Cloudmade will give a talk about the OpenStreetMap project, how open licensed geo-data is being created in an open community, and how it can be used, on 27th April 2009 from 1800 hours for the Open Source Specialist Group (OSSG) and the Geospatial Specialist Group at the BCS Central London Offices, First Floor, The Davidson Building, 5 Southampton Street, London WC2E 7HA.
The Annual General Meeting (AGM) of the Open Source Specialist Group (OSSG) will be held on 14th May 2009 from 1800 hours at the BCS Central London Offices, First Floor, The Davidson Building, 5 Southampton Street, London WC2E 7HA.
Please send nominations for all OSSG Committee member posts to Mark Elkins at email@example.com
Friday 7th (Tutorials), Saturday 8th & Sunday 9th August Conference
Venue: Birmingham Conservatoire, School of Music, Birmingham City University,
Paradise Place, Fletchers Walk, Birmingham B3 3HG
Call For Papers
Summer 2009 will take place at the Birmingham Conservatoire from Friday 7th to
Sunday 9th August. The conference this year will have a choice of conference
streams, and we are particularly keen to get other groups and projects
Ivan Ristic will give a talk on Open Source Security for the Open Source Specialist Group (OSSG) on Monday 30th March 2009 from 1800 hours at the BCS Central London Offices, First Floor, The Davidson Building, 5 Southampton Street, London WC2E 7HA.
“Ivan RistiÃ„â€¡ is an open source advocate, entrepreneur, writer, programmer and web security specialist. He is the principal author of ModSecurity, the open source web application firewall, and the author of Apache Security, a concise yet comprehensive web security guide for the Apache web server” www.ivanristic.com
Type the words “open source security” into a search engine and you will get dozens of links to articles, blog posts, emails, forum messages, and research papers. You can try to read them all, but I don’t think you should bother. The opinions mostly fall under one of the following categories:
Having access to source code is better than not having access to source code.
Community-produced software is better than vendor-produced software.
The freedom to modify source code is a fundamental right of every software user.
Open source developers are careless, disorganised and fickle.
Commercial vendors only care about money.
Who are you going to blame when an open source product fails?
Open source is dangerous, but you can pay us to help you deal with it.
Most of these claims have a grain of truth in them, but they almost always miss the point in trying to distil complex realities into simple convenient truths. That just doesn’t work. The simple truth is that every single project is unique, and must be observed on its own merits. But therein lies the difficulty: how do you determine if a given software product is secure?
I know the proper answer: design an assessment methodology (or use one that already existsÃ¢â‚¬â€the Software Assurance Maturity Model is nearing completion; Building Security In Maturity Model is expected in a week or so), then use it to make informed decisions. While this approach is suitable for academia, it is too inefficient in real life, where you need to make your decisions quickly and effectively. So what do you do?
Did I mention that I spent almost 6 years of my life working on a fairly popular open source project? In that time I struggled to use my limited resources to do what’s best for the project, security being only one of my concerns. I did reasonably well, but made many mistakes along the way. That experience (along with a similar experience in developing closed-source software) has given me an insight into what makes software developers tick and, especially, what makes open source software tick.
So I came up with an idea to avoid measuring the quality of code itself (because that’s too difficult and time consuming), instead focusing on the external manifestations of good and bad practices. I call it a Project Security Posture Review. A review might focuses on the following aspects:
Does the organisation follow good software development practices?
How are security issues handled?
Are there any public-facing services available (e.g. source code repository, issue tracking, wiki, etc.)?
Is the source code tidy?
Is the project mature and popular?
Does the project have a reputation for quality?
The idea is that you can answer most of the questions by simply looking at the project’s web site, browsing through its code and documentation, and looking at the experiences of other people with it. The obvious advantage of this approach is that it is quick, even though it may be somewhat inaccurate.
Over the past decade, the Open Source Software (OSS) phenomenon has had a global impact on the way organisations and individuals create, distribute, acquire and use software and software-based services. OSS has challenged the conventional wisdom of the software engineering and software business communities, has been instrumental for educators and researchers, and has become an important aspect of e-government and information society initiatives. OSS is a complex phenomenon and requires a interdisciplinary understanding of its engineering, technical, economic, legal and socio-cultural dynamics.
The goal of OSS 2009 is to provide an international forum where a diverse community of professionals from academia, industry and public administration can come together to share research findings and practical experiences. The conference is also meant to provide information and education to practitioners, identify directions for further research, and to be an ongoing platform for technology transfer
The organizers are happy to announce the keynote speakers for the conference: Stormy Peters, executive director of the GNOME Foundation; and Brian Behlendorf, founder of the Apache Software Foundation and of CollabNet.
The conference includes presentations of research papers, panels, and a poster session featuring accepted academic and industry posters.
Contributions are invited but are not limited to the following topic
o Ã‚Â State of the Art developments in Open Source GIS o Ã‚Â Open Source GIS
in Education o Ã‚Â Interoperability and standards – OGC, ISO/TC 211 o Ã‚Â Open
Source GIS application use cases : Government, Participatory GIS,
Location based services, Health, Energy, Water, Climate change etc o
Web processing services o Ã‚Â Open architectures, open content o Ã‚Â Case
studies of open source implementations o Ã‚Â Open Source GIS
Internationalisation and Localisation o Ã‚Â Using Open Source GIS with
proprietary software o Ã‚Â Transition to Open Source GIS o Ã‚Â Open Source GIS
business models o Ã‚Â Open Source GIS implementation and deployment case
studies o Ã‚Â Sensor Web enablement o Ã‚Â Hands-on workshops on using and
developing open source GIS tools
Dr Graham Oakes will give a talk on Open Source for Business in an Open Source Specialist Group (OSSG) supported event for BCS Chester, North Wales, and Manchester branches on Wednesday 1st April 2009 from 1800 hours at Birchwood Conference Centre, Warrington, WA3 6YN (see http://maps.google.co.uk/maps?q=WA3+6YN for directions).
Open Source software has risen to prominence in the last decade. This talk will examine the relevance of open source to business from two perspectives — how can businesses use open source software for their everyday operations, and how are people building sustainable businesses by “giving away” the software they develop? To do this, the talk will provide a background of what Open Source software is and how it differs from proprietary software. It will then discuss the values and business models applying to Open Source development, the range of Open Source software which is now available, and the benefits and risks of using Open Source software.
Dr Graham Oakes, is a member of the committee of the BCS Open Source Specialist Group. As an independent consultant, he helps organisations to untangle complex technology, processes, relationships and governance. His book “Project Reviews, Assurance and Governance” was published by Gower in October 2008.
Event registration details
Admission is free, and open to non-members, but please register your interest (if possible before the 27th of March) to help ascertain numbers for the free buffet etc. e-mail to firstname.lastname@example.org.