implications of open source software use (or let's talk open source)
TRANSCRIPT
![Page 1: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/1.jpg)
Let’s Talk Open Source
or…
Implications of Open Source Software Use
Gail C. Murphy University of British Columbia
Tasktop Technologies@gail_murphy
A restrictive license has been chosen given unpublished work, and descriptions of others work
![Page 2: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/2.jpg)
2
Who Are You?
Let’s Talk Open Source
Code multiple days a week
Ü
Mostly Organize Coding
Ü
Something Else
Ü
![Page 3: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/3.jpg)
3Let’s Talk Open Source
Here’s My Plan
Integral and Critical!
Managing Useá
Implications„
![Page 4: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/4.jpg)
4
The Take-Aways
Let’s Talk Open Source
Open source: does not mean
free
Open source: use requiresknowledge
Open source: the fabric on which
software development occurs
![Page 5: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/5.jpg)
STARTKeynote Presentation Template
Welcome to the best experience ı have in this presentation
Where a variety of sections, easy and to understand is demonstrated !
Integral and Critical
![Page 6: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/6.jpg)
6
Supply of Open Source Components
Let’s Talk Open Source: Integral and Critical
suppliers total components
>105K >834K
( Java) central repository GitHub project dependences2015 State of the Software: Supply Chain Report (Sonatype)
![Page 7: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/7.jpg)
7
Why Use Open Source Components?
Let’s Talk Open Source: Integral and Critical
build products (and other components) faster
higher-quality components
lower cost to (re)use
ongoing updates
![Page 8: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/8.jpg)
8
Use of Open Source Components
Let’s Talk Open Source: Integral and Critical
17.2 Billion Requests Served
Java components in 2014
to >106K organizations
2015 State of the Software: Supply Chain Report (Sonatype)
![Page 9: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/9.jpg)
9
What Happens When Open Source Components Fail?
Let’s Talk Open Source: Integral and Critical
https://xkcd.com/1354/
![Page 10: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/10.jpg)
10
What Happens When Open Source Components Fail?
Let’s Talk Open Source: Integral and Critical
https://xkcd.com/1354/
![Page 11: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/11.jpg)
11
What Happens When Open Source Components Fail?
Let’s Talk Open Source: Integral and Critical
https://xkcd.com/1354/
![Page 12: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/12.jpg)
12
What Happens When Open Source Components Fail?
Let’s Talk Open Source: Integral and Critical
Economist, Apr 12, 2014
![Page 13: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/13.jpg)
13
Even When Better Versions of Components Exist…
Let’s Talk Open Source: Integral and Critical
CVE-2007-6721CVSS 10Exploitability 10
since identification…
11,236 organizations have downloaded the vulnerable component 214,484 times
2015 State of the Software: Supply Chain Report (Sonatype)
![Page 14: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/14.jpg)
14
Even When Better Versions of Components Exist…
Let’s Talk Open Source: Integral and Critical
2015 State of the Software: Supply Chain Report (Sonatype)
of 240,757 component downloads by large
financial or technology firms in 2014…
were of known defective part
and or those with a defective part, the defects were older than 2013
7.5%
66%
![Page 15: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/15.jpg)
15
Availability Matters Too
Let’s Talk Open Source: Integral and Critical
![Page 16: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/16.jpg)
16
The Take-Aways: Integral and Critical
Let’s Talk Open Source: Managing Use
Open source: the fabric on which
software development occurs
![Page 17: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/17.jpg)
STARTKeynote Presentation Template
Welcome to the best experience ı have in this presentation
Where a variety of sections, easy and to understand is demonstrated
Managing Use
á
![Page 18: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/18.jpg)
18
Murphy, Personnel Correspondence, 2016
Interviews with Engineering Leaders
SME
4 1 2
![Page 19: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/19.jpg)
19
Interviews with Engineering Leaders
Let’s Talk Open Source: Managing Use
Open beforeClosed
Investigate open source - who else is using? - how many contributors? - support model? - security profile?
Know they might need to fork Some place committers on project
Murphy, Personnel Correspondence, 2016
![Page 20: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/20.jpg)
20
Need for Controls
Let’s Talk Open Source: Managing Use
![Page 21: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/21.jpg)
21
The Take-Aways: Managing Use
Let’s Talk Open Source
Open source: does not mean
free
![Page 22: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/22.jpg)
STARTKeynote Presentation Template
Welcome to the best experience ı have in this presentation
Where a variety of sections, easy and to understand is demonstrated
Implications
„
![Page 23: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/23.jpg)
STARTKeynote Presentation Template
Welcome to the best experience ı have in this presentation
Where a variety of sections, easy and to understand is demonstrated
Analysis of 1000s of GitHub Projects
![Page 24: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/24.jpg)
24
What Kind of Component You Are Depending On?
