SoylentNews is people
SoylentNews
The European Union will foot the bill for bug bounty programs for 14 open source projects, EU Member of Parliament Julia Reda announced this week.
The 14 projects are, in alphabetical order, 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, midPoint, Notepad++, PuTTY, the Symfony PHP framework, VLC Media Player, and WSO2.
The bug bounty programs are being sponsored as part of the third edition of the Free and Open Source Software Audit (FOSSA) project.
EU authorities first approved FOSSA in 2015, after security researchers discovered a year earlier severe vulnerabilities in the OpenSSL library, an open source project used by many websites to support HTTPS connections.
(Score: 5, Informative) by Thexalon on Sunday December 30 2018, @11:41PM (1 child)
This is complete nonsense:
- The megacorps do in fact put money into open source software. Quite a lot of it. As in, a substantial percentage of the people working on it get paid to do so by IBM, Oracle, Facebook, Google, Apple, and sometimes even Microsoft. Another substantial portion are working for Red Hat and Canonical and other big FOSS organizations and businesses and are indirectly funded from megacorps and governments. The reason they do this is that as users of FOSS and sellers of related services, they have an interest in making FOSS work better. Of course, sometimes they're dumb about it, but it's not like they aren't involved.
- A lot of the other development on open-source projects comes from businesses that are using it in some way and need either a feature or a bug fix that nobody else has currently provided. For instance, I was involved in a project to add a substantial new feature to the Asterisk phone software, because at the time it only worked with GSM phones and I was contracting to a company that had a network based on CDMA. We ended up paying a contractor with specific expertise to add in support for CDMA to Asterisk: He got paid for his work, the company I was working for got a tool that did what they needed for far less money and more flexibly than their proprietary alternatives, and the Asterisk project got a fairly substantial patch contributed upstream to handle those kinds of phones. Everybody won, except the makers of expensive proprietary alternatives.
- Even if you have a stack of open-source software, every large business that I've ever interacted with has a ton of their own home-grown software that needs to be improved and maintained. For example, I know a significant number of people who currently or used to work for Progressive Insurance on their software, because they hire a lot of programmers in the area to work on the software that determines their risk assessments and pricing as well as their online sales software. They rely on some open source software as a platform to run that stuff, but they would never even think about replacing those programmers with open-source stuff because those risk assessments and pricing systems are extremely valuable trade secrets, and the online sales software is their branding and marketing all of which they would definitely not want to give away. Lots of smaller businesses have enough of this kind of custom software that companies that provide software development services can survive just fine.
- You and any other random person or organization can use FOSS for basically free if you so choose, so you benefit from it. That means, among other things, that you don't have multiple programmers banging their heads against the wall solving the exact same problem over and over again, leaving those programmers free to focus on that home-grown software I just mentioned in the previous point, or add in new features somebody needs, or fix bugs that somebody needs addressed. That's a substantial economic efficiency.
- Even if everything you had written was true, it's still wrong. For example, imagine if Apache Tomcat does not exist, and the only ways to host JSP-based web applications are IBM Websphere and Oracle iPlanet. Also assume for the sake of argument that nobody is choosing to switch from JSP to something else because we've also gotten rid of Apache, nginx, and so forth, so everyone who is currently using Tomcat is now buying either Websphere or iPlanet. Now, which of these two things do you expect to happen: (A) IBM and Oracle hire a ton of programmers to make a bunch of probably-unnecessary changes to their software, (B) IBM and Oracle get into a price war, driving the price of those packages from hundreds of dollars per server to $5 a server, or (C) IBM and Oracle just keep the money from all this newfound business and report a nice boost in earnings-per-share in the next quarter, benefiting Larry Ellison, Ginni Rometty, and Wall Street but nobody else? I'd put my money on option C.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by Pav on Tuesday January 01 2019, @12:46AM
Both Free Software and Open Source Software failed...
Free Software failed by being unable to find a way to make a buck in a way that didn't compromise their principles.
Open Source Failed by saying "f*** principles" and concentrated on becoming the next 800 pound gorllia IBMs and Microsofts (just with a different coding paradigm). Granted, some would say that isn't a failure. If Thomas Piketty is right though it will turn into a societal failure in the medium term.
Personally I think the Free Software movement should ally with the Cooperative Movement... I think the coop movement could give "democratic capitalism" to free software, and free software could give a much lower startup cost, and methods to collectively design business models to DRASTICALLY lower the cost and risk of average citizens starting businesses.