Language Selection

English French German Italian Portuguese Spanish

Linux.com

Syndicate content
News For Open Source Professionals
Updated: 5 hours 39 min ago

ISO establishes SBOM standard for open source development with SPDX

Thursday 14th of October 2021 01:00:19 PM

 

 

Software Metadata Standards Wrap Up Bigger Connections

You’re in the news. But not with the headline you want.

You’re not getting attention because of your choice of text editor or the number of spaces you use to indent code blocks. However motivating those preferences are for you and me, the non-technical world sees them as private choices. You find your code in the headlines for a different and unpleasant reason: open source dependency management.

We have dependencies, of course, because we know not to “reinvent the wheel”; instead, we software experts re-use the implementations others have created. However, when done poorly, dependency management introduces more risk and degrades the quality of your application. For example, failure to comply with license requirements might be the problem.  Even worse: the absence of a license tied to a component you embedded in your application. In both cases, there are potential legal implications. 

Still more traumatic is a media headline announcing that a vulnerability just breached your organization in one of those dependencies. Projects frequently re-use software components to simplify or accelerate development; but sometimes, it can have detrimental results by introducing said vulnerabilities.

That’s not all:  suppose you are experienced and thoughtful enough to recognize this hazard and commit to good dependency management.  It turns out that’s a harder problem than might first appear, and certainly not the kind of thing that can be slipped into a project on its last days, without significant time or other costs.

Building a Standard for Software Bill of Materials

How, for instance, does an industrial oven manufacturer communicate that one of its products depends on a particular library with a known vulnerability?  How does it say that it does not have such a dependency?  One of the difficulties comes from mixing open and closed information sets. What happens in a scenario where an automotive chip uses an open source sorting algorithm, but the auto manufacturer wants to keep the use of that algorithm proprietary? 

Without a better alternative, any discussion about the algorithm has to occur under cover of a non-disclosure agreement (NDA), often one written specifically for the business and technical situation.  Where developers investigating a particular piece of software might be accustomed to connecting to GitHub and inspecting the source in question in a few seconds, even the simplest proprietary questions sometimes take months of legal, security, and compliance negotiation to begin to examine. “Manual” inspection, in any case, is unscalable.  The average application contains 200 OSS components, and each component might manually take three hours to inspect.  Does your project have a better use for 600 hours of effort?  Open source truly begins to pay off when it’s inspected not just by expert engineers but by automatic tools.

Recognize, moreover, that transitive dependencies make dependency management a harder problem than first appears.  Many of the most notorious breaches occurred not because anything was wrong with the source of a product or even the source of the libraries on which it depends; the vulnerability only turned up in a library used by those other libraries.  Over and over again, CEOs who’ve asked, “does $SOME_PROBLEM affect us?” have received the answer, “we don’t know yet: we’re not sure where it shows up in our systems.” We need transparency about dependencies and enough intelligence and standardization around hierarchical relationships to “trace the whole tree.” Organizations must track dependencies through to the operating system run-time and sometimes down to “the silicon,” that is, the microprocessor on which the software runs.

It’s a hard problem but also a solvable one.  Part of any solution is a well-defined software bill of materials (SBOM or sometimes SBoM). That’s where Kate Stewart’s career began to track this story.  Stewart currently serves the Linux Foundation as a vice president of Dependable Embedded Systems.  In previous assignments with such employers as Motorola, Freescale Semiconductor, Canonical, and Linaro, she frequently faced challenges that mixed technical and legal aspects.  As she explained her long-time focus in a recent interview, “if open source components are going to be in safety-critical places … [we need] to be able to trust open source in those spaces …” Good SBOM practices are simply necessary for the level of trust we want to have not just in industrial ovens, but airplanes, medical devices, home security systems, and much more.  An SBOM organizes such metadata about a software artifact as its identity, verification checks it hasn’t been tampered with, copyright, license, where to look up known security vulnerabilities, dependencies to check, and so on. Think of an SBOM as an ingredients list for your software.  It makes those ingredients visible, trackable, and traceable.  It lets you know if you have used the highest quality and least risky open source components to build your software.

Enter SPDX

Stewart and other technologists eventually began to team with specialists in intellectual property, product managers, and others. They developed such concepts in the early years of this millennium as SBOM, the Software Package Data Exchange (SPDX), and the OpenChain Specification.  She co-founded SPDX in 2009 to pursue “[a]n open standard for communicating software bill of materials information ….” Among other features and benefits, these frameworks provide standard and scalable ways to discuss dependencies.  

Instead of each vendor having to certify that each of its releases has been verified for security and license compliance of each of eight hundred JavaScript libraries, for example, many of the most time-consuming aspects of compliance can be automated.  When a new vulnerability is identified in an implementation of a networking protocol, automated methods can largely be applied to determine which products embed known vulnerable libraries, even while we developers remain largely unaware of the details of each component and dependency they use.  For Stewart, standards-based transparency and best practices are prerequisites for the security of safety-critical communities she helps serve.  As Stewart observes, “you can’t really be safe unless you know what you’re running.”

Daily headlines

Does that sound mundane?  The reality’s far different:  SBOM and related technologies actually play roles in events on the world stage.  For example, on the 12th of May, 2021, US President Biden issued Executive Order 14028 on Cybersecurity Improvement; SBOMs play a prominent role there.  The Open Source Initiative just named Stefano Maffulli its first Executive Director precisely because of the need for mature open source licensing practices.  Dr. Gail Murphy argued in a recent interview that it’s time to recognize that open source software is a “triumph of information-hiding [and] modularity …” in enabling the remarkable software supply chains on which we depend.  Emerging information on breaches including SolarWinds, Rapid7, Energetic Bear, and especially the latest on Juniper’s Dual-EC affair shows how disastrous it becomes when we get those supply chains wrong.  The most prominent breaches in computing history have been tied to component vulnerabilities that seemed peripheral until break-ins demonstrated their centrality.

Drone strikes?  Vaccine efficacy?  Voter fraud?  International commerce?  Nuclear proliferation?  Questions about software and data reliability and fidelity are central to all these subjects, not mere technical tangents.

That’s why SPDX’s management of hierarchical relationships is so crucial.

ISO/IEC 5926:2021 introduces SBOM standard

SPDX went live as an official international standard at the end of August.  With that milestone, standardization lowers many of the hurdles to the successful completion of an SBOM project.  Implementation becomes more consistent. “Bookkeeping” about external parts becomes largely a responsibility of the standard.  Software engineers focus more on the details specific to an application.  Then, as those external parts–the ingredients of an SBOM recipe–age and security vulnerabilities are discovered in them, developers can reliably track those components to the applications where they were used and update components to newer, hardened versions. What does that mean for you?  In your own work, the faster you identify and update vulnerable components, the less likely the chance you will have of becoming the next breach headline following an attack.

SPDX’s standardization fits in the frameworks of the International Organization for Standardization (ISO) the International Electrotechnical Commission (IEC).  ISO is a post-war transnational creation that originally focused on bolt sizes, temperature measurements, and medical supplies.  ISO tracks human affairs, of course, and its attention in recent years has shifted from materials to business processes and, in this millennium, to software.  IEC is a prior generation’s initiative to pursue the same kinds of standardization and cooperation, specifically in the realm of electrical machinery; the IEC and ISO often collaborate.

In bald terms, ISO and IEC matter to you as a programmer because governments trust them.  The new standard is sure to make its way rapidly into procurement specifications, especially for government purchases.  Suppliers become accustomed to compliance with such standards and apply them in their practices more generally.  The earlier ISO 9000 collection of standards has already greatly influenced software development.

Important though abstract

The impact and scope of ISO:IEC 5926:2021 is a challenge to understand, let alone explain.  On the one hand, millions of working programmers worldwide go about their daily chores with little thought of SPDX or even SBOMs.  While we all know we depend on packages, we largely leave it to Maven or npm, or RubyGems, etc., to handle the details for us.  Standardization of SPDX looks like a couple of layers of abstraction, even more remote from the priorities of the current sprint or customer emergency on our desks right now.

And it’s true:  SPDX is abstract, and its technical details look dry to some programmers, the opposite of the “sexy” story many start-ups aspire to.  

Without this infrastructure, though, the development of many large, complex, or mission-critical projects would grind to a halt from the friction of communication about proprietary dependencies on open source artifacts.  Think of it on a weight basis:  as the Linux Foundation’s own press release underlines, “… between eighty and ninety percent of a modern application is assembled from open source software components.” SPDX is immensely important at the same time as it’s uninteresting to all but the most specialized practitioners.

Look to history for examples of how momentous this kind of standardization is.  The US’s Progressive movement at the beginning of the twentieth century is instructive.  While often taught in ideological terms, many of its greatest achievements had to do with mundane, household matters:  does a milk bottle actually contain milk?  Can standard doses of medicines be trusted?  Is a “pound” in a butcher’s shop a full sixteen ounces?  Standards in these areas resulted in more convenience and transformed commerce to enable new market arrangements and achievements. That’s the prospect for SPDX:  more transparent and effective management of software dependencies and interactions will have far larger consequences than are first apparent.  Notice, for instance, that while the standard examples of its use have to do with open-source software, the standard itself and the tools that support it can also be applied to proprietary software and other intellectual property.  SPDX doesn’t solve all problems of communicating about dependencies; it goes a long way, though, to clarify the boundaries between technical and legal aspects.

Long lead time

The significance and need for secure software supply chains haven’t made SPDX’s adoption easy, though.  Stewart reports that individual companies drag their feet: “why should we do something before we have to?” these profit-oriented companies reasonably wonder.  Even in the best of circumstances, when an industry has largely achieved a technical consensus, “From first proposal to final publication, developing a standard usually takes about 3 years.

Stewart herself cites this year’s Executive Order as crucial: “the one thing that made a difference” in pushing forward adoption of SPDX in 2021 was the emerging SBOM requirements that followed EO14028.  Much of her own emphasis and achievement of late has been to get decision-makers to face the reality of how crucial their dependence on open source is. No longer can they restrict focus to the 10% of a proprietary product because supply chain attacks have taught us that the 90% they re-use from the software community at large needs to be exposed and managed.

Publication of a standard mirrors application development in having so many dependencies “under the covers.” It’s not just Stewart who worked on this for more than a decade, but, as I’ll sketch in follow-ups through the next month, a whole team of organizations and individuals who each supplied a crucial requirement for completion of ISO/IEC 5926:2021.  When you or I think of great software achievements, our memories probably go to particular winning prototypes turned out over a weekend. Standards work isn’t like that.  The milestones don’t come at the rapid pace we relish. Successful standards hold out the promise, though, of impacting tens of thousands of applications at a time. That’s a multiplier and scalability that deserves more attention and understanding.  

SBOMs for everything

And that’s why ISO/IEC 5926:2021 is good news for us.  We still have licensing and security issues to track down. We still need to attend meetings on governance policies. Management of proprietary details remains delicate.  Every project and product needs its own SBOM, and vulnerabilities will continue to crop up inconveniently. With the acceptance of ISO/IEC 5926:2021, though, there’s enough standardization to implement continuous integration/continuous deployment (CI/CD) pipelines usefully. We can exchange dependency information with third parties reliably. SPDX provides a language for describing dependency management chores. SPDX gives answers that are good enough to focus most of our attention on delivering great new functionality. 

The best practices of application development applied by developers as a learned methodology can be something more than an exercise in walking a tightrope of intellectual property restrictions. Enterprise-class proposal requests become more engineering than lawyering.  You have a better shot at being in the news for your positive achievements rather than the security calamities into which you’ve stumbled.

Check in over the next several weeks to learn more about what SPDX means to your own programming, how SPDX is a model for other large-scale collaborations the Linux Foundation enables, and how teamwork is possible across profit-making boundaries.  In the meantime, celebrate ISO/IEC 5926:2021 as one more problem that each project does not have to solve for itself.

About the Author: Cameron Laird is vice president of Phaseit, Inc., where he implements software projects and publishes articles about the results. A long-time developer, manager, and author, he’s most recently concentrated on architectural challenges of “continuous everything”: continuous integration, continuous testing, and so on.

The post ISO establishes SBOM standard for open source development with SPDX appeared first on Linux.com.

How Podman runs on Macs and other container FAQs

Thursday 14th of October 2021 12:54:28 AM

Clearing up confusion about Podman’s machine architecture and other frequently asked questions.

Read More at Enable Sysadmin

The post How Podman runs on Macs and other container FAQs appeared first on Linux.com.

Open Source Security Foundation Raises $10 Million in New Commitments to Secure Software Supply Chains

Wednesday 13th of October 2021 04:00:00 PM

Industry leaders from technology, financial services, telecom, and cybersecurity sectors respond to Biden’s Executive Order, commit to a more secure future for software; open source luminary Brian Behlendorf becomes general manager

LOS ANGELES, Calif – KubeCon – October 13, 2021 –  The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it has raised $10 million in new investments to expand and support the Open Source Security Foundation (OpenSSF), a cross-industry collaboration that brings together multiple open source software initiatives under one umbrella to identify and fix cybersecurity vulnerabilities in open source software and develop improved tooling, training, research, best practices, and vulnerability disclosure practices. Open source luminary Brian Behlendorf will serve the OpenSSF community as General Manager. 

Financial commitments from Premier members include Amazon, Cisco, Dell Technologies, Ericsson, Facebook, Fidelity, GitHub, Google, IBM, Intel, JPMorgan Chase, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk, and VMware. Additional commitments come from General members Aiven, Anchore, Apiiro, AuriStor, Codethink, Cybertrust Japan, Deepfence, Devgistics, DTCC, GitLab, Goldman Sachs, JFrog, Nutanix, StackHawk, Tencent, TideLift, and Wind River.

“This pan-industry commitment is answering the call from the White House to raise the baseline for our collective cybersecurity wellbeing, as well as ‘paying it forward’ to open source communities to help them create secure software from which we all benefit,” said Jim Zemlin, executive director at the Linux Foundation. “We’re pleased to have Brian Behlendorf’s leadership and extensive expertise on building and sustaining large communities and technical projects applied to this work. With the tremendous growth and pervasiveness of open source software, building cybersecurity practices and programs that scale is our biggest task at hand.”

According to industry reports (“2021 State of the Software Supply Chain,” by Sonatype), software supply chain attacks have increased 650 percent and are having a severe impact on business operations. In the wake of increasing security breaches, ransomware attacks, and other cybercrimes tied to open source software, government leaders worldwide are calling for private and public collaboration. Because open source software makes up at least 70 percent of all software (“2020 Open Source Security and Risk Analysis Report” by Synopsys), the OpenSSF offers the natural, neutral, and pan-industry forum to accelerate the security of the software supply chain. 

“There has never been a more exciting time to work in the open source community, and software supply chain security has never needed more of our attention,” said Brian Behlendorf, general manager, Open Source Security Foundation. “There is no single silver bullet for securing software supply chains.  Research, training, best practices, tooling and collaboration require the collective power of thousands of critical minds across our community. Funding for OpenSSF gives us the forum and resources to do this work.”