Let’s Talk Open Source: Implications
Guava
Vault
Junit0%
25%
50%
75%
100%
4 32 256 2048Number of user projects
Rs:
Rat
io o
f use
r pro
ject
s ha
ving
soc
ial i
nter
actio
ns
Palyart, Murphy, Masrani 2016, in progress
![Page 25: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/25.jpg)
25
Set Your Expectations
Let’s Talk Open Source: Implications
0
500
1000
1500
4 32 256 2048Number of user projects
Med
ian
invo
lvem
ent t
ime
Palyart, Murphy, Masrani 2016, in progress
![Page 26: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/26.jpg)
26
Set Your Expectations
Let’s Talk Open Source: Implications
Technical dependence before social interaction
Social interaction before technical dependencePalyart, Murphy, Masrani 2016, in progress
![Page 27: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/27.jpg)
27
Set Your Expectations
Let’s Talk Open Source: Implications
1
10
100
1000
10000
Social before technical Technical before social
Num
ber o
f con
trib
utio
ns
Palyart, Murphy, Masrani 2016, in progress
![Page 28: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/28.jpg)
STARTKeynote Presentation Template
Welcome to the best experience ı have in this presentation
Where a variety of sections, easy and to understand is demonstrated
Survey about Software Licenses
![Page 29: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/29.jpg)
29
Know the Impact of Choosing an Open Source Component
Let’s Talk Open Source: Implications
John has been working on ToDoApp, his own personal task managementapplication. ToDoApp is going to be a desktop-based application that willbe used exclusively by John on his own computer. To make sure he does notlose any of his very special tasks, John is planning to use a lightweightlibrary called LightDB to persist ToDoApp’s data.If LightDB is distributed under the following licenses, would John beallowed to use it as part of ToDoApp?GNU GPL 3.0 GNU LGPL 3.0 MPL 2.0
UnsureNoYesUnsureNoYesUnsureNoYes
Almedia, Murphy, Wilson, Hoye, 2016, under submission
![Page 30: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/30.jpg)
30
Know the Impact of Choosing an Open Source Component
Let’s Talk Open Source: Implications
If LightDB is distributed under the following licenses, would John beallowed to use it as part of ToDoApp?GNU GPL 3.0 GNU LGPL 3.0 MPL 2.0
YesYes
Yes 375respondents
Almedia, Murphy, Wilson, Hoye, 2016, under submission
![Page 31: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/31.jpg)
31
Know the Impact of Choosing an Open Source Component
Let’s Talk Open Source: Implications
As the lead developer of a new product at GreatSoftware Inc., Laura decided touse an existing authentication library she found on the web called SafeAuth.She realizes that SafeAuth could be improved using a stronger cryptographicalgorithm when storing users’ information. The product is going to be releasedunder a commercial software license, but Laura would like to release theimproved version of SafeAuth as open source.If SafeAuth is distributed under MPL, would Laura and her team be allowed to release the improved version of SafeAuth as open source.GNU GPL 3.0 GNU LGPL 3.0 MPL 2.0
UnsureNoYesUnsureNoYesUnsureNoYes
Almedia, Murphy, Wilson, Hoye, 2016, under submission
![Page 32: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/32.jpg)
32
Know the Impact of Choosing an Open Source Component
Let’s Talk Open Source: Implications
If SafeAuth is distributed under MPL, would Laura and her team be allowed to release the improved version of SafeAuth as open source.GNU GPL 3.0 GNU LGPL 3.0 MPL 2.0
NoNo
Yes 375respondents
Almedia, Murphy, Wilson, Hoye, 2016, under submission
![Page 33: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/33.jpg)
33
The Take-Aways: Implications
Let’s Talk Open Source
Open source: use requiresknowledge
![Page 34: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/34.jpg)
Illustration copyright Nenov Brothers Images
/Shutterstock
![Page 35: Implications of Open Source Software Use (or Let's Talk Open Source)](https://reader034.vdocuments.us/reader034/viewer/2022042908/58f253821a28ab2d7c8b4569/html5/thumbnails/35.jpg)
35
The Take-AwaysLet’s Talk Open Source
Open source: does not mean
free
Open source: use requiresknowledge
Open source: the fabric on which
software development occurs
@gail_murphy