Tag Archives: open source

Avoid Lawyers — Track Your Licenses


October 14, 2011 By Tim O'Brien
Raise your hand if you’ve ever been involved in a contentious intellectual property dispute.   (Ok, put your hand down, this is a blog, and I can’t see you.)   I asked a room full of developers this question last year, and I saw that about 5-10% of the people in the room raised a hand.  My next question was, “Ok, those of you who raised your hand, keep them raised if you enjoyed the experience.”    Of course, this question was a setup, no one’s hand was in the air.     These developers and I share an experience — we’ve had to go through the arduous task of dissecting years of commit history and IP clearance to support litigation.  This experience is becoming more and more common (and complex) as many companies start to use open source software without understanding the ramifications of certain licenses.

As someone who has been through the process of supporting litigation I want to share my experience so that you understand what could happen when your organization incorporates OSS components under the wrong license or deals with code of questionable provenance. I’m writing this blog entry to convey the experience of being a developer who has to support litigation – it isn’t fun or productive, and it usually something that is completely avoidable.

Continue reading

Answers to your Questions about Insight


October 10, 2011 By Larry Roshfeld

We want to thank everyone that attended the webinar on Thursday, October 6 titled Open Source Goodness – Potential Risks = Insight. Unfortunately we didn’t have time to answer all the great questions during the event, so we’ve answered them here for everyone’s benefit. If you missed the webinar, you can register to view a replay here. Continue reading

Open Source Changes Fast. Can You Keep Up?


October 4, 2011 By Tim O'Brien

Bouncy Castle.   Do those words mean anything to you?   If you are a Java developer, you might know that Bouncy Castle is an encryption library often used to generate secure hash codes and encrypt data.  In other words, it is a silly project name for a serious purpose. Do you any know that old, released versions of Bouncy Castle have known security vulnerabilities?   I’m not writing this to cast a shadow of doubt on the project.  Bouncy Castle is an awesome open source library, as is the Spring framework, Commons HttpClient, Tomcat, and Jetty.   What Bouncy Castle has in common with all of these other open source components is that old versions of each project have known security vulnerabilities.

There’s a good chance that you might not be focused on this problem.   You might not be constantly evaluating your project’s dependencies to analyze the risks.
Continue reading

New Webinar: Open Source Goodness minus Potential Risks = Insight


September 26, 2011 By Emily Blades

Sonatype Insight™ helps development organizations gain better visibility and control over their use of open source components. With Insight, you’ll use open source freely while avoiding quality, security, or licensing issues. Insight was designed with developers in mind — it’s about productivity and quality, not bureaucracy and rework.

Attend our webinar on Thursday, October 6th at 10:30AM EDT (GMT-0400) to see how Insight:

  • Helps you manage component quality, security, and licensing
  • Integrates with your tools and processes
  • Monitors your applications so you’ll know when a new defect is discovered

Take 30 minutes and learn how you can build better software faster while avoiding unnecessary risks.

Register Now

All registrants will receive access to the recording after the event so if something comes up and you can’t make it, you won’t be missing out.