The OpenSSF is home to a variety of open source software, open standards, and other open content work for improving security. Examples include:

Security Scorecard – a fully automated tool that assesses a number of important heuristics (“checks”) associated with software security

Best Practices Badge – a set of Core Infrastructure Initiative best practices for producing higher-quality secure software providing a way for OSS projects to demonstrate through badges that they are following them

Security Policies Allstar provides a set and enforce security policies on repositories or organizations

Framework supply-chain levels for software artifacts (SLSA) delivers a security framework for increasing levels of software supply chain integrity

Training – free secure software development fundamentals courses educating community members on how to develop secure software

Vulnerability Disclosures – a guide to coordinated vulnerability disclosure for OSS projectsPackage Analysis – look for malicious software in OSS packages

Security Reviews – public collection of security reviews of OSS

Research – studies on open source software and critical security vulnerabilities conducted in association with the Laboratory for Innovation Science at Harvard (LISH) (e.g., a preliminary census and FOSS Contributor Survey)

For more information about OpenSSF, please visit: https://openssf.org/

Premier Member Quotes

AWS

“Open source software plays an increasingly crucial role across the whole landscape of information security. Convening industry leaders to invest in developing policies, practices, tooling, and education around open source security benefits us all. AWS was a founding member of the Core Infrastructure Initiative in 2014, and we will now build on the relationships and investments that continue the mission by joining OpenSSF as a Premier Member. With our partners in this initiative, and as active participants in many open source communities, we will help raise the bar in the security of open source software,” said Mark Ryland, Director of the Office of the CISO at AWS.

Cisco

“OpenSSF will enable the community, across industries, to build tools and practices to secure the software supply chain for open source and beyond. This is crucial to the future of API and application security, which are fast becoming a primary attack vector for all business going forward,” says Vijoy Pandey, VP of Emerging Technologies & Incubation at Cisco. “At Cisco, we believe the application experience is the new brand, which demands better app velocity, trust, security, and availability. This belief drives our deep investment in application security and full-stack observability, which is why joining forces with this prestigious foundation and group as a trusted advisor and partner was a no-brainer for us.”

Dell Technologies 

“The Linux Foundation’s focus on security is fundamental to addressing the increasing risks associated with software,” said John Roese, Dell Technologies’ Global Chief Technology Officer. “The Open Source Security Foundation’s work will help us collectively make sure critical software programs and the end to end software delivery pipeline is secure and trustworthy.”

Ericsson

“As a leader in mobile communication, pioneering and driving 5G globally, security is at the core of the network infrastructure we build and deliver to our customers. In an industry increasingly built around open source and open standardization we are fully committed to address cybersecurity vulnerabilities in a collaborative effort. We are proud to join the Open Source Security Foundation as a founding member and we look forward to continue to work with the community and wider industry for a secure software supply chain, including the open source components,” says Erik Ekudden, Senior Vice President and Chief Technology Officer, Ericsson.

Fidelity

“Open Source Software plays a critical role in Fidelity’s technology strategy. We are proud to be part of the Open Source Security Foundation and to work with others to ensure that Open Source solutions and their supply chains are safe, secure, and reliable, enabling Fidelity to better serve our customers and clients,” said John Andrukonis, SVP, Fidelity Application Architecture.

GitHub

“The world runs on software, and most of that software includes and relies on open source,” said Mike Hanley, Chief Security Officer at GitHub. “As the home to more than 65 million developers around the world, we’re excited to continue partnering across the open source community and with other Open Source Security Foundation members to power a more secure, trustworthy future that will benefit everyone.”

Google

“We are doubling down on our OpenSSF commitment in the wake of rising open source software supply chain attacks and President Biden’s Executive Order,” said Eric Brewer, vice president of infrastructure and fellow at Google. “This decision is part of our White House pledge to spend $100 million to fund open source security foundations and follows a variety of investments we’ve made to support developers and security engineers across the public and private sectors. The OpenSSF is the best place for cross-industry leadership for these very challenging topics, and we look forward to working with the US and other governments to improve security worldwide.” 

IBM 

“IBM is deeply focused on developing and building highly secure hybrid cloud, AI and quantum-safe technologies that are designed to protect our clients’ most sensitive workloads both today and into the future,” said Jamie Thomas, General Manager, Strategy & Development and IBM Enterprise Security Executive. “As a long-time open source leader, IBM looks forward to working with the OSSF, our industry partners, and open source communities towards addressing the ever-increasing challenge of hardware and software open source supply chain security.”

Intel

“As a long-standing member of the open source software community, Intel contributes daily in the upstream projects we collaborate with,” said Greg Lavender, senior vice president, CTO, and general manager of Software and Advanced Technology at Intel Corporation. “Along with the Linux Foundation, we believe the Open Security Foundation (OpenSSF) is a unique opportunity to engage in projects and efforts focused on improving the quality and security for today and our future. Intel remains committed to providing contributions that benefit open source software supply chains and improving the security posture of critical projects on which our ecosystem depends.”

JPMorgan Chase

“JPMorgan Chase is deeply committed to working with the open source community to solve our most pressing security challenges. As a founding member of the Open Source Security Foundation, we have worked together to improve the security of open source and the integrity of all software. We commend the US Government’s recent initiative to raise awareness on this pressing topic and call to action the technology community to solve one of the most complex security challenges of our time.  We welcome the new members to OpenSSF and look forward to continuing the journey of innovation and bringing meaningful change to how we build, secure, and validate software,” said Pat Opet, Chief Information Security Officer, JPMorgan Chase & Co.

Microsoft

“As open source is now core to nearly every company’s technology strategy, securing open source software is an essential part of securing the supply chain for every company, including our own. All of us at Microsoft are excited to participate with others in contributing new investments to the Open Source Security Foundation and we look forward to building more secure software through community-driven efforts to create solutions that will help us all,” said Mark Russinovich, Azure CTO and Technical Fellow, Microsoft.

Morgan Stanley

“Whether we are leveraging open source in our own code, contribute to OSS projects, or consume OSS via technology we procure and utilize, the safety and security of OSS and the creation of a trustworthy supply chain is critical to all businesses. To that end, we are delighted to join the Linux Foundation’s Open Source Security Foundation project to collaborate with our cross-industry partners to improve the security, safety and trust in the OSS ecosystem,” said Neil Allen, Global Head of Cyber Security Engineering, Morgan Stanley.

Oracle

“As a contributing member of the open source software community and an inaugural Linux Foundation member, Oracle has a large number of developers that contribute to third-party open source projects daily,” said Wim Coekaerts, senior vice president of software development, Oracle. “Oracle looks forward to participating in the Open Source Security Foundation and working with other members to continue to strengthen the software supply chain, helping customer work more securely.”   

Red Hat

“Open source is pervasive in software solutions of all kinds, and cybersecurity attack rates are on the rise. Our customers look to Red Hat to provide trust and enhanced security in our open source based portfolio. Open source and community collaboration is the best way to solve big, industry-wide challenges, such as open source supply chain security. And that’s why we’re excited to join together with the Linux Foundation and other industry leaders so we can continue to improve the technologies and practices to build a more secure future from open source software,” said Chris Wright, senior vice president and CTO, Red Hat.

Snyk

“Open source is built by millions of empowered developers, who also need to secure this critical foundation of the digital world,” said Guy Podjarny, Founder & President, Snyk. “The vital work of the Linux Foundation and the OpenSSF ensures we collectively live up to this responsibility. The Snyk community is fully committed to this important, collaborative effort and we look forward to working closely with the other OpenSSF members to better secure OSS so it can continue to safely fuel innovation.”

VMware

“Every company that uses software should be concerned about their software supply chain,” said Kit Colbert, chief technology officer, VMware. “For two-plus years, VMware has engaged in contributions to open source projects in the broader software supply chain security space and invested in initiatives to help customers further strengthen their security policies and processes. As a member of the Open Source Security Foundation, we’re committed to collaborating across the industry to drive increased level of software supply chain security.”

