1© Copyright 2010-2011 Antelink SAS

EOLE 2011Barcelona, Spain

Managing FOSS during development Preventive and curative approaches.

Guillaume ROUSSEAU, CEO

2© Copyright 2010-2011 Antelink SAS

About Antelink

Open Source goes main stream

Third part related quality issues

Preventive vs curative approaches

Antepedia,toward the census of open source code history

Table of Content

3© Copyright 2010-2011 Antelink SAS

About Antelink

A venture backed european software vendor specializing – in software lifecycle management– the detection of open source

Components

Antelink helps you keep control of your software integration and supply chain in a globalized world.

4© Copyright 2010-2011 Antelink SAS

Open Compliance Program Software Package Data Exchange

Software Quality Assurance and Trustworthiness (SQUAT)

+3.000 projects / +10.000 users

About Antelink

5© Copyright 2010-2011 Antelink SAS

About Antelink

Open Source goes main stream

Third part related quality issues

Preventive vs curative approaches

Antepedia,toward the census of open source code history

Table of Content

6© Copyright 2010-2011 Antelink SAS

Open Source has gone mainstream

}

7© Copyright 2010-2011 Antelink SAS

Open Source has gone mainstream

By 2013, 90% will include OSS as part of their IT strategy

Melinda-Carol Ballou

Program Director Application Life-Cycle Management & Executive

Strategies." This continues the existing trend for combining internal IT resources with contractors, both onshore and offshore providers, and use of Open Source."

8© Copyright 2010-2011 Antelink SAS

Developers

Software Factory

compile

test

integration test

package

analysis

Developers

Software Factory

compile

test

integration test

package

analysis

Developers

Software Factory

compile

test

integration test

package

analysis

Product

Final product

Product

Final productBill of Material

Product

Final product

Product

Final product

Authors

Leading to a dramatic increase in complex sourcing

9© Copyright 2010-2011 Antelink SAS

About Antelink

Open Source goes main stream

Third part related quality issues

Preventive vs curative approaches

Antepedia,toward the census of open source code history

Table of Content

10© Copyright 2010-2011 Antelink SAS

Know what is in your code ...

Your Code

Internallydeveloped

Third partyOpen Source

OutsourcedDevelopment

Third partyCommercial

? ???

Origin

11© Copyright 2010-2011 Antelink SAS

… keeping control of your software integration and supply chain

compile

test

integration test

package

analysis

LawyerBuild Engineer

Build Engineer CustomerDevelopers

Product

Final product

Bill of Material Final product Production(deployment)

Software Factory

12© Copyright 2010-2011 Antelink SAS

Bill of Material

Authors

PerceivedLegal

Situation

AutomatedLegal Situation

MiningVS

IncreaseLegal Quality

Save time

Ease communication

Address licensing issues analyzing the legal situation

LegalSituation

=

13© Copyright 2010-2011 Antelink SAS

A reference from

14© Copyright 2010-2011 Antelink SAS

Identify security vulnerabilityManage version updates

15© Copyright 2010-2011 Antelink SAS

About Antelink

Open Source goes main stream

Third part related quality issues

Preventive vs curative approaches

Antepedia,toward the census of open source code history

Table of Content

16© Copyright 2010-2011 Antelink SAS

Avoid late charges and budget-overrunReduce operation loss

17© Copyright 2010-2011 Antelink SAS

How to enforce your open source policyPreventive vs curative approaches

Preventive Curative

As often as possibleIntegrated in the continuous

integration process

At the end of the release process

When a major event occurs

18© Copyright 2010-2011 Antelink SAS

Preventive vs curative approachesPros …

Preventive Curative

Avoid late charges and budget over-runReduce operation loss

Cover short/mid/long term risksIntegrated to the quality process

You pay when it is REALLY worth itFew people are involved (audit team)

19© Copyright 2010-2011 Antelink SAS

Preventive vs curative approaches… and cons

Preventive Curative

Need affordable toolsNeed tools with very few false-positiveNeed different tools for different users

More expensive (tools + remediation)Done in emergency (lot of stress)Will cover only short term risks

May be too late ...

20© Copyright 2010-2011 Antelink SAS

Be pro-active, empower as soon as possible

everyone involved in the software lifecycle to

mitigate risks that can doom your software

assets.

Want to try one of them ?Want to try one of them ?Don't wait until there is a fire at home

21© Copyright 2010-2011 Antelink SAS

About Antelink

Open Source goes main stream

Third part related quality issues

Preventive vs curative approaches

Antepedia,toward the census of open source code history

Table of Content

22© Copyright 2010-2011 Antelink SAS

Antepedia : The world's largest Knowledge Base of open source projects

More than 1,000,000 open source reusable components … and counting

+1,000 projects each day

23© Copyright 2010-2011 Antelink SAS

Antepedia : The world's largest Knowledge Base of open source projects

24© Copyright 2010-2011 Antelink SAS

Antepedia Search http://www.antepedia.com

Cloud serviceSingle

file

Original project

License information

Release date and location

25© Copyright 2010-2011 Antelink SAS

Life of open source project is also complex

26© Copyright 2010-2011 Antelink SAS

27© Copyright 2010-2011 Antelink SAS

http://jwebmail.sourceforge.net/news.html

http://jwebmail.sourceforge.net/about.html

http://sourceforge.net/projects/jwebmail/

Inconsistent License Information

28© Copyright 2010-2011 Antelink SAS Smart Apps for Great Development Teams !

Visit our web site http://www.antelink.com

Try Antepedia http://www.antepedia.com

Contact us contact@antelink.com

Tel: +33 (0)1 42 39 30 78 18, Rue Yves Toudic 75010 Paris 10ème, France

Contact information