In just a few weeks, the NodeSource team will be attending the Open Source Strategy Forum in New York City. There some compelling talks on the schedule for November 8th, covering topics of community-wide appeal. Everything from understanding licensing issues, like those we recently saw around BSD+Patents in the React community, to enabling developers to contribute back in the open. Here are a few of the talks we’re looking forward to at the event.
If you or your team work with Node.js (or are planning to!), please also consider signing up for Node.js Best Practices Training, hosted by NodeSource, on November 7th. This one-day workshop covers a wide variety of best practices for building and deploying Node.js applications in production. The course has a strong focus on application design patterns and emphasizes hands-on learning with several interactive labs.
Comcast's Journey & Transformation to Open SourceSpeaker: Nithya Ruff of Comcast
Time: 11:00am
Comcast is a Fortune 50 company and many do not know that it has been quietly transforming itself into a software company. And this transformation has included building an open source strategy office. I would like to cover why we started the OS office and what the benefits to the company are. This is very relevant to many companies which have not always started out as technical or software companies.
Extending GitHub to meet your Open Source PolicySpeaker: Jamie Jones of GitHub
Time: 11:00am
GitHub is often described as the home of the Open Source, but that doesn’t mean it comes easy. This talk will go over how you can use the features within GitHub (and that you can extend yourself) to meet many of your policy, security, and workflow needs. It includes looking at features such as Protected Branches, Code Approvals, and building your own integrations with PRobot. This presentation will give attendees the confidence to align Github with their own organizational needs and compliance requirements.
The Cost of Free Software: How to Manage Risk In An Open Source WorldSpeaker: Joe McCann of NodeSource
Time: 12:45pm
There is a growing commercial ecosystem around open source technologies to enable and empower the teams responsible for mission critical, client facing, and revenue generating applications. Joe McCann, CEO and Founder of NodeSource, the Node.js Company, has helped many companies in financial services, capital markets and investment and retail banking successfully adopt and integrate Node.js, the fastest growing open source technology on Earth, safely and reliably into their IT organizations. Joe will share some simple strategies and some considerations on how to best balance the desire for the speed and efficiency associated with leveraging open source technologies.
Security in the Age of Open SourceSpeaker: Michael Pittenger of Black Duck Software
Time: 1:30pm
Open source has been embraced by enterprises in the private and public sector. Where software previously was built from scratch, today’s applications can be comprised of more than 80% open source.
This session will look at the security implications of the unmanaged use of open source drawing on Black Duck’s empirical research on the use of open source in commercial software. The talk will provide attendees with:
- Research results on the use of open source
- The security implications of poorly managed open source policies
- Why open source needs to be tested differently than custom code
- Strategies for addressing these differences, and best practices to mitigate risk
Speaker: Dan Kohn of the Cloud Naive Computing Foundation
Time: 2:15pm
This talk will look at several real-world cases in finance where existing monolithic, legacy applications deployed in multi-billion dollar companies were slowly evolved into cloud native microservices architectures on Kubernetes. They did so step-by-step, shaving off individual pieces of functionality into new applications that were packaged into new microservices applications, until the original monolith was eventually cut down to a reasonable size. In doing so, they demonstrated that the cloud native architecture is suitable across most categories of computing, including both greenfield and brownfield development.
Use DevOps to shift Left Your Application SecuritySpeaker: Rebecca Aspler of Whitesource
Time: 3:45pm
Open source software usage is growing day-after-day, comprising today 60%-80% of the code, with both SMBs and Enterprises. Unfortunately, many of these open source components come with liabilities in their license agreements, and one out of every 16 open source download requests is for a component with a known vulnerability. In this talk, we will discuss the challenge of tracing and mitigating these risks, as an integral part of your DevOps. We will introduce the challenges of today’s application security and hence the need for a software composition analysis (ScA) tool. Rami Sass from WhiteSource will discuss the ways that mitigate these risks. Finally , we will showcase a real-life example of such an integrated open source management-enabler.
We look forward to seeing you at the Open Source Strategy Forum on November 8th!