The Linux Foundation

Subscribe to The Linux Foundation feed The Linux Foundation
Decentralized innovation, built on trust.
Updated: 33 min 10 sec ago

The Linux Foundation Announces Keynote Speakers for Open Source Summit Europe 2022

Thu, 08/04/2022 - 22:53

Global visionaries headline the premier open source event in Europe to share on OSS adoption in Europe, driving the circular economy, finding inspiration through the pandemic, supply chain security and more.

SAN FRANCISCO, August 4, 2022 —  The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the keynote speakers for Open Source Summit Europe, taking place September 13-16 in Dublin, Ireland. The event is being produced in a hybrid format, with both in-person and virtual participation available, and is co-located with the Hyperledger Global Forum, OpenSSF Day, Linux Kernel Maintainer Summit, KVM Forum, and Linux Security Summit, among others.

Open Source Summit Europe is the leading conference for developers, sys admins and community leaders – to gather to collaborate, share information, gain insights, solve technical problems and further innovation. It is a conference umbrella, composed of 13 events covering the most important technologies and issues in open source including LinuxCon, Embedded Linux Conference, OSPOCon, SupplyChainSecurityCon, CloudOpen, Open AI + Data Forum, and more. Over 2,000 are expected to attend.

2022 Keynote Speakers Include:

  • Hilary Carter, Vice President of Research, The Linux Foundation
  • Bryan Che, Chief Strategy Officer, Huawei; Cloud Native Computing Foundation Governing Board Member & Open 3D Foundation Governing Board Member
  • Demetris Cheatham, Senior Director, Diversity, Inclusion & Belonging Strategy, GitHub
  • Gabriele Columbro, Executive Director, Fintech Open Source Foundation (FINOS)
  • Dirk Hohndel, Chief Open Source Officer, Cardano Foundation
  • ​​Ross Mauri, General Manager, IBM LinuxONE
  • Dušan Milovanović, Health Intelligence Architect, World Health Organization
  • Mark Pollock, Explorer, Founder & Collaborator
  • Christopher “CRob” Robinson, Director of Security Communications, Product Assurance and Security, Intel Corporation
  • Emilio Salvador, Head of Standards, Open Source Program Office, Google
  • Robin Teigland, Professor of Strategy, Management of Digitalization, in the Entrepreneurship and Strategy Division, Chalmers University of Technology; Director, Ocean Data Factory Sweden and Founder, Peniche Ocean Watch Initiative (POW)
  • Linus Torvalds, Creator of Linux and Git
  • Jim Zemlin, Executive Director, The Linux Foundation

Additional keynote speakers will be announced soon. 

Registration (in-person) is offered at the price of US$1,000 through August 23. Registration to attend virtually is $25. Members of The Linux Foundation receive a 20 percent discount off registration and can contact events@linuxfoundation.org to request a member discount code. 

Health and Safety
In-person attendees will be required to show proof of COVID-19 vaccination or provide a negative COVID-19 test to attend, and will need to comply with all on-site health measures, in accordance with The Linux Foundation Code of Conduct. To learn more, visit the Health & Safety webpage.

Event Sponsors
Open Source Summit Europe 2022 is made possible thanks to our sponsors, including Diamond Sponsors: AWS, Google and IBM, Platinum Sponsors: Huawei, Intel and OpenEuler, and Gold Sponsors: Cloud Native Computing Foundation, Codethink, Docker, Mend, NGINX, Red Hat, and Styra. For information on becoming an event sponsor, click here or email us.

Press
Members of the press who would like to request a press pass to attend should contact Kristin O’Connell.

ABOUT THE LINUX FOUNDATION
Founded in 2000, the Linux Foundation and its projects are supported by more than 2,950 members. The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at https://linuxfoundation.org/

The Linux Foundation Events are where the world’s leading technologists meet, collaborate, learn and network in order to advance innovations that support the world’s largest shared technologies.

Visit our website and follow us on Twitter, LinkedIn, and Facebook for all the latest event updates and announcements.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds. 

###

Media Contact
Kristin O’Connell
The Linux Foundation
koconnell@linuxfoundation.org

The post The Linux Foundation Announces Keynote Speakers for Open Source Summit Europe 2022 appeared first on Linux Foundation.

The American Association of Insurance Services & The Linux Foundation Welcome Jefferson Braswell as openIDL Project Executive Director

Wed, 08/03/2022 - 20:00

LISLE, IL., August 3, 2022 — The American Association of Insurance Services (AAIS) and the Linux Foundation welcome Jefferson Braswell as the new Executive Director of the openIDL Project.

“AAIS is excited about the expansion of openIDL in the insurance space and the addition of Jefferson as Executive Director signals even more strength and momentum to the fast-developing project,” said Ed Kelly, AAIS Executive Director. “We are happy to continue to work with the Linux Foundation to help affect meaningful, positive change for the insurance ecosystem.”

“openIDL is a Linux Foundation Open Governance Network and the first of its kind in the insurance industry,” said Daniela Barbosa, General Manager of Blockchain, Healthcare and Identity at the Linux Foundation. “It leverages open source code and community governance for objective transparency and accountability among participants with strong executive leadership helping shepherd this type of open governance networks. Jeff Braswell’s background and experience in financial standards initiatives and consortium building aligns very well with openIDL’s next growth and expansion period.“

Braswell has been successfully providing leading-edge business solutions for information-intensive enterprises for over 30 years. As a founding Director, he recently completed a 6-year term on the Board of the Global Legal Entity Identifier Foundation (GLEIF), where he chaired the Technology, Operations and Standards Committee. He is also the Chair of the Algorithmic Contract Types Unified Standards Foundation (ACTUS), and he has actively participated in international financial data standards initiatives.

Previously, as Co-Founder and President of Berkeley-based Risk Management Technologies (RMT), Braswell designed and led the successful implementation of advanced, firm-wide risk management solutions integrated with enterprise-wide data management tools. They were used by  many of the world’s largest financial institutions, including Wells Fargo, Credit Suisse, Chase, PNC, Sumitomo Mitsui Banking Corporation, Mellon, Wachovia, Union Bank and ANZ.

“We appreciate the foundation that AAIS laid for openIDL, and I look forward to bringing my expertise and knowledge to progress this project forward,” shared Braswell. “Continuing the work with the Linux Foundation to positively impact insurance services through open-source technology is exciting and will surely change the industry for the better moving forward.” 

openIDL, an open source, distributed ledger platform, infuses efficiency, transparency and security into regulatory reporting. With openIDL, insurers fulfill requirements while retaining the privacy of their data. Regulators have the transparency and insights they need, when they need them. Initially developed by AAIS, expressly for its Members, openIDL is now being further advanced by the Linux Foundation as an open-source ecosystem for the entire insurance industry.

ABOUT AAIS
Established in 1936, AAIS serves the Property & Casualty insurance industry as the only national nonprofit advisory organization governed by its Member insurance carriers. AAIS delivers tailored advisory solutions including best-in-class policy forms, rating information and data management capabilities for commercial lines, inland marine, farm & agriculture and personal lines insurers. Its consultative approach, unrivaled customer service and modern technical capabilities underscore a focused commitment to the success of its members. AAIS also serves as the administrator of openIDL, the insurance industry’s regulatory blockchain, providing unbiased governance within existing insurance regulatory frameworks. For more information about AAIS, please visit www.aaisonline.com.

ABOUT THE LINUX FOUNDATION

Founded in 2000, the Linux Foundation and its projects are supported by more than 2,950 members. The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at https://linuxfoundation.org.

ABOUT openIDL
openIDL (open Insurance Data Link) is an open blockchain network that streamlines regulatory reporting and provides new insights for insurers, while enhancing timeliness, accuracy, and value for regulators. openIDL is the first open blockchain platform that enables the efficient, secure, and permissioned-based collection and sharing of statistical data. For more information, please visit www.openidl.org.

###

MEDIA CONTACT:

AAIS
John Greene
Director – Marketing & Communications
630.457.3238
johng@AAISonline.com

Linux Foundation

Dan Whiting
Director of Media Relations and Content
202-531-9091
dwhiting@linuxfoundation.org

The post The American Association of Insurance Services & The Linux Foundation Welcome Jefferson Braswell as openIDL Project Executive Director appeared first on Linux Foundation.

Public-private partnerships in health: The journey ahead for open source

Wed, 08/03/2022 - 00:53

This original article appeared on the LF Public Health project’s blog.

The past three years have redefined the practice and management of public health on a global scale. What will we need in order to support innovation over the next three years?

In May 2022, ASTHO (Association of State and Territorial Health Officials) held a forward-looking panel at their TechXPO on public health innovation, with a specific focus on public-private partnerships. Jim St. Clair, the Executive Director of Linux Foundation Public Health, spoke alongside representatives from MITRE, Amazon Web Services, and the Washington State Department of Health.

Three concepts appeared and reappeared in the panel’s discussion: reimagining partnerships; sustainability and governance; and design for the future of public health. In this blog post, we dive into each of these critical concepts and what they mean for open-source communities.

Reimagining partnerships

The TechXPO panel opened with a discussion on partnerships for data modernization in public health, a trending topic at the TechXPO conference. Dr. Anderson (MITRE) noted that today’s public health projects demand “not just a ‘public-private’ partnership, but a ‘public-private-community-based partnership’.” As vaccine rollouts, digital applications, and environmental health interventions continue to be deployed at scale, the need for community involvement in public health will only increase.

However, community partnerships should not be viewed as just another “box to check” in public health. Rather, partnerships with communities are a transformative way to gain feedback while improving usability and effectiveness in public-health interventions. As an example, Dr. Anderson referenced the successful VCI (Vaccination Credential Initiative) project, mentioning “When states began to partner to provide data… and offered the chance for individuals to provide feedback… the more eyeballs on the data, the more accurate the data was.”

Cardea, an LFPH project that focuses on digital identity, has also benefited from public-private-community-based partnerships. Over the past two years, Cardea has run three community hackathons to test interoperability among other tools that use Cardea’s codebase. Trevor Butterworth, VP of Cardea’s parent company, Indicio, explained his thoughts on community involvement in open source: “The more people use an open source solution, the better the solution becomes through stress testing and innovation; the better it becomes, the more it will scale because more people will want to use it.” Cardea’s public and private-sector partnerships also include Indicio, SITA, and the Aruba Health Department, demonstrating the potential for diverse stakeholders to unite around public-health goals.

Community groups are also particularly well-positioned to drive innovation in public health: they are often attuned to pressing issues that might be otherwise missed by institutional stakeholders. One standout example is the Institute for Exceptional Care (IEC), a LFPH member organization focused on serving individuals with intellectual and developmental disabilities, “founded by health care professionals, many driven by personal experience with a disabled loved one.” IEC recently presented a webinar on surfacing intellectual and developmental disabilities in healthcare data: both the webinar and Q&A showcased the on-the-ground knowledge of this deeply involved, solution-oriented community.

