"Het zou interessant zijn als iemand de bron van dit nieuwsbericht induikt om samen te vatten wat die wijzigingen in de Linux Kernel nu zijn."
Nu kon ik zo snel de wijzigingen niet vinden, maar wellicht dat ik deze later nog tegen kom, en mocht dat zo zijn, dan wordt i hier later nog toegevoegd.
Maar kon er wel iets over vinden:
BLACK DUCK - MANAGING AND SECURING OPEN SOURCE SOFTWARE IN THE AUTOMOTIVE INDUSTRY
= het gehele stuk.
The most common challenges were GPL license violations, with 75 percent of applications containing components under the GPL family of licenses, but only 45 percent of those applications were in compliance with GPL obligations. As auto OEMs work with software providers, a growing set of open source components is making its way into automobile systems. Open source code is being channeled through countless supply chains in almost every part of the automotive ecosystem. To make progress in defending against open source security threats and compliance risks, both auto OEMS and their suppliers must adopt open source management practices that:
FULLY INVENTORY OPEN SOURCE SOFTWARE:
Organizations cannot defend against threats that they do not know exist. A full and accurate inventory (bill of materials) of the open source used in their applications is essential.
MAP OPEN SOURCE TO KNOWN SECURITY VULNERABILITIES:
Public sources, such as the National Vulnerability Database provide information on publicly disclosed vulnerabilities in open source software. Organizations need to reference these sources to identify which of the open source components they use are vulnerable.
IDENTIFY LICENSE AND QUALITY RISKS:
Failure to comply with open source licenses
can put organizations at significant risk of litigation and compromise of IP. Likewise, use of out-of-date or poor quality components degrades the quality of applications that use them. These risks also need to be tracked and managed.
ENFORCE OPEN SOURCE RISK POLICIES:
Many organizations lack even basic documentation and enforcement of open source policies that would help them mitigate risks. Manual policy reviews are a minimum requirement, but as software development becomes more automated so too must management of open source policies.
ALERT ON NEW SECURITY THREATS:
With more than 3,500 new open source vulnerabilities discovered every year, the job of tracking and monitoring vulnerabilities does not end when applications leave development. Organizations need to continuously monitor for new threats as long as their applications remain in service.
En wellicht ook nog interesant om te lezen:
= Fossbytes.com - Tesla Starts Open Sourcing Some Software Code After Facing Criticism
En voor de mensen die nog meer vragen hebben over GPL = General Public License, of GNU = GNU is Not Unix, kunnen hier op zo'n beetje alle vragen die je er over kan/kunt hebben een andwoord vinden:
Frequently Asked Questions about the GNU Licenses (gnu.org)
[Reactie gewijzigd door SSDtje op 21 mei 2018 14:46]