I'm sure most of you have heard about the Equifax breach caused by a failure to patch an Apache Struts vulnerability. You may have also heard about Oracle's posturing against open source in response to a separate request by the White House. These two stories are *completely separate* and I don't intend to confuse them nor discuss the specifics of either on this list. Combined, however, they have in recent weeks brought the subject of open source into the spotlight. Both were lengthy discussion topics on the ASF members and board lists. I thought it might be useful to share some information that partially resulted from these discussions.
Today, the ASF published a blog post entitled "Apache is Open" that among other things summarizes how the Foundation works and explains some of the merits of open source: - ASF "Foundation" blog https://s.apache.org/PIRA - @TheASF Twitter feed https://twitter.com/TheASF/status/918489146787688448 - ASF on LinkedIn https://www.linkedin.com/company/the-apache- software-foundation I'd highly recommend everyone involved with the ASF look over it, as it may be helpful for some in gaining a better understanding of the ASF's position on open source and the "Apache way". (Kudos to Sally Khudairi, the ASF's VP of Marketing and Publicity, for putting this together.) Note, this post wasn't intended to be directed at any specific organization or in response to a specific story. It is a resource that can be referenced going forward. This is somewhat old news, but another informational and potentially interesting read is the ASF's official response to Congress regarding Equifax: https://blogs.apache.org/foundation/entry/responses-to-questions-from-us Lastly, for some of the backstory on Oracle you may want to check out: https://www.techdirt.com/articles/20170930/00522238319/ oracle-tells-white-house-stop-hiring-silicon-valley-people- ditch-open-source.shtml Many other articles have been written on the topic in recent weeks. I included this one because it was originally shared on the members list and spurred a lot of discussion. I'm not advocating the article's editorial material in it but it does contain parts of Oracle's response to the White House as well as links to the full responses from Oracle and numerous other organizations. -Andy
