open source and embedded software development
TRANSCRIPT
![Page 1: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/1.jpg)
#ESCconf#ESCconf
Open source and embedded software development: Collision course or hands-free perfection
![Page 2: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/2.jpg)
#ESCconf#ESCconf
Presenter
Rod Cope
CTO
Rogue Wave Software
Twitter: @rodcope
![Page 3: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/3.jpg)
#ESCconf#ESCconf
Agenda
1. Introduction
2. Using OSS
3. License risk
4. MISRA, OWASP
5. Safety & security
6. Q & A
![Page 4: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/4.jpg)
4© 2017 Rogue Wave Software, Inc. All Rights Reserved.
![Page 5: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/5.jpg)
#ESCconf#ESCconf
Open source is everywhere
• Over 5 million open source projects on GitHub
• 80+ licenses approve by OSI
98% of organizations have OSS in their code https://guides.github.com/activities/contributing-to-open-source/
https://opensource.org/licenses/alphabetical
http://www.roguewave.com/programs/open-source-support-report
![Page 6: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/6.jpg)
#ESCconf#ESCconf
67% of developers are not sure if
there’s a policy for source code, or
don’t know what it is.
http://www.roguewave.com/resources/white-papers/software-security-begins-with-flaw-free,-standards
![Page 7: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/7.jpg)
7© 2017 Rogue Wave Software, Inc. All Rights Reserved.
![Page 8: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/8.jpg)
#ESCconf#ESCconf
Support the implementation
Self-supportCommitter
support
Community support
Commercial support
![Page 9: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/9.jpg)
#ESCconf#ESCconf
Why use commercial support
Missing skillset
Time constraints
People change jobs
![Page 10: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/10.jpg)
#ESCconf#ESCconf
Commercial support example
The original implementation was not built for scale. We’ll help you build a
workaround.
We’re experiencing heavy latency and heavy resource utilization with ActiveMQ. The person who
built this left.
![Page 11: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/11.jpg)
#ESCconf#ESCconf
Support the selected software
80% of support issues are either a lack of product knowledge, or something in the environment outside of the package.
http://www.roguewave.com/programs/open-source-support-report
![Page 12: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/12.jpg)
#ESCconf#ESCconf
What can organizations do?
Detect critical areas
Investigate knowledge gaps
Implement a plan
![Page 13: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/13.jpg)
#ESCconf#ESCconf
Monitor and test implementation
•Avoid bottlenecks
![Page 14: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/14.jpg)
14© 2017 Rogue Wave Software, Inc. All Rights Reserved.
![Page 15: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/15.jpg)
#ESCconf#ESCconf
Free comes with restrictions
Organizations may be at risk of
violating legal obligations.
![Page 16: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/16.jpg)
#ESCconf#ESCconf
Litigation in federal court
• Versata v. Ameriprise
• XimpleWare v. Versata and Ameriprise
• Hellwig v. VMware
• Oracle v. Google
• Jacobsen v. Katzer
![Page 17: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/17.jpg)
#ESCconf#ESCconf
Audit code
Identify packages
Bill of materials (BOM)
Obligations
![Page 18: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/18.jpg)
18© 2017 Rogue Wave Software, Inc. All Rights Reserved.
![Page 19: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/19.jpg)
#ESCconf#ESCconf
Maintain compliance
![Page 20: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/20.jpg)
#ESCconf#ESCconf
MISRA recommends SCA
“In order to ensure that the source code written does conform to the
[MISRA] subset it is necessary to have measures in place which check that
none of the rules have been broken.
The most effective means of achieving this is to use one or more of the
static checking tools that are available commercially.”
- Section 4.3.1
![Page 21: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/21.jpg)
#ESCconf#ESCconf
Analysis tools
Identify bugs and vulnerabilities
Compliance checkers
![Page 22: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/22.jpg)
22© 2017 Rogue Wave Software, Inc. All Rights Reserved.
![Page 23: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/23.jpg)
#ESCconf#ESCconf
Vulnerabilities
![Page 24: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/24.jpg)
#ESCconf#ESCconf
Remediation
Establish processes
Research issues
Scan all code
![Page 25: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/25.jpg)
#ESCconf#ESCconf
Community updates
Monitor and implement
community updates.
![Page 26: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/26.jpg)
#ESCconf#ESCconf
Critical security announcements
OPENUPDATE SIGN UP: roguewave.com/openupdate
![Page 27: Open source and embedded software development](https://reader034.vdocuments.us/reader034/viewer/2022051503/5a67255d7f8b9a0c518b47bd/html5/thumbnails/27.jpg)
#ESCconf#ESCconf