General Member Quotes 

Apiiro

“Software supply chain risks are becoming pervasive, with the potential to slow application delivery and stunt innovation,” commented John Leon, VP of Business Development at Apiiro. “Managing application risk has become increasingly complex and requires visibility across the SDLC – including the supply chain. Apiiro is excited to partner with the open source community and support the Linux Foundation and OpenSSF as they power the collaboration that is vital to securing software.”

AuriStor

“AuriStor’s founders have contributed to the standardization of security protocols and open source development of security first software for more than 35 years. We view the OpenSSF, its working groups and projects, and those that participate in them as crucial to improving the security of every industry, service, and home.  The OpenSSF has the potential to make a significant difference in everyone’s future. We encourage all members of the software development community to contribute,” said AuriStor Founder and CEO Jeffrey Altman.

Devgistics

“We seized the opportunity to join this foundation because OpenSSF offers a real industry-neutral forum to accelerate the hardening and security of the software supply chain. Devgistics (formerly InfoSiftr) provides critical enhancements to the world’s most popular open-source repository. Devgistics has been involved in many free and open-source initiatives for years, including being a Moby (Docker Engine) maintainer, providing support to the Docker/container ecosystem, and serving in the Open Container Initiative. Devgistics continues to contribute cutting-edge solutions for security-conscious clients like the US Air Force,” said Devgistics Founder and President Justin Steele. 

DTCC

“DTCC is committed to developing highly resilient and secure code to safeguard the financial marketplace. DTCC is proud to be part of the OpenSSF community and looks forward to partnering with our fellow members on safe, secure and reliable computing,” said Ajoy Kumar, Head of Tech/Cyber Risk at DTCC.

GitLab

“As organizations modernize software development and shift security left, GitLab believes that open source will play a key role in fostering this modernization and delivering secure software with speed to the market,” said Eric Johnson, CTO at GitLab. “Supporting the Open Source Security Foundation aligns with GitLab’s mission of enabling everyone to contribute, and we look forward to supporting, collaborating, and sharing our expertise in implementing security in GitLab’s DevOps Platform to the OpenSSF community.”

Goldman Sachs

“Continuing to secure the software supply chain, in particular the many critical open source projects foundational to any modern organization’s IT architecture, is a top strategic imperative for Goldman Sachs, our peers, partners, and clients in financial services, the technology ecosystem, and the wider economy,” said Atte Lahtiranta, chief technology officer at Goldman Sachs. “This work cannot be done in individual organizational silos. We instead need to work collaboratively, across both the private and public sector, together with open source maintainers and contributors, to answer the call to action that is the recent cybersecurity executive order. The OpenSSF will provide an essential forum and associated infrastructure to allow us to share leading practices, develop improved tooling, and work together to better protect our digital infrastructure.”

JFrog

“Open-source software is the backbone of hundreds of thousands of today’s applications, making it critical that we do our best to flag new vulnerabilities and insecure components fast—before they compromise businesses or critical infrastructure,” said Asaf Karas, JFrog Security CTO. “We’re happy to expand our membership with the Linux Foundation and support this cross-industry collaboration to identify and fix open source security vulnerabilities, strengthen tools, and promote best practices to ensure developers can easily shift left and bake-in security from the start of application planning and design — all the way to software deployment, distribution, and runtime.”

StackHawk

“Software development is moving faster than ever before. The industry needs tooling and processes to ensure that security can keep up with today’s pace of development. StackHawk is excited about the work that the Open Source Security Foundation is doing to improve security and we are proud to continue as a member,” said Joni Klippert, StackHawk Founder & CEO.

Tencent

“IT development to date, an increasing number of critical businesses and core competencies have been built on open source, and this trend will continue. As an important part of the software supply chain, open source security plays an important role in the entire software supply chain. Tencent Cloud has always been keen to contribute code and technology to open source projects, and also maintains a continuous huge investment in security. It is very gratifying to see that OpenSSF can be established, and we look forward to working closely with industry  partners to improve the security level of open source software and strengthen the software supply chain security,” said KK Dong, Chief Security Officer at Tencent Cloud.

Wind River

“As the dependency on open-source software becomes increasingly pervasive, the Open Source Security Foundation’s community-driven approach to developing and sharing security metrics, tools and best practices becomes an imperative. Our customers are actively interested in the health of the open source from which their solutions are constructed, and assuring secure development across open the supply chain is vital,” said Paul Miller, CTO, Wind River. “We are looking forward to collaborating more closely with the OpenSSF community. By working together, Wind River can provide customers with a level of open source security assurance that would otherwise be unobtainable.”

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,800 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, Hyperledger, RISC-V, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at https://www.linuxfoundation.org/

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contacts

Jennifer Cloer

503-867-2304

jennifer@storychangesculture.com

The post Open Source Security Foundation Raises $10 Million in New Commitments to Secure Software Supply Chains appeared first on Linux Foundation.

The post Open Source Security Foundation Raises $10 Million in New Commitments to Secure Software Supply Chains appeared first on Linux.com.

The World’s Major Technology Providers Converge to Improve the Security of Software Supply Chains

Wednesday 13th of October 2021 04:00:00 PM

Imagine you have created an open source project that has become incredibly popular.  Thousands, if not millions, of developers worldwide, rely on the lines of code that you wrote. You have become an accidental hero of that community — people love your code, contribute to improving it, requesting new features, and encouraging others to use it. Life is amazing, but with great power and influence comes great responsibility.

When code is buggy, people complain. When performance issues crop up in large scale implementations, it needs to be addressed. When security vulnerabilities are discovered — because no code or its dependencies are always perfect — they need to be remediated quickly to keep your community safe.  

To help open source projects better address some of the responsibilities tied to security, many communities hosted by the Linux Foundation have invested countless hours, resources, and code into some important efforts. We’ve worked to improve the security of the Linux kernel, hosted Let’s Encrypt and sigstore, helped steward the ISO standardization for SPDX, and brought together a community building metrics for OSS health and risk through the CHAOSS project — among many others.

Today, we are taking steps with many leading organizations around the world to enhance the security of software supply chains. The Linux Foundation has raised $10 million in new investments to expand and support the Open Source Security Foundation (OpenSSF) and its initiatives. This cross-industry collaboration brings together an ecosystem to collectively identify and fix cybersecurity vulnerabilities in open source software and develop improved tooling, training, research, best practices, and vulnerability disclosure practices. We are also proud to announce that open source luminary, Brian Behlendorf, will serve the OpenSSF community as General Manager. 

Financial commitments for OpenSSF include Premier members such as Cisco, Dell Technologies, Ericsson, Facebook, Fidelity, GitHub, Google, IBM, Intel, JPMorgan Chase, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk, and VMware. Additional commitments come from General members, including Aiven, Anchore, Apiiro, AuriStar, Codethink, Cybertrust, Deepfence, Devgistics, DTCC, GitLab, Goldman Sachs, JFrog, Nutanix, StackHawk, Tencent, TideLift and Wind River.

To learn more about how to join the OpenSSF or to get involved in one of its six working groups, listen in to this brief introduction from Brian Behlendorf recorded this week at KubeCon:

 

In 2021, the Linux Foundation and its community will continue to support education and share resources critical to improving open source cybersecurity.  For example, this week, we also hosted SupplyChainSecurityCon, where the SLSA and sigstore projects were heavily featured.

If you are an open source software developer, user, or other community participant who just wants to help further protect the software that accelerates innovation around the world, please consider joining one of our six OpenSSF working groups, or suggest a new working group that addresses gaps in software supply chain security needs.

