April Wright and Alyssa Miller- Open Source sustainabilty

<p>Alyssa Milller (@AlyssaM_InfoSec)<br /> April Wright (@Aprilwright)</p> <p>0. Open Source issues (quick discussion, because I value your opinions, and supply chain is important in the IoT world too.)<br /> Log4j and OSS software management and profitability<br /> Free as in beer, but you pay for the cup… (license costs $$, not the software). <br /> “If you make money using our software, you must buy a license” - not an end-user license</p> <p>Open source conference at Whitehouse:<br /> https://www.zdnet.com/article/log4j-after-white-house-meeting-google-calls-for-list-of-critical-open-source-projects/<br /> https://www.wsj.com/articles/white-house-convenes-open-source-security-summit-amid-log4j-risks-11642119406<br /> “For too long, the software community has taken comfort in the assumption that open source software is generally secure due to its transparency and the assumption that many eyes were watching to detect and resolve problems,” said Kent Walker, chief legal officer at Google in a blog post published after the meeting. “But in fact, while some projects do have many eyes on them, others have few or none at all.” </p> <p><br /> Show was inspired by this Twitter conversation:</p> <p><br /> https://twitter.com/aprilwright/status/1461724712455782400?t=Fv2tmSTXrn-SSjPCka3gxg&s=19</p> <p> https://twitter.com/AlyssaM_InfoSec/status/1464661807751213056?t=CFy-hgcHo2a8NwowKYo0hg&s=19</p> <p>IOT architecture (https://www.avsystem.com/blog/iot-ecosystem/)<br /> Open source IoT platforms: https://www.record-evolution.de/en/open-source-iot-platforms-making-innovation-count/</p> <p>Cloud services - processing messages, register/de-register devices, pass messages to other devices/gateways<br /> Gateways - <br /> Devices - <br /> Mobile apps -<br /> SDKs - <br /> integrations</p> <p>Cloud services DO go offline, point of failure:<br /> https://www.datacenterdynamics.com/en/news/aws-us-east-1-outage-brings-down-services-around-the-world/<br /> Connectivity and sharing mesh networks assumes you like your neighbors.<b