Components Becoming Major Source Of CVEs

Earlier today Sonatype released the results of  their annual survey. The survey looks at the extent to which developers use open source components, with a particular focus on how they balance the competing needs of speed and security. The data makes it clear that security is very often not the priority.

The results of the survey show the massive extent to which developers now rely on components. Of course, this has been the case for many years, but the full maturation of the concept of component assembly rather than code writing is well illustrated here. Continue reading

Stopping the Snoopers Charter isn’t Enough

In a welcome move, Nick Clegg announced his opposition to the communications data bill (CDB) last week. His article in the Telegraph listed five reasons why CDB went “too far” in its attempted legislation. Among those reasons was the ease with which competent criminals could sidestep the effects of CDB and the alarming precedent the UK government would be setting for other countries in the scope of its jurisdictional claims. He’s not on his own; these arguments and many more have been brought against CDB from a wide range of opposition.

Continue reading

On Tour

Simon is heading to the USA soon, and will be at the following venues:

If you would like to meet him or even book him for your own event, please let us know and we’ll see what we can do.

Two Weeks of Big News at MariaDB

MariaDB LogoLots of big MariaDB news these last couple of  weeks:
  • Last week Wikimedia foundation fully migrated their English and German Wikipedias over to MariaDB.
  • As reported here on Meshed Insights, we also heard that the MariaDB Foundation has appointed an interim board to oversee the election process of a new board in July.
  •  This week brought the exciting news of a merge between SkySQL and Monty Program Ab. This is especially good for the core MariaDB developers as it assures them ongoing backing.
  • Along with the above announcement, SkySQL joined the MariaDB Foundation as its first Platinum member.
  • Matthew Aslett  highlights the growth of MariaDB and importance of  the MariaDB Foundation during his Percona Live keynote.

Community vs Technical Debt

OpenJDK CommunityOracle’s Java technical chief recently admitted that dealing with long standing security issues has hampered the release of the latest Java instalment. The issues didn’t necessarily originate with Oracle, they’ll have been accumulating over many years, first at Sun and then at Oracle. The problem has been that until now these issues have been on a continual back burner, the “tyranny of the urgent” focussing developer attention onto business considerations as the priority.

Dealing with this technical debt is clearly a time consuming affair, but eventually it catches up with a project and needs to be handled. Some long lived projects don’t seem to gather this sort of flotsam though; the key is in the community. Proprietary projects are often forced to be solely feature focussed, but open projects with a healthy community are in a much better position to bypass the problem of technical debt, as community members will often pour enthusiasm and expertise into resolving the backlog. Continue reading

Free Software Needs Support

This open letter from the director of Bytemark Hosting is a call for other hosting companies to help financially support the development of a new free email client. It asserts that by supporting this particular project the industry as a whole can progress, becoming better able to compete with propriety software giants.

The principle seems valid enough, if you want a project to succeed, adding value to your own product, you need to give that project your support. Hopefully hosting companies will see this call, respond, and take its underlying principle on board. Read more in today’s CWUK article.