You can follow the latest news from OpenSSF here on our blog, Twitter (@TheOpenSSF), and LinkedIn.

The post The World’s Major Technology Providers and Converge to Improve the Security of Software Supply Chains appeared first on Linux Foundation.

The post The World’s Major Technology Providers Converge to Improve the Security of Software Supply Chains appeared first on Linux.com.

Walmart Moves Production Grade Networking Project, L3AF, to the Linux Foundation

Monday 11th of October 2021 11:00:00 PM

News announced via LFN governing board member, Koby Atival, during ONE Summit keynoteFully open-sourced, L3AF enables Kernel Function as a Service by providing complete lifecycle management of eBPF networking application programsThe project brings a strong existing ecosystem, with support from Microsoft, Wipro, Tech Mahindra, and more

SAN FRANCISCO, October 11, 2021LF Networking (LFN), which facilitates collaboration and operational excellence across open source networking projects, today announced that Walmart has moved its L3AF project to the Linux Foundation. L3AF provides complete life-cycle management of eBPF networking application programs with the help of an advanced control plane, offering a cloud and vendor-agnostic platform for launching and managing eBPF programs.

Koby Avital, executive vice president, Walmart Global Tech, announced the news during his keynote address, “title,” as part of Open Networking and Edge (ONE) Summit + Kubernetes on Edge Day, this morning.

“I’m excited to open source L3AF, a platform that has allowed us to operate various security and network functions in this omni environment,” said Koby Avital, Executive Vice President, Walmart Global Tech. “With L3AF life cycle management, we’ve been able to tap into the power of eBPF while accelerating and streamlining its usage. This has allowed us to replace third party and Cloud provider-specific solutions with a common platform that’s not only much easier to manage but also more cost effective. By sharing this capability with the community, we hope to help accelerate the development of solutions for managing an omni environment for other enterprises or service providers and bring about standards and practices that benefit everyone.”

“L3AF as a network application for large-scale enterprise complements the eBPF Foundation and other accelerated forwarding and data plane projects under LF networking quite well,” said Arpit Joshipura, general manager, Networking, Edge and IoT, the Linux Foundation. “We’re looking forward to building an open source networking community within this critical application space.”

L3AF is an open source project, developed by Walmart, housing cutting-edge solutions in the realm of eBPF (a revolutionary technology that allows us to run sandboxed programs in an operating system kernel) that provides complete life-cycle management of eBPF programs with the help of an advanced control plane that has been written in Golang. The  control plane orchestrates and composes independent eBPF programs across the network infrastructure to solve crucial business problems. L3AF’s eBPF programs include load-balancing, rate limiting, traffic mirroring, flow exporter, packet manipulation, performance tuning, and many more. 

For more information on the L3AF project, read this 3-part introductory blog series or visit the website at​​ l3af.io

Quotes from Supporting Organizations

Microsoft 

“Lifecycle management of eBPF programs is an exciting area of innovation that will enable new scenarios and use cases,” said Krishna Ganugapati, VP of Software Engineering, Microsoft.  “We look forward to collaborating with Walmart and the L3AF project.”

Tech Mahindra

As a founding member of the L3AF project, we are pleased to see the community join Linux Foundation Networking as a neutral venue for open collaboration,” Manish Mangal, Global Business Head – Network Services, Tech Mahindra. “The collective work being done in L3AF to provide eBPF- based networking and observability solutions in an open format is aligned with Tech Mahindra’s mission to unlock the value of 5G and Networks by helping Enterprises and CSPs transform to Cloud Native Software Centric Digital Operators. We are eager to see the work progress even further.” 

Wipro

“Walmart is making a significant technology contribution in open sourcing the L3AF platform, enabling production-tested secure kernel-level networking functionality required by the edge computing ecosystem. Open sourcing L3AF under the Linux Foundation umbrella will provide the support necessary for increased pace of innovation and industry adoption,” said Andrew Aitken, General Manager, Open Source Leader, Office of CTO, Wipro Limited. 

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 2,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit linuxfoundation.org.

The post Walmart Moves Production Grade Networking Project, L3AF, to the Linux Foundation appeared first on Linux Foundation.

The post Walmart Moves Production Grade Networking Project, L3AF, to the Linux Foundation appeared first on Linux.com.

LF Edge Welcomes New Premier Members F5, VMware as it matures into a Framework for Real- World Edge, Telco, and IoT Solutions

Monday 11th of October 2021 11:00:00 PM

Industry leaders F5, VMware, Eclipse Foundation, mimik, Platform 9, Teal Communications, and Veea, Inc. join open source edge project umbrella to collaborate on furthering edge computingLF Edge’s portfolio of projects continue to diversify with addition of eKuiper and Project Alvarium to address IoT data analytics and trust fabrics; additionally, Linux Foundation welcomes Edge Gallery for open MEC edge computingAkraino and EdgeX Foundry project releases enhance commercially-adopted, deployable solutions for IoT and edge use cases including 25+ blueprints

SAN FRANCISCO, October 11, 2021LF Edge, an umbrella organization within the Linux Foundation that creates an open, interoperable framework for edge computing independent of hardware, silicon, cloud, or operating system, today announced the project’s maturity as a deployable framework with expanded open source solutions to meet real-world demands. Industry leaders F5 and VMware have joined the community as Premier members as LF Edge maturation includes new projects, general members, project releases and blueprints that enable deployable solutions.  

“Growth within the LF Edge community continues to accelerate, and we are thrilled to welcome even more industry-leading organizations to the community,” said Arpit Joshipura, General Manager, Networking, Edge, and IoT, the Linux Foundation. “This is in line with industry trends as more and more organizations across verticals realize the power of open source at the edge. Our diverse set of new projects and new members works in tandem with the broader LF Edge community to enable real-world edge, IoT, IIoT, and telco solutions. ”

New Members

Two new Premier members have joined LF Edge (F5 and VMWare), along with four General members (mimik, Platform 9, Teal Communications, Veea, Inc.), and one Associate Member (Eclipse Foundation). 

F5 is a multi-cloud application security and delivery company that enables its customers—which include the world’s largest enterprises, financial institutions, service providers, and governments—to bring extraordinary digital experiences to life. 

“F5 is excited to join the Linux Foundation Edge Board and we look forward to collaborating on an open, interoperable framework that enables industries and individuals to innovate at the edge,” said Geng Lin, executive vice president and CTO at F5. “Our participation will help accelerate the delivery of an Edge 2.0 platform, a security-first, app-driven approach with unlimited scale that will empower every business to unlock the full potential of the emerging edge.” 

VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. As a trusted foundation to accelerate innovation, VMware software gives businesses the flexibility and choice they need to build the future. Kaniz Mahdi, vice president of distributed edge, VMware, said, “VMware is helping leading service providers around the world modernize their networks to deliver and monetize next-generation applications. We are working side-by-side with customers and partners to unravel the complexities that come with delivering these apps across a distributed edge. As such, we are excited to join the LF Edge, an organization focused on building an open framework to support edge-native workloads. With virtualization in our DNA and a deep-rooted footprint in the cloud, VMware is uniquely positioned to contribute to this important ambition.”

Bringing an even more diverse perspective to the LF Edge community, new general and Associate members include:

mimik provides a hybrid edge cloud computing application development platform and business enablers for digital transformation, Platform 9 enables operations teams to run Kubernetes as a Managed Service on multi-cloud, on-premise or edge at scale.Teal Communications is the first cloud-native, Credentialing-as-a-Service platform that provides intelligent connectivity and networking solutions to IoT device and network operators.Veea is redefining and simplifying secure edge computing that improves application responsiveness, reduces bandwidth costs and eliminates central cloud dependency.Eclipse Foundation provides its global community of individuals and organizations with a mature, scalable, and business-friendly environment for open source software collaboration and innovation.

