open Source
Open SourceOpen Source
Open Source
nqfaq
 
Asf icfoss-mentoring
Asf icfoss-mentoringAsf icfoss-mentoring
Asf icfoss-mentoring
Luciano Resende
 
June 22nd 2016 - Foundation State of the Union - London Meetup @ Red Deer
June 22nd 2016 - Foundation State of the Union - London Meetup @ Red DeerJune 22nd 2016 - Foundation State of the Union - London Meetup @ Red Deer
June 22nd 2016 - Foundation State of the Union - London Meetup @ Red Deer
Symphony Software Foundation
 
Open Source Software in Libraries
Open Source Software in LibrariesOpen Source Software in Libraries
Open Source Software in Libraries
Sukhdev Singh
 
Open Source VP.pptx
Open Source VP.pptxOpen Source VP.pptx
Open Source VP.pptx
vishnupriyapm4
 
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Sonatype
 
OSMC 2021 | Contributing to open source with the example of icinga (1)
OSMC 2021 | Contributing to open source with the example of icinga (1)OSMC 2021 | Contributing to open source with the example of icinga (1)
OSMC 2021 | Contributing to open source with the example of icinga (1)
NETWAYS
 
Open Source for Enterprise: Architecting Digital Change.
Open Source for Enterprise: Architecting Digital Change. Open Source for Enterprise: Architecting Digital Change.
Open Source for Enterprise: Architecting Digital Change.
Reading Room
 
Open source technology
Open source technologyOpen source technology
Open source technology
Rohit Kumar
 
Introduction To Open Source Licenses
Introduction To Open Source LicensesIntroduction To Open Source Licenses
Introduction To Open Source Licenses
Harley Pascua
 
Ijetr042189
Ijetr042189Ijetr042189
Ijetr042189
Engineering Research Publication
 
Open Source vs Proprietary
Open Source vs ProprietaryOpen Source vs Proprietary
Open Source vs Proprietary
M. Antoinette Jerom
 
Open Source Lecture
Open Source LectureOpen Source Lecture
Open Source Lecture
iTawy Community
 
Open Source SW Business
Open Source SW Business Open Source SW Business
Open Source SW Business
SANGHEE SHIN
 
Can end user apps also be open source? OW2online'20, June 2020
Can end user apps also be open source? OW2online'20, June 2020Can end user apps also be open source? OW2online'20, June 2020
Can end user apps also be open source? OW2online'20, June 2020
OW2
 
A kick-start into Open Source
A kick-start into Open SourceA kick-start into Open Source
A kick-start into Open Source
Abhiram Ravikumar
 
Aliens in Your Apps!
Aliens in Your Apps!Aliens in Your Apps!
Aliens in Your Apps!
All Things Open
 
Establishing an Open Source Program Office
Establishing an Open Source Program OfficeEstablishing an Open Source Program Office
Establishing an Open Source Program Office
Lee Calcote
 
FrOSCon: The business value of open source
FrOSCon: The business value of open sourceFrOSCon: The business value of open source
FrOSCon: The business value of open source
Simon Phipps
 
OPEN SOURCE SEMINAR PRESENTATION
OPEN SOURCE SEMINAR PRESENTATIONOPEN SOURCE SEMINAR PRESENTATION
OPEN SOURCE SEMINAR PRESENTATION
Ritwick Halder
 
Open Source
Open SourceOpen Source
Open Source
nqfaq
 
Asf icfoss-mentoring
Asf icfoss-mentoringAsf icfoss-mentoring
Asf icfoss-mentoring
Luciano Resende
 
June 22nd 2016 - Foundation State of the Union - London Meetup @ Red Deer
June 22nd 2016 - Foundation State of the Union - London Meetup @ Red DeerJune 22nd 2016 - Foundation State of the Union - London Meetup @ Red Deer
June 22nd 2016 - Foundation State of the Union - London Meetup @ Red Deer
Symphony Software Foundation
 
Open Source Software in Libraries
Open Source Software in LibrariesOpen Source Software in Libraries
Open Source Software in Libraries
Sukhdev Singh
 
Open Source VP.pptx
Open Source VP.pptxOpen Source VP.pptx
Open Source VP.pptx
vishnupriyapm4
 
