open-source-101-pms.txt


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

1. FOSS quality

1a. Security Myths:

Anyone can see open source code, so it's easier to create security exploits.

CVE data shows Microsoft products have more critical venerabilities than Linux
products:

http://www.cvedetails.com/cvss-score-charts.php?fromform=1&vendor_id=33&product_id=&startdate=2011-04-04&enddate=2016-04-04
http://www.cvedetails.com/cvss-score-charts.php?fromform=1&vendor_id=26&product_id=&startdate=2011-04-04&enddate=2016-04-04

Hiding code does not make a product safer.


1a. Maintainability

Car manufacturers get most of their software stack from third-party vendors who
put all the security liability on the manufacturers. There is no incentive to
update or keep their software secure. Since, car manufacturers have such a long
ramp-up time for safety approval and they have to maintain the car software
stack for 7-10 years, they are turning to open source.

http://embedded-computing.com/articles/the-car-its-about-integration/

"What's not so obvious is that as complexity grows, the ability to innovate
shrinks. Why? Because if more and more of your development time and resources
are spent managing development options, associated requirements, and integration
testing, less time, money, expertise, and creative energy are available for
invention."

"Open source maintainership is for life."


5. Cost of technical debt
Talk dollars

Android devices vs kernel versions and dates (as of March 31, 2016)

Android Version    |API Level  |Linux Kernel in AOSP |% of Android devices |Kernel release date |Latest stable version |# of patches to port
--------------------------------------------------------------------------------------------------------------------------------------------
1.5   Cupcake      |3          |2.6.27               |                     |                    |                      |
1.6   Donut        |4          |2.6.29               |                     |                    |                      |
2.0/1 Eclair       |5-7        |2.6.29               |                     |                    |                      |
2.2.x Froyo        |8          |2.6.32               |                     |                    |                      |
2.3.x Gingerbread  |9, 10      |2.6.35               |                     |                    |                      |
3.x.x Honeycomb    |11-13      |2.6.36               |                     |                    |                      |
4.0.x Ice Cream San|14, 15     |3.0.1                |                     |                    |                      |
4.1.x Jelly Bean   |16         |3.0.31               |  8.1%               |2012                |                      |
4.2.x Jelly Bean   |17         |3.4.0                | 11.0%               |2012                |                      |
4.3   Jelly Bean   |18         |3.4.39               |  3.2%               |2013                |                      |
4.4   Kit Kat      |19, 20     |3.10                 | 34.3%               |2013                |                      |
5.x   Lollipop     |21, 22     |3.16.1               | 36.1%               |2014                |                      |
6.0   Marshmallow  |23         |3.18.10              |  2.3%               |2015                |                      |

sources:
http://android.stackexchange.com/questions/51651/which-android-runs-which-linux-kernel
http://developer.android.com/about/dashboards/index.html

QUESTION: Do phone manufacturers choose to use an older version of AOSP so they
can run on cheaper hardware? Or is the above chart just showing the aging of
older phones?