Black Duck creates Global Centre for Open Source Research & Innovation

Growing reliance on open source for application development underscores the need for more cutting-edge research – particularly in security.

Black Duck has created a Centre for Open Source Research & Innovation (COSRI), noting that increasing reliance on open source for application development underscores the need for continuing investment in research.
“Open source is the way today’s applications are developed and we expect worldwide adoption will continue to accelerate because of the compelling economic and productivity benefits open source provides. Over the next decade, more cutting-edge research, innovation, information and education – particularly related to open source security – are needed to ensure the open source ecosystem remains vibrant. We will be a leader in that effort,” said Black Duck CEO Lou Shipley.
COSRI will be based at Black Duck’s Massachusetts headquarters and Shipley said the two new Black Duck research groups in Canada and Europe will play major roles in its initiatives.
Europe-based Black Duck Security Research analyses security issues and attack patterns in open source software to provide customers with actionable information on vulnerabilities, corrective actions to reduce risk, and strategies for using open source effectively. The Vancouver, Canada group conducts applied research in data mining, machine learning, natural language processing, big data management and software engineering.
“Both groups will be sources of valuable research and reports throughout the year. Their work will help us innovate and improve our open source security and management solutions and a great deal of what they do will also be shared for the benefit of the open source community,” said Shipley.
Through COSRI, Black Duck will continue to issue periodic Open Source Security Audit (OSSA) reports analysing results of applications audited by the company’s On-Demand business as part of M&A activities. Black Duck published a revealing report earlier this year highlighting the challenges organisations face in securing and managing their open source. One eye-opening OSSA finding was that 67 per cent of the applications contained security vulnerabilities in open source components.
Shipley said the research teams’ work will also add to and enhance Black Duck’s KnowledgeBase™, the world’s most complete, current and accurate repository and database of open source software, associated licenses and other critical information, including known security vulnerabilities. “The KnowledgeBase is the foundation for our products and we’ve been building it for more than a decade. That work will continue uninterrupted as a component of COSRI,” he said.
Black Duck’s Open Hub, its online community and public directory of free and open source software (FOSS), will also be part of COSRI. Open Hub offers analytics and search services for discovering, evaluating, tracking and comparing open source code and projects.
“To continue to grow and thrive, open source needs an active community. Our investment in Open Hub will continue as we include it under the COSRI umbrella,” Shipley said.
SLE Micro is rapidly becoming a critical foundation of customers’ digital transformation, in embedded devices, edge use cases and industrial IoT.
Veritas InfoScale native deployment in Kubernetes environments, including Red Hat OpenShift, will improve high availability, persistent storage and storage optimisation for containerised applications.
Canonical has released Ubuntu 21.10 - the most productive environment for cloud-native developers and AI/ML innovators across the desktop, devices and cloud.
Data from 1,200 respondents and insights from seven industry experts reveal rapid growth, some growing pains.
Civo, a pure play “cloud native” service provider, has published the result of its research on the use of containers in organisations. It surveyed 1,000 cloud developers and found that half reported their organisation use containers now, and 73% of those organisations are using it in a production environment. However, the research also revealed that complexity around container orchestration is hindering adoption, with 47% reporting that this complexity is slowing down their organisation’s use of containers.
Now, organizations can quickly set data in motion on their private infrastructure with the simplicity, elasticity, and reliability of cloud-native data systems.
Kubernetes, supported by a vibrant open source community, can drive outstanding innovation. To help in Kubernetes adoption, Red Hat and IBM Research have created Konveyor, an open source project aimed at helping modernize and migrate applications for open hybrid cloud by building tools, identifying patterns and providing advice on how to bring cloud-native transformation across IT. Konveyor also supports a growing number of tools, such as Crane, Forklift, Move2Kube, Tackle, and Pelorus, designed to accelerate Kubernetes adoption.
New Mendix survey shows that British businesses are investing in low-code to respond to the new strategic mandate for IT teams.