Martin is the Open Source Editor of ITAM Channel and has over 20 years’ experience in the software industry specialising in software licensing, IT Governance and risk avoidance. He has seen the challenges of risk management related to various aspects of the software ecosystem. In the past, Martin has worked for Microsoft Limited, FrontRange Solutions, Centennial Software, Snow Software and Express Metrix Limited.
Martin is now focussed on assisting organisations leveraging the benefits of open source software to create bespoke applications in house or through third parties while managing the business risks of intellectual property, open source component licensing, copyrights, security vulnerability management, and operational risk. The result for organisations should be a process of continuous compliance solution alongside a company’s DevOps process.
One of the most effective tools for finding and addressing such vulnerabilities and keeping software secure is the software bill of materials (SBOM). Ensuring strong software security and integrity has never been more important because software drives the modern...
More and more vehicle functions are implemented by software, the industry speaks of “Software Defined Vehicle” (SDV). Therefore, many OEMs are investing massively in new software platforms in the vehicle. As part of their SDV strategy, OEMs are primarily focused in...
By lowering the cost barriers for startups, neobanks, and even established organisations to swiftly prototype and introduce innovative solutions while keeping control of their own source code, the “Brankas Open” licence hopes to promote innovation in digital banking...
A software Bill of Materials or SBOM provides transparency into an organization’s software, protecting it from supply chain risks. Just because the component you add to your application is secure today doesn’t mean that the application will still be secure tomorrow....
Fedora, the popular Linux distribution, will no longer incorporate software licensed under CC0, the Creative Commons "No Rights Reserved" license. In order to support the wide re-use of copyrighted content in new works, CC0 provides authors "a way to waive all their...
Ciara details how and when to generate an SBOM with the help of open-source tooling. Learn how to host SBoMs, as well as other SBOM considerations. Generating and Hosting SBOMs The first step to securing your software is knowing what is in your software. Generating a...
The US president has issued an executive order to improve cyber security, which has ramifications across the software development supply chain. A major area of concern for IT security teams is how to tackle the challenges posed by the increasing use of third-party...
Software supply chain attacks show no sign of slowing and can have devastating consequences. These attacks can expose organizations and their customers to greater risk when an attack on a third party's software supply chain unknowingly compromises their systems. Many...
A US federal district court decision in California favoring database biz Neoj4 is incorrect and imperils free open-source software, according to the Software Freedom Conservancy. Neo4j Enterprise Edition (EE) was at first offered under both a paid-for commercial...
A new report from the Linux Foundation shines a light on the progress and adoption of software bill of materials (SBOMs), at a time when private and public bodies alike are striving to expedite the responses to newly-discovered vulnerabilities. An SBOM is basically...
The recent Log4j vulnerability has exposed systemic problems in how businesses, and the community at large, audit their software. Early indications show the Log4j vulnerability was being weaponized and exploited days before the news broke about its existence....
Today, the automotive industry is at the brink of a step-change in how we think about software. And it will very likely lead to a software-driven revolution that results in software-defined vehicles. Similar to the way controller area networks (CANs) changed electric...
Software Freedom Conservancy announced today it has filed a lawsuit against Vizio Inc. for what it calls repeated failures to fulfill even the basic requirements of the General Public License (GPL). The lawsuit alleges that Vizio’s TV products, built on its SmartCast...
A few hours ago, Dick Brooks of Reliable Energy Analytics sent around a link to an important announcement on Microsoft’s developer blog, to the main mailing list for the NTIA software component transparency initiative. Not being an avid follower of developer blogs, I...
The idea of a software bill of materials (SBOM) is a hot topic these days. The National Institute for Standards and Technology (NIST) and the National Telecommunications and Information Administration (NTIA), both parts of the US Department of Commerce, have been...
In 2013 the Linux Foundation started the OpenChain Project led by Shane Coughlan. The project sought to define an effective specification for open source license compliance throughout the software supply chain. In December 2020 OpenChain was ratified and published as...
The OpenChain Project In 2013 the Linux Foundation started the OpenChain Project led by Shane Coughlan. The project sought to define an effective specification for open source license compliance throughout the software supply chain. So why is compliance important?...
