On his blog, Josh Boyer looks at the choice of the 4.0 kernel for Fedora 22. While the underpinnings of the live kernel patching feature have been merged, even when it is fully operational it is probably not something that Fedora (and perhaps other distributions) will use often (or at all). “In reality, we might not ever really leverage the live patching functionality in Fedora itself. It is understandable that people want to patch their kernel without rebooting, but the mechanism is mostly targeted at small bugfixes and security patches. You cannot, for example, live patch from version 4.0 to 4.1. Given that the Fedora kernel rebases both from stable kernel (e.g. 3.19.2 to 3.19.3) and major release kernels over the lifetime of a Fedora release, we don’t have much opportunity to build the live patches.“
GNOME 3.16.1 Officially Released
The GNOME development team has announced the first point update for the GNOME 3.16.x branch, which comes with a fair number of changes and various improvements.
The GNOME 3.16 branch has been received very well by the Linux community, and there are already a number of distributions that have implemented it or at least have announced that they are going to adopt it. The GNOME devs are not standing still and they have announced the first point update for this latest stable br… (read more)
Ten New Members Join the AllSeen Alliance, Focus on IoT
The AllSeen Alliance, a cross-industry collaboration to advance the Internet of Everything (IoT) through an open source software project, today announced 10 new members are joining the initiative. Through collaborative development, Alliance members are looking to leverage their broad industry expertise to advance a common platform for devices, services and applications within the Internet of Everything. Back in February, we interviewed the Alliance’s senior director of IoT, Philip DesAutels (shown), who said, “We are building out an open source software project that delivers code that will help people build interoperable tools and devices.”
The new Alliance members will help keep open standards and open source functioning as glue as the Internet of Things evolves.
Canonical Publishes User Friendly Changelog for Ubuntu Touch
Ubuntu Touch has received quite a few fixes in the past few weeks, and now Canonical has decided to make the changelog much clearer for regular users.
Ubuntu devs are preparing to close the current RTM branch for Ubuntu Touch and they have made a number of important changes and improvements to the operating systems. An upcoming OTA update will be available soon, so it’s good to see exactly what’s different from previous releases.
Most of the updates made until now haven’… (read more)
Corporate Open Source Participation Reaches All-Time High, But More Formal Management Needed
Bill Weinberg is Senior Director of Open Source Strategy at Black Duck Software.
Over the last decade, companies have increasingly leveraged open source software (OSS) solutions and participated in OSS communities to reduce costs, speed development, and drive innovation. The growth of projects has made OSS more accessible to enterprises and OEMs, and multiplied its impact across many industries. The results from the 2015 Future of Open Source Survey — sponsored by Black Duck Software and North Bridge — confirm this trend, that the rate of adoption and participation by companies of all sizes has reached an all-time high.
Even end users and companies that have historically bucked this trend, lagging behind with legacy, proprietary technologies, are participating in open source projects. This new embrace of open source arises from the realization that organizations face a competitive disadvantage if not involved in open source development.
While the 2015 Future of Open Source Survey found that OSS has become the default approach for the majority of organizations, it also exposed the scary fact that most have no formal management for open source use or policies and procedures to monitor potential open source-related security and compliance risks.
Record Corporate Use of Open Source
Corporate use of open source has been on the rise for years, and this year’s Future of Open Source Survey results serve as further proof of that trend. Seventy-eight percent of this year’s respondents said their companies run part or all of operations on OSS, with 66 percent reporting their company creates software for customers built on open source – up from the 42 percent in 2010 who said they used open source in the running of their business or IT environments. A staggering 93 percent stated their organization’s usage of open source had increased or remained the same in the past year.
Companies Are Contributing Back to the Community
Companies like Facebook, Netflix, and even Microsoft have made headlines recently for their consumption of open source, in addition to their contributions back to key OSS projects. And, according to this year’s survey results, they’re not the only ones.
Sixty-three percent of respondents said their companies currently participate in open source projects (up 14% from 2014), and over the next 2-3 years 88 percent are expected to increase contributions to open source. These high rates of open source use and participation beg the question: what benefits do these organizations gain from their increased OSS adoption and community involvement?
The Open Source Advantage
As the need for top technical talent becomes paramount across most industries, open source is increasingly recognized as a way to attract and retain the best developers. In fact, more than 50 percent of respondents said participating in open source projects helps their companies find and recruit developer talent.
Beyond recruiting, open source solutions are believed to provide companies with superior security (54%), ability to scale (58%), and competitive features (43%) versus proprietary alternatives. Over the next 2-3 years, the gap between the benefits of open and closed source technologies is expected to widen even further.
On a macro level, survey responses reveal that OSS will impact the biggest current technology trends: cloud computing (39%), big data (35%), and IoT (31%). With the aforementioned benefits of open source, it’s easy to see why.
The Need for Formal Corporate Open Source Policies and Processes
Still, as open source usage grows, this year’s survey found a lack of formal OSS policies, management, and governance.More than 55 percent said they have no formal policies or procedures for open source consumption, and only 27 percent report having a formal policy for employee contributions to OSS projects.
When it comes to management of open source code, a mere 16 percent of respondents reported having an automated code approval process in place, and less than 42 percent maintain an inventory of open source components. With companies integrating and managing thousands of OSS components across dozens of daily builds, handwritten logs and spreadsheets can leave business-critical applications and infrastructure exposed to both security and compliance risks.
Security Scare
More than 50 percent aren’t satisfied with their ability to comprehend the security vulnerabilities present in the OSS components they integrate and deploy, and only 17 percent plan to monitor open source code for security vulnerabilities. Considering that on average, more than 30 percent of software deployed in most enterprises is OSS, these findings validate what we already knew: few organizations have badly needed visibility into open source usage. With more than 4,000 new open source vulnerabilities reported each year, understanding which open source components are used in context across an organization is critical.
This reported lack of corporate polices and processes for open source management and vulnerabilities can potentially expose companies to unnecessary compliance, security, and operational risks. Companies need management and governance of open source to catch up to their usage in order to reduce these risks while continuing to reap the many clear benefits of OSS.
More Corporate Participation = Increased OSS Quality and Security
There is no longer such a thing as proprietary software – all types of modern technology, even heretofore proprietary ones, integrate and/or have dependencies upon open source. That being said, open source must be sensibly managed to minimize risk to business operations, risk from legal issues, and from security threats. Companies need to evolve open source practices from mere consumption to managing and securing open source through appropriate policies and processes, and ultimately to increasing community participation to guide project development and reap greater benefit from the OSS technologies they use.
Black Duck is not alone in making these recommendations. The Future of Open Source Survey results highlight record levels of corporate participation in open source, as well as the greater impact it is having on technology and security. The reported lack of formal company policies and processes for OSS consumption, however, points to a need for management and security practices to catch up with this growth in investment and use.
For more insights into emerging trends in open source, read the full 2015 Future of Open Source Survey Results, which offers statistics from 1,300 industry influencers.