Components Becoming Major Source Of CVEs

A story on InfoWorld today.

Meshed Insights Ltd

Earlier today Sonatype released the results of  their annual survey. The survey looks at the extent to which developers use open source components, with a particular focus on how they balance the competing needs of speed and security. The data makes it clear that security is very often not the priority.

The results of the survey show the massive extent to which developers now rely on components. Of course, this has been the case for many years, but the full maturation of the concept of component assembly rather than code writing is well illustrated here.

View original post 169 more words

Microsoft Firewall

On its first anniversary, I remain convinced that the motivation for Microsoft’s wholly-owned open source & open standards subsidiary is primarily to isolate Microsoft from the open source community. I explain in InfoWorld.

Time For A Security Team For OpenJDK

In my InfoWorld column today I consider the recent news that Java 8 is going to be substantially delayed because Oracle’s development staff have had to focus on security issues. I wonder if fully and inclusively engaging the community – especially with a proper security team like other open source communities use to great effect – would help avoid similar delays in the future?


It Would Be Funny If It Weren’t True

Free Software Needs Support

(Just making sure that you can find everything I write with a single subscription!)

Meshed Insights Ltd

This open letter from the director of Bytemark Hosting is a call for other hosting companies to help financially support the development of a new free email client. It asserts that by supporting this particular project the industry as a whole can progress, becoming better able to compete with propriety software giants.

The principle seems valid enough, if you want a project to succeed, adding value to your own product, you need to give that project your support. Hopefully hosting companies will see this call, respond, and take its underlying principle on board. Read more in today’s CWUK article.

View original post

Taking MariaDB Foundation Forward

MariaDB FoundationI’m pleased to tell you that I have a new role that I’ve already started within the scope of Meshed Insights. It’s a new and exciting departure for me.

I’ve remained in touch with Monty Widenius ever since we were both at Sun together. At the start of the year, he asked if I would consider helping him move the MariaDB Foundation forward as an independent steward of the MariaDB database project. I agreed, and recently accepted his request to join the board of directors for the new Foundation, along with several others. To allow Monty to focus on the technical aspects of MariaDB, I also agreed  to the new Board’s request to take on a part-time role as the interim chief executive of the Foundation, at least until a member-elected Board is seated.

We just published a news release about this, which you’ll also find at I’m very excited by the opportunity to help this important open source software community devise representative governance. I expect every individual who has made substantial contributions to MariaDB to have a role in the governance process and in the future Foundation too; more of that soon.

But most importantly, I want to hear from every company that values MariaDB and wants to see it have a stable, secure, independent future. We need you as a sponsor – either engaged in governance or simply making financial (or other) contributions to the community. Please contact me now – MariaDB needs you!

OSI Open Source Community Summit

Meshed Insights Ltd

OSI-RThe License Clinic for US Federal Agencies is not the only new departure for the Open Source Initiative this May. OSI is also reaching out to a wide spectrum of open source communities with its Open Source Community Summit in Washington DC on May 10 2013, where we’ll be able to gain a much fuller idea of the needs of those communities. Sponsored by Google, Red Hat and Eclipse, and chaired by OSI President Simon Phipps, this is OSI’s first Community Summit.

Attendees will explore answers to big questions faced by open source projects, both via keynotes from notable speakers and in unconference sessions. It will also be a chance to define in more depth the specific goals associated with OSI’s mission to defend, protect, educate about and promote open source. The “unconference sessions” format will create plenty of room for dialogue, so you’ll be able to bring your big…

View original post 25 more words

If you’re not paying, you’re the product

Thanks for the CC-BY, Geek & Poke

On Joining OIN

I signed up Meshed Insights as an OIN licensee, and was amazed when I told people how few people knew it existed. That was the origin of this week’s InfoWorld column. I realise OIN doesn’t fix everything (how can it when what’s really needed is a return to first principles for the patent system in the meshed internet era?)  But as free a defence that might just work, and which has a huge membership that collectively sends a strong message to the US government that startups need change, it seems obvious to join.

OSI License Clinic

In a new departure, the Open Source Initiative will hold a small open source license clinic oriented towards US Federal agencies. The event will be at the Library of Congress on May 9, 2013 starting at 9am.  Places are limited and you’re encouraged to register now.

%d bloggers like this: