Posting Radically Open Security

If you care about open source software in general, you should care about open source business. And if you care about things like transparency in the software systems that the modern world depends on, you should probably care about open source software. Usually I don't think of open source software, or open source companies, as morally superior. I started working with open source companies primarily because I find their strategic challenges interesting and under-discussed. Then yesterday I was reading the NYTimes' morning newsletter about the CrowdStrike outages — the gist of which was essentially that our interconnected world is not just dependent on technology, but on a very small number of technology companies. Many of those technology companies are not transparent at all. --> https://lnkd.in/e-AtswRw And I realized that in fact, there is a moral element in open source software — and, in my opinion, open source businesses. In fact, for open source software to truly be as 'independent' as most purists want it to be, there must be a healthy ecosystem of open source companies building open source software. Otherwise open source just becomes another arm of the big technology companies. This means there needs to be more explicit conversations about how to ensure open source projects and the companies/maintainers behind them can be financially successful over the long term.

Nice thoughts on Open Source Many of us can relate to the emotional cycle that starts with the desire for the latest tech gadget or software. Initially, there is excitement and curiosity about what it can do. Then comes doubt when it doesn’t meet our expectations. Finally, we reach a moment of reckoning where we realize it has potential, but it needs some adjustments to truly shine. This journey often leads to a beautiful synergy between human and machine. True hackers, when faced with something that doesn't work as desired, roll up their sleeves and get to work instead of seeking refunds or opening support tickets. They value the freedom to tweak and improve their tools, embodying the spirit of free and open-source software. This spirit was exemplified by Richard Stallman’s response to Xerox refusing to provide the source code for a printer’s software, leading to the creation of the GNU Project and the free software movement. Free software, characterized by the freedom to use, study, modify, and share, laid the groundwork for many of today’s technological innovations. The open-source movement, which emerged in the late 1990s, shifted focus from the concept of "free as in beer" to "free as in speech." Companies like Red Hat and SUSE demonstrated that open-source software could be commercially viable, providing support and additional features for a fee. As the author looks at the evolving landscape of free and open-source software, it’s clear that while these models have succeeded in many ways, they also face challenges. Maintaining open-source projects can be demanding and underfunded, leading to burnout and security vulnerabilities. The author suggests it’s time to consider a third kind of freedom: the freedom for developers to maintain their projects without financial stress, ensuring sustainability and security. This freedom could be supported by new models where users pay for convenience and service, much like cloud computing and streaming services today. More on this article https://lnkd.in/db_tF7ex #opensource #software

🚨 Important Update for the Open Source Community The EU's Horizon 2025 draft proposal has significantly reduced funding for Free and Open Source Software (FOSS) initiatives, including the Next Generation Internet (NGI) programme. This decision could jeopardise many vital projects aimed at safeguarding digital privacy and compliance with EU regulations. Please inform your EU officials to reconsider this move to ensure continued innovation and security in the digital space. Read more: https://lnkd.in/eNyii2da #OpenSource #FOSS #EUFunding #DigitalInnovation #TechNews #Privacy #Horizon2025 #SoftwareDevelopment #TechCommunity #DigitalSecurity #politics

TIP plots open source move after Wi-Fi AFC win: Telecom Infra Project (TIP) outlined plans to evolve a Wi-Fi automated frequency coordination (AFC) software group into an open source platform to fuel international development, after the US approved systems developed so-far. The US Federal Communications Commission (FCC) blessed the Open AFC Software Group’s work to develop scalable standard power Wi-Fi in the 6GHz band, a project TIP stated would bolster outdoor connectivity along with extending indoor range. Broadcom, the Wi-Fi Alliance and Wireless Broadband Alliance are now cleared to provide compatible services in the US, leaving TIP focused on international expansion by making the outcomes open source. TIP stated representatives of 91 organisations had joined the group in the two years since it was formed by companies including Cisco and CableLabs to develop a platform enabling swift provisioning of AFC service. It now expects global regulators, governments, universities and industries to get on board. Christopher Szymanski, co-chair of the group and director of product marketing for Broadcom’s Wireless Communications and Connectivity Division, stated the FCC’s approval would jump-start “the standard power 6GHz Wi-Fi ecosystem in the US”, while fellow co-chair and principal wireless architect with Cisco Peiman Amini said the group had established a “foundation for a more interconnected and advanced world”. The post TIP plots open source move after Wi-Fi AFC win appeared first on Mobile World Live. http://dlvr.it/T4fJBR

In the realm of software development, where Open Source is the norm, navigating export control is a fundamental challenge. As software crosses borders, it encounters diverse encryption laws, making compliance a strategic necessity. 🌍 The Global Challenge: Different nations have varying laws on encryption, significantly impacting how software is built and distributed globally.  🔐 Open Source & Encryption: Many Open Source components include encryption algorithms, which can fall under these export laws. Organizations must be vigilant to ensure their software adheres to these international regulations. 🚀 Staying Ahead of the Curve: Navigating this landscape is crucial for maintaining uninterrupted global operations and protecting against future security risks. In the globalized world of software, staying informed about export control is key to success. Dive deeper with our new blog post here: https://lnkd.in/gmHeJfec