Sustainability and governance

Sustainability is at the heart of every viable open source project, and must begin with a complete, consensus-driven strategy. As James Daniel (AWS) mentioned in the TechXPO panel, it is crucial to determine “exactly what a public health department wants to accomplish, [and] what their goals are” before a solution is put together. Defining these needs and goals is also essential for long-term sustainability and governance, as mentioned by Dr. Umair Shah (WADOH): “You don’t want a scenario where you start something and it stutters, gets interrupted and goes away. You could even make the argument that it’s better to not have started it in the first place.”

Questions of sustainability and project direction can often be answered by bringing private and public interests to the same table before the project starts. Together, these interests can determine how a potential open-source solution could be developed and used. As Jim St. Clair mentioned in the panel: “Ascertaining where there are shared interests and shared values is something that the private sector can help broker.” Even if a solution is ultimately not adopted, or a partnership never forms, a frank discussion of concerns and ideas among private- and public-sector stakeholders can help clarify the long-term capabilities and interests of all stakeholders involved.

Moreover, a transparent discussion of public health priorities, questions, and ideas among state governments, private enterprises, and nonprofits can help drive forward innovation and improvements even when there is no specific project at hand. To this end, LFPH hosts a public Slack channel as well as weekly Technical Advisory Council (TAC) meetings in which we host new project ideas and presentations. TAC discussions have included concepts for event-driven architecture for healthcare data, a public health data sharing mesh, and “digital twins” for informatics and research.

Design for the future of public health

Better partnerships, sustainability, and governance provide exciting prospects for what can be accomplished in open-source public health projects in the coming years. As Jim St. Clair (LFPH) mentioned in the TechXPO panel: “How do we then leverage these partnerships to ask ‘What else is there about disease investigative technology that we could consider? What other diseases, what other challenges have public health authorities always had?’” These challenges will not be tackled through closed source solutions—rather, the success of interoperable, open-source credentialing and exposure notifications systems during the pandemic has shown that open-source has the upper hand when creating scalable, successful, and international solutions.

Jim St. Clair is not only optimistic about tackling new challenges, but also about taking on established challenges that remain pressing: “Now that we’ve had a crisis that enabled these capabilities around contact tracing and notifications… [they] could be leveraged to expand into and improve upon all of these other traditional areas that are still burning concerns in public health.” For example, take one long-running challenge in United States healthcare: “Where do we begin… to help drive down the cost and improve performance and efficiency with Medicaid delivery? … What new strategies could we apply in population health that begin to address cost-effective care-delivery patient-centric models?”

Large-scale healthcare and public-health challenges such as mental health, communicable diseases, diabetes—and even reforming Medicaid—will only be accomplished by consistently bringing all stakeholders to the table, determining how to sustainably support projects, and providing transparent value to patients, populations and public sector agencies. LFPH has pursued a shared vision around leveraging open source to improve our communities, carrying forward the same resolve as the diverse groups that originally came together to create COVID-19 solutions. The open-source journey in public health is only beginning.

The post Public-private partnerships in health: The journey ahead for open source appeared first on Linux Foundation.

People of Open Source: Neville Spiteri, Wevr

Fri, 07/29/2022 - 23:41

This post originally appeared on the Academy Software Foundation’s (ASWF) blog. The ASWF works to increase the quality and quantity of contributions to the content creation industry’s open source software base. 

Tell us a bit about yourself – how did you get your start in visual effects and/or animation? What was your major in college?

I started experimenting with the BASIC programming language when I was 12 years old on a ZX81 Sinclair home computer, playing a game called “Lunar Lander” which ran on 1K of RAM, and took about 5 minutes to load from cassette tape.

I have a Bachelor’s degree in Cognitive Science and Computer Science.

My first job out of college was a Graphics Engineer at Wavefront Technologies, working on the precursor to Maya 1.0 3D animation system, still used today. Then I took a Digital Artist role at Digital Domain.

What is your current role?

Co-Founder / CEO at Wevr. I’m currently focused on Wevr Virtual Studio – a cloud platform we’re developing for interactive creators and teams to more easily build their projects on game engines.

What was the first film or show you ever worked on? What was your role?

First film credit: True Lies, Digital Artist.

What has been your favorite film or show to work on and why?

TheBlu 1.0 digital ocean platform. Why? We recently celebrated TheBlu 10 year anniversary. TheBlu franchise is still alive today. At the core of TheBlu was/is a creator platform enabling 3D interactive artists/developers around the world to co-create the 3D species and habitats in TheBlu. The app itself was a mostly decentralized peer-to-peer simulation that ran on distributed computers with fish swimming across the Internet. The core tenets of TheBlu 1.0 are still core to me and Wevr today, as we participate more and more in the evolving Metaverse.

How did you first learn about open source software?

Linux and Python were my best friends in 2000.

What do you like about open source software? What do you dislike?

Likes: Transparent, voluntary collaboration.

Dislikes: Nothing.

What is your vision for the Open Source community and the Academy Software Foundation?

Drive international awareness of the Foundation and OSS projects.

Where do you hope to see the Foundation in 5 years?

A global leader in best practices for real-time engine-based production through international training and education.

What do you like to do in your free time?

Read books, listen to podcasts, watch documentaries, meditation, swimming, and efoiling!

Follow Neville on Twitter and connect on LinkedIn.  

The post People of Open Source: Neville Spiteri, Wevr appeared first on Linux Foundation.

What is the OpenGEH (Green Energy Hub) Project

Fri, 07/29/2022 - 06:36

The OpenGEH Project is one of the many projects at LF Energy. We want to share about it here on the LF blog. This originally appeared on the LF Energy site

OpenGEH ( GEH stands for Green Energy Hub ) enables fast, flexible settlement and hourly measurements of production and consumption of electricity. OpenGEH seeks to help utilities to onboard increased levels of renewables by reducing the administrative barriers of market-based coordination. By utilizing a modern DataHub, built on a modular and microservices architecture, OpenGEH is able to store billions of data points covering the entire workflow triggered by the production and consumption of electricity.

The ambition of OpenGEH is to use digitalization as a way to accelerate a market-driven transition towards a sustainable and efficient energy system. The platform provides a modern foundation for both new market participants and facilitates new business models through digital partnerships. The goal is to create access to relevant data and insights from the energy market and thereby accelerate the Energy Transition.

Initially built in partnership with Microsoft, Energinet (the Danish TSO) was seeking a critical leverage point to accelerate the Danish national commitment to 100% renewable energy in their electricity system by 2030. For most utilities, getting renewables onboard creates a technical challenge that also has choreography and administrative hurdles. Data becomes the mechanism that enables market coordination leading to increased decarbonization. The software was contributed to the LF Energy Foundation by Energinet.

Energinet sees open source and shared development as an opportunity to reduce the cost of software, while simultaneously increasing the quality and pace of development. It is an approach that they see gaining prominence in TSO cooperation. Energinet is not an IT company, and therefore does not sell systems, services, or operate other TSOs. Open source coupled with an intellectual property license that encourages collaboration, will insure that OpenGEH continues to improve, by encouraging a community of developers to add new features and functionality.


The Architectural Principles behind OpenGEH

By implementing Domain Driven Design, OpenGEH has divided the overall problem  into smaller independent domains. This gives developers the possibility to only use the domains that are necessary to solve for the needed functionality. As the domains trigger events when data changes, the other domains listen on these events to have the most updated version of data.

The architecture supports open collaboration on smaller parts of OpenGEH. New domains can be added by contributors, to extend the OpenGEH’s functionality, when needed to accelerate the green transition.

The Green Energy Hub Domains

The Green Energy Hub system consists of two different types of domains:

  • A domain that is responsible for handling a subset of business processes.
  • A domain that is responsible for handling an internal part of the system (Like log accumulation, secret sharing or similar).

Below is a list of these domains, and the business flows they are responsible for.

  • Business Process Domains
    • Metering Point
      • Create metering point
      • Submission of master data – grid company
      • Close down metering point
      • Connection of metering point with status new
      • Change of settlement method
      • Disconnection and reconnecting of metering point
      • Meter management
      • Update production obligation
      • Request for service from grid company
    • Aggregations
      • Submission of calculated energy time series
      • Request for historical data
      • Request for calculated energy time series
      • Aggregation of wholesale services
      • Request for aggregated tariffs
      • Request for settlement basis
    • Time Series
      • Submission of metered data for metering point
      • Send missing data log
      • Request for metered data for a metering point
    • Charges
      • Request for aggregated subscriptions or fees
      • Update subscription price list
      • Update fee price list
      • Update tariff price list
      • Request price list
      • Settlement master data for a metering point – subscription, fee and tariff links
      • Request for settlement master data for metering point
    • Market Roles
      • Change of supplier
      • End of supply
      • Managing an incorrect change of supplier
      • Move-in
      • Move-out
      • Incorrect move
      • Submission of customer master data by balance supplier
      • Initiate cancel change of supplier by customer
      • Change of supplier at short notice
      • Mandatory change of supplier for metering point
      • Submission of contact address from grid company
      • Change of BRP for energy supplier
    • Data Requests
      • Master data request
  • System Domains

The post What is the OpenGEH (Green Energy Hub) Project appeared first on Linux Foundation.

CRob on Software Security Education and SIRTs

Thu, 07/28/2022 - 03:58

In the Open Source Software Security Mobilization Plan released this past May, the very first stream – of the 10 recommended – is to “Deliver baseline secure software development education and certification to all.”

As the plan states, it is rare to find a software developer who receives formal training in writing software securely. The plan advocates that a modest amount of training – from 10 to ideally 40-50 hours – could make a significant difference in developer contributions to more secure software from the beginning of the software development life cycle. The Linux Foundation now offers a free course, Developing Secure Software, which is 15 hours of training across 3 modules (security principles, implementation considerations & software verification).

The plan proposes, “bringing together a small team to iterate and improve such training materials so they can be considered industry standard, and then driving demand for those courses and certifications through partnerships with educational institutions of all kinds, coding academies and accelerators, and major employers to both train their own employees and require certification for job applicants.”

Also in the plan is Stream 5 to, “Establish the OpenSSF Open Source Security Incident Response Team, security experts who can step in to assist open source projects during critical times when responding to a vulnerability.” They are a small team of professional software developers, vetted for security and trained on the specifics of language and frameworks being used by that OSS project. 30-40 experts would be available to go out in teams of 2-3 for any given crisis.

Christopher “CRob” Robinson is instrumental to the concepts behind, and the implementation of, both of these recommendations. He is the Director of Security Communications at Intel Product Assurance and also serves on the OpenSSF Technical Advisory Committee. At Open Source Summit North America, he sat down with TechStrong TV host Alan Shimel to talk about the origin of his nickname and, more importantly, software security education and the Open Source Product Security Incident Response Team (PSIRT) – streams 1 and 5 in the Plan.  Here are some key takeaways:

  • I’ve been with the OpenSSF for over two years, almost from the beginning. And currently I am the working group lead for the Developer Best Practices Working Group and the Vulnerability Disclosures Working Group. I sit on the Technical Advisory Committee. We help kind of shape, steer the strategy for the Foundation. I’m on the Public Policy and Government Affairs Committee. And I’m just now the owner of two brand new SIGs, special interest groups, underneath the working group. So I’m in charge of the Education SIG and the Open Source Cert SIG. We’re going to create a PSIRT for open source.
  • The idea is to try to find a collection of experts from around the industry that understand how to do incident response and also understand how to get things fixed within open source communities. . . I think, ultimately, it’s going to be kind of a mentorship program for upstream communities to teach them how to do incident response. We know and help them work with security researchers and reporters and also help make sure that they’ve got tools and processes in place so they can be successful.
  • A lot of the conference this week is talking about how we need to get more training and certification and education into the hands of developers. We’ve created another kind of Tiger team, and  we’re gonna be focusing on this. And my friend, Dr. David Wheeler, he had a big announcement where we have existing body of material, the secure coding fundamentals class, and he was able to transform that into SCORM. So now anybody who has a SCORM learning management system has the ability to leverage this free developer secure software training on their internal learning management systems.
  • We have a lot of different learners. We have brand new students, we have people in the middle of their careers, people are making career changes. We have to kind of serve all these different constituents.

