Comments (10)
Just to mention, centralized assessments of tools / frameworks that have already been approved would allow for deduplication of security assessment teams, ideally leading to more rapid approvals.
from open-source-logiciel-libre.
I think we also need to make sure the Open Resources Exchange purpose is properly understood.
It's not a list of TBS sectioned tools and projects, it's a list of used software by departments.
The objective is to share who's using what so that we can more easily share how and why amongst each other.
from open-source-logiciel-libre.
@manolo20 IF you want to create a pull request to add them, I'd be glad to accept it. PHP is already on the list.
@dbuijs I think the ORE can contain both programming languages for those using them directly and RStudio, Jupyter, Anaconda, .. as well
from open-source-logiciel-libre.
This is critical and needs to happen ASAP.
from open-source-logiciel-libre.
With respect to R and Python, these are Turing-complete languages, not applications. The actual practical issues with deploying and supporting these languages have to do with how they are implemented.
For R, perhaps what you're actually hoping for is RStudio on the desktop (or perhaps server hosted)?
For Python, perhaps what you're hoping for is something like JupyterHub that allows Python code to be run in a notebook?
from open-source-logiciel-libre.
@dbuijs Good point regarding programming languages vs applications per say.
I think the idea here will be to ensure that security assessments can be shared. Will be including this part in the directive on Open Source Software
from open-source-logiciel-libre.
As a application/software security guy it makes little sense to me to do assessments for a lot of development tools, though of course some supply chain stuff makes sense. Better to do supply chain on libraries etc. to use and on your colleagues to see that people writing software "know what they are doing" - Python and R seem to "encourage" shadow IT. (And of course rigorous assessments on all produced code/applications, which is hard if shadow development is ongoing.)
from open-source-logiciel-libre.
@keithdouglas Developers and data scientists want to code in Python and R because it makes them more productive. Whether that's "shadow IT" or not depends on management not the tools.
from open-source-logiciel-libre.
Regarding the comment: "With respect to R and Python, these are Turing-complete languages, not applications"
I think it is important to recognize that both the R Project and Python Software Foundation use the respective terms to refer to a suite of things, one of which is a language specification, but also you get libraries, and one or more end-user applications.
When a person installs and then executes either R or Python on any major OS, it runs it in "interactive mode" meaning users are running a non-gui application to write in the language and make use of other facilities of the application and in some cases other non-library software that ships with the "language."
Not all programming languages -- even ones where we generally include standard libraries as part of what we mean when we say "language" -- include non-gui terminal applications that allow "interactive" modes like this.
from open-source-logiciel-libre.
Closing both languages are pending review :
canada-ca/ore-ero#805
+
canada-ca/ore-ero#804
from open-source-logiciel-libre.
Related Issues (20)
- Link from pages to the repository HOT 1
- Security HOT 9
- Guidance on engaging the community for contributions HOT 1
- Additional publishing open source guidance HOT 4
- Ensuring that open source software be actively.... HOT 4
- Are we being too specific? HOT 4
- IP still belongs to the Crown HOT 14
- Why reciprocal license restrictions in "Guide for Using Open Source Software"? HOT 10
- Link to actual TBS definition of "open standard". HOT 1
- GPL version and license notices needs improvement HOT 10
- The "open core" section has problems and is not sufficient. HOT 2
- Directive on Automated Decision-Making; Releasing source code. HOT 4
- Guide to apply specific licence needs a bit more details HOT 2
- Considerations for Open Source Software Evaluation HOT 2
- Modeling the OSS Standard in Archimate
- Change "Prior to Starting" to "Open Source Software Acquisition" HOT 1
- Guide for Open Source Software Acquisition and Modeling
- Add redirects for renamed files
- Add new files to navigation
- Change site theme from GCWeb
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from open-source-logiciel-libre.