SGV Linux Users Group - Lawyers vs Developers, The Fight Over FOSS in Enterprise

The wonderful folks at OpenX are hosting this meeting, and they are also providing pizza. We need to provide a list of names to building security. RSVPs will be capped at 60. Contact Lan if you have questions.

Topic

Enterprises have learned that Open Source is the way to develop great and mature software. Leveraging open source tools and packages allows the enterprise to go to market faster and have stronger applications. Therefore, using Open Source tools is a no brainer for developers. The lawyers on the other hand don’t see it the same way.

The speaker had the privilege of working with the Open Source approval and review process in a large security firm. In this talk, he will share lessons learned from this process and some best practices that developers should do to make the Enterprise Lawyers happy as much as the developers are.

Each organization that uses Open Source software – even in an unedited form – has a list of FOSS licenses that are acceptable and some that are not. Also, has strict requirements on how to handle the software and how to incorporate it in the distribution of the company’s products. In this talk, we go through some of the lessons learned and pitfalls that some Open Source packages have, such as:

• Not inserting a copyright clause in project code or homepage
• Asking the user to alter the code in order to change the license from GPL to MIT, for example
• Using dependencies that could be outdated or have CVE’s against it
• Not providing enough information to build the code from scratch

Bio

Rami Al-Ghanmi is a Principal Software Engineer at Symantec Corporation. He

is the DevOps technical lead for Endpoint Protection Cloud products at Symantec Corporation where he works on building, deploying and managing security infrastructure and services on OpenStack and AWS-based platforms. Also, he is an outspoken advocate of Open Source Software, tools and practices within Symantec. The technology stack that Rami works with every day includes: Docker, Kubernetes, OpenShift and automation tools on AWS.

DIRECTIONS

OpenX is located in the One West Bank building @ 888 E Walnut St. Pasadena CA, 91101. Entrances to the building are eastbound on Walnut, right hand side before the Lake St. intersection or southbound on Lake St. right hand side after the Walnut St. intersection. Once through the driveway, please park in the 888 Lot that has the OpenX logo displayed out front. Pull a ticket and bring it with you to the Meetup, we will validate your parking.