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Sonatype
 
OSMC 2021 | Contributing to open source with the example of icinga (1)
OSMC 2021 | Contributing to open source with the example of icinga (1)OSMC 2021 | Contributing to open source with the example of icinga (1)
OSMC 2021 | Contributing to open source with the example of icinga (1)
NETWAYS
 
Open Source for Enterprise: Architecting Digital Change.
Open Source for Enterprise: Architecting Digital Change. Open Source for Enterprise: Architecting Digital Change.
Open Source for Enterprise: Architecting Digital Change.
Reading Room
 
Open source technology
Open source technologyOpen source technology
Open source technology
Rohit Kumar
 
Introduction To Open Source Licenses
Introduction To Open Source LicensesIntroduction To Open Source Licenses
Introduction To Open Source Licenses
Harley Pascua
 
Ijetr042189
Ijetr042189Ijetr042189
Ijetr042189
Engineering Research Publication
 
Ad

More from Gail Murphy (13)

Architecting-Flow-in-SE.pdf
Architecting-Flow-in-SE.pdfArchitecting-Flow-in-SE.pdf
Architecting-Flow-in-SE.pdf
Gail Murphy
 
Is software engineering research addressing software engineering problems?
Is software engineering research addressing software engineering problems?Is software engineering research addressing software engineering problems?
Is software engineering research addressing software engineering problems?
Gail Murphy
 
Making Effective, Useful Software Development Tools
Making Effective, Useful Software Development ToolsMaking Effective, Useful Software Development Tools
Making Effective, Useful Software Development Tools
Gail Murphy
 
The Need for Context in Software Engineering
The Need for Context in Software EngineeringThe Need for Context in Software Engineering
The Need for Context in Software Engineering
Gail Murphy
 
Impactful SE Research: Some Do's and More Don'ts
Impactful SE Research: Some Do's and More Don'tsImpactful SE Research: Some Do's and More Don'ts
Impactful SE Research: Some Do's and More Don'ts
Gail Murphy
 
The Elusive Nature of Context: Why We Need It and Were We Might Find It
The Elusive Nature of Context: Why We Need It and Were We Might Find ItThe Elusive Nature of Context: Why We Need It and Were We Might Find It
The Elusive Nature of Context: Why We Need It and Were We Might Find It
Gail Murphy
 
Human-centric Software Development Tools
Human-centric Software Development ToolsHuman-centric Software Development Tools
Human-centric Software Development Tools
Gail Murphy
 
Is Continuous Adoption in Software Engineering Achievable and Desirable?
Is Continuous Adoption in Software Engineering Achievable and Desirable? Is Continuous Adoption in Software Engineering Achievable and Desirable?
Is Continuous Adoption in Software Engineering Achievable and Desirable?
Gail Murphy
 
Acm productivity-webinar-2016-slides
Acm productivity-webinar-2016-slidesAcm productivity-webinar-2016-slides
Acm productivity-webinar-2016-slides
Gail Murphy
 
Software Supply Chains
Software Supply ChainsSoftware Supply Chains
Software Supply Chains
Gail Murphy
 
Getting to Flow in Software Development (ASWEC 2014 Keynote)
Getting to Flow in Software Development (ASWEC 2014 Keynote)Getting to Flow in Software Development (ASWEC 2014 Keynote)
Getting to Flow in Software Development (ASWEC 2014 Keynote)
Gail Murphy
 
The Human Element
The Human ElementThe Human Element
The Human Element
Gail Murphy
 
What is Software Development Productivity Anyway?
What is Software Development Productivity Anyway?What is Software Development Productivity Anyway?
What is Software Development Productivity Anyway?
Gail Murphy
 
Architecting-Flow-in-SE.pdf
Architecting-Flow-in-SE.pdfArchitecting-Flow-in-SE.pdf
Architecting-Flow-in-SE.pdf
Gail Murphy
 
Is software engineering research addressing software engineering problems?
Is software engineering research addressing software engineering problems?Is software engineering research addressing software engineering problems?
Is software engineering research addressing software engineering problems?
Gail Murphy
 
Making Effective, Useful Software Development Tools
Making Effective, Useful Software Development ToolsMaking Effective, Useful Software Development Tools
Making Effective, Useful Software Development Tools
Gail Murphy
 
The Need for Context in Software Engineering
The Need for Context in Software EngineeringThe Need for Context in Software Engineering
The Need for Context in Software Engineering
Gail Murphy
 
Impactful SE Research: Some Do's and More Don'ts
Impactful SE Research: Some Do's and More Don'tsImpactful SE Research: Some Do's and More Don'ts
Impactful SE Research: Some Do's and More Don'ts
Gail Murphy
 
The Elusive Nature of Context: Why We Need It and Were We Might Find It
The Elusive Nature of Context: Why We Need It and Were We Might Find ItThe Elusive Nature of Context: Why We Need It and Were We Might Find It
The Elusive Nature of Context: Why We Need It and Were We Might Find It
Gail Murphy
 
Human-centric Software Development Tools
Human-centric Software Development ToolsHuman-centric Software Development Tools
Human-centric Software Development Tools
Gail Murphy
 
Is Continuous Adoption in Software Engineering Achievable and Desirable?
Is Continuous Adoption in Software Engineering Achievable and Desirable? Is Continuous Adoption in Software Engineering Achievable and Desirable?
Is Continuous Adoption in Software Engineering Achievable and Desirable?
Gail Murphy
 
Acm productivity-webinar-2016-slides
Acm productivity-webinar-2016-slidesAcm productivity-webinar-2016-slides
Acm productivity-webinar-2016-slides
Gail Murphy
 
Software Supply Chains
Software Supply ChainsSoftware Supply Chains
Software Supply Chains
Gail Murphy
 
Getting to Flow in Software Development (ASWEC 2014 Keynote)
Getting to Flow in Software Development (ASWEC 2014 Keynote)Getting to Flow in Software Development (ASWEC 2014 Keynote)
Getting to Flow in Software Development (ASWEC 2014 Keynote)
Gail Murphy
 
The Human Element
The Human ElementThe Human Element
The Human Element
Gail Murphy
 
What is Software Development Productivity Anyway?
What is Software Development Productivity Anyway?What is Software Development Productivity Anyway?
What is Software Development Productivity Anyway?
Gail Murphy
 
Ad

Recently uploaded (20)

Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025
kashifyounis067
 
WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)
sh607827
 
Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025
kashifyounis067
 
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdfMicrosoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
TechSoup
 
Automation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath CertificateAutomation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath Certificate
VICTOR MAESTRE RAMIREZ
 
Landscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature ReviewLandscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature Review
Hironori Washizaki
 
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRYLEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
NidaFarooq10
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
Designing AI-Powered APIs on Azure: Best Practices& Considerations
Designing AI-Powered APIs on Azure: Best Practices& ConsiderationsDesigning AI-Powered APIs on Azure: Best Practices& Considerations
Designing AI-Powered APIs on Azure: Best Practices& Considerations
Dinusha Kumarasiri
 
Meet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Meet the Agents: How AI Is Learning to Think, Plan, and CollaborateMeet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Meet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Maxim Salnikov
 
Download Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With LatestDownload Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With Latest
tahirabibi60507
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
Expand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchangeExpand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchange
Fexle Services Pvt. Ltd.
 
Not So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java WebinarNot So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java Webinar
Tier1 app
 
PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025
mu394968
 
Douwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License codeDouwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License code
aneelaramzan63
 
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
Egor Kaleynik
 
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New VersionPixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
saimabibi60507
 
Adobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest VersionAdobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest Version
kashifyounis067
 
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
AxisTechnolabs
 
Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025
kashifyounis067
 
WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)
sh607827
 
Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025
kashifyounis067
 
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdfMicrosoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
TechSoup
 
Automation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath CertificateAutomation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath Certificate
VICTOR MAESTRE RAMIREZ
 
Landscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature ReviewLandscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature Review
Hironori Washizaki
 
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRYLEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
NidaFarooq10
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
Designing AI-Powered APIs on Azure: Best Practices& Considerations
Designing AI-Powered APIs on Azure: Best Practices& ConsiderationsDesigning AI-Powered APIs on Azure: Best Practices& Considerations
Designing AI-Powered APIs on Azure: Best Practices& Considerations
Dinusha Kumarasiri
 
Meet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Meet the Agents: How AI Is Learning to Think, Plan, and CollaborateMeet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Meet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Maxim Salnikov
 
Download Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With LatestDownload Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With Latest
tahirabibi60507
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
Expand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchangeExpand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchange
Fexle Services Pvt. Ltd.
 