2020 fundamentally changed how many companies and teams work—seemingly overnight, remote-first cultures became the new norm and people had to change how they communicate and collaborate. However, for those of us who have been deeply engaged in open source, remote work...
The Linux Foundation, Joint Development Foundation and the OpenChain Project are delighted to announce the publication of ISO/IEC 5230:2020 as an International Standard. Formally known as OpenChain 2.1, ISO/IEC 5230:2020 is a simple, clear and effective process...
Open Source Software (OSS) development is really coming to the fore and is the most widespread route for software development today. Up to 90% of all code in software applications today is Open Source – a tremendous development that has taken place over the last...
Our analysis of 1,250+ codebases reveals trends in open source use, security, and license compliance that affect development, security, and legal teams. On May 12, Synopsys released the fifth edition of our Open Source Security and Risk Analysis (OSSRA) report, which...
We’re living at a time of heightened awareness of how each of us needs to help protect others from risk. Collaboration, always important, is taking on new meaning today. Collaboration is crucial in the effective management of open source software, as well. At the...
Gartner’s report, Technology Insight for Software Composition Analysis, makes four recommendations to improve software security. The first is to ensure a software bill of materials (or SBOM) exists for every software application; an SBOM illuminates all component...
According to a report by sdx central, the Linux Foundation has formed a new open source code licensing program called Automated Compliance Tooling (ACT) that will be headed by Google, VMware, and Siemens. The program will look to manage the responsibility and...
The OpenChain Project establishes trust in the open source from which software solutions are built. It accomplishes this by making open source license compliance simpler and more consistent. The OpenChain Specification defines inflection points in business workflows...
OpenChain Conformance allows organizations to display their adherence to the set of requirements LG said that it has been carrying out various activities for open source compliance with professional manpower since 2007 LG Electronics has launched an OpenChain...
With a software bill of materials (software BOM), you can respond quickly to the security, license, and operational risks that come with open source use. A software bill of materials is a list of all the open source and third-party components present in a codebase. A...
Learn about the top open source licenses used by developers, including the 20 most popular open source licenses, and their legal risk categories. If you’re a software developer, you probably use open source components and libraries to build software. You know those...
Using open source software is commonplace, with only a minority of companies preferring a proprietary-first software policy. Proponents of free and open source software (FOSS) have moved to the next phases of open source adoption, widening FOSS usage within the...
Licensing is what holds open source together, and ClearlyDefined takes the mystery out of projects' licenses, copyright, and source location. Open source use continues to skyrocket, not just in use cases and scenarios but also in volume. It is trivial for a developer...
Synopsys, Inc has released the 2019 Open Source Risk and Security Analysis (OSSRA) report. The report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,200 audits of commercial applications and libraries, performed by...
Leading Japanese Information and Communication Technology Company to Support Industry’s Only Open Source Compliance Standard, OpenChain, for Collaboration Across Supply Chains The OpenChain Project, which builds trust in open source by making open source license...
In an effort to put their money where their software is, the European Commission has announced that they will dedicate some €850,000 towards paying for bugs discovered in 14 different commonly used open source projects including Apache Tomcat and Kafka, FileZilla, and...
By joining OpenChain, Microsoft takes another big step forward in being fully open-source friendly OpenChain, I would argue, is the most important open-source project you've never heard of before. This Linux Foundation consortium provides an industry standard for...
It has been an interesting year for open-source software makers. The primary commercial sponsors and/or individual contributors to projects as game-changing and as popular as Apache Kafka, MongoDB and Redis, among many others, may now be asking themselves if they are...
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, on Wednesday announced the formation of the new Automated Compliance Tooling (ACT) project. Using open source code comes with a responsibility to comply with the terms of...
The future of open source is looking brighter than ever with corporate buy-in. Given the speed with which technology is evolving, we thought it would be interesting to ask IT executives to share their thoughts on 2018 surprises and 2019 predictions. Here's what they...