Of course, he had a lot more to say. You can watch the full interview, including how CRob got his nickname, and read the transcript below.

Alan Shimel 00:06
Hey, everyone back here live in Austin at the Linux Foundation Open Source Summit. You know, we’ve had a very security-heavy lineup this past week. And for good reason, security is top of mind to everyone. The OpenSSF. Of course, Monday was OpenSSF day, but it’s more than that. More than Monday, we really talked a lot about software supply chains and SBOMs and just securing open source software. My next guest is CGrove or CRbn? No, no, you know, I had CRob in my mind, and that’s what messed me up. Let’s go back to Crob. Excuse me. Now check this out a little thing myself. So Crob was actually the emcee of OpenSSF day on Monday.

CRob 01:01
I had an amazing hat. You did. And you didn’t wear it here. I came from outside with tacos, and it was all sweaty.

Alan Shimel 01:08
We just have two bald guys here. Anyway,

CRob 01:14
safety in numbers.

Alan Shimel 01:15
Well, yeah, that’s true. It’s true. Wear the hat next time. But anyway, first of all, welcome, man. Thank you.

CRob 01:21
It’s wonderful to be here. I’m excited to have this little chat.

Alan Shimel 01:24
We are excited to have you on here. So before we jump into Monday, and OpenSSF day, in that whole thing, you’re with Intel, full disclosure, what do you do in your day job.

CRob 01:36
So my day job, I am the Director of Security Communications. So primarily our function is as incidents happen, so there’s a new vulnerability discovered, or researchers find some report on our portfolio, I help kind of evaluate that and kind of determine how we’re going to communicate it.

Alan Shimel 01:56
Love it, and your role within OpenSSF?

CRob 02:01
So I’ve been with the OpenSSF for over two years, almost from the beginning. And currently I am the working group lead for the developer best practices working group and the vulnerability disclosures working group. I sit on the technical advisory committee, so we help kind of shape, steer the strategy for the foundation. I’m on the Public Policy and Government Affairs Committee. And I’m just now the owner of two brand new SIGs, special interest groups underneath the working group. So I’m in charge of the education SIG, and the open source cert SIG. So we’re going to create a PSIRT for open source.

Alan Shimel 02:38
That’s beautiful man. That is really and let’s talk about that SIRT. Yeah, it’ll be through Linux Foundation.

Unknown Speaker 02:47
Yeah, we are still. So back in May the foundation and some contributors created the mobilization plan. I’m sure people have talked about it this week. 10 point plan addressing trying to help respond to things like the White House executive order. And it’s a plan that says these 10 different work streams we feel we can improve the security posture of open source software. And the open source SIRT was stream five. And the idea is to try to find a collection of experts from around the industry that understand how to do incident response, and also understand how to get things fixed within open source communities.

CRob 03:27
So we’re we have our first meeting for the SIG the first week of July. And we’re going to try to refine the initial plan and kind of spec it out and see how we want to react. But I think ultimately, it’s going to be kind of a mentorship program for upstream communities to teach them how to do incident response. We know and help them work with security researchers and reporters, and also help make sure that they’ve got tools and processes in place so they can be successful.

Alan Shimel 03:56
I love it. Yeah. Let’s be honest, this is a piece of work you cut out for yourself.

Unknown Speaker 04:04
Yes, one of my other groups I work with is a group called First, the Form of Incident Response and Security Teams. And I’m one of the authors of the PSIRT services framework. So I have a little help. So I understand that you got a vendor back on that, right? Yeah, we’re gonna lean into that as kind of a model to start with, and kind of see what we need to change to make it work for open source communities.

Alan Shimel 04:27
I actually love that good thing. When do you think we might see something on this? No pressure.

Unknown Speaker 04:32
No pressure? Oh, definitely. The meetings will be public. So all of that will go up into YouTube. So you’ll be able to observe kind of the progress of the group. I expect we’re going to take probably at least a month to refine the current plan and submit a proposal back to the governing board. We think this is actionable. So hopefully before the end of the year, maybe late fall, we’ll actually be able to start taking action.

Alan Shimel 04:57
All right. Love it. Love it. Gotta ask you, Where does the name come from?

Unknown Speaker 05:03
So the name comes from Novell GroupWise. So back in the day, our network was run by an HP VAX. But our email system plugged into the VAX and you were limited by the characters of your name. So my name Chris Robinson. So his first little first letter, first name, next seven of your last, so I ended up being Crobinsoe. And we hired a developer that walked in, he looked at it, and he’s like, ah, Crobinso the chromosome, right? Got shortened to Crob.

Alan Shimel 05:36
Okay, not very cool. So thank you. Not Crob. That’s right. Thank you Novell is right. That was very interesting days. Remember.

Unknown Speaker 05:45
I love that stuff. I was Novell engineer for many years.

Alan Shimel 05:49
That’s when certs really meant something certified Novell. You are? Yeah. Where are they now? See, I think the last time I was out in Utah. Now I was I think it was 2005. I was out in Utah, they would do if there was something they were working on.

Unknown Speaker 06:14
They bought SUSE. And we thought that that would be pretty amazing to kind of incorporate this Novell had some amazing tools. Absolutely. So we thought that would be really awesome than the NDS was the best. But we were hoping that through SUSE they be able to channel these tools and get broader adoption.

Alan Shimel 06:30
No, I think for whatever reason. There’s a lot of companies from back in those days, right, that we think about, indeed, Yeah. Anyway,

Unknown Speaker 06:45
My other working group. So we have more, but wait, there’s more, we have more. So the developer best practices working group is spinning off and education sake. So a lot of the conference this week is talking about how we need to get more training and certification and education into the hands of developers. So again, we’ve created another kind of Tiger team, are we’re gonna be focusing on this. And my friend, Dr. David Wheeler, David A. Wheeler, he had a big announcement where we have existing body of material, the secure coding fundamentals class, and he was able to transform that into SCORM. So now that anybody who has a SCORM learning management system has the ability to leverage this free developer secure software training, really, yes.

Alan Shimel 07:35
And that’s the SCORM. system. If you have SCORM, you can leverage this.

Unknown Speaker 07:39
free, there’s some rules behind it. But yeah, absolutely. It’s plugged in, we’re looking to get that donated to higher education, historically black colleges and universities (HBCU), trade schools like DeVry, wherever

Alan Shimel 07:52
Get it into people’s hands. That’s the thing to do. So that get that kind of stuff gets me really excited. I’ll be honest with you, you know, all too often, we’re good in the tech industry for forming a foundation and, and a SIG and an advisory board. But rubber meets the road, when you can teach people coming up. Right, so they come in with the right habits, because you know, it’s harder to teach the old dogs, the new tricks, right.

CRob 08:23
I can’t take the class. I know the brains full.

Alan Shimel 08:26
Yeah, no, I hear you. But no, but not only that, look, if you’ve been developing software for 25 years, and I’m gonna come and tell you, Well, what you doing is wrong. And I need you to start doing it this way. Now, I’m gonna make some progress. Because no one wants to say I know everything. And I’m not changing. People don’t just say that. But it’s just almost subconsciously, it’s a lot harder.

Unknown Speaker 08:51
It definitely is. And that’s kind of informing our approach. So we have a traditional, about 20 hours worth of traditional class material. So we’re looking at how we can transform that material into things like webinars and podcasts, and maybe a boot camp. So maybe next year, at the Open Source Summit, we might be able to offer a training class where you walk in, take the class, and walk out with a certification.

CRob 09:17
And then thinking about, you know, we have a lot of different learners. We have, you know, brand new students, we have people in the middle of their careers, people are making career changes. So we have to kind of serve all these different constituents. And that’s absolutely true. And that is one of the problems. Kind of the user journeys we’re trying to fulfill is this. I’m an existing developer, how do I gain new skills or refine what I have?

Alan Shimel 09:40
Let me ask you a question. So, I come from the security side of that. Nothing the matter with putting the emphasis on developers developing more secure software. But shouldn’t we also be developing for security people to better secure open source software.

CRob 10:02
And the foundation itself does have many, it’s multipronged. And so to help like a practitioner, we have things like our scorecard and all stars. And then we have a project criticality score. And actually, we just I, there was a great session just a couple hours ago, by one of my peers, Jacque Chester, and it was kind of a, if you’re a risk guy, it was kind of based off of Open Fair, which is a risk management methodology, kind of explaining how we can evaluate open source projects, share that information with downstream consumers and risk management teams or procurement teams, and kind of give them a quantitative assessment of this is what risks you could incur by these projects.

CRob 10:44
So if you have two projects that do the same thing, one might have a higher or lower score will provide you the data that you could make your own assessment off of that and make your own judgment. So that the foundation is also looking at just many different avenues to get this out there, focused on practitioners and developers, and hopefully by this kind of hydraulic approach, it will be successful. It’ll stick.

Alan Shimel 11:07
you know what you just put as much stuff on the wall and whatever sticks sticks man up. So anyway, hey Crob. Right. I got it right. Yep. All right. Thank you for stopping by. So thank you for all you do, right. I mean, it’s a community thing. These are not paid type of gigs, right. Sure. Yeah. No, and I thank you for your for your time and efforts on that.

CRob 11:30
Thank you very much. All right.

Alan Shimel 11:31
Hey, keep up the great work. We’re gonna take a break. I think we’ve got another interview coming up in a moment. And we’re here live in Austin.

The post CRob on Software Security Education and SIRTs appeared first on Linux Foundation.

OSS Security Highlights from the 2022 Open Source Summit North America

Tue, 07/26/2022 - 21:00

By Ashwin Ramaswami

Last month, we just concluded the Linux Foundation’s 2022 Open Source Summit North America (OSS NA), when developers, technologists, and community leaders from industry, academia, and government converged in Austin, Texas, from June 21-24 to talk about all things open source. Participants and speakers highlighted open source innovation and efforts to ensure a sustainable open source ecosystem.

What did the summit tell us about the state of OSS security? Several parts of the conference addressed different aspects of this issue – OpenSSF Day, Critical Software Summit, SupplyChainSecurityCon, and the Global Security Vulnerability Summit. Overall, the summit demonstrated an increased emphasis on open source security as a community effort with various stakeholders. More ambitious and innovative approaches to handling the open source security problem – including collaboration, tools, and training – were also introduced. Finally, the summit highlighted the importance for open source users to give back to the community and contribute upstream to the projects they depend on.

