view issue

A Conversation with Cory Doctorow and Hal Stern: Considering the open source approach

April 1, 2007

Topic: Open Source

  • View Comments
  • Print

More related articles:

Russ Cox - Fifty Years of Open Source Software Supply Chain Security
The xz attack seems to be the first major attack on the open source software supply chain. The event-stream attack was similar but not major, and Heartbleed and Log4j were vulnerabilities, not attacks. But the xz attack was discovered essentially by accident because it made sshd just a bit too slow at startup. Attacks, by their nature, try to remain hidden. What are the chances we would accidentally discover the very first major attack on the open source software supply chain in just a few weeks? Perhaps we were extremely lucky, or perhaps we have missed others.


Josie Anugerah, Eve Martin-Jones - The Surprise of Multiple Dependency Graphs
It seems like it should be easy to avoid installing vulnerable open source software, but dependency graphs are surprisingly complex. At the time of writing, the latest version of the popular npm tool webpack has millions of potential dependency graphs depending on circumstances during its resolution. The exact graph chosen for a given package can depend on what other software is being built, what kind of system is building it, and even the state of the ecosystem on a given day.


Amanda Casari, Julia Ferraioli, Juniper Lovato - Beyond the Repository
Much of the existing research about open source elects to study software repositories instead of ecosystems. An open source repository most often refers to the artifacts recorded in a version control system and occasionally includes interactions around the repository itself. An open source ecosystem refers to a collection of repositories, the community, their interactions, incentives, behavioral norms, and culture. The decentralized nature of open source makes holistic analysis of the ecosystem an arduous task, with communities and identities intersecting in organic and evolving ways. Despite these complexities, the increased scrutiny on software security and supply chains makes it of the utmost importance to take an ecosystem-based approach when performing research about open source.


Guenever Aldrich, Danny Tsang, Jason McKenney - Three-part Harmony for Program Managers Who Just Don't Get It, Yet
This article examines three tools in the system acquisitions toolbox that can work to expedite development and procurement while mitigating programmatic risk: OSS, open standards, and the Agile/Scrum software development processes are all powerful additions to the DoD acquisition program management toolbox.


For years, the software industry has used open source, community-based methods of developing and improving software—in many cases offering products for free. Other industries, such as publishing and music, are just beginning to embrace more liberal approaches to copyright and intellectual property. This month Queue is delighted to have a representative from each of these camps join us for a discussion of what’s behind some of these trends, as well as hot-topic issues such as identity management, privacy, and trust.



Back to top

Comments

(newest first)

Leave this field empty

Post a Comment: