CA Endevor

Expand all | Collapse all

February 15 Article in "in-approval": I Don't Get It

  • 1.  February 15 Article in "in-approval": I Don't Get It

    Posted 02-15-2019 11:15 AM

    A new article has been published in "in-approval". 

     

    To sum it up... I don't get it...  

     

    You can find the article at I Don’t Get It – "in-approval" 



  • 2.  Re: February 15 Article in "in-approval": I Don't Get It

    Posted 02-15-2019 12:56 PM

    Someone has to be responsible for security vetting every new level/increment/release of the open source software before it is installed and someone else needs to continuously monitor what OSS is being installed and utilized within the organization and match that with the officially approved list of vetted OSS. This adds costs for OSS and changes the cost/benefit ration away from using OSS. But this then has to be weighed against the costs of vendor supplied software. So OSS can still be competitive. Any business that is not funding the extra staff and processes needed to properly address the additional security risk impacts of OSS are exposing themselves to security vulnerabilities that they may regret. In the business context OSS not for free, anyone who assumes it is a good way to cut costs without fully taking in account the full costs of effectively avoiding security vulnerability risks is making a mistake.



  • 3.  Re: February 15 Article in "in-approval": I Don't Get It

    Posted 02-15-2019 03:05 PM

    One could argue that Open Source Software is more accountable than closed source software. With OSS, the source is visible for all to see what is being done by the application. With closed source and partially closed source, you don't know what they are hiding, tracking, logging, etc.



  • 4.  Re: February 15 Article in "in-approval": I Don't Get It

    Posted 02-15-2019 08:25 PM

    Assuming the source equals the executable.... 



  • 5.  Re: February 15 Article in "in-approval": I Don't Get It

    Posted 02-19-2019 02:17 PM

    I always enjoy reading your well thought out and well written "in-approval" articles John.Dueckman.  On the topic of open source, a good option in my view, would be to purchase specific OSS product support from a reputable vendor.  This way you'd be able to work with the vendor on OSS product problems/issues similar to the way we do with closed source products.         



  • 6.  Re: February 15 Article in "in-approval": I Don't Get It

    Posted 02-19-2019 02:39 PM

    Good article

     

     

    Thank You

    Ray Quint HSCM Support

    Global Technology Services

    Travelers

    2 PB Hartford CT 06183

     

    USA

    860-277-4149

    rquint@travelers.com<mailto:rklotzbi@travelers.com>

    Endevor web site link  below

     


    tdpvcsm1\BulkLoad\Legacy inside\OperationsSystems\Web\IT\Portfolios\SourceCodeManagement\host\HostSourceCodeManagement.shtm<file://tdpvcsm1/BulkLoad/Legacy%20inside/OperationsSystems/Web/IT/Portfolios/SourceCodeManagement/host/HostSourceCodeManagement.shtm>

     

     

    ><((((º>`·.¸¸´¯`·.¸.·´¯`·...¸><(((º>

    .·´¯`·.><((((º>`·.¸¸.·´¯`·.¸.·´¯`·...¸><((((º>



  • 7.  Re: February 15 Article in "in-approval": I Don't Get It

    Posted 02-20-2019 04:19 PM

    Fair point, Phil, but doesn't that then, in essence, turn the OSS product from being OSS to being a "reputable vendor-supported product"?



  • 8.  Re: February 15 Article in "in-approval": I Don't Get It

    Posted 02-20-2019 10:42 PM

    I think Brightside is both OSS and supported by Broadcom. There is little difference between how we manage COTS software and OSS anyway.



  • 9.  Re: February 15 Article in "in-approval": I Don't Get It

    Posted 02-21-2019 07:38 AM

    Yes, It's a good compromise, it's open source but vendor supported at the same time.  A company/individual can be very active in the open source community to drive fixes, enhancements, product direction.  Many times the vendor that supports the open source product, does much of the coding.  Having vendor support, I believe makes your voice heard even more.



  • 10.  Re: February 15 Article in "in-approval": I Don't Get It

    Posted 02-21-2019 09:59 AM
    I see some evidence that Broadcom may be placing tracking cookies on the computers that utilize this web site. Commercial or non-commercial, either way this operates on a customer beware basis. The primary problem with OSS is that it can be easier to bypass the procedural security and other controls that should be followed for all installed software that originates outside of the organization where it is installed. This is why I say the installation of OSS software needs to be monitored/tracked, and ideally blocked or removed if it has not been approved or a previous approval has expired or been revoked.