New Projects

eKuiper and Project Alvarium have joined the growing LF Edge project portfolio while Edge Gallery joins the Linux Foundation. Covering IoT analytics and trust fabrics respectively, eKuiper and Project Alvarium join the nine existing LF Edge projects: (Stage 3) Akraino and EdgeX Foundry; (Stage 2)  Project EVE, Fledge, Home Edge, Open Horizon, and State of the Edge; and (Stage 1) Beatyl and Secure Device Onboard (SDO). 

Edge Gallery joins the Linux Foundation and will work closely with LF Edge projects. More information about the new projects:

Project Alvarium, with initial code seeded by Dell Technologies, is aimed at building a framework and SDK for trust fabrics that deliver data from devices to applications with measurable confidence. Trust fabrics take a system-level approach by layering trust insertion technologies spanning silicon to cloud and will usher in an entire new era of business models and customer experiences driven by interconnected ecosystems. Initial contributing companies include Dell, the IOTA Foundation, Intel, Arm, VMware and ZEDEDA.

eKuiper,  is an edge lightweight IoT data analytics / streaming software implemented by Golang,that can be run on all kinds of resource-constrained edge. It migrates cloud real-time cloud streaming analytics frameworks such as Apache Spark, Apache Storm and Apache Flink to the edge.Edge Gallery is an open-source MEC edge computing project initiated by Huawei, carriers, and vertical industry partners. Its purpose is to build a common edge computing platform that meets the “connection + computing” characteristics of the telecom industry, standardize the openness of network capabilities (especially 5G network capabilities), and simplify lifecycle processes such as MEC application development, test, migration, and running.

“We’re excited to welcome Project Alvarium, eKuiper and Edge Gallery to the Linux Foundation project family,” said Jason Shepherd, Board Chair, LF Edge and VP Ecosystem, ZEDEDA. “We look forward to continuing to collaborate across our project portfolio to make edge solutions more accessible, scalable and secure, in addition to enabling entirely new business models.” 

Commercial-Ready Project Solutions

Bringing deployable edge blueprints that are globally adopted into commercial solutions and use cases, Akraino delivers fully functional edge solutions across industry sectors and disciplines. Akraino issued its fifth release (Akraino R5) with three new additional blueprints to address use cases such as smart cities, cloud native multi-tenant, and topology prediction for vehicular networks at the edge. R5 also includes updates to many of its existing 30+ blueprints. Learn  more about Akraino R5 here

EdgeX Foundry, which focuses on edge and IoT solutions, recently issued the most modern, secure, and production-ready open source IoT framework. It’s second major release, “EdgeX Ireland” or “EdgeX 2.0, it overhauls API sets, removes technical debt, provides more message-based communications, and simplifies and secures interface for adopters and developers, making the platform significantly easier to use and more reliable. The community is currently working on its next release, “EdgeX Jakarta” or “EdgeX 2.1”, expected to be the first EdgeX release to include ​​LTS (long-term support). More details on EdgeX Ireland are available here

Home Edge will soon issue its next release, “Dewberries.”  Dewberries continues to build a solid foundation  for Home Edge to grow, with updates to code stabilization, scripting, APIs, data synchronization, and security, among others. Stay tuned for more details on Home Edge Dewberries. 

Project EVE has recently launched a developer program that enables developers to explore EVE-OS as a highly flexible and secure foundation for their edge solutions. This enables them to build deep security and orchestration functionality into their solutions from the start. Learn more about the program through the project Wiki.

Community Support for LF Edge

Dell Technologies

“Data generated at the edge has the power to help businesses make game changing decisions that deliver immediate and essential value, but organizations have to be able to trust their data is accurate,” said Steve Todd, Dell Technologies Fellow. “As the edge expands everywhere – from retail stores and manufacturing floors to smart cities and homes – we believe edge solutions must include the ability to measure data confidence. That’s why we’re donating our Data Confidence Fabric code to Project Alvarium, so any business can trust and have confidence in their edge data.”

IOTA Foundation

“We welcome Project Alvarium’s extension and integration into the LF Edge portfolio,” said Dominik Schiener, Co-Founder and Chairman of the IOTA Foundation. “The great leaps forward in edge computing constantly push the boundaries of scalability, transaction speed, and security. We are excited to continue leveraging IOTA’s technology for the machine economy applications of tomorrow, together with the LF Edge family.”

mimik

“mimik looks forward to collaborating with the innovative ecosystem that comprises the LF Edge. The LF Edge’s community-driven philosophy underpins mimik’s own core values in today’s increasingly hyperconnected world, which presents opportunities to a group of like-minded individuals and partners to collectively contribute to innovation at the edge. The result is a much larger proposition for the entire community to thrive together than one company winning it all. The opportunities afforded by LF Edge will naturally complement mimik’s eagerness to expand our varied groups of partners and customers that range from large brands to startups. Already, we have started to contribute our learnings and technology while learning from other community members in the ecosystem. mimik strives to edgeifi the world with the LF Edge community of partners,” said Fay Arjomandi, founder and CEO of mimik and 2020 winner of Edge Woman of the Year.

Open  Horizon Project

“mimik provides a platform-neutral solution for serverless execution at the edge. Open Horizon provides a solution for application and machine learning deployment and lifecycle management. Together, Open Horizon and Mimik provide automated management of serverless applications at scale,” said Joe Pearson, Technical Steering Committee chair, LF Edge and Open Horizon.  “What makes mimik’s solution so special is that their micro-services are based on WASM+WASI, which creates language-agnostic, portable, secure, small, and fast serverless functions. Not only are they containerizable and Docker-compatible, they can run up to 10,000 times faster than micro-services based on interpreted languages like Python and NodeJS, at speeds approaching compiled C++.”

Teal Communications

“Our mission to democratize IoT network access through a dynamic provisioning layer synergizes very well with the LF Edge mission to create an ecosystem built around open standards for edge applications. We couldn’t be more excited to join in and contribute to these projects!” – Robert Hamblet, CEO of Teal Communications

Veea, Inc. 

“We are thrilled to join the LF Edge community and are eager to be a part of the future of open source at the edge,” said Allen Salmasi, CEO, Veea, Inc. “The combined capabilities of a properly designed hybrid edge-cloud solution integrated with disaggregated elements of 5G network can provide for a distributed Hyper-Converged Infrastructure (“HCI”) that will drive the next revolution in computing and connectivity. We look forward to collaborating with the broader LF Edge community to help make edge computing more secure, simpler to adopt, deploy, use and maintain.”

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 2,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit linuxfoundation.org.

The post LF Edge Welcomes New Premier Members F5, VMware as it matures into a Framework for Real- World Edge, Telco, and IoT Solutions appeared first on Linux Foundation.

The post LF Edge Welcomes New Premier Members F5, VMware as it matures into a Framework for Real- World Edge, Telco, and IoT Solutions appeared first on Linux.com.

The Linux Foundation and Fintech Open Source Foundation Announce Keynote Speakers for Open Source Strategy Forum New York 2021

Friday 8th of October 2021 03:52:07 AM

Experts and industry leaders will gather for thought-provoking insights and conversations about how to best leverage open source in fintech and finserv to solve industry challenges.

SAN FRANCISCO, October 7, 2021The Linux Foundation, the nonprofit organization enabling mass innovation through open source, along with co-host Fintech Open Source Foundation (FINOS), a nonprofit whose mission is to accelerate adoption of open source software, standards and best practices in financial services, today announced keynote speakers for Open Source Strategy Forum New York (OSSF). The event takes place November 10, preceded by a FINOS Member event on November 9, in New York City. The schedule can be viewed here and the keynote speakers can be viewed here

OSSF features an agenda covering recent developments and the direction of open source in financial services across a wide range of topics and domains. The event promotes deeper collaboration across finance, open source and technology and drives innovation across the industry in order to deliver better code, faster.