Let’s explore these ideas in more detail!

Click on the list on the upper right of this video to view the entire OpenSSF Day playlist (13 videos) Open source security as a community effort

Open source security is not just an isolated effort by users or maintainers of open source software. As OSS NA showed, the stakes of open source security have turned it into a community effort, where a wide variety of diverse stakeholders have an interest and are beginning to get involved.

  • As Todd Moore (IBM) mentioned in his keynote, incidents such as log4shell have made open source security a bigger priority for governments – and it is important for existing open source stakeholders, both users and maintainers, to work as a community to take a cohesive message back to the government to articulate our community’s needs and how we are responding to this challenge.
  • Speakers at a panel discussion with the Atlantic Council’s Cyber Statecraft Initiative and the Open Source Security Foundation (OpenSSF) discussed the summit held by OpenSSF in Washington, DC on May 12 and 13, where representatives from industry and government met to develop the Open Source Software Security Mobilization Plan, a $150 million plan for better securing the open source ecosystem.
  • A panel discussion explored how major businesses are working together to improve the security of the open source supply chain, particularly through the governance structure of the OpenSSF.
New approaches to address open source security

OSS NA featured several initiatives to address fundamental open source security issues, many of which were particularly ambitious and innovative.

  • The OpenSSF’s Alpha-Omega Project was announced to address software vulnerabilities for OSS projects that are most critical (alpha) and at the long tail (omega).
  • Eric Brewer (Google) gave a keynote discussing the fundamental problem of ensuring accountability in the open source software supply chain. One way of solving this is through curation: creating a repository of vetted and secure packages.
  • Standards continue to be important, as always: Art Manion (CERT/CC) discussed the history and future of the CVE Program, while Jennings Aske (New York-Presbyterian Hospital) and Melba Lopez (IBM) discussed the importance of a Software Bill of Materials (SBOM).
  • The importance of security tooling was emphasized, with discussions on tools such as sigstore, automation of security checks through Infrastructure as Code tools, and CI/CD pipelines.
  • David Wheeler (Linux Foundation) discussed how education in secure software development is critical to ensuring open source software security. Courses like the OpenSSF’s Secure Software Development Fundamentals Courses are available to help developers learn this topic.
Giving back to the community

Participants at the summit recognized that open source security is ultimately a matter of community, governance, and sustainability. Projects that don’t have the right resources or governance structure may not be able to ensure their projects are secure or accept the right funding to do so.

  • Steve Hendrick (Linux Foundation) and Matt Jarvis (Snyk) discussed the release of the 2022 State of Open Source Security report from Snyk and the Linux Foundation. The report noted that open source software is often a one-way street where users see significant benefits with minimal cost or investment. It is recommended that organizations need to close the loop and give back to OSS projects they use for larger open source projects to meet user expectations.
  • Aeva Black (Microsoft) discussed approaches to community risk management through drafting and enforcing a code of conduct, and how ignoring community health can lead to sometimes catastrophic technical outcomes for OSS Projects.
  • Sean Goggins (CHAOSS) discussed the relationship between community health and vulnerability mitigation in open source projects by using metrics models from the CHAOSS projects.
  • Margaret Tucker and Justin Colannino (GitHub) discussed the role that package registries have in open source security, beginning to formulate some principles that would balance these registries’ responsibility for safety and reliability with the freedom and creativity of package maintainers.
  • Naveen Srinivasan (Endor Labs) and Laurent Simon (Google) explored the OpenSSF Scorecard to more easily analyze the security of open source projects and proactively improve their security.
  • Amir Montazery (OSTIF) discussed the Open Source Technology Improvement Fund’s efforts to help OSS maintainers to work with security experts to improve their projects’ security posture.
Conclusion

In sum, the talks and conversations at OSS Summit NA help paint a picture of how key stakeholders in the open source software ecosystem – OSS communities, industry, academia, and government – are thinking about conceptualizing big-picture issues and directing efforts around OSS security.

But these initiatives and talks still have a lot of room for input! Whether individually or through your institution, consider adding your voice to this discussion as we continue to support the open source software community. Join an OpenSSF working group, another initiative, or contribute upstream to open source projects that you depend on.

The post OSS Security Highlights from the 2022 Open Source Summit North America appeared first on Linux Foundation.

Join us to Speak at the ONE networking event connecting Access, Edge, and Cloud in 2022

Fri, 07/22/2022 - 04:52
The top reasons to share your expertise at ONE Summit, the Industry’s leading Open Networking & Edge Event

To submit a presentation proposal, please visit our Call For Proposals-but hurry! Submissions are due July 29. 

ONE Summit 2022

ONE Summit is the ONE networking technology event connecting Access, Edge, Core and Cloud. It brings together technical and business decision makers for in-depth, interactive conversations around cutting-edge innovations and the operational support necessary to leverage them.

Newly revamped post-pandemic, ONE Summit’s focus is to enable interactive, real-world conversations on the evolution of technology in the distributed networking space. From Communications Service Providers to Government and civil infrastructure, from Retail to the leaders of Industry 4.0, you will be able to collaborate on innovations to truly support your digital transformation.

Inspired by the impact of integration efforts like 5G Super Blueprint, ONE Summit fosters collaborative discussion required to truly scale software for 5G, IoT, the enterprise, and beyond. 

Top 5 reasons to speak at ONE Summit:

1) Collaborate with thought leaders from across a growing global ecosystem. 

ONE Summit enables the technical and business collaboration necessary to shape the future of open networking and edge computing. The free exchange and presentation of ideas is crucial for the growth of all open source projects and their continued ability to innovate.

2) Immerse yourself in innovative technologies such as 5G, Open RAN, IoT, Enterprise, Cloud Native and more.

Learn about and build on on the successes of Linux Foundation networking & edge project communities, with collaboration across LF Networking, LF Edge, O-RAN- SC, Magma, CNCF, LF AI & Data, and more, to enable attendees to visualize and build their new networking stacks.

3) Learn from your peers across industry verticals solving common challenges. 

Networking decision makers gather to address architectural and technical issues, and business use case needs. ONE Summit provides a forum where solutions, best practices, use cases and more – based on open source projects under the Linux Foundation Networking and across the industry– can be shared with the global ecosystem.

4) Unleash the power of open. In a market now built on open source, this is critical.

Virtually all industries have embraced open source in their operations. Collaboration among industry peers is what makes the use of open source in business and the related business models possible.

5) Demonstrate your leadership.

ONE Summit attendees come from all across a growing ecosystem of enterprises, governments, global service providers (including telcos, enterprises, government, global service providers and cloud). With a targeted focus on architects and technical decision makers, ONE Summit is a great place to get your message out

Meet the Program Committee

ONE Summit would not be possible without the involvement and support of our community. The Program Committee is composed of business and open source leaders who are actively involved in the work of developing the next generation of networking and edge technologies for all market verticals. This year’s ONE Summit Program Committee is composed of:

  • Rabi Abdel, Principal Consultant, Global Telecom Practice, Amazon Web Services
  • Lisa Caywood, Senior Principal Community Architect, RedHat
  • Wenjing Chu, Senior Director of Technology Strategy – Trust for the Internet of the Future, Futurewei Technologies
  • Roy Chua, Founder and Principal, AvidThink
  • Beth Cohen, Cloud Product Technologist, Verizon
  • Marc Fiedler, Architect for Real-time Network Service Management, Deutsche Telekom
  • Daniel Havey, Program Manager, Microsoft
  • Kandan Kathirvel, Product Lead, Telco Cloud & Orchestration, Google Cloud
  • Trishan de Lanerolle, Principal Technical Program Manager, Office of the CTO, Equinix
  • Catherine Lefevre, AVP, Technology Services – Network Systems Common Platform & Services, AT&T
  • Tom Nadeau, Fellow, Vice President & Chief Cloud Architect, Spirent Communications
  • Joe Pearson, Edge Computing and Technology Strategist, IBM Networking & Edge Computing CTO Group, IBM
  • Jim St. Leger, Director, Open Strategy, Intel
  • Tracy Van Brakle, Principal Member of Technical Staff, AT&T
  • Olivier Smith, Office of the CTO, Director, Matrixx Software
  • Cedric Thienot, Co-Founder and CTO, Firecell
  • Qihui Zhao, NFV Researcher & Network Engineer, CMCC
  • Amy Zwarico, Director, CyberSecurity, Chief Security Office, AT&T
Who attends

Past ONE Summit attendee demographics. Source: ONE Summit 2022 prospectus

Join with attendees from all market verticals and all organizational levels from all over the world. Attendees don’t have to be part of a project to contribute to the discussion and to participate in open collaboration sessions with other attendees. In fact, joining planned sessions and open discussions and collaboration sessions is the best way to get involved with open source projects under the LFNetworking Umbrella.

To learn more about ONE Summit 2022 in Seattle, please visit the ONE Summit site

About LF Networking

Now in its fifth year as an umbrella organization, LF Networking (LFN) and its projects enable organizations across the globe to more quickly and effectively achieve digital transformation via the community’s shared development efforts. This includes companies of all sizes and types that rely on LFN’s breadth of commercially-ready ecosystem offerings, all based on open source innovation spearheaded within the LF Networking community. To learn more about LFN, please visit https://www.lfnetworking.org. To learn more about the Linux Foundation, please visit https://linuxfoundation.org

The author, Heather Kirksey, VP, Community & Ecosystem, LF Networking.

The post Join us to Speak at the ONE networking event connecting Access, Edge, and Cloud in 2022 appeared first on Linux Foundation.

Bosch leverages open source model; teams with PolyCrypt to tackle blockchain for the Economy of Things

Fri, 07/22/2022 - 03:49

This post originally appeared on the Hyperledger Foundation’s blog. You can read the full case study here

Some years ago, researchers realized that IoT devices would need to buy and sell from one another. In this “Economy of Things,” the items to be traded will include power, data, and connectivity. Most transactions will be fast, low value, and high frequency.

For a company like The Bosch Group that’s active in everything from autonomous vehicles to thermal plants, the Economy of Things will touch many lines of business. That’s why, in 2017, the company’s advanced research group, Bosch Research, was looking to find a way to scale up blockchain transactions to support the Economy of Things.

Bosch set out to do meet that requirement by leveraging a specific, step-by-step open source strategy for developing new markets:

  1. Identify a requirement
  2. Set goals
  3. Consider the terrain
  4. Build a partnership
  5. Pick a suitable license
  6. Use open source archetypes

The goals were to lead an effort to create standards for the Economy of Things and to build a framework where different partners could work together.

A survey for likely partners led the Bosch team to Perun, an early layer-2 protocol that passes state information off-chain through virtual channels. Bosch joined forces with several academics to implement this protocol and start creating an ecosystem.

As part of the process, Perun needed a stable home where everyone could access the latest code, and other people could find it. Hyperledger Labs provides a space where developments can be started without the overhead of creating an official Hyperledger project.

In Q3 2020, Perun was welcomed into Hyperledger Labs, and development has continued with work from the team at Boch and PolyCrypt GbmH, a startup spun out of the Technical University Darmstadt, where much of the academic research behind Perun began.

