Open-Source Approval IBM
Christopher Besch (IBM) • 23rd February 2024

Open-Source@IBM


How docker_logdna got published

What we'll talk about

  1. docker_logdna Recap
  2. What is / Why Open-Source?
  3. Digression: TLS vs TETRA
  4. How to Open-Source@IBM?

docker_logdna Recap

  • Docker logging driver for Logdna / IBM Log Analysis
  • Installed from container registry on server
  • Developed October 2023 on DTH GitHub
  • Open-Sourced December 2023 on public GitHub

What is Open-Source?

This is not legal advice

You (privately) wrote some Code,
Now What?

  • Publish installer?
  • Publish source code?
  • Your code, your copyright!
    • → Without license public not allowed to use/modify code
    • → You choose license

Free (Open-Source)

(as in freedom)

  • Published source-code
    under Open-Source license (OSI approved)
    • Private/Commercial use
    • Modification
    • Conditions
      (e.g. publish only under same license)
    • Still your copyright

Non-free


  • Published (with source-code)
    under proprietary/no license
    • Sold software
      (E.g. Jira)
  • Trade secret
    • Private server application
      (E.g. inbound_parser)

Open-Source Licenses

Permissive Licenses
  • MIT, BSD, Apache, ...
    • No warranty/liability
    • Derivative work with attribution
      Under any license
Copyleft Licenses
  • GPL, AGPL, ...
    • Derivative work under same license conditions
  • LGPL, EPL, ...
    • Use as library ok under different license conditions

Check Dependency Compatibility!

  • Your dependencies limit your license choices

External Advantages

  • Broader adoption
    • Create ecosystem
    • Sell other products (e.g. Docker Desktop)
    • Control
  • Outside contributions
    • Research institutions
    • Find talent
  • We take a lot from open-source, give back
    • Ecosystem health
    • IBM's image
  • Addition for CV

Internal Advantages

  • No authentication for install
  • Easier communication with external projects/support
  • Work mentality: no security through obscurity
  • External trust

Actual Advantages for docker_logdna

  • External Contribution: PR
  • Used in Docker regression report
  • Easier install without private container registry
  • IBM Log Analysis more attractive



TLS vs TETRA

Security by Design vs Security through Obscurity

TLS

  • HTTPS encryption protocol
  • Open Standard: RFC 2246
  • Uses public cryptography
  • Open-Source implementation: OpenSSL

Heartbleed

  • Vulnerability in OpenSSL
  • Discovered 2 years after release
  • Patched&Disclosed 6 days after discovery

Tetra

  • Mobile radio protocol
    used globally by military, critical infrastructure, ...
  • ETSI standard
  • Proprietary cryptography

©2024 Motorola Solutions

TETRA:BURST

  • 5 vulnerabilities
  • Found 25+ years after release at first security analysis
    (by reverse-engineering)
  • Work-around: Use TLS over Tetra

How to Open-Source@IBM

As of Q1 2024

[redacted]

Enjoy Open-Source @

Enjoy Open-Source @