Keynote speakers this year include:

Antoine Amend, Technical Director – Financial Services, DatabricksJo Ann Barefoot, CEO & Co-Founder, Alliance for Innovative RegulationsNadine Chakar, Head of Global Markets, State Street   Gabriele Columbro, Executive Director, FINOSJean-Thierry (JT) Dupuy, Vice President, Head of Client Services, Symphony Brad Levy, CEO, SymphonyJohn Madsen, Co-Head of Technology, Goldman SachsSultan Meghji, Chief Innovation Officer, FDICIgor Seletskiy, CEO & Founder, TuxCare

Conference Session Highlights:

Digitizing Financial Inclusion: Open Source’s Role in Wholesale CBDC-enabled Real Time Payments – Paula Hunter, Mojaloop Foundation

Open Source Blockchain in Action: A Report from the Front Lines of Financial Deployments – Brian Behlendorf, Linux Foundation; Joseph Lubin, ConsenSys and Christine Moy, JP Morgan

Journeys within FinTech: A Panel on Women’s Career Progression – Rita Chaturvedi, Morgan Stanley; Jane Gavronsky, FINOS; Kim Prado, BMO Capital Markets; Alejandra Villagra, Citi; Tamara Chehayeb Makarem, Scott Logic

Operationalizing Open Source Projects: When the Rubber Meets the Road – Trishan de Lanerolle, Linux Foundation Networking

Integrating Legend, Bosque, and Morphir For Open Reg Tech through FINOSStephen Goldbaum, Morgan Stanley, Beeke-Marie Nelke & Pierre DeBelen, Goldman Sachs & Mark Marron, Microsoft

Registration is available for US$449 through October 13. Members of The Linux Foundation receive a 20 percent discount – members can contact events@linuxfoundation.org to request a member discount code. Members of FINOS can attend at no cost – members can contact ossf@finos.org to request the FINOS Member registration code. 

Health and Safety
Attendees will be required to be fully vaccinated against the COVID-19 virus and wear a mask while onsite at the event. Additionally, all attendees will need to comply with all on-site health measures, in accordance with The Linux Foundation Code of Conduct. To learn more, visit the Health & Safety webpage and read our blog post.

Sponsor
For information on becoming an event sponsor, click here or email us for more information and to speak to our team. The sponsorship deadline is October 26.

Press
Members of the press who would like to request a press pass to attend should contact Kristin O’Connell.

About the Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 2,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit linuxfoundation.org.

The Linux Foundation Events are where the world’s leading technologists meet, collaborate, learn and network in order to advance innovations that support the world’s largest shared technologies.

Visit our website and follow us on Twitter, Linkedin, and Facebook for all the latest event updates and announcements.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds. 

###

Media Contact
Kristin O’Connell
The Linux Foundation
koconnell@linuxfoundation.org

The post The Linux Foundation and Fintech Open Source Foundation Announce Keynote Speakers for Open Source Strategy Forum New York 2021 appeared first on Linux Foundation.

The post The Linux Foundation and Fintech Open Source Foundation Announce Keynote Speakers for Open Source Strategy Forum New York 2021 appeared first on Linux.com.

Deploy and remove a web server with Ansible

Thursday 7th of October 2021 10:38:42 PM

How fast can you deploy a web server? With Ansible, pretty fast.

Read More at Enable Sysadmin

The post Deploy and remove a web server with Ansible appeared first on Linux.com.

The Linux Foundation and Fintech Open Source Foundation Announce Keynote Speakers for Open Source Strategy Forum New York 2021

Thursday 7th of October 2021 09:27:13 PM

Experts and industry leaders will gather for thought-provoking insights and conversations about how to best leverage open source in fintech and finserv to solve industry challenges. SAN FRANCISCO, October 7, 2021 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, along with co-host Fintech Open Source Foundation (FINOS), a nonprofit whose mission is to…

Source

The post The Linux Foundation and Fintech Open Source Foundation Announce Keynote Speakers for Open Source Strategy Forum New York 2021 appeared first on Linux.com.

Open Source 5G Ecosystem Solutions on Display at ONE Summit, as US Government Hosts Security Mini Summit

Wednesday 6th of October 2021 11:00:00 PM

5G Super Blueprint comes to life at ONE Summit with live a keynote demonstration of network slicing in 5G, and 6 pavilion demonstrations of new blueprints, use cases, and ecosystem solutions      ONE Summit to feature Mini Summit by the US Government, Enabling Secure, Open, and Programmable 5G NetworksRegister today to join the community and see the demonstrations at the Open Networking & Edge Summit virtual experience, October 10-11 

SAN FRANCISCO, October 5, 2021LF Networking (LFN), which facilitates collaboration and operational excellence across open source networking projects, today announced its 5G Super Blueprint initiative will host use case demonstrations across 5G, edge, IoT, and cloud native during Open Networking & Edge (ONE) Summit + Kubernetes on Edge Day, October 11-12, 2021. 

The 5G Super Blueprint is a community-driven integration of multiple open source initiatives that, collaboratively, demonstrate end-to-end use cases of end user implementation architectures. LFN  creates a framework based on these integrated initiatives and projects to then develop blueprints, defined by a community-driven process that allows end-to-end solution use cases across vertical markets.  

“The open source networking ecosystem is bringing collaboration to life at ONE Summit,” said Heather Kirksey, vice president, Community & Ecosystem Development, the Linux Foundation. “What started as an integration demo for a basic residential broadband use case five short years ago has now evolved into a framework for creating collaborative, end-to-end solutions for the 5G ecosystem. I am incredibly proud of the community for all the progress it’s achieved to date, and I cannot wait to see what comes next.”

Building on the long-running 5G cloud native network demo workstream, the LF Networking community has fortified the 5G Super Blueprint foundation by adding network slicing. Based on the ONAP Honolulu release, this proof concept demonstrates an open source approach to improving QoS in 5G networks by optimizing resources and network topologies for 5G use cases, providing network operators improved performance and greater flexibility. The demo will also showcase a custom Network Slice Subnet Management Function (NSSMF) that was developed as part of this effort.

Linux Foundation Demo Pavilion

The open source networking and edge ecosystems will demonstrate ecosystem innovations around the 5G Super Blueprint and more during ONE Summit, via the Linux Foundation Demo Pavilion. Seven demos from multiple open source projects and communities will be on display, with the developers who created them available to answer questions throughout the event. Illustrating a breadth of technologies surrounding the 5G ecosystem and beyond, the demos will cover: 

5G Super Blueprint: 5G Cloud Native Network Adds Network Slicing (LF Networking, LF Edge, ONAP, Anuket, DPDK, EMCO)Akraino Blueprints: Integrated Cloud Native Private Wireless (LF Edge, Akraino)Enabling future-proof and Open Edge App Management in Retail (LF Edge, EdgeX Foundry, Open Horizon, Secure Device Onboard)LF Edge + Project Alvarium: Building Trust in Interconnected Ecosystems (LF Edge, Project Alvarium, EVE)Introducing L3AF, a Platform to Launch and Manage eBPF Programs (L3AF)O-RAN/OSC/ONAP-Based Multi-Operator/Multi-Vendor Resource Pooling & RAN Slicing in Disaster Scenarios (LF Networking, ONAP, ORAN-SC) Magma: Zero-touch Magma Automation With LFN EMCO (Magma, EMCO)

More details, including descriptions of each demo, are available here

US Government Mini Summit

The US GOV OPS mini summit, which takes place Oct. 11 from 2:00 – 4:50 PM PST, will examine requirements and progress of 5G, edge, and IoT technologies within enterprise and government entities. Hosted by NWIC Pacific division of the United States Navy and led by Doug Evans, Neil Hoff and Andrew Leidy from the Department of the Navy, the program will cover use cases and solutions that rely on the foundations of open source networking, edge, and cloud project communities (including LF Networking, LF Edge, CNCF, Kubernetes, Magma, and more). Specific discussion topics include:  

Introduction to United States Government Open Programmable Secure (US-GOV OPS) initiative within the Linux Foundation Overview of DARPA’s Open, Programmable, Secure 5G (OPS-5G) project The Linux Foundation’s 5G Super BlueprintDiscussion of the Office of the Under Secretary of Defense (OUSD) for Research & Engineering’s 5G initiative, and the Multi-site OPS-5G Joint Independent Test Option (MOJITO) project

Registration to this mini-summit is included in the overall conference registration. 