Not So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java WebinarNot So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java Webinar
Tier1 app
 
PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025
mu394968
 
Douwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License codeDouwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License code
aneelaramzan63
 
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
Egor Kaleynik
 
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New VersionPixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
saimabibi60507
 
Adobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest VersionAdobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest Version
kashifyounis067
 
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
AxisTechnolabs
 

Implications of Open Source Software Use (or Let's Talk Open Source)

  • 1. Let’s Talk
 Open Source or… Implications of Open Source Software Use Gail C. Murphy
 University of British Columbia Tasktop Technologies @gail_murphy A restrictive license has been chosen given unpublished work, and descriptions of others work
  • 2. 2 Who Are You? Let’s Talk Open Source 
 Code multiple days a week Ü Mostly Organize Coding Ü Something Else Ü
  • 3. 3Let’s Talk Open Source Here’s My Plan Integral and Critical ! Managing Use á Implications „
  • 4. 4 The Take-Aways Let’s Talk Open Source Open source: does not mean free Open source:
 use requires
 knowledge Open source: the fabric on which software development occurs
  • 5. START Keynote Presentation Template Welcome to the best experience ı have in this presentation Where a variety of sections, easy and to understand is demonstrated  ! Integral and Critical
  • 6. 6 Supply of Open Source Components Let’s Talk Open Source:
 Integral and Critical suppliers total 
 components >105K >834K (Java) central repository GitHub project dependences 2015 State of the Software: Supply Chain Report (Sonatype)
  • 7. 7 Why Use Open Source Components? Let’s Talk Open Source:
 Integral and Critical build products (and other components) faster
 
 higher-quality components
 
 lower cost to (re)use
 
 ongoing updates
  • 8. 8 Use of Open Source Components Let’s Talk Open Source:
 Integral and Critical 17.2 Billion 
 Requests Served Java components in 2014 to >106K organizations 2015 State of the Software: Supply Chain Report (Sonatype)
  • 9. 9 What Happens When Open Source Components Fail? Let’s Talk Open Source:
 Integral and Critical https://xkcd.com/1354/
  • 10. 10 What Happens When Open Source Components Fail? Let’s Talk Open Source:
 Integral and Critical https://xkcd.com/1354/
  • 11. 11 What Happens When Open Source Components Fail? Let’s Talk Open Source:
 Integral and Critical https://xkcd.com/1354/
  • 12. 12 What Happens When Open Source Components Fail? Let’s Talk Open Source:
 Integral and Critical Economist, Apr 12, 2014
  • 13. 13 Even When Better Versions of Components Exist… Let’s Talk Open Source:
 Integral and Critical CVE-2007-6721
 CVSS 10
 Exploitability 10 since identification… 11,236 organizations have downloaded the vulnerable component 214,484 times 2015 State of the Software: Supply Chain Report (Sonatype)
  • 14. 14 Even When Better Versions of Components Exist… Let’s Talk Open Source:
 Integral and Critical 2015 State of the Software: Supply Chain Report (Sonatype) of 240,757 component downloads by large financial or technology firms in 2014… were of known defective part and or those with a defective part, the defects were older than 2013 7.5% 66%
  • 15. 15 Availability Matters Too Let’s Talk Open Source:
 Integral and Critical
  • 16. 16 The Take-Aways: Integral and Critical Let’s Talk Open Source:
 Managing Use Open source: the fabric on which software development occurs
  • 17. START Keynote Presentation Template Welcome to the best experience ı have in this presentation Where a variety of sections, easy and to understand is demonstrated   Managing Use á
  • 18. 18 Murphy, Personnel Correspondence, 2016 Interviews with Engineering Leaders SME 4 1 2
  • 19. 19 Interviews with Engineering Leaders Let’s Talk Open Source:
 Managing Use Open before Closed Investigate open source - who else is using? - how many contributors? - support model? - security profile? Know they might need to fork Some place committers on project Murphy, Personnel Correspondence, 2016
  • 20. 20 Need for Controls Let’s Talk Open Source:
 Managing Use
  • 21. 21 The Take-Aways: Managing Use Let’s Talk Open Source Open source: does not mean free
  • 22. START Keynote Presentation Template Welcome to the best experience ı have in this presentation Where a variety of sections, easy and to understand is demonstrated   Implications „
  • 23. START Keynote Presentation Template Welcome to the best experience ı have in this presentation Where a variety of sections, easy and to understand is demonstrated   Analysis of 1000s of GitHub Projects
  • 24. 24 What Kind of Component You Are Depending On? Let’s Talk Open Source:
 Implications Guava Vault Junit 0% 25% 50% 75% 100% 4 32 256 2048 Number of user projects Rs:Ratioofuserprojectshavingsocialinteractions Palyart, Murphy, Masrani 2016, in progress
  • 25. 25 Set Your Expectations Let’s Talk Open Source:
 Implications 0 500 1000 1500 4 32 256 2048 Number of user projects Medianinvolvementtime Palyart, Murphy, Masrani 2016, in progress
  • 26. 26 Set Your Expectations Let’s Talk Open Source:
 Implications Technical dependence before social interaction Social interaction before technical dependence Palyart, Murphy, Masrani 2016, in progress
  • 27. 27 Set Your Expectations Let’s Talk Open Source:
 Implications 1 10 100 1000 10000 Social before technical Technical before social Numberofcontributions Palyart, Murphy, Masrani 2016, in progress
  • 28. START Keynote Presentation Template Welcome to the best experience ı have in this presentation Where a variety of sections, easy and to understand is demonstrated   Survey about Software Licenses
  • 29. 29 Know the Impact of Choosing an Open Source Component Let’s Talk Open Source:
 Implications John has been working on ToDoApp, his own personal task management
 application. ToDoApp is going to be a desktop-based application that will
 be used exclusively by John on his own computer. To make sure he does not
 lose any of his very special tasks, John is planning to use a lightweight
 library called LightDB to persist ToDoApp’s data.
 