Red Hat, Inc. has announced that Adobe, Alibaba, Amadeus, Ant Financial, Atlassian, Atos, AT&T, Bandwidth, Etsy, GitHub, Hitachi, NVIDIA, Oath, Renesas, Tencent, and Twitter have joined an ongoing industry effort to combat harsh tactics in open source license...
As threats increase, the time has come to put a full-blown structure in place that turns reactive steps into a proactive protection strategy on OSS. The use of Open Source Software (OSS) is on the rise, with more than 95 per cent of applications today using it. There...
IBM has agreed to a deal to acquire open source software giant Redhat for $34 billion to gain power in enterprise cloud services Competition in cloud computing has lead IT giants to carry out huge acquisitions. IBM, often called the big blue, will now wear a red hat...
By joining the Open Invention Network, Microsoft is offering its entire patent portfolio to all of the open-source patent consortium's members. Several years ago, I said the one thing Microsoft has to do -- to convince everyone in open source that it's truly an...
Opensource.com notes that, due to their widespread use, open source languages will enable and undergird many technological innovations. As part of almost every business today, that includes innovations within your own organization. Coders of all stripes (developers,...
When it comes to open source licenses, it's best to stick with tried and true models. Here's why It's not that the originators of the Open Source Definition were geniuses. Nor is it the case that they necessarily figured out The Only True Open Source Licenses from the...
While this article on Open Source Software from Mayer Brown is directed towards a specific industry, the automotive, the challenges and considerations are significant and are valid across any industry. Automobiles are becoming part of the Internet of Things....
We seem to be very confused about what constitutes an "open source company." Tobie Langel has asked if Mozilla and Microsoft are open source companies. The majority (78%) think Mozilla is, and an almost equivalent percentage (67%) think Microsoft is not. Yet,...
More than half of companies surveyed for a new study have established open source program offices or plan to create one in the next year. Growing open-source software use inside businesses is causing more companies to create formal open-source program offices within...
Microsoft has offered $7.5 billion to acquire GitHub, a software company unknown to most people, but on which programmers, developers, and other techies depend. GitHub is the dominant open source platform that provides a repository and version control systems used by...
A new open-source license addendum, Commons Clause, has lawyers, developers, businesses, and open-source supporters fighting with each other. Most people wouldn't know an open-source license from their driver's license. For those who work with open-source software,...
By Sacha Labourey I, for one, welcome our augmented overlords. If you've never stopped to think about how FOSS got started, take a look at its unusual origins. I've been recently thinking about the evolution of open source, associated business models, and market...
The Apache Software Foundation’s legal group is an interesting microcosm in which to study open source license issues. Generally, what the Apache Software Foundation (ASF) deems good is good for companies looking to consume open source, and what’s not is not. So their...
Drag and Drop desktop tool helping WhiteSource promote responsible use of open source technology WhiteSource announced today the release of its Vulnerability Checker, a free tool that can detect if your products contain any of the 50 most critical open source...
An effort to promote balanced licensing rules for open source software is gaining momentum with the addition of 14 new companies adopting guidelines designed primarily to reduce compliance errors. Open source leader Red Hat (NYSE: RHT) announced Monday (July 16) that...
“Why is open source important? That’s like asking why is gravity important,” stated Brian Behlendorf, a leading figure in the open-source software movement, and executive director for the blockchain consortium Hyperledger. While this year marks the 20th anniversary of...
Red Hat-initiated open-source projects, which use GPLv2 or LGPLv2.1, will be expected to add GPLv3's cure commitment language to their licenses. From outside programming circles, software licensing may not seem important. In open-source, though, licensing is all...
Red Hat Inc announced that six additional companies have joined efforts to promote greater predictability in open source licensing. These marquee technology companies – CA Technologies, Cisco, HPE, Microsoft, SAP, and SUSE – have committed to extending additional...
“The growth in open source use did not mean an equivalent growth in open source risk management” As part of Synopsys’ software composition analysis (SCA) offerings, the Black Duck On-Demand audit services group performs open source security audits for organisations...
Open source licence non-compliance is a major risk for companies of all sizes. This is according to the 2018 Open Source Security and Risk Analysis (OSSRA) report compiled and published recently by the Synopsys Centre for Open Source Research and Innovation The OSSRA...
