Open source software (OSS) has become a fundamental part of the IT infrastructure of virtually all companies. Such criticality naturally gives rise to legal issues as organizations protect their own interests in the context the sharing inherent with open source.
Open source software is ubiquitous and widely used in development organizations to build better software faster. The day-to-day practice of using open source software is often uncontrolled, potentially creating unknown legal, business and operational risks arising from the often overlooked and misunderstood obligations found in many open source licenses. As a result, acquiring companies are now focusing more heavily on open source and third party code in their due diligence practices to uncover issues before M&A transactions are completed.
From Education to Government to Health Care, OSS Now Woven into the Social Fabric; Enterprises Respond With Increased Participation in OSS Community
Today’s technology companies increasingly rely on open source software to create better software and services faster. IDC reports that 30% of the deployed code in the Global 2000 is open source software, and it is likely many times higher in resource-strapped startup environments. However the day-to-day practice of using open source is often uncontrolled, particularly in startup companies, and can potentially create unknown legal and operational risks with a company’s software assets.
Best-in-class organizations are utilizing up to 80% open source code to rapidly deliver solutions. As the amount and frequency of new open source increases within your code base, ensuring that the right binaries show up in your build is becoming more and more challenging.
Serverspec provides a simple approach to testing your server configurations, independent of any configuration management tools. Using serverspec, you can write RSpec tests for checking your servers’ configuration. It tests your servers' actual state through SSH access, so you don't need to install any agent software on your servers and can use any of the leading configuration management tools including Puppet, Chef, CFEngine and more.
XPrivacy can prevent applications from leaking privacy sensitive data and can restrict the categories of data an application can access. This is done by feeding an application with no or fake data. There are several data categories which can be restricted, including contacts and locations. For example, if you restrict access to contacts for an application, an empty contact list will be sent. Similarly, restricting an application's access to your location will result in a fake location being sent.