Scanner Spots Open Source Installations

Mike writes "Information security firm OpenLogic has begun letting users download 'Discovery,' an application that scans Windows, Linux, and Solaris machines and attempts to identify open source software. The Discovery application claims to identify more than 5,000 versions of the top 900 open source packages. The scanning engine is able to detect open source installations whether they were installed explicitly or bundled with other software products. Kim Weins, vice president of marketing, says 'We developed it in response to customers not knowing what open source programs they were using.' I can't help but think that this a move to slyly demonize FOSS by scaring businesses into thinking they don't know what's on their PCs."

Free download but a form to fill prior download

[Lord+Satri]

I'm probably not alone curious and wanting to download this free app to (re)discover which OSS is installed on my computers... You can download it from here: http://www.openlogic.com/discovery/new_download_re gister.php?ls= and you need to give your name, email, location and some more before downloading the beast.

Re:Free download but a form to fill prior download

[$RANDOMLUSER]

Sure, and while you're there, check out their page about "indemnification".

Why Is Indemnification Important?
There are many benefits to using open source software, but in some cases there are lingering legal concerns around deploying open source in the enterprise. In order for enterprises to fully embrace a broad range of open source software, they need to be able to deploy, manage and control open source while limiting the associated legal and compliance risks. For the first time, enterprises can now access indemnification coverage for a broad range of open source products from a single vendor.

Let's try to make some money from FUD, eh?

Re:Free download but a form to fill prior download

[hazem]

Actually, you're spreading a bit of FUD yourself.

You can use OSS all you want and your IP is safely yours. It's only when you want to incorporate OSS software and code in your own code that you are then bound by the OSS terms.

For example, you can:
use OpenOffice to write all your documents
use Gimp to do your image processing
use vi/emacs to edit your source code
use gcc to compile your program (be careful what you link to)
use PDFMaker to generate PDFs from your programs
use Firefox to browse the web
use Thunderbird to handle your e-mail
use apache to serve your web pages
and so on

and your code and works are still completely your own, free to distribute in any way you see fit.

You are free to use OSS in any way and for any purpose. It's only when you want to redistribute it in some way (including incorporating it into your own work) that you incur any restrictions.

I refer you to:
http://www.gnu.org/licenses/gpl-faq.html#GPLOutput
and
http://www.gnu.org/licenses/gpl-faq.html#TOCWhatCa seIsOutputGPL

can see it now!

[jshriverWVU]

CEO: we need to start scanning now!
IT Guy: which computers should we start with?
CEO: Start with the people who file the most computer complains and go downward
..
..
..
(IT guy comes back next day)
IT Guy: Sir all of the Vista machines who had problems reported 0 infections, and at the bottom of the list the department running OS X and Linux development machines. They had tons of the stuff.

Re:What's with the paranoia?

[kindbud]

Yeah, right.

Why Is Indemnification Important?
There are many benefits to using open source software, but in some cases there are lingering legal concerns around deploying open source in the enterprise. In order for enterprises to fully embrace a broad range of open source software, they need to be able to deploy, manage and control open source while limiting the associated legal and compliance risks. For the first time, enterprises can now access indemnification coverage for a broad range of open source products from a single vendor.

http://www.openlogic.com/products/indemnification. php

They're selling indemnification insurance. Open Logic is a capitalist enterprise, not some FOSS charity. They're in the business of monetizing FUD.

Since they quoted me..

[Kim+weins]

I just want to let you know OpenLogic is a big fan of source. Our mission is to enable companies to use more open source software. Our whole business is built around that proposition, so we are definitely not trying to get companies to remove FOSS. The reality is that enterprises we work with are already using lots of FOSS -- whether they realize it or not. However, the corporate legal, compliance, IT and architecture folks want to know that they have certain policies and procedures in place around open source -- especially for software that's going outside the company or software that's going into production. By getting certification, support and indemnification from OpenLogic, it allows the corporate compliance types to feel MORE comfortable about FOSS and therefore be more willing to let developers use FOSS. The reason that we developed this free tool is that when we talked to companies, they weren't really sure what FOSS they were using. For many companies, the asset management tools that they already have in place can not necessarily detect open source software. We wanted a simple tool that would let them create that inventory. As far as registration, we have been debating that internally and have some changes planned to reduce the barriers -- so stay tuned on that front. Kim Weins

The Backfire.

[twitter]

FTFA:

Customers would guess that they had 15 or 20 open source products on their networks only to discover that workers were using 200 or more open source applications, she said.

Knowledge is your friend. If their intention is to root the applications out, they will discover how expensive non free software really is. Awareness always leads to more free software use.