Tesla has been taking some flak for years now in the software community for using open source software without complying with the licenses. In a step toward compliance, Tesla is now releasing some parts of its software, which is going to be useful to Tesla hackers and...
Software is eating the biotechnology world. Managers in the traditional biotechnology sector may not be familiar with open source software and related compliance issues, but these issues are bound to come up as they develop technology solutions to the problems of...
A top Linux security programmer, Matthew Garrett, has discovered Linux in Symantec's Norton Core Router. It appears Symantec has violated the GPL by not releasing its router's source code. For years, embedded device manufacturers have been illegally using Linux....
Today Microsoft is pleased to join RedHat, Facebook, Google, IBM, CA Technologies, Cisco, HPE, SAP, and SUSE, to announce that it is making an open source license commitment designed to help licensees overcome common mistakes in using open source software....
Linux has beaten many legal challenges over the years, but until now, it hasn't had to win a battle over one of its own. In a German court earlier this week, former Linux developer Patrick McHardy gave up on his Gnu General Public License version 2 (GPLv2) violation...
We take a look at how development teams can move to a DevSecOps way of working to put security into their software as early as possible in the SDLC. Organizations are focused on releasing software faster to stay ahead of the competition. Software development processes...
Open-source software has revolutionized the computing in the past few decades. Have an Android smartphone? That uses open-source software. The server hosting this website is running open-source software. Parts of macOS use open-source software. Same with the iPhone. I...
It’s important to say this up front. Mark Curphey loves open source software. “I’m a big fan, and always have been,” the founder and CEO of the security startup SourceClear says. After all, what’s not to like about people pulling together in the same direction for the...
Open-source operating systems have been in use for decades. Once a mystery to all but the most computer savvy users, these operating systems have come a long way in terms of usability and convenience for the modern computer user. With many Linux distributions offering...
Red Hat, Facebook, Google, and IBM commit to providing a fair cure period to correct open source GPLv2 software license compliance issues. The GNU Public License version 2 (GPLv2) is arguably the most important open-source license for one reason: It's the license...
More companies today are certainly going the open-source route, especially since the technology has officially won over closed-source, proprietary, off-the-shelf software. Fifteen years ago, when a company would purchase a proprietary software license from a vendor...
Itasca, IL - Nov 7, 2017 - Flexera, the company that’s reimagining how software is bought, sold, managed and secured, today announced an unprecedented open source security offer for InstallShield owners, in celebration of its 30th anniversary. InstallShield is the...
In late September, an official blog post published by Menlo Park, CA-based social media giant Facebook (NASDAQ:FB) and penned by Adam Wolff, the company’s engineering director, announced that the company would be adopting a software license agreement known as the MIT...
The Open Source Initiative today announced that Microsoft has joined the organisation as an official sponsor. Founded in 1998, the Open Source Initiative is one of the most effective advocates for open source software, emphasising education, collaboration, and...
Facebook has decided to change the React license from BSD+Patents to MIT to make it possible for companies to include React in Apache projects, and to avoid uncertain relationship with the open source community. Adam Wolff, an Engineering Director at Facebook, has...
Many developers in the Linux community have concerns about the copyright activities of Patrick McHardy. Here are answers to common questions. Many in the open source community have expressed concern about the activities of Patrick McHardy in enforcing the GNU General...
Over the last 10 years, open source has drastically transformed the way enterprises acquire and deploy software to support their operations. As general counsel for an open source and commercially licensed software company, I have been asked by hundreds of customers to...
Everyone wants to hop on the bandwagon of Open Source application development for the most obvious reason, eliminating commercial software licensing costs. However, an organization’s decision-makers need to consider a much more complicated set of Open Source...
Oracle is pursuing the idea of expanding its software lineup to include a linux operating system. the revelation comes from an interview Oracle's CEO, Larry Ellison, did with the financial times. according to the article, Ellison is eager for Oracle to have its own...
Almost every modern car feature — such as speed monitoring, fuel efficiency tracking, and monitoring fuel levels — is digitised. But is the software secure? A revolution is underway in the automotive industry. The car is no longer simply a means of getting from here...