💡 Debunking Myths and Highlighting Facts about Open Source Software 💡 🔍 Myth: Open Source is less secure. 👉 Fact: Open Source facilitates early detection of vulnerabilities, leading to a more secure product. 💰 Myth: Open Source is free. 👉 Fact: While initial costs may be low, ongoing support and development can incur expenses. 📜 Myth: Open Source isn’t licensed. 👉 Fact: Open Source licenses outline terms of use, crucial for understanding usage and modification rights. 🌟 Myth: Open Source is a fad. 👉 Fact: Open Source has been utilized since the mid-1990s and is embraced by governments and organizations globally. 💡 Remember: Hidden costs and further development may be needed. Assess the full cost of ownership and integration needs before adopting Open Source. Let's embrace the power of Open Source for innovation and collaboration! #OpenSource #Tech #Innovation #LinkedInLearning

On questions of technology, the growing adoption and development of open source systems in China is causing all sorts of confusion and handwringing from voices in the “insecurity industry”. This opinion piece from the folk at ASPI in Australia is a recent example. 👇🏽 The growing adoption of open source technology within a broader Digital Westphalia framework effectively kills two birds with the one stone: 1️⃣ it overcomes the excessive economic rents gained by principally American software houses, driving up costs for everyone, and 2️⃣ it mitigates potential security risks that manifest either via backdoors or via censorship. National governments are, in an environment based on open source systems, better placed to develop customised - yet interoperable - systems that meet their own social, economic and security priorities. For more on Digital Westphalia and the role of open source technology, see my essay in TI Observer: https://lnkd.in/g9rgJp6j For those who may think the development of Silicon Valley is a paragon of detached private sector commercial risk and ingenuity, the reality is different. Without the U.S. defence industry, Silicon Valley wouldn’t be what it is today. See: https://lnkd.in/gwaW64_M #digitalwestphalia #opensource

Big news from the Bureau of Industry and Security this week making it easier for US-based companies to participate in standards-related activities. In short, companies have been stuck in a hard spot when collaborating in public, on open-source projects or specifications. Geopolitical tensions have (for good reason) placed restrictions on the types of interactions and communications US-based entities can have with foreign entities, especially those on entity lists. That gets hard in open communities though, where anyone can participate from anywhere. The Linux Foundation has done a very good job helping the industry thread that needle with a few opinions and publications that provide guidance on the topic: https://lnkd.in/e78jvgX9 https://lnkd.in/eiGphdyr Obviously I'm not a lawyer, but this new rule from BIS seems to acknowledge the value in allowing US companies to participate in these bodies, and clarifying exactly which types of activities do fall under the Export Administration Regulations (EAR). #ear #bis #opensource #standards https://lnkd.in/e2PabqcF

The new EU Cyber Resilience Act final text seems unclear on the meaning of open source. It includes this new definition of "Free and open-source software" that does not use the decades old definitions of "free software" or the "Open Source Definition" of which the Open Source Initiative is the custodian, and instead says: "Free and open-source software is understood as software the source code of which is openly shared and the license of which provides for all rights to make it freely accessible, usable, modifiable and redistributable. Free and open-source software is developed, maintained, and distributed openly, including via online platforms." 1. It is unclear why the EU has not used the established definitions of free software and open source? 2. It is unclear why the EU is creating a new definition and not consistently using what it has previously used? 3. It is unclear whether the second sentence is intended to be part of the definition or adds an additional open development requirement to the definition? It is unclear what the terms "developed, maintained, and distributed openly" mean? (Particularly interesting in the context of this week's report on Delayed from James Vasile and Karl Fogel, on “Delayed Open Source Publication” https://lnkd.in/edqbmMK4) 4. It is unclear how this relates to the EU AI Act which it was reported in December will offer exclusions for open source models but for which we have not yet seen a final text? As there is the benefit of an exclusion for models that meet the definition this is important. 5. It is unclear how this relates to the proposed EU Product Liability Directive which says that "Free and open-source software" that is developed or supplied outside the course of a commercial activity is excluded from the scope of the directive? As there is the benefit of an exclusion for code that meets the definition this is important. There is a theme here! Where was the EU Open Source Program Office in this discussion? The policy and regulatory issues around open source software will be discussed in depth as they impact the future of open source software a key topic being discussed in our plenary sessions at the State of Open Con 24, on 6 and 7 February in London https://lnkd.in/eH9Jgsun Join the discussion! #opensourcesoftware #opensource #cra #cyberresilienceact #productliability #ai #openai #stateofopencon #soocon24

Companies are about to confront a big open-source problem: LLMs Open-source software has been critical to software engineering for a long time, but not everyone has treated it equally. Some organisations permit free usage, others permit specific licences and the most restrictive ban it altogether. With the speed at which LLMs are evolving and the way AI contributes to the core competitiveness of a company, however, I wonder how long that can last. And if privacy becomes a bigger factor (which currently seems to be the trend), open source models are the only credible way forward. Soon, we might be looking at a world where your in-house open-source adoption framework stands in the way of critical business progress. What do you think? Are businesses ready for the implications of running fully open source software at the core of their software stacks? Have licenses been tested enough for this? Or is it just a continuation of the status-quo, as Linux has been the default infrastructure for years after all?