I had the privilege of being a panelist at the inaugural “India Digital Open Summit” held in Mumbai, India on 19th January 2018.
The event was organized by Reliance Jio and held at the Jio Talk Auditorium, Learning & Development Center, Reliance Corporate Park in Navi Mumbai. My first visit to that part of Mumbai so it was all good and exciting for me.
This Summit was organized jointly by Reliance Jio, The Linux Foundation and Cisco.
The event first of a four city Linux Foundation open source* series to be held in India this year. I am particularly interested in this specific event because of it being organized and run by a up and coming mobile telco, Reliance Jio.
It is really good, from my perspective, that open source is now the driver for all sectors of the global economy and now all corporate entities who expect to be still around over the next five years, are recognizing and acting on getting this into their organizations. We are long past the salad days of free and open source and we are now benefiting from the struggles of the last 20-30 years.
The entire panel discussion can be viewed here.
I would like to perhaps highlight a two things that I was asked about and give added context.
The first was in terms of security of open source software. The typical comment that I’ve heard over the last two decades is that because the code is open, it therefore is prone to being turned into malicious code. The root of this myth is from statements that were made in the late 1990s and early 2000s by proprietary vendors trying to sow F.U.D amongst the technology buyers who were told that only closed proprietary software is secure because no one else can look at it. It is the classic “trust me <wink> <wink>” statement.
Open source is indeed more that good enough such that even the CIO of New York Stock Exchange Euronext endorses it for the NYSE. Billions are traded daily on the NYSE. If they can reap benefits from open source, so can any other entity.
Never mind that endorsement. Just look at what’s happened in the last few weeks around security – specifically in the CPU (i.e., the actual hardware) that runs almost 100% (or very close to it) of the world’s computing systems, mobile phones etc. The specific issue is about Spectre and Meltdown. Mitigation of this hardware issue is driven by the open source community and Red Hat has taken a lead position in it while working in tight collaboration with the rest of the industry, including proprietary OS vendors. If it weren’t for the open source developers, we won’t have been able to do the mitigation as quickly as we have been (and work still continues nonetheless).
So, I do hope that we have put behind us this uninformed statement that “open source software is not secure”.
The second comment is about a question that I was asked was about how open source code is being taken by corporates and turned into products and that the developers of these are not being compensated. This is an important question and will be asked over and over again.
This is where I am particularly proud to be a Red Hatter because what we do is to be trusted entity between the FOSS community of developers and projects and the enterprises who see tremendous value in the open source projects that become products that enterprises can use.
Red Hat can be likened as a gardener/farmer who tends the garden/farm that has many different crops, plants (projects). We harvest good projects from the farm and turn them into products. In that process, additional work is done in security, features, documentation, certification etc so that we can make the open source product ready for enterprises. These changes/enhancements are fed back into the open source projects. This two way process is what we do to ensure that the ecosystem of open source projects are indeed thriving and growing while we bring sanity and accountability to enterprises who use these project/products. Red Hat is a equal peer player/participant in the projects and that is how one gains trust in the community and also how we then are able to bring accountability to the enterprise.
Overall, I enjoyed my pane and I must thank Rajan for being an excellent moderator.
[this post first appeared here: https://www.linkedin.com/pulse/open-source-security-collaboration-harish-pillay/%5D