These are but a few of the informative workshops, keynotes, and sessions designed to propel the open networking industry further.

Register to Attend

Join the community virtually Oct. 11-12 for a broad look at the open source 5G ecosystem across networking and edge technologies, and learn about new innovations in networking and edge like enhanced security, 6G, and ONAP’s forthcoming Istanbul release. Register today to join the community for just $150 USD. Click here to access registration and view the conference agenda.  

Members of the media may receive a complimentary media pass to the event; please contact jlovato@linuxfoundation.org to register as press.

 About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 2,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit linuxfoundation.org.

Media Contact

Jill Lovato

jlovato@linuxfoundation.org

The Linux Foundation

The post Open Source 5G Ecosystem Solutions on Display at ONE Summit, as US Government Hosts Security Mini Summit appeared first on Linux Foundation.

The post Open Source 5G Ecosystem Solutions on Display at ONE Summit, as US Government Hosts Security Mini Summit appeared first on Linux.com.

The 2021 State of Open Source in Financial Services: Fintech Open Source Foundation (FINOS)

Tuesday 5th of October 2021 03:00:29 PM

Linux Foundation Research has released the following report, in partnership with the Fintech Open Source Foundation (FINOS)

Abstract: The increased prevalence, importance, and value of open source is well understood and widely reported by many industry surveys and studies. However, the rate at which different industries acknowledge this shift and adapt their own business and technology practices to capitalize on open source opportunities differs considerably.

The financial services industry has been a long-time consumer of open source software. At the same time, open source software and standards development have not been activities at the core of financial services industry business models and technology strategies. Consequently, the levels of contribution to – and publishing of – open source, in software development, or in terms of allocating staff resources, are still in their infancy. 

This report identifies the extent to which the financial services industry is active in open source, creating a baseline of understanding of governance, leadership, consumption, contribution, culture, and overall open source aspiration. Further, the report highlights the obstacles and challenges to improving industry-wide collaboration and concludes with a set of actionable insights for improving the state of open source in financial services. 

Click here to download the 2021 State of Open Source in Financial Services

The post The 2021 State of Open Source in Financial Services: Fintech Open Source Foundation (FINOS) appeared first on Linux.com.

The Linux Foundation Announces Keynote Speakers for Open Source Summit + Embedded Linux Conference 2021

Tuesday 5th of October 2021 02:27:55 AM

The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the keynote speakers for Open Source Summit + Embedded Linux Conference 2021, taking place September 27-30 in Seattle, Washington. The events are being produced in a hybrid format, with both in-person and virtual participation available, and are co-located with OSPOCon and Linux Security Summit…

Source

The post The Linux Foundation Announces Keynote Speakers for Open Source Summit + Embedded Linux Conference 2021 appeared first on Linux.com.

The Linux Foundation Announces Conference Schedule for Open Source Summit + Embedded Linux Conference 2021

Tuesday 5th of October 2021 02:27:49 AM

The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the full schedule for Open Source Summit + Embedded Linux Conference 2021, the leading conference for open source developers, technologists, and community leaders. The events are taking place September 27-30 in Seattle, Washington and are co-located with OSPOCon and Linux Security Summit…

Source

The post The Linux Foundation Announces Conference Schedule for Open Source Summit + Embedded Linux Conference 2021 appeared first on Linux.com.

New Software Supply Chain Cybersecurity Event

Tuesday 5th of October 2021 02:27:41 AM

Modern day supply chains leave greater potential for vulnerabilities, and supply chain security should be a high priority for organizations. Vulnerabilities could be catastrophic, and lead to unnecessary costs, inefficient delivery schedules and a loss of intellectual property. In addition, over the last few years, supply chains have increasingly been exposed as a major weak point in…

Source

The post New Software Supply Chain Cybersecurity Event appeared first on Linux.com.

Vaccines + Masks for Safe In-Person Events – Read About All On-Site Safety Protocols

Tuesday 5th of October 2021 02:27:34 AM

The Linux Foundation is ecstatic to return to in-person events next month; we know how important these face-to-face gatherings are to accelerating collaboration and innovation in the open source community. We know you have questions surrounding health and safety at in-person events and want to pause for a moment to address these. Rest assured – your health has been at the forefront of every move…

Source

The post Vaccines + Masks for Safe In-Person Events – Read About All On-Site Safety Protocols appeared first on Linux.com.

The Linux Foundation and Fintech Open Source Foundation Announce the Agenda for Open Source Strategy Forum London 2021, Oct 4-5

Tuesday 5th of October 2021 02:27:19 AM

Experts from financial services, technology and open source will come together to deepen collaboration and drive innovation across the industry in order to deliver better code, faster. SAN FRANCISCO, August 11, 2021 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, and co-host Fintech Open Source Foundation (FINOS), a nonprofit whose mission is to…

Source

The post The Linux Foundation and Fintech Open Source Foundation Announce the Agenda for Open Source Strategy Forum London 2021, Oct 4-5 appeared first on Linux.com.

The Linux Foundation and the TODO Group Announce the Schedule for OSPOCon Europe 2021, Oct 6

Tuesday 5th of October 2021 02:27:17 AM

OSPOCon, held in North America and Europe this year, is a new event dedicated to creating better, more efficient open source ecosystems, covering the creation and best practices of open source program offices (OSPOs), open source corporate sustainability, and much more. SAN FRANCISCO, August 18, 2021 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source…

Source

The post The Linux Foundation and the TODO Group Announce the Schedule for OSPOCon Europe 2021, Oct 6 appeared first on Linux.com.

The Linux Foundation and Fintech Open Source Foundation Announce Keynote Speakers for Open Source Strategy Forum London 2021

Tuesday 5th of October 2021 02:27:15 AM

Experts and industry leaders from financial services, technology and open source will gather for thought-provoking insights and conversations about how to best leverage open source software to solve industry challenges. SAN FRANCISCO, September 16, 2021 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, along with co-host Fintech Open Source Foundation…

Source

The post The Linux Foundation and Fintech Open Source Foundation Announce Keynote Speakers for Open Source Strategy Forum London 2021 appeared first on Linux.com.

The Linux Foundation Announces Agenda and Speaker Lineup for the 2021 Linux Foundation Member Summit

Tuesday 5th of October 2021 02:27:14 AM

This by-invitation event for Linux Foundation member organizations fosters collaboration, innovation, and partnerships among the leading projects and organizations working to drive digital transformation with open technologies. SAN FRANCISCO, September 21, 2021 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the agenda and speaker…

Source

The post The Linux Foundation Announces Agenda and Speaker Lineup for the 2021 Linux Foundation Member Summit appeared first on Linux.com.