Open Source Delivers

You know that analyzing your code for known open source is important. But now what? What’s the best way to integrate open source code analysis into your software development lifecycle? The answer, of course, is: it depends! There are a number of choices to consider, but no one right answer. When you’re doing multi-source development, [...]

There are great parallels between were I started my career in the hardware world and the way software development has evolved. After last week’s Linux Collaboration Summit where I talked to a lot of people about “software supply chains,” I can’t get them off my mind. The earliest days of digital electronics involved designing at [...]

The concept of super communities and industries organizing together to collaboratively solve problems is highly relevant to HP and our most important community – our customers. HP works closely – and continuously – with customers to help their businesses grow and open source software continues to play an increasingly important role. We believe it is [...]

When Olliance first developed the Open Source Maturity model, we originally had seven disciplines that were primarily internally focused.  However, it quickly became apparent that we needed to expand the maturity model and look beyond an organization’s internal software development processes, so we added Supply Chain Management as the eighth discipline. Managing the introduction of [...]

My team and I review tens of thousands of projects, their descriptions, their licenses and how they are referenced each year – it is our passion and our job.  As part of this work, I recently reviewed a set of data in Maven Central and noticed a plethora of different Apache Licenses… or, more precisely, [...]

This year, 2011, was one of the most active years in legal developments in FOSS. This activity reflects the increase in FOSS use: Laura Wurster of Gartner, noted in the Harvard Business Review blog that open source has hit a “strategic tipping point” this year with companies increasingly focused on using “open source” software for [...]

Over the last few months, I’ve had the opportunity to participate in various Software Package Data Exchange (SPDX) standard working groups. Most of my time has been dedicated to the SPDX technical work group, and I’ve also participated in the business work group, and, to a lesser extent, the legal work group.  In this capacity, [...]

As many of you know, the SPDX standard can revolutionize the software supply chain.  Finally, parties in the software supply chain will be able to communicate, in a standard way, the software bill of materials for the packages they receive and potentially redistribute; in other words, they will focus on what’s in the code.  This is [...]