Open Source Delivers

Last week I attended the LinuxCon Japan conference, which was held in Yokohama – one of the great port cities of the world! There’s a terrific Ferris wheel near the conference center that lights up with different colors at night and has a digital clock in the center – a good reminder of the famous [...]

You know that analyzing your code for known open source is important. But now what? What’s the best way to integrate open source code analysis into your software development lifecycle? The answer, of course, is: it depends! There are a number of choices to consider, but no one right answer. When you’re doing multi-source development, [...]

What’s all this I hear about Code Paralysis? What’s so important about code paralysis! We don’t need more code paralysis! Software freezes enough as it is! What’s that? You said Open Source Analysis? Why should I open source my analysis? That’s personal! Code analysis? Oh, you mean I should analyze my code to FIND known [...]

Over the last few months, I’ve had the opportunity to participate in various Software Package Data Exchange (SPDX) standard working groups. Most of my time has been dedicated to the SPDX technical work group, and I’ve also participated in the business work group, and, to a lesser extent, the legal work group.  In this capacity, [...]