implications of open source software use (or let's talk open source)

Let’s Talk Open Source

Implications of Open Source Software Use

Gail C. Murphy University of British Columbia

Tasktop Technologies@gail_murphy

A restrictive license has been chosen given unpublished work, and descriptions of others work

Who Are You?

Code multiple days a week

Mostly Organize Coding

Something Else

3Let’s Talk Open Source

Here’s My Plan

Integral and Critical!

Managing Useá

Implications„

The Take-Aways

Open source: does not mean

Open source: use requiresknowledge

Open source: the fabric on which

software development occurs

STARTKeynote Presentation Template

Welcome to the best experience ı have in this presentation

Where a variety of sections, easy and to understand is demonstrated !

Integral and Critical

Supply of Open Source Components

Let’s Talk Open Source: Integral and Critical

suppliers total components

>105K >834K

( Java) central repository GitHub project dependences2015 State of the Software: Supply Chain Report (Sonatype)

Why Use Open Source Components?

build products (and other components) faster

higher-quality components

lower cost to (re)use

ongoing updates

Use of Open Source Components

17.2 Billion Requests Served

Java components in 2014

to >106K organizations

2015 State of the Software: Supply Chain Report (Sonatype)

What Happens When Open Source Components Fail?

https://xkcd.com/1354/

Economist, Apr 12, 2014

Even When Better Versions of Components Exist…

CVE-2007-6721CVSS 10Exploitability 10

since identification…

11,236 organizations have downloaded the vulnerable component 214,484 times

Even When Better Versions of Components Exist…

of 240,757 component downloads by large

financial or technology firms in 2014…

were of known defective part

and or those with a defective part, the defects were older than 2013

Availability Matters Too

The Take-Aways: Integral and Critical

Let’s Talk Open Source: Managing Use

Where a variety of sections, easy and to understand is demonstrated

Managing Use

Murphy, Personnel Correspondence, 2016

Interviews with Engineering Leaders

Open beforeClosed

Investigate open source - who else is using? - how many contributors? - support model? - security profile?

Know they might need to fork Some place committers on project

Murphy, Personnel Correspondence, 2016

Need for Controls

The Take-Aways: Managing Use

Implications

Analysis of 1000s of GitHub Projects

What Kind of Component You Are Depending On?

Let’s Talk Open Source: Implications

Junit0%

4 32 256 2048Number of user projects

Palyart, Murphy, Masrani 2016, in progress

Set Your Expectations

4 32 256 2048Number of user projects

Technical dependence before social interaction

Social interaction before technical dependencePalyart, Murphy, Masrani 2016, in progress

Social before technical Technical before social

Survey about Software Licenses

Know the Impact of Choosing an Open Source Component

John has been working on ToDoApp, his own personal task managementapplication. ToDoApp is going to be a desktop-based application that willbe used exclusively by John on his own computer. To make sure he does notlose any of his very special tasks, John is planning to use a lightweightlibrary called LightDB to persist ToDoApp’s data.If LightDB is distributed under the following licenses, would John beallowed to use it as part of ToDoApp?GNU GPL 3.0 GNU LGPL 3.0 MPL 2.0

UnsureNoYesUnsureNoYesUnsureNoYes

Almedia, Murphy, Wilson, Hoye, 2016, under submission

If LightDB is distributed under the following licenses, would John beallowed to use it as part of ToDoApp?GNU GPL 3.0 GNU LGPL 3.0 MPL 2.0

YesYes

Yes 375respondents

As the lead developer of a new product at GreatSoftware Inc., Laura decided touse an existing authentication library she found on the web called SafeAuth.She realizes that SafeAuth could be improved using a stronger cryptographicalgorithm when storing users’ information. The product is going to be releasedunder a commercial software license, but Laura would like to release theimproved version of SafeAuth as open source.If SafeAuth is distributed under MPL, would Laura and her team be allowed to release the improved version of SafeAuth as open source.GNU GPL 3.0 GNU LGPL 3.0 MPL 2.0

UnsureNoYesUnsureNoYesUnsureNoYes

If SafeAuth is distributed under MPL, would Laura and her team be allowed to release the improved version of SafeAuth as open source.GNU GPL 3.0 GNU LGPL 3.0 MPL 2.0

Yes 375respondents

The Take-Aways: Implications

Illustration copyright Nenov Brothers Images

/Shutterstock

The Take-AwaysLet’s Talk Open Source

@gail_murphy

implications of open source software use (or let's talk open source)

Software

open source, open minds

open source initiative: the open source definition

open source open standards

from open source software to open source hardware

let's open tourism for us

open source open learning

open-source hardware vs. open-source software

let's make open data awesome! (sxsw 2016 proposal)

open source philosophy - amazon...

open source, open data

open source @ scale mcaffer open... · open source @ scale...

open source best practices - plone cms: open source

let's predict the future: g2 open badges

formação open source - open source project pt

open source pharma workshop - what is open source pharma?

open source & open development

writing open source documentation for open source projects

open source primer/open source alternatives to photoshop

open source academy presentation on open source and...

presentasi data mining seminar open source "open year with...