Thursday, 12 October, 2017 UTC


In just a few weeks, we’ll be heading out to the Open Source Strategy Forum in New York City.
At OSSF, there are a wide variety of talks, covering topics of community-wide appeal. Everything from understanding licensing issues, like those we recently saw around BSD+Patents in the React community, to enabling developers to contribute back in the open.
Before we head out, we wanted to share some of the talks we’re looking forward to at the event.
The Case for Open Source Software, Revisited
Speaker: Paul Walker
Location: 16th Floor
Time: 9:35am
Abstract: The way we talk about open source software can expand or contract the community around it. In this talk, I’ll discuss strategies for effectively advocating open source software to non-technologists in financial services. I’ll share (hopefully) amusing and thought-provoking examples from my own experience of approaches to sharing our passion for OSS. My goal is to make each of us more effective and enthusiastic advocates for open, shared, reusable software.
Comcast's Journey & Transformation to Open Source
Speaker: Nithya Ruff of Comcast
Location: 16th Floor
Time: 11:00am
*Abstract: *Comcast is a Fortune 50 company and many do not know that it has been quietly transforming itself into a software company. And this transformation has included building an open source strategy office. I would like to cover why we started the OS office and what the benefits to the company are. This is very relevant to many companies which have not always started out as technical or software companies.
Extending GitHub to meet your Open Source Policy
Speaker: Jamie Jones of GitHub
Location: 10th Floor
Time: 11:00am
*Abstract: *GitHub is often described as the home of the Open Source, but that doesn’t mean it comes easy. This talk will go over how you can use the features within GitHub (and that you can extend yourself) to meet many of your policy, security, and workflow needs. It includes looking at features such as Protected Branches, Code Approvals, and building your own integrations with PRobot. This presentation will give attendees the confidence to align Github with their own organizational needs and compliance requirements.
Protecting the Financial Services Community from (Open Source) Patent Trolls
  • Ken Seddon, CEO, LOTNetwork
  • Gideon Myles, Lead IP Counsel, Dropbox
  • Daryl Wooldridge, Global Head of Intellectual Property Management, JP Morgan Chase & Company
  • Kevin Prey, IP Counsel, SAP
Location: 10th Floor
Time: 11:45am
*Abstract: *Companies spend over $29B each year on legal costs defending themselves against patent trolls. Over half of companies targeted by trolls make less than $10M in annual revenue — and companies engaging in software — like those involved in open source development — are the most likely to be sued. LOT Network CEO Ken Seddon will bring a panel of speakers from member companies such as SAP, Google, JP Morgan Chase and Dropbox to share strategies on how companies in the open source community can protect themselves from costly and frivolous litigation that drains funds away from innovation.
The Cost of Free Software: How to Manage Risk In An Open Source World
Speaker: Joe McCann of NodeSource
Location: 16th Floor
Time: 12:45pm
Abstract: There is a growing commercial ecosystem around open source technologies to enable and empower the teams responsible for mission critical, client facing, and revenue generating applications. Joe McCann, CEO and Founder of NodeSource, the Node.js Company, has helped many companies in financial services, capital markets and investment and retail banking successfully adopt and integrate Node.js, the fastest growing open source technology on Earth, safely and reliably into their IT organizations. Joe will share some simple strategies and some considerations on how to best balance the desire for the speed and efficiency associated with leveraging open source technologies.
Security in the Age of Open Source
Speaker: Michael Pittenger of Black Duck Software
Location: 16th Floor
Time: 1:30pm
Abstract: Open source has been embraced by enterprises in the private and public sector. Where software previously was built from scratch, today’s applications can be comprised of more than 80% open source.
This session will look at the security implications of the unmanaged use of open source drawing on Black Duck’s empirical research on the use of open source in commercial software. The talk will provide attendees with:
• Research results on the use of open source • The security implications of poorly managed open source policies • Why open source needs to be tested differently than custom code • Strategies for addressing these differences, and best practices to mitigate risk
How Financial Services can migrate to the public, private or hybrid cloud with Kubernetes
Speaker: Dan Kohn of the Cloud Naive Computing Foundation
Location: 10th Floor
Time: 2:15pm
Abstract: This talk will look at several real-world cases in finance where existing monolithic, legacy applications deployed in multi-billion dollar companies were slowly evolved into cloud native microservices architectures on Kubernetes. They did so step-by-step, shaving off individual pieces of functionality into new applications that were packaged into new microservices applications, until the original monolith was eventually cut down to a reasonable size. In doing so, they demonstrated that the cloud native architecture is suitable across most categories of computing, including both greenfield and brownfield development.
Use DevOps to shift Left Your Application Security
Speaker: Rebecca Aspler of Whitesource
Location: 10th Floor
Time: 3:45pm
*Abstract: *Open source software usage is growing day-after-day, comprising today 60%-80% of the code, with both SMBs and Enterprises. Unfortunately, many of these open source components come with liabilities in their license agreements, and one out of every 16 open source download requests is for a component with a known vulnerability. In this talk, we will discuss the challenge of tracing and mitigating these risks, as an integral part of your DevOps. We will introduce the challenges of today’s application security and hence the need for a software composition analysis (ScA) tool. Rami Sass from WhiteSource will discuss the ways that mitigate these risks. Finally , we will showcase a real-life example of such an integrated open source management-enabler.
Just one more thing...
We're excited for OSSF, and can't wait to see everyone there! If you’re in New York City, and are interested in Open Source at enterprise scale, be sure you check out the OSSF site and register if you’ve not already.
While you're at the event, be sure to stop by and say hello to the NodeSource team at our booth - we'll be there all day, so don't miss a chance to grab some sweet swag and learn how we can help out with Node.js!