I had lunch yesterday with one of our team here who is originally from Russia, and I asked about the current conflict in Georgia. His comments were insightful, and not exactly what we hear as we listen to media reports. Maybe in a future post, I’ll get into those. But the discussion raised my attention level in general. That evening I read a small story in the WSJ on the disruption of internet services on Georgian government sites and raised the question “is cyberattack an act of war?”.

Yesterday’s appeals court decision as reported this morning in the New York Times is a milestone for the open source world. As with many inflection points, the actual event seems pretty modest – in this case having to do with software for model trains. But the impact is large. It reinforces the rights of creators and authors to supply their work under whatever terms they wish.

For the past two days I've been back and forth between the OSBC event and the office. I've been particularly interested in the sessions on governance and legal challenges related to open source adoption. What's fascinating about these talks isn't so much what's in the content, but what's missing. There is a lot of talk, still, about open source licensing issues but very few lawyers made the connection between due diligence in security and legal issues for the organization.

As we sit on the cusp of Q2 2008, we are far enough along in the year to see that we are indeed traveling in the right direction as an industry, as a community and as an organization. The question is no longer "What is open source?" nor is it "Am I using open source?" it is now, "How can I best manage my open source?" It has moved from its past as backroom Voodoo programming to become common place. The significant shift in both understanding and use can best be described as the "next generation of open source" - more prevalent, more robust, more secure.

One of the most oft asked questions in 2007 had to be, "What are the barriers to open source adoption?" It was asked by analysts, lawyers, IT Managers, security executives, developers, potential customers, and industry veterans. I know we asked it several times ourselves. There are many definitions of the word "adoption", and as you'd probably guess most have to do with the parent-child relationship. Even in that context though, there is still an aspect of the definition that fits.

By now you've probably seen HP's FOSSology announcement. It's an initiative that they say will, "facilitate the study of Free and Open Source Software by providing free data analysis tools". It's a welcome addition to the open source world, and is evidence of the growth of a robust ecosystem of tools and information. Open source is how software is done today.

New Year's Greetings from all of us at Palamida!

For year-end 2007, we have compiled the Top 5 Most Overlooked Open Source Vulnerabilities encountered during 2007. We came up with this list after reviewing over 300 million lines of code and spending literally thousands of hours of analysis across a wide range of industries - including technology, financial services and government, among others.

...And it was vague or unintelligible, would it still be enforceable?

Martin LaMonica's article, "Linux defenders go after more alleged GPL3 offenders," marks the line drawn in the sand between, "What the heck is open source?" and "We better not be using any GPL3!"

While I can't intelligently comment on whether the content of the GPL is good or bad, oppressive or otherwise, I will say that these lawsuits are proof positive that the purported "FUD" surrounding the importance of open source license audits is in fact, real.