The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
FOSS CON Korea 2018
1. Open Source Software Laboratory, Kookmin University
Open Source Software,
From Why to How
Minsuk Lee
School of Software, Kookmin University
minsuk@kookmin.ac.kr
2. KMU OSS Lab.
Why Open Source Software ?
• Multiplying the company’s investment
• Benefitting from the most recent advance
• Spreading knowledge of the software
• Increasing the developer base
• Upgrading internal developer skills
• Building reputation
• Recruiting and retaining developers
• Faster startup of new companies and projects
Ref. Open Source in the Enterprise, Andy Oram & Zaheda Bhorat
(http://opensource.amazon.com)
“한글판” 커밍쑨~~ in http://bit.ly/OSS-ENT
3. KMU OSS Lab.
BUSINESS WITHOUT
OPEN SOURCE
BUSINESS WITH
OPEN SOURCE
T
Tech. Debt
aka.
RISK
(COST)
Why Open Source?
4. KMU OSS Lab.
Top Contributing Companies to GitHub
2018.5, $7.5B
# of
REPOs
# of Github User
MICROSOFT
GOOGLE
REDHAT
FACEBOOK
UBER
IBM
GITHUB
2018.10, $34.0B
6. KMU OSS Lab.
At this point, Our customer also needs e, f,
and feature Ais the same as a, but API is different …
Why Open Source? (even with permissive licenses)
Community Our Company (with innovative customer)
v1.0
V1.0a
(a)
+a
+b,c
v1.1
(bc)
V1.1d
(abcd)
+a,d
X2.0
v1.2
(Abce)
+A,e
V1.2f
(abcdef)
+e,f
Fork v1.0 and
Fix bugs, customize for our customer
Add new feature a
Add feature b, c
Our customer needs feature b, d
Fork v1.1 and,
Fix bugs again, customize again
Add feature a again, add feature d
Add feature aas A,
Add feature e
Add feature e, f
Branch out to a new version
Or, fork v1.2 and,
Fix bugs again, customize again
Add feature dagain, add feature f,
Modify other module using a for A
Add features
d,f,g,h,i,j
Now v2.0
v2.0
(AbcDefghij)
+dfghij +d,f
BAD CHOICE
7. KMU OSS Lab.
Why Open Source? (even with permissive licenses)
Community ç Our Company (with innovative customer)
v1.0
v1.01
(a)
+a
+b,c
v1.1
(abc)
v1.11
(abcd)
+d
v1.2
(abcde)
+e
V1.21
(abcdef)
Fork v1.0,
Fix bugs, customize for our customer
Add new feature a,
and Pull-Request to merge
Add feature b, c
Our customer needs feature b, d
Fork v1.1, add feature d,
and Pull-Request to merge
Add feature e
Add features
g, h, I ,j
Now v2.0
v2.0
(abcdefghi)
+ghij
+f
GOOD CHOICE
Our customer needs feature e, f
Fork v1.2 and add feature f,
and Pull-Request to merge
No Technical Debt,
No Redundant Work
8. KMU OSS Lab.
What is so called OPEN?
• Open to community
– The Project : Source Code, Documents, Roadmap
– The Governance (process) : Decision Making, Contributing
– The People : Developers, Tech Evangelist, …
• Open internally first (for yourself)
– Contributing the works based-on open source to the open source
– Any technical works on the open source are Works
– Some non-technical works on the open source are also Works
– If any of our project is open, keep it open really
– By the way, there needs something called governance
9. KMU OSS Lab.
Why we hesitate?
• Competition?
– Then, open early !!
– Win the technology ownership by keeping the originality
– Based on the ownership, lock users in with the community
• Immature Code?
– Then, open early !!
– Developers and the community will do the right thing
– Peer review always works
• Security?
– Then, open early !!
– Serious users will look and watch your codes line by line
– Let good hackers work earlier than bad hackers
10. KMU OSS Lab.
Korea in the open source world
• In 2017 Datamation (ref, http://bit.ly/top35oss-2017)
– among top 35 open source companies
– Only Samsung : mainly for Linux kernel contribution
• In 2017 Github (ref, http://bit.ly/github-top2017)
– No Korean company listed on top 76 companies
• In 2016 onalytica report for top 100 brand/person
– NONE
• In Ventureradar.com for “open source software”
– NONE
• ㅠㅠ
12. KMU OSS Lab.
What / When / How to open?
• What
– What your competitors want
• When
– Before your competitors open
– Open as early as possible (at the beginning stage of the project)
• How
– Open really.
– Open and do the marketing
– Open and communicate
– Open and help community, especially newbies
– Open and see what happen
13. KMU OSS Lab.
If you are not in charge, the TODOs are:
• Tell your employer, manager, colleagues
– “We are using OPEN SOURCE”
– “It’s the main source of our INNOVATION”
– ”We need 100K more DEVELOPERS without it”
– “It helps our BUSINESS a lot”
– “We have to help the COMMUNITIES for us”
– “We need time with the COMMUNITIES”
– “Let’s OPEN our CODE”
– “Let’s START PROJECTS with COMMUNITY”
– “Let’s OPEN OURSELVES”
– “I’ll quit if our company is not going to …”
ILoveOPENSOURCE
14. Minsuk Lee
School of Software, Kookmin University
http://hl1itj.tistory.com
이 저작물은 크리에이티브 커먼즈
[저작자표시-비영리-동일조건변경허락 2.0 대한민국 라이선스]에 따라
이용할 수 있습니다.