If your company now relies on Open-source software like OpenSSL, it's time to be more careful.
ComputerWorld's Richi Jennings lashed out and said: "It was a terrible, horrific failure." "Steven J. Vaughan-nichols of ZDNet is not prone to posturing against open source, he just said the Heartbleed incident was just the worst time for open source." In the end, Chris Duckett, ZDNet, is more pragmatic in pleading with companies to raise funds to fight Heartbleed, lest it happen again.
Even if the fundraising is really going to Heartbleed events, is this the final solution? In fact, the real answer is in your place.
From the company's point of view, the company hopes to maximize the contribution of open source, rather than simply open source software users this way to avoid the situation of open source failure.
Contributors can take first class
Contributors can help guide the direction of specific open-source projects. They are good at acting before problems arise, rather than acting passively after problems arise. Most companies lack the resources to participate in every open source project they use, but each company can invest in projects that are really important to them. The more money they invest, the greater the benefits they gain.
As MongoDB Adam Comerford understands, if you look at the timetable, you know who will be the first to learn about Heartbleed and who will be able to master its dynamics the first time, as Google does, taking on most of the advantages. These big companies with "absolute advantages" are fully capable of protecting their systems before they emerge.
While some big companies already know the Heartbleed problem ahead of time, how do you want to appear on the "advance notice" list?
If your company relies on proprietary software, you will know the answer: pay the supplier enough money and expect them to respond appropriately. But you're using open source software, with a broader range of options: Arranging a large number of engineers into open source projects, or keeping a good relationship with a good major contributor (geek, open source advocate).
Adam Comerford asserts that open source benefits are more than that:
In addition to the early notification of problems, there will be experts to answer your sharp questions, evaluate your project, and even fix internal problems before the external solution emerges. In addition, you will have a good reputation in setting the direction of the project. Finally, you are recognized by the community, creating better products for users and potentially becoming a destination for other smart contributors.
In other words, participation can enjoy membership privileges, and the most important member privilege is likely to be privileged information.
Select contribution Direction
In addition, no company's resources can effectively contribute to all the projects it uses, which is why companies need to make a special contribution to key projects:
If you ask your employees to list all the OSS technologies that are critical to your business, you may end up with a huge list that's big to your head. Now all you need is a number of employees to support the technology, and a budget report to get the job done, and the list is much more detailed than before.
If you are a company like AMD chips, it may be mandatory to contribute important drives and other code to the Linux kernel. But contributing to libreoffice may not be so. Or, if you bet the future of Hadoop on deep data analysis, you should work more on Hadoop, even if you choose to enjoy the OpenSSL community. The CIO, Dish NX, the US satellite television operator, said last week that the next step would be to move the important workload to the relational database Apache Kafka, where the code investment on Kafka was huge, even if it did not contribute to the Apache HTTP Server project.
Each company has its priorities, and priority should be confirmed by serious testimony that they are open source. This is to some extent an act of ensuring the safety of the project. This is also a way to influence the direction of the project to another extent. But at the same time, Red Hat chief executive Jim Whitehurst announced that as early as 2008, this is the best way to reduce it waste:
Today most of the software is written by the enterprise, but also for the enterprise use, not for sale, even the vast majority of software has never been used. In this IT software development industry is an extraordinary waste ah. For the current globalization of open source, the value of open source is obvious to all, we need our customers are not only open source products users, but also to really engage in open source and participate in the development community.
Comerford insists that "if I use Open-source software that is critical to business, I will hire people to actively contribute to the software, and the core developers should know that." "This is the key to open source software: Contribute, not just use it."
Original link: http://code.csdn.net/news/2820036