Menu

M2M FEATURE NEWS

The Internet of (Open Source Software) Things

By Carl Ford April 14, 2015

I had a great conversation with Bill Weinberg Senior Director, Open Source at Black Duck Software about the issues associated with enterprise deployments these days.

Let’s face facts. The world we live in is amazing in terms of the amount of resources we have available to us: framework repositories, association libraries, GitHub, etc. The world has no shortage of shared code.

However, shared code is not always tested code.

I remember one Birds of a Feather [BoF] session we ran about the general release of a product that had a great feature in the beta that everyone was excited about, but it turned out nobody had actually tested yet. Gaffs like that can lead to some opportunities for system crackers and ill will in the community.

When I got my NSA penetration testing certification, I was impressed with the collaborative effort to test penetration in an open source environment. I felt like I was riding with the “white hats,” trying to thwart malware.

I still think that way, but I recognize that companies have a lot of complex code and often the hole you plug today leads to another you find tomorrow. So when Bill was speaking to me about the value that Black Duck brings in verifying open source software and testing code for vulnerabilities, I understood the need.

Too often, security and quality assurance are the forgotten step children of software development. Using tools like Black Duck reduces risk and accomplishes the task of compliance verification. In many industries, the ability to show these results removes a lot of liability. The Black Duck software also tests code efficiency. Since coders inadvertently can leave test stubs and other lines of code that may represent a route for reset or injection into software, having Black Duck’s analysis is a good strategy, particularly if you use it as part of your regular testing.

As we move to an agile, sprinting world, having something focused on the big picture is a great way to reduce problems with the details.




Edited by Ken Briodagh

Partner, Crossfire Media

SHARE THIS ARTICLE
Related Articles

KP Performance Antennas Launches ProLine Series Supporting Frequency Ranges of 2.3 to 6.4 GHz

By: Ken Briodagh    10/18/2018

New Antenna Line Designed for High Density Deployments Boasts Industry-Leading F/B & Side Lobe Suppression

Read More

MapR Announces Complementary Data Management and Logistics for NVIDIA Software

By: Ken Briodagh    10/15/2018

MapR Technologies will now support data access and production deployments for data science through the NVIDIA RAPIDS open-source software.

Read More

5G and GDPR can be boon to cyber criminals, says GlobalData

By: Ken Briodagh    10/11/2018

Following the Europol IOCTA report, in which the agency stated that 5G mobile networks and GDPR will make it difficult to track cyber criminals, Gary …

Read More

Paessler and Sigfox Announce Partnership to Accelerate IoT Adoption

By: Ken Briodagh    10/10/2018

PRTG Network Monitor Provides Visibility into the IT Infrastructure of Sigfox Network that Decreases Cost and Energy from Internet of Things Connectiv…

Read More

Magic xpi Achieves SAP-Certified Integration with SAP S/4HANA

By: Ken Briodagh    10/9/2018

Magic's integration solution empowers customers to automate and optimize processes through interoperability with SAP solutions

Read More