 If LightDB is distributed under the following licenses, would John be
 allowed to use it as part of ToDoApp?
 
 GNU GPL 3.0
 GNU LGPL 3.0
 MPL 2.0 UnsureNoYes UnsureNoYes UnsureNoYes Almedia, Murphy, Wilson, Hoye, 2016, under submission
  • 30. 30 Know the Impact of Choosing an Open Source Component Let’s Talk Open Source:
 Implications If LightDB is distributed under the following licenses, would John be
 allowed to use it as part of ToDoApp?
 
 GNU GPL 3.0
 GNU LGPL 3.0
 MPL 2.0 Yes Yes Yes 375
 respondents Almedia, Murphy, Wilson, Hoye, 2016, under submission
  • 31. 31 Know the Impact of Choosing an Open Source Component Let’s Talk Open Source:
 Implications As the lead developer of a new product at GreatSoftware Inc., Laura decided to
 use an existing authentication library she found on the web called SafeAuth.
 She realizes that SafeAuth could be improved using a stronger cryptographic
 algorithm when storing users’ information. The product is going to be released
 under a commercial software license, but Laura would like to release the
 improved version of SafeAuth as open source.
 
 If SafeAuth is distributed under MPL, would Laura and her team be allowed to release the improved version of SafeAuth as open source.
 
 GNU GPL 3.0
 GNU LGPL 3.0
 MPL 2.0 UnsureNoYes UnsureNoYes UnsureNoYes Almedia, Murphy, Wilson, Hoye, 2016, under submission
  • 32. 32 Know the Impact of Choosing an Open Source Component Let’s Talk Open Source:
 Implications If SafeAuth is distributed under MPL, would Laura and her team be allowed to release the improved version of SafeAuth as open source.
 
 GNU GPL 3.0
 GNU LGPL 3.0
 MPL 2.0 No No Yes 375
 respondents Almedia, Murphy, Wilson, Hoye, 2016, under submission
  • 33. 33 The Take-Aways: Implications Let’s Talk Open Source Open source:
 use requires
 knowledge
  • 35. 35 The Take-Aways Let’s Talk Open Source Open source: does not mean free Open source:
 use requires
 knowledge Open source: the fabric on which software development occurs @gail_murphy