In April Mirko Böhm and myself participated at a workshop about security of Free Software. Below the paper which resulted out of it:
In April 2017, the Digital Society Institute hosted a workshop entitled "How Secure is free software? Security record of open source and free software." The workshop included contributions from Matthias Kirschner (Free Software Foundation Europe), Kathrin Noack (Karlsruhe Institute of Technology, Projekt secUnity), Michael Kranawetter (Microsoft) and Carl- Daniel Hailfinger (German Federal Office for Information Security).
https://www.esmt.org/sites/default/files/dsi_ipr5_engl-dt.pdf (English and German)
Looking forward to your comments.
Best Regards, Matthias
Hi Matthias,
On Friday, 2017-08-18 10:51:21 +0000, Matthias Kirschner wrote:
https://www.esmt.org/sites/default/files/dsi_ipr5_engl-dt.pdf (English and German)
Looking forward to your comments.
Thanks a lot! I think that is a valuable summary of analysis which can be used when presenting Free Software to decision makers who aren't quite accquainted yet with this field..
I also like that in the recommendations it mentions enterprises should build developer capacity and get involved with the community. This can't be emphasized enough.
What might be missing are some pointers to sites with information about how projects value best practices and address security measures, for example https://scan.coverity.com/projects https://bestpractices.coreinfrastructure.org/
Eike
* in this context proud to work on a project that achieved 0.00 defect density on Coverity https://scan.coverity.com/projects/libreoffice
Hi Matthias,
On Friday, 2017-08-18 10:51:21 +0000, Matthias Kirschner wrote:
https://www.esmt.org/sites/default/files/dsi_ipr5_engl-dt.pdf (English and German)
Looking forward to your comments.
It was pointed out to me by a very attentive reader ;) that the English version has some odd use of "free of licensing". The German sentence
" Freie Software zeichnet sich dadurch aus, dass Ihre Verwendung, Analyse, Verbreitung und Verbesserung unabhängig von den konkreten Lizenzmodellen grundsätzlich genehmigungsfrei ist. "
was translated to
" Free software is characterized by the fact that its use, analysis, distribution, and improvement is, in principle, free of licensing, regardless of the specific licensing models. "
Theproblem is "genehmigungsfrei", which can be translated as "free of licensing", but in this context shouldn't, as almost every Free Software *does* come with some license.
I think a much better approach would be to use "free of approbation".
Eike
Dear Eike,
* Eike Rathke [2017-08-25 18:18 +0200]:
Theproblem is "genehmigungsfrei", which can be translated as "free of licensing", but in this context shouldn't, as almost every Free Software *does* come with some license.
I think a much better approach would be to use "free of approbation".
Thank you very much. I am contacting the authors about that.
Regards, Matthias