CoKinetic Systems Corporation filed suit against Panasonic Avionics Corporation, seeking damages in excess of $100 million, in part, for violation of the GPL v2 open source license. CoKinetic alleged that Panasonic blocked competitors from having the ability to...
When the South Korean developer of a suite of productivity apps called Hancom Office incorporated an open-source PDF interpreter called Ghostscript into its word-processing software, it was supposed to do one of two things. To use Ghostscript for free, Hancom would...
The District Court for the Northern District of California1 recently issued an opinion that is being hailed as a victory for open source software. In this case, the court denied a motion to dismiss a lawsuit alleging violation of open source licenses, paving the way...
Managing and Securing IoT and Embedded devices is becoming a critical factor for organizations. An organization should not rely on the vendors to build secure products that can be connected to corporate networks and/or devices as described in the last post. This White...
Free book, cregit tool, and FOSSology 3.1 support GPL compliance The Linux Foundation and Free Software Foundation Europe (FSFE) today announced new resources to help with free and open source software (FOSS) license identification and compliance. They include: The...
Open Source Security and Risk Analysis reveals ineffectiveness across industries; Retail, E-commerce, FinTech audits show highest risk to open source security vulnerabilities Black Duck, the global leader in automated solutions for securing and managing open source,...
While open sourcing a project, one needs a license so that the terms distribution, linking, modification, private use, etc., can be automatically taken care of. There are many open source licenses to choose from, some of them being MIT, GNU GPL, Apache 2.0, Creative...
Google's new open source site provides a variety of resources, ranging from easier discovery of projects to help individual developers, to a peek under the hood at its internal processes that can serve as guidance for enterprises looking to further their own...
The OpenSSL project, possibly the most widely used open-source cryptographic software, has a license to kill – specifically its own. But its effort to obtain permission to rewrite contributors' rights runs the risk of alienating the community that sustains it. The...
The previous article in this series covered how to establish a baseline for open source software compliance by finding exactly which open source software is already in use and under which licenses it is available. But how do you make sure that future revisions of the...
Should the U.S. armed forces begin releasing software under an OSI approved open source license rather than as public domain? This question has generated many pixels’ worth of traffic on the OSI License discuss email list. This post is just a brief summary of a little...
The UK’s Government Digital Service (GDS) will renew its focus on the creation of open source reusable software projects, says Anna Shipman, GDS’ Open Source Lead. It is a subtle shift from making source code publicly available - the default of the past five years, to...
The US Department of Defense wants you to contribute unclassified code to open-source software projects developed in support of national security. Toward that end, it has launched Code.mil, which points to a Github repository intended to offer public access to code...
Summary: IBM’s poisonous policy on patents, which has long been incompatible with Free/Libre software, has gotten even worse and the company now takes the lead in lobbying for patenting of software. The “Open Invention Network,” Florian Müller told me a few hours ago...
Jono Bacon on the state of open source licensing; A little while ago I saw an interesting tweet from Stephen O'Grady at RedMonk on the state of open source licensing, including a graph. The graph shows how license usage has changed from 2010 to 2017. In reading it, it...
What happens when codes are released under an open source license? Has the developer in effect written off his right to the code? Can a developer of open source software enforce his rights, or has he released his code to the world free of charge? Firstly, it depends...
It was recently reported that Oracle will begin to enforce commercial terms on customers who thought they were using free Java software. However, companies using Java may not even realize they should be paying for the software in the first place – since most think it...
There are numerous Open Source Software (OSS) licences available today. These licences generally fall into one of two categories, Permissive licences which allow the software to be reused in any project as long as obligations of the licences are met or Copyleft...
This document is an OpenUK & OFE / COIS initiative supported by contributions from FSFE, EU and UK Open Source communities. Editorial provided by Stuart J Mackintosh, Basil Cousins and Martin Callinan SFE, EU and UK Open Source communities. This document is...
ITAM Channel brings the best news and views from the ITAM industry. Sign up for the newsletter and get them straight to your inbox