How(and why) a TuxCare team member contributes to open-source software

In some of our previous articles, we’ve covered the closely integrated relationship between open-source software – which is essentially free – and the commercial organizations that rely on open-source software.

One of the points we touched on is that it’s common for employees paid by commercial organizations to contribute to open-source projects, without their employer receiving a direct financial benefit from this work.

Continue reading “How(and why) a TuxCare team member contributes to open-source software”

The life and times of open source communities

Open-source code is at the core of many of the critical software solutions that large companies, governments, and even home users depend on. You would think that such critical software code was built in a highly coordinated fashion and backed with significant investment.

But the truth is far more interesting – even strange if you really think about it. Much of the critical software code the world depends on was assembled in a rag-tag fashion, by a community of volunteers contributing their time without pay.

We’re talking about the open-source software community of course. It’s a complex community with complex interactions – including sometimes challenging relationships with commercial vendors.

In this article, we take a closer at that community. How did the open source community develop, and why does it exist? We’ll also examine some of the challenges faced by the open source community: including difficulties governing a diverse range of contributors.

Continue reading “The life and times of open source communities”

Fixing the security implications of open source technical debt

Major progress is usually made step by step – building capabilities, layer by layer. That’s the case for free and open-source (FOSS) software too, with today’s incredibly capable and very complex solutions emerging from countless building blocks, some of which are decades old.

That’s why much of the modern software we rely on commonly contains extremely old code that works reasonably well, if not perfectly. This code isn’t updated simply because it takes too much time to do so, and in the case of FOSS, this time is often contributed voluntarily.

It leads to what’s called technical debt – technical work that should have been done, but never was. This old, indebted code has drawbacks, one of which is security vulnerabilities that have proven time and time again to be extremely dangerous.

In this article, we discuss the issues of technical debt around open-source code including what exactly technical debt is, how it accumulates and why it is so difficult to address. We also cover why technical debt can harbor security dangers, why nobody is immune – and what can be done about it.

Continue reading “Fixing the security implications of open source technical debt”

Open Source: Enterprise-Grade Security with Open Code?

Organizations rely more and more on open source code solutions, even if they are not aware of it. But is open source code security handled reliably? Large organizations rightly place a strong focus on utilizing dependable, secure software solutions. Oftentimes the most capable and indeed the most secure software solutions are free, open-source software.

Continue reading “Open Source: Enterprise-Grade Security with Open Code?”