The Bosch team was eager to talk about its approaches and contributions to Hyperledger Foundation. To that end, they worked with Hyperledger marketing and others in the Perun community on a case study that details not only the business and technology challenges they’ve set out to tackle but also the strategic way they are leveraging open source development to advance the industry for all.

We never know what technology will turn into the Next Big Thing.

Perhaps Perun will be one of them, powering billions of micropayments between IoT devices or enabling people to shop with Central Bank Digital Currencies (CBDCs) that are still on the drawing board today.

Read the full case study here.

The post Bosch leverages open source model; teams with PolyCrypt to tackle blockchain for the Economy of Things appeared first on Linux Foundation.

Find Your Way to a Strong SysAdmin Team

Thu, 07/21/2022 - 02:47

It’s tough sourcing enough talent today to meet growing IT team needs, but life finds a way. Our recent 10th Annual Open Source Jobs Report found 93% of employers are struggling to find enough employees with open source skills. It doesn’t help that 73% of professionals feel it would be easy to find another job, and they are demanding higher salaries than ever before to stay put. Between an overwhelming talent shortage and competition from other employers, many companies’ IT teams are at risk of “going extinct”.

93% of employers are struggling to find enough employees with open source skills.

There is a way to address this situation however. The Open Source Jobs Report  also found:

  • 74% of professionals are asking for more training opportunities so they can keep up with current technologies
  • 62% said training is the thing their employer can provide that would help them be more successful, a higher percentage than any other option
  • 81% of professionals want to add new certifications to their resumes this year
  • 90% of employers are willing to help them pay for them

Companies need to keep up by providing formal training and certification opportunities to their employees or risk giving them one more reason to leave.

62% said training is the thing their employer can provide that would help them be more successful, a higher percentage than any other option.

It should be kept in mind that providing training and certifications not only makes employees happier by demonstrating an employer’s willingness to invest in them and their career opportunities, but these opportunities also benefiSavet the employer. Having a better skilled team means you will be more successful in achieving your technology goals, and having more certified professionals on staff means your customers can have more confidence in your teams’ abilities.

Providing training and certifications not only makes employees happier by demonstrating an employer’s willingness to invest in them and their career opportunities, but these opportunities also benefit the employer.

Linux Foundation Training & Certification offers a wide catalog of training and certification in the most important open source technologies, from cloud to system administration to networking, blockchain, web development and more. This SysAdmin Day, give your team what they really want and provide them with training and/or certification that will help both you and them achieve your goals. We provide group classes, team discounts and more to help you be successful when it comes to upskilling. Learn more and contact us here.

The post Find Your Way to a Strong SysAdmin Team appeared first on Linux Foundation.

Patrick Debois: Untold Stories of Open Source

Thu, 07/21/2022 - 01:54

Raise your hand if you ever downloaded software by recording a series of tones onto a cassette tape as it was being broadcast over a radio station. 

Patrick Debois did – back in the 1980s as a budding computer enthusiast. He recalled that Europe didn’t have the network of electronic BBSes that existed in the U.S. These radio broadcasts were one way to distribute software, although they were often thwarted “when your mom walked in the room saying something and ruined the recording.” 

Patrick was only temporarily deterred and continued exploring his passion for computers but missed a community. He found a community when Linux came on the scene. He recounts the value of the Linux community, “The fact that there was a sharing community, and the Linux community of tools that I could just use, especially as a student. I know open source is not about being for free. But it was tremendously helpful to me as a student at that time to be able to try new stuff, to learn new stuff, to dissect new stuff on the open source.”

In 1994, as a student at the University of Ghent, he setup a web page where anyone could contribute URLs to help people explore the Internet. This was about the same time that Yahoo! started manually indexing the Internet. His site was running on an old Spark machine, and it was fascinating for him to be using a machine running on shared source. He then moved to his first job out of college, where he ran a web server, a firewall, and other new technologies. 

Later, Patrick worked for the government, where he and his team ran the first mail server, first DNS service, etc., all on three AutoCAD stations. He was required to buy proprietary software from vendors, but was frustrated because when something didn’t work, he had to wait for the vendor to provide updates. He often wished he could just try and fix it himself and then share with others what he did. Sound familiar? 

Patrick voiced, “If people are yelling at you, right, and your only excuse is, we’re asking the vendor, and it will take like a week or a month, that’s no excuse. And that makes you feel powerless at those times. So that’s been the reason why we started taking the other route mixing both? Sometimes you get good support from vendors. It’s not like one or the other. Open source itself is also not the guarantee that you have good support, or that it’s easily written. But if there’s a community that’s supportive, and it’s open source, then you feel like a good citizen and a member to contribute your fixes and solutions.” 

Open source itself is also not the guarantee that you have good support, or that it’s easily written. But if there’s a community that’s supportive, and it’s open source, then you feel like a good citizen and a member to contribute your fixes and solutions.

Fast forward to 2000 and open source is starting to gain more steam and broader acceptance. The Open Source Development Labs combined with the Free Standards Group to standardize Linux. The project morphed into the Linux Foundation in January 2007, at which point it gained nonprofit status and was funded and sponsored by a consortium of major technology vendors.

At first, Patrick had his doubts this could work, worried one company would be able to put their interests above those of the consortium when it comes to projects that are building standards. “I’ll be honest, I have my doubts in a way that I’ve probably seen too much of the discussion about open standards, or RFCs, or whatever, being kind of like written in certain directions that certain companies wanted to in these kind of situations. But I also liked the fact that there is a governance now, and that there is a discussion and not one part is owning this. So I see the Linux Foundation probably more as a mediator in the discussions between those companies. But I love them to remain neutral and not take a stance whether we should do a certain thing, yes or no. . .  I think we’re all conscious enough, when we were coming to the Foundation, that it’s a balance of multiple views on the problem.”

One of Patrick’s favorite Linux Foundation projects is sigstore, a new standard for signing, verifying, and protecting software. The project has 465 members from over 20 companies. He also has his eye on the LF AI & Data Foundation, notably the data side because, “You can share your source quite easily, but it’s the data that makes it interesting.” 

There is so much more to Patrick’s story, including being credited with helping coin the term DevOps.  The good news is that his story is on an episode of the Linux Foundation’s Untold Stories of Open Source podcast. Check out the full episode and subscribe on your favorite podcast platform. 

Do you have suggestions for future episodes or other comments, questions, etc.? Visit the podcast’s GitHub page.

The post Patrick Debois: Untold Stories of Open Source appeared first on Linux Foundation.

The Open 3D Foundation Welcomes Epic Games as a Premier Member to Unleash the Creativity of Artists Everywhere

Wed, 07/20/2022 - 22:00

Interoperability and portability of real-time 3D assets and tools deliver unparalleled flexibility, as the Open 3D community celebrates its first birthday

SAN FRANCISCO – July 20, 2022 – The Open 3D Foundation (O3DF) is proud to announce Epic Games as a Premier member alongside Adobe, Amazon Web Services (AWS), Huawei, Intel, LightSpeed Studios, Microsoft and Niantic, as it celebrates its first birthday.

With today’s world racing faster and faster towards 3D technologies, the O3DF provides a home for artists, content creators, developers and technology leaders to congregate and collaborate, share best practices and shape the future of open 3D development. This thriving community is focused on making it easier to use and share 3D assets with its partners and the Open 3D Engine (O3DE), the first high-fidelity, fully-featured, real-time, open-source 3D engine, available to every industry.

Epic Games, developer of Unreal Engine, joins the O3DF as a Premier member to further interoperability and portability of assets, visuals and media scripting, enabling artists and content creators around the globe to unleash their creativity and innovation by removing barriers in their choice of tools. Marc Petit, VP of Unreal Engine Ecosystem at Epic Games, will join the O3DF’s Governing Board. In this role, he will share what Epic has learned over 30 years in the industry to help shape the Foundation’s strategic direction and curation of 3D visualization and simulation projects.

“The metaverse will require companies to work together to advance open standards and open-source tools, and we believe the Open 3D Foundation will play an important role in this journey,” said Petit. “With shared standards for interoperability, we’re giving creators more freedom and flexibility to build interactive 3D content using the tools they’re most comfortable with, and to bring those amazing experiences to life in Unreal Engine and across other 3D engines.” 

This move builds on Epic Games’ steadfast commitment in delivering choice to content producers to unleash their creativity. In addition to enabling them to move media seamlessly between development environments, the Open 3D Engine allows artists and developers to consume only what they need, with the ability to customize components based on their unique requirements.

“We applaud Epic Game’s commitment to the open-source community and welcome them into the Open 3D Foundation as our newest Premier member, underscoring our mission in championing the deep integration of open source with commercial solutions to accelerate growth in a sustainable, balanced ecosystem that fuels the flywheel of success and innovation,” said Royal O’Brien, Executive Director of Open 3D Foundation and General Manager of Games and Digital Media at the Linux Foundation. “It’s truly exciting to see how the industry is responding to the real-time 3D needs of content creators around the globe, providing them with best-of-breed tools.”

Celebrating Its First Birthday

The Foundation and its anchor project, O3DE, celebrate their first birthday as they welcome Epic Games into this quickly growing community. Since the Foundation’s public announcement in July 2021, over 25 member companies have joined. Other Premier members include Adobe, Amazon Web Services (AWS), Huawei, Intel, Microsoft, LightSpeed Studios and Niantic.

In May, O3DE announced its latest release, focused on performance, stability and usability enhancements. With over 1,460 code merges, this new release offers several improvements aimed to make it easier to build 3D simulations for AAA games and a range of other applications. Significant enhancements include core stability, installer validation, motion matching, user-defined property (UDP) support for the asset pipeline, and automated testing advancements. The O3D Engine community is very active, averaging up to two million line changes and 350-450 commits monthly from 60-100 authors across 41 repos.

Join Us at O3DCon

On October 17-19, the Open 3D Foundation will host O3Dcon, its flagship conference, bringing together technology leaders, indie developers, and academia to share ideas and best practices, discuss hot topics and foster the future of 3D development across a variety of industries and disciplines. For those interested in sponsoring this event, please contact sponsorships@linuxfoundation.org. 

Anyone interested in the O3D Engine is invited to get involved and connect with the community on Discord.com/invite/o3de and GitHub.com/o3de

About the Open 3D Engine (O3DE) project

O3D Engine is the flagship project managed by the Open 3D (O3D) Foundation. The open-source project is a modular, cross-platform 3D engine built to power anything from AAA games to cinema-quality 3D worlds to high-fidelity simulations. The code is hosted on GitHub under the Apache 2.0 license. To learn more, please visit o3de.org.

About the Open 3D Foundation

Established in July 2021, the mission of the Open 3D Foundation (O3DF) is to make an open-source, fully-featured, high-fidelity, real-time 3D engine for building games and simulations, available to every industry. The Open 3D Foundation is home to the O3D Engine project. To learn more, please visit o3d.foundation.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Media Inquiries:

pr@o3d.foundation

The post The Open 3D Foundation Welcomes Epic Games as a Premier Member to Unleash the Creativity of Artists Everywhere appeared first on Linux Foundation.

OS-Climate unleashes power of open source to develop data and tools required to meet the Paris climate goals

Wed, 07/20/2022 - 20:10
  • From today, financial institutions, corporations, NGOs, regulators and academics can access the code behind OS-Climate’s tools to support climate-aligned financial decisions
  • Developed in collaboration with BNP Paribas, Allianz, Airbus, Amazon, Red Hat, Ortec Finance and The Linux Foundation
  • Supports OS-Climate’s mission to provide the data and tools to enable the +$5 trillion annual climate-aligned investment required to meet the goals of the Paris Agreement
  • Launches collaboration in building a transparently governed, non-profit public utility of climate data and analytics

New York 20 July 2022 – Linux Foundation’s OS-Climate, the non-profit organization providing open source data and software tools to enable the global shift to climate-aligned finance and investing, has today released for public collaboration three analytic tools critical to tackling the climate crisis.

The three tools, Physical Risk & Resilience, Portfolio Alignment and Transition Analysis, were developed cooperatively by OS-Climate members, led by BNP Paribas, Allianz and Airbus respectively.

With today’s public release, OS-Climate’s tool development moves into an exciting new phase. Enabled by cloud services contributed by Amazon and Microsoft, the door opens to the global community of academic institutions, government agencies, modellers, and software developers for further powerful collaboration in building out the tools and Data Commons, a library of data and metadata suitable for use with OS-Climate’s toolset.

In addition to Airbus, Allianz, and BNP Paribas, OS-Climate’s financial services sector, technology sector, financial data and ‘real economy’ corporate members include, Amazon, BNY Mellon, EY, Federated Hermes, Goldman Sachs, London Stock Exchange Group, Microsoft, the UN-convened Net-Zero Asset Owner Alliance ($10.6 trillion asset under management), Ortec Finance, Red Hat, and S&P Global.

Truman Semans, CEO of OS-Climate, said: “These tools will generate the refined data and actionable insights needed for pension funds, asset managers, and banks to rapidly align their investments and loans to net zero and resilience goals. They can be used not only by the leading members within the Glasgow Financial Alliance for Net Zero (GFANZ) but the rest of the global financial community.”

The Linux Foundation’s community-led open source development approach, combined with strong, independent governance processes and methodological governance oversight, provides the transparency, trust, access and inclusion needed by all whose investment decisions impact climate change.

BNP Paribas leads the development of the Physical Risk & Resilience Tool that enables financial and non-financial stakeholders to identify and quantify risk related to climate resilience, through asset vulnerability models that use probability and severity forecasting of extreme climate events.

Allianz, with support from Ortec Finance, leads the development of the Climate Portfolio Alignment Tool, which helps financial stakeholders to align portfolios at individual holdings and loan levels with the Paris Accord target temperature increase of 1.5 degrees Celsius.

The Transitional Analysis Tool developed by Airbus will enable corporations to model, test and conduct scenario analysis for strategic climate-aligned decisions. This is the key to enabling the large-scale transition of real economy corporations toward Net Zero and resilience through climate-aligned investments in R&D, capital projects, other infrastructure and supply chains.

Commenting on its leading development role, Laurent David, Deputy Chief Operating Officer at BNP Paribas, said: “Robust and accessible data are essential to implement material climate policies and make sustainable finance credible. They are essential to allow financial institutions to set priorities, define objectives, and control their achievement. As a global financial institution, we can play a significant role in driving collaboration across the industry to help manage climate risk and increase investment in climate-aligned companies and projects. Through our collaboration with OS-Climate we can develop open source tools based on proper data far more rapidly than we could on our own. This will ultimately foster transparency and trust.

Günther Thallinger, Member of the Board of Management of Allianz SE said: “Allianz’s collaboration with OS-Climate reflects our commitment to support and embed climate-aligned investments and the critical transition to net-zero greenhouse gas emissions. We will continue to collaborate with a growing finance sector movement to harness the value of data that we as an industry will use to turn our commitments into real economy change.”

Robert Litterman, former chair of the Commodity Futures Trading Commission’s (CFTC) climate-related market risk subcommittee, said: “This platform could be a real game-changer. The Linux Foundation’s approach is uniquely able to build public goods that serve a wide range of public interests. This platform will accelerate innovation by commercial providers that can build on the ‘pre-competitive’ layers of data and technology OS-Climate is building. It also can help advance multiple goals of financial regulators for managing risk in the financial system, especially in terms of generating meaningful and comparable climate-related risk disclosures from corporations.”

Margaret Kuhlow, Finance Practice Leader, WWF International, said: “Dealing with the profound and compound crises of climate breakdown and nature loss means aligning global financial flows for a net-zero, nature-positive economy. This relies on securing good, decision-grade data, which is a challenge too large for any single institution or company to tackle alone. By supporting a systematic approach to the provision of high quality, open data on climate and nature risk, and integrating that with standard financial data, OS-Climate could help accelerate the development of robust data solutions that enable financial institutions, tech companies, and commercial data leaders to contribute to a fairer, greener, more resilient future.”

The tools will utilise the OS-Climate Data Commons, led by Red Hat, which will act as a public utility of corporate and other climate data and has enabled OS-Climate to significantly progress its technical roadmap announced at COP26. Development of the Data Commons, in collaboration with organizations including ClimateArc, will address the urgent need of the finance community for data that is transparent, consistent, and interoperable.

About OS-Climate

Linux Foundation’s OS-Climate is a breakthrough initiative creating a transparently governed public utility of open data and open source tools for climate-aligned finance investing, business, and regulation. OS-C uses the open collaboration approach that delivered rapid COVID vaccines, applying that to solve data gaps now blocking rapidly scalable transition of capital toward a resilient Net Zero economy.

Members contribute their data scientists, modellers, and software developers to cooperative projects building the OS-Climate Data Commons, a federated library of libraries of corporate and factor data, plus analytics tools to derive the actionable metrics crucial for asset allocation, portfolio construction, security analysis, credit analysis, corporate engagement, strategic planning and transition investment by corporates, and financial sector supervision. For more information visit OS-Climate.

Members and Community

OS-Climate’s asset owner, asset manager, bank, technology, financial data, and ‘real economy’ corporate members are Airbus, Allianz, Amazon, BNP Paribas, BNY Mellon, EY, Federated Hermes, Goldman Sachs, KPMG, London Stock Exchange Group, Microsoft, the UN-convened Net Zero Asset Owner Alliance ($10.6 trillion AUM), Ortec Finance, Red Hat, and S&P Global. NGO and academic Members include CPI, Open Climate Foundation, Polytechnique, and the World Benchmarking Alliance. Research NGOs sharing human capital and world-leading insights with OS-Climate include the World Resources Institute, RMI, and the London School of Economics through the Transition Pathways Initiative. Other data partners include Jupiter Intelligence, riskthinking.ai, and Urgentem.

About the Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 2,950 members. The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit linuxfoundation.org.

Media Contacts

North America
Ali Saville
ali@deepgreenmedia.co.uk

Europe & Asia
Leela Lamont
leela@deepgreenmedia.co.uk
+44 (0) 7874 383829

The post OS-Climate unleashes power of open source to develop data and tools required to meet the Paris climate goals appeared first on Linux Foundation.

Takeaways from the White House Cyber Workforce and Education Summit

Wed, 07/20/2022 - 10:17

Today the White House convened the White House Cyber Workforce and Education Summit to gather government and private-sector leaders to discuss how to address the labor shortage and other challenges for U.S. cybersecurity. The meeting included the nation’s top cybersecurity and workforce policy decision makers, including the National Cyber Director and the Cabinet secretaries from the Departments of Commerce, Homeland Security, and Labor and the Under Secretary of Education. 

Jim Zemlin, Executive Director of the Linux Foundation, was invited to participate.

During the meeting, Jim emphasized the need to “shift left” security training and best practices as much as possible. Addressing security at the beginning of the technology supply chain is more efficient and effective – it is being proactive rather than reactive. This begins with providing open source practitioners with the knowledge and skills to build security into the development of the software we all depend on.  

Addressing security at the beginning of the technology supply chain is more efficient and effective – it is being proactive rather than reactive.

He emphasized the commitment of the Linux Foundation to partner with industry leaders to provide no cost or low cost training and certification in cybersecurity beginning with our Developing Secure Software course, which is 15 hours of training across 3 modules (security principles, implementation considerations & software verification). The goal is to teach software developers how to develop more secure software from the beginning because that is much more efficient than finding and remediating vulnerabilities.

Since launching it this spring, over 10,000 students have started the course and over 1,000 completed it and received their verifiable certification. But this is just the beginning. Over the next few months, the Linux Foundation will launch new courses and certification exams on topics such as: 

Addressing cybersecurity challenges through investments in the workforce is about more than hiring and training more cybersecurity professionals. Providing effective training for individuals involved at all points in the software development lifecycle is key to success – kind of like building security into a building at the beginning rather than just hiring security guards to protect it. 

Providing effective training for individuals involved at all points in the software development lifecycle is key to success – kind of like building security into a building at the beginning rather than just hiring security guards to protect it. 

The goal of building a more robust cyber workforce is part of the recommendations developed earlier this year after the White House-convened Open Source Software Security Summit in February and a follow-up Summit in May. You can read about the recommended 10 streams of investment and the entire Open Source Software Security Mobilization Plan here. And consider joining the OpenSSF to help make our software supply chain more secure by building an expert community, targeted initiatives, and best practices.

We encourage you to  enroll in the Developing Secure Software training from the OpenSSF. It is free for everyone through Linux Foundation Training & Certification. You can also enroll through edX for free in audit mode or with a verified certificate of completion for an additional fee.

The post Takeaways from the White House Cyber Workforce and Education Summit appeared first on Linux Foundation.

The Lifecycles of Open Source Projects

Fri, 07/15/2022 - 01:23

There are hundreds of thousands of open source projects out there – many are innovative ideas, poised to make a positive impact on the world. There is a much smaller number that move from an idea with one or two maintainers to broad adoption with an active community and investments from other organizations. How does this happen? What moves the needle? Helping projects grow and mature is exactly the mission of the Linux Foundation. We are a place where open source innovators thrive. 

In this article, I want to help you look at each of the project life cycle stages, determine where your project is, and, at a high-level, show how you can move your project successfully through each stage. 

What does success look like?

Open Source projects succeed when the right parties are involved throughout every stage of a project’s life cycle. Project teams work together from the early proposal and planning stages to the projects’ peak maturity stages and eventual wind-down.

This article is targeted to help Open Source Communities and Program Managers identify the life cycle stages of a project and promote the participation of the right committees at the right time to drive the project smoothly and transition it as it develops.

It also analyzes an example of what a project’s participation and challenges look like for an early-stage project compared to a mature project to bring insight into what to expect at those stages.

Open Source project life cycle

Depending on your Open Source project, these stages might vary in name, but most projects center on the same principles and focus on the following stages:


.avia-image-container.av-16ol2rz-7379d9683a4bedb0a2191c77b3652ad1 .av-image-caption-overlay-center{ color:#ffffff; }
  • The Proposal Stage Where a specific need is identified and planning preparations for resources and work is analyzed and presented to the technical steering committee (TSC) and Chair committees.
  • The Incubation Stage It starts when a proposal is approved, and the resources are assigned. This is one of the most critical stages in the project. Early development is underway, and it is essential to set the foundation of how the project will operate to avoid difficulties in the future.
  • The Mature Stage It happens when a project has made several successful releases and is on track with its vision. Challenges may still exist; however, given the planning during the early stages, they are manageable.
  • The Core Stage It is defined when a project has reached a broad audience due to its value. This is where teams need to focus on maintaining and keeping the pace steady.
  • Project Archived This stage can sometimes be challenging to identify, given the speed gained in the previous stages. It could be a good thing that a project has reached its goal and hence needs to be archived, or it can, unfortunately, happen due to unforeseen circumstances like a lack of resources to collaborate. For projects that have difficulty identifying this stage, I recommend the following article: Winding Down an Open Source Project.

Committee Participation

Let’s discuss how a project in its early Incubation stage compares to a project in a Mature set and how having the appropriate committee’s attention can facilitate the work.


  • Project during Incubation
  • Still in a fragile state, requirement changes can still occur.

    • Board and TSC to approve
    • Committers and Maintainers

  • High activity of contributions since this project can still be considered under the bring-up phase

    • Committers and Maintainers collaborate on content

  • Can still be at risk of achieving if resource availability and contributions decline

    • Board and TSC can take a decision

  • Project during Maturity
  • At this point, the project should be heading towards the next releases. If requirements change, it might be a sign of poor planning.

    • Committers and Maintainers collaborate on content

  • Core review happens after evaluating the state of the releases and the demand that they have created.

    • TSC to approve

  • Can still be at risk of achieving if resource availability and contributions decline!

    • Board and TSC can take a decision


.avia-image-container.av-l5lcsm34-b88c9b9b818dfc9bf8a448c27d0549f8 .av-image-caption-overlay-center{ color:#ffffff; }

It is essential to have a clear definition of where your project stands and a clear roadmap to where it is heading so the key teams can perform their best during the project’s life cycle.

How does LFX play a part in the project’s life cycle?

LFX was developed by the Linux Foundation to streamline and support Open Source projects at any stage of a project’s life cycle. For example:

  • Individual Dashboard: This is where it all begins. Create your open source profile and affiliations to manage your project contributions to be credited for your contributions as the project progresses—a necessity for all developers at the Proposal and Incubation stages. 
  • Insights: Offers critical metrics on collaboration, issue tracking, and CI/CD status, which are vital tools to keep the pace of contributions and make more informed decisions early on. Great tool for the Incubation, Mature, and Core phases.
  • Security: Projects need license and vulnerability protection, and the Security tool helps projects scan their code and report any issues with options to get these fixed—a must-have during Incubation, Mature, and Core phases.
  • Organization Dashboard:  Provides complete visibility and activity for open source projects and all Linux Foundation services. A valuable tool for our Members/Organizations in the Proposal, Incubation, Mature, and Core phases.
  • Easy CLA: A tool to consider early on to have company and individual contributions protected and unblocked so collaborators and committers can participate as soon as possible. Great to have at the Proposal stage.   
  • Mentorship: At any stage, the Mentorship tool brings mentors experts based on the project and mentees interested to learn more about it to participate and start contributing. This tool is excellent to have available at any life cycle stage.

With the right participation from individuals and committees, the project will have the right resources to grow and develop through each life cycle stage.   I hope this article comes in handy for your open source community, and you find it easier to accurately identify your project’s life cycle stage – and have the right LFX tools to boost your project performance. All LFX tools play an essential part in the open source project’s development; this article hopefully helps your team choose where to start your LFX journey.

Check out the LFX tools and for additional information about project life cycles, please feel free to contact me, Jessica Gonzalez, at jwagantall@linuxfoundation.org and join your colleagues in the open source community at the LFX Community Forum. 

The author, Jessica Gonzalez, is Release Engineer & LFX Community Architect at the Linux Foundation.

The post The Lifecycles of Open Source Projects appeared first on Linux Foundation.

Top 5 Reasons to be Excited about Zowe

Fri, 07/15/2022 - 00:56

This article was written by David McNierney, member of the Zowe Technical Community and Product Marketing & Developer Marketing Leader at Broadcom Inc. It appeared on the Open Mainframe Project blog. The 3rd annual Open Mainframe Summit is September 21-22 in Philadelphia, PA.  It will be in-person and virtual. The schedule is now available and early-bird pricing ends on July 15. Learn more, see the agenda, and register here

The Open Mainframe Project’s Zowe initiative was born from an ambitious goal: make the mainframe a seamless, integrated part of the modern IT landscape — employing the same practices, tools and skillsets — without compromising its core attributes of stability, security and resiliency. Achieving this vision would address the growing talent crunch while helping enterprises modernize their mission-critical applications for today’s hybrid cloud world. It was exciting from the outset.

What better way to integrate the mainframe in this way than with open source, the technology that has fueled other paradigm-changing trends? Broadcom, IBM and Rocket Software discovered complementary initiatives across their organizations and, with the guidance and support of the Open Mainframe Project, Zowe was born. The framework, the first open source project for z/OS, opens the mainframe to popular practices like DevOps, languages like JavaScript and Python, and tools like CI/CD orchestrators.

Since then, Zowe’s trajectory has been extraordinary. Here are the top 5 reasons to be excited about the framework:

1) Extraordinary Growth

The user survey from the Arcati Mainframe Yearbook 2022 offers some eye-opening statistics: 19% of sites are already using Zowe (up from 10% last year) with a further 50% of sites planning to use it in the coming year (a big increase from 10% last year).

“Zowe, the open-source way of accessing mainframes, was introduced in 2018. 19 percent of sites said that they are already using this open-source technology, with a massive 50 percent of sites having plans to make use of it in the coming year. Open-source technology is now becoming commonplace on mainframes.”

“Perhaps Zowe will continue to help the mainframe to appear like any other server to a younger generation of programmers and managers.”

Key takeaway: don’t miss the bus!

2) Industry Recognition

Zowe won the Best DevOps for Mainframe award in this year’s DevOps Dozen competition, only 3 years after its introduction! Based on a combination of judging and popular voting, this recognition is particularly noteworthy because Zowe was selected over a number of well-established commercial offerings with large numbers of users. Chalk one up for the next-generation!

3) Robust Ecosystem

With over 70 conformant products, the Zowe ecosystem is fast growing with tools now spanning the application development, security and operations domains. In addition to leaders like Broadcom and IBM, vendors receiving badges for Zowe Conformance now include Micro Focus and BMC reflecting broader recognition of the framework’s value and customer demand. And another sign of a fast-maturing open source technology, conformant support providers are available to help users realize the full power of the ecosystem.

4) Existing User Base

Downloads of the Zowe CLI have exceeded 100,000 and Zowe Explorer for VS Code has exceeded 50,000. And Zowe z/OS Build downloads (server-side) have exceeded 5,000. These numbers appear to confirm the Arcati findings of increasing Zowe adoption and reflect an increasingly real-world-hardened solution.

5) Energized Community

The most important number of all is 501 — the number of contributors to this vibrant open source project. These contributors offer their time, expertise and energy to advance the Zowe cause to the benefit of everyone in the enterprise IT community. They contribute everything from documentation to architecture reviews to code and they come from many backgrounds and geographies. It takes a village, and this one is more energized than ever!

The onboarding of the mainframe as a seamless, integrated part of the hybrid cloud is well underway. The road is clear and recent evidence suggests a fast-approaching tipping point — a point at which Zowe transitions from an expanded toolkit for a few to the foundation of the hybrid cloud for all.

If you enjoyed this blog, checkout more Zowe blogs here or the Zowe website at Zowe.org. You can also ask a question and join the conversation on the Open Mainframe Project Slack Channel #Zowe-dev, #Zowe-user or #Zowe-onboarding. If this is your first time using the Open Mainframe Project Slack, register here.

The post Top 5 Reasons to be Excited about Zowe appeared first on Linux Foundation.

Jamie Thomas: What is the OpenSSF

Wed, 07/13/2022 - 22:56

Jamie Thomas is the General Manager, Systems Strategy and Development at IBM and is also the OpenSSF Board chair. She sat down with Alan Shimel of TechStrong TV during OpenSSF Day in Austin to share about OpenSSF and how the open source community is rallying together to increase the resilience of open source software. 

You can watch the full interview or read the transcript below. But, since we are all busy, I have pulled together some of the key points Jamie made from the interview:

OpenSSF is focused on a proactive posture. How do we prevent these kinds of events? And so to do that, we think there’s a number of things we have to do: 

  • First and foremost is education, of course, in terms of basic security education for developers.
  • Another key tenant is how do you put automation on steroids? So the automation and best practices that are reflected in that automation that open source projects can consume? How do you get that out to the most critical projects, and then provide some support for the long tail projects
  • It’s also about working, frankly, with other industry consortia as well as the government. In Particular, we’ve been working with the US government in the OpenSSF to define what are some actions that are really going to make a difference. 
  • And I think critical to all of this is getting collaboration across the different insights from the governing body, which includes a lot of technology firms, as well as commercial firms. Like there’s a lot of financial firms actually involved in the governing body. What are the key elements that we really need to address first. So getting those priorities set, and then having an execution agenda and really getting something done in the short term, I think is really going to be important for this group?

In the world of cybersecurity, you often learn that no one pays attention to a lot of things unless there’s a huge compelling event. And that’s what log4j was. So while it was not desired, it was helpful in that vein. . . So coming out of all of the meetings that we’ve had, the collaboration that we’ve had across the industry, it is going to be imperative that we execute, and that the things that we have identified as top priorities that we make measurable progress on those projects this year. That’s the importance of this OpenSSF day here today in Austin, which is allowing us, with a key set of stakeholders, to start to share perspectives of the projects that are underway, and how others can engage in those projects. And how, once again, working together, we can actually make a difference. 

 Working together, we can actually make a difference. 

We are turning the corner on a new level of commitment around security, there’s always been a commitment in open source around innovation, around feature function. I mean, that’s what’s driven open source and allowed it to be so successful. And for others, other corporations like IBM, we take an enormous advantage out of that, right, we’ve all gotten a huge advantage in productivity out of that. But now, it’s really about turning the focus a little bit more, getting that focus on security, so that we can use open source and continue to have that productivity, but with confidence as we go forward.

How do we make it easy for the maintainers of these open source projects? How do we make it easy for the contributors, because without doing that, it will not have the consumption by developers at large.

Alan Shimel 0:06
Hey, everyone, we’re back here live at the Linux Foundation’s Open Source Summit here in Austin, Texas. And as we mentioned earlier, today is is a day of, I don’t know if you want to call it daughter-sister foumdations or satellite conferences, the main event really starts tomorrow. But there’s several important foundations who are holding conferences today. One of which, and kind of the one kind of the nearest to me is the Open Source Security Foundation. OpenSSF. And we are really happy to be joined by Jamie Thomas, who is the governing chair or the chair of the governing board. Jamie, welcome to our show. Thanks for joining us. So, look, when you’re not busy running, or being Chair of the Board for OpenSSF you have a day job as well. If you want to share with our audience feel free.

Jamie Thomas 1:05
Well, first of all, Alan, thanks for having me. I’m really pleased to be here to talk about OpenSSF. But I am a general manager at IBM responsible for systems development and delivery as well as IBM’s enterprise security program. And enterprise security, of course, is how I got involved in this particular topic.

Alan Shimel 1:22
Absolutely. And that look, that is a world and job unto itself. And we could probably do a few hours on that. But we’re going to focus on on OpenSSF today. So, you know, for most of our audience is familiar, we’ve covered,we’ve had the pleasure of speaking with Brian from OpenSSF a few times. It was a nice idea I think when it was first conceived about yes, we need to do something about security, about the security of open source tools specifically.

Alan Shimel 1:53
And then kind of all hell broke loose. You know, sometimes, sometimes things just work like that. Right? History runs in currents. So we started the OpenSSF. And then we had this spate of supply chain security issues and the whole SBOM thing with the White House. And then like kind of the cherry on top was log4j, it was around when January or December of last year. And that’s really, I guess, accelerated has it accelerated. Maybe you had big plants to begin with. Talk to us a little bit about kind of the whole OpenSSF and how it all came together. And what’s happened?

Jamie Thomas 2:33
Well, I think it was very fortuitous that the industry did come together last year with the Linux Foundation to create a new governing body around open source security called the OpenSSF. Because as you say, not long after that we had this industry compelling event log4j and realized the industry had already had we’d already had Solarwinds that year before, which also ruined our holiday in December. We had Kaseya, we had a number of these big supply chain attacks.

Jamie Thomas 3:00
But the difference I would say in log4j is just the predominance of the asset in code. It had been out there for over 20 years, it was a very utilized, a very popular piece of code. And so it affected a lot of software.

Jamie Thomas 3:14
So one of the things that you realize when this kind of thing happens, it’s not just about your fidelity of being able to identify it and get it patched. But for all those downstream consuming organizations, how fast do they roll out these patches, because we’re talking about a huge amount of affected software. So I think that there’s nothing like a true test of your governing body. And this was actually a real test run of what we needed to do in OpenSSF. And, of course, it garnered a lot of tension from the US government and other entities that we can we can talk more about.

Alan Shimel 3:48
Sure. Okay. So let’s talk a little bit about the charter or the mission of the OpenSSF. And it’s something I brought up to you off camera, which is okay. Log4J, let’s make that the poster child for a second. So log4j is basically this open source component, if you will, right, that many, many, many, many, many applications have incorporated into their package, if you will, into their source code. And it’s not, look, I’m not blaming the log4j developers or anything. There was a defect, I don’t even want to you know, it became a vulnerability but there’s a defect, while software has defects that we haven’t even found yet. But nevertheless, this one kind of went public and then we saw exploits with it and in the wild and such as the world of security we both live in. What is the chart is that what OpenSSS is about to prevent, or not prevent, but deal with future log4j kinds of events?

Jamie Thomas 4:55
Well, I think first and foremost, OpenSSF is focused on a proactive posture. Right. So how do we prevent these kinds of events? And so to do that, we think there’s a number of things we have to do. First and foremost is education, of course, in terms of basic security education for developers.

Jamie Thomas 5:14
Another key tenant is how do you put automation on steroids? So the automation and best practices that are reflected in that automation that open source projects can consume? How do you get that out to the most critical projects, and then provide some support for the long tail projects, if you will?

Jamie Thomas 5:31
It’s also about working, frankly, with other industry consortia as well as the government. Particularly we’ve been working with the US government in the OpenSSF to define what are some actions that are really going to make a difference. And I think critical to all of this is getting collaboration across the different insights from the governing body, which includes a lot of technology firms, as well as commercial firms. Like there’s a lot of financial firms actually involved in the governing body. What are the key elements that we really need to address first. So getting those priorities set, and then having an execution agenda and really getting something done in the short term, I think is really going to be important for this group?

Alan Shimel 6:14
Well, look, a lot of people look at what you guys have done, and you’ve gotten stuff done, right? There’s been a tremendous groundswell of support. And granted, log4j didn’t hurt you in that regard. But there are others. But there’s been a tremendous groundswell, right, there’s been a I think, about $30 million raised right, between some of the biggest names in tech kicking in here. There’s been the White House and CISA involvement. So it’s certainly, for a relatively new foundation, it has really garnered a lot of, I don’t want to say market share, but a lot of publicity, a lot of attention.

Alan Shimel 7:02
Now, of course, the question is, okay, how does this translate to rubber meets the road? How do we prevent the next slide? I don’t know if we can prevent the next log4j. But how do we minimize that?

Jamie Thomas 7:14
minimize the impact Exactly. Because I would say, if you look at what happened with log4j, the level of preparedness was not there. So how do you get it remediated fast? And how do you identify it? How do you help the open source projects be more effective. In this case, it was of course tied to the Apache Foundation. But not only that, how did the commercial entities then take advantage of that patch and act expeditiously to benefit the clients?

Jamie Thomas 7:45
So I think there’s a real opportunity here. In the world of cybersecurity, you often learn that no one pays attention to a lot of things unless there’s a huge compelling event. And that’s what this was. So while it was not desired, it was helpful in that in that vein, so coming out of all of the meetings that we’ve had, the collaboration that we’ve had across the industry, is going to be imperative that we execute, and that the things that we have identified as top priorities that we make measurable progress on those projects this year. And I think that’s the importance of this OpenSSF day here today in Austin, which is allowing us, with a key set of stakeholders, to start to share perspectives of the projects that are underway, and how others can engage in those projects. And how, once again, working together, we can actually make a difference.

Jamie Thomas 8:36
I think this on this ongoing level of engagement, making sure that we have the right stakeholders engaged, is going to be important to make progress. And as you know, in the world of open source, the nice thing about OepnSSF is we do have the ability to hire critical roles that can focus on this full time. Because the nature of open source typically is that it’s a it’s a volunteer army. Right? And there’s 1000s and 1000s of volunteers out there. But then how do we help with these resources, enable those volunteers to be more effective.

Alan Shimel 9:10
And frankly, that’s been one of, I think, the key ingredients to the Linux Foundation’s formula for success is, you know, herding. It’s a bit like herding cats herding the open source community, it’s vast, the 1000s, hundreds of 1000s, millions, but you need a few full timers who are, this is their day job, right? This is their this is what they do.

Alan Shimel 9:36
Jamie, I want to talk a little bit for people who are watching this now at home. Or maybe, you know, recorded later on. They weren’t here. They didn’t get what was happening, especially today, which is kind of you know, the OpenSSF’s day. Give them if you don’t mind a little bit of maybe a synopsis of what they’re missing.

Jamie Thomas 9:58
Well, we just got started of course, so we have a little bit more to go today, of course, in terms of the actual kickoff of OpenSSF Day. But I think what I see is real commitment, particularly from the presenters I’ve seen so far, a commitment that they’ve all personally made and outside of their day jobs, frankly, to make a difference in security for open source software. And that’s really the key here.

Jamie Thomas 10:23
Are we turning the corner on a new level of commitment around security, there’s always been a commitment in open source around innovation, around feature function. I mean, that’s what’s, loved it, you know, that’s what’s driven open source and allowed it to be so successful. And for others, other corporations like IBM, we take an enormous advantage out of that, right, we’ve all gotten a huge advantage in productivity out of that. But now, it’s really about turning the focus a little bit more, getting that focus on security, so that we can use open source and continue to have that productivity, but with confidence as we go forward. And I’ve really been, I’ve been impressed with all the speakers today and their personal commitment to this topic. And, and that’s really impressive. And I think we’ll see that for the rest of the day as well.

Alan Shimel 11:12
I’m gonna come back to it that to you in one second. I want to touch on something else, though. And that and that is this look, I’ve been in security for 25 going on 30 years. Well, security 25, IT 30 plus years. And, I, you know, if I had a nickel for every survey I read that said security is one of the top three priorities of IT, or the CIO, or an organization, I’d be a rich, rich person right now. But as like I always said their arms were too short to reach their pockets oftentimes. And it wasn’t until something bad happened like a log4j. You know, some incident. Yeah, Code Red. And I could go through a whole history of the things that people trying to get religion, right.

Alan Shimel 12:00
Excuse me, sometimes it takes that for them to get religion. I don’t, I don’t know why. I hope I always hope that it changes that people finally do start taking it seriously. I think for the OpenSSF though, the important thing to remember, especially in our audience, this is a fact we give them all the time, today’s applications, they are 75% 80% open source components added kind of stitched together with maybe 20- 25% of you know, sort of original code, if you will.

Alan Shimel 12:35
And so if someone’s not watching the store on those open source components, whether they’re artifacts or scripts or whatever. Your it’s only a matter of time. It’s not if, it’s when right. And so that’s why I think this is such a vital, it’s such a vital function, this Foundation. Something needed to happen. Yeah. And this is a perfect place for it. And we I step off the soapbox, you mentioned a couple of speakers anything stand out to you or that you can kind of clue our audience and tell

Jamie Thomas 13:11
I think other than the commitment of there’s a keen focus on making it easy for the developers, right? How do we make it easy for the maintainers of these open source projects? How do we make it easy for the contributors, because without doing that, it will not have the consumption by developers at large, right. And I know this, even inside a corporation, we have the same challenge, really, it’s all about codifying the best practices in an automation framework. And, you know, whatever that is for your organization, that’s going to be critical. And that’s why it’s so critical for these open source projects.

Jamie Thomas 13:45
You know, I think that with the right approach, we will make a difference. But it also, as you said, require stakeholders involved to continue to educate their organizations about why is it important, because all of us actually have the ability to increase the number of contributors we have on these projects, to contribute our expertise. And that’s going to be very important. I think that we as the governing body and other organizations really create a sustaining promise around open source. So it’s not just what the OpenSSF is doing itself. But how we enable that to be successful in the long run. Because we’re all getting the advantage from open source, and, like IBM we of course, it’s IBM plus our company, Red Hat, it has a little bit to do with open source. But those kinds of efforts and keeping that keen focus are going to be very, very important as we go forward.

Alan Shimel 14:38
There’s no doubt about it. It also goes back to what we said before is, look there’s a new lock log4j kind of horizon out there every day where there is so you’re not going to prevent them. You’ve you’ve got to put in your response. You’ve got to have your protocols in place.

Jamie Thomas 14:59
I will tell you that It, you know, I have a window into cyber operations, which is my job every day at IBM. And we’re getting over 100 billion events a day. So that gives you kind of the context for what you got to deal with and landscape. And product security, of course, is one of those triggers. If it’s not, if you’ve got malware, if you got issues, they’re going to be one of your events, right? So it’s a little bit of a reflection on our responsibility to enable effective cyber operations for organizations. I mean, we have a huge responsibility. But we have a huge opportunity here. And I think I want to make heroes out of developers for really worrying about security. That’s kind of one of the goals.

Alan Shimel 15:41
You know, look, you’re preaching to the choir here, because, you know, I started devops.com in 2013, 2014. And I did it because, as a security person, I thought it was the best thing that happened in security. If we can get developers security, aware, security conscious, that’s half the battle. And, you know, for a long time it was it was an uphill battle. Let me say that. But this whole notion of what we call DevSecOps and making security for developers, it’s really gone mainstream. Right. And I think part of that is realizing is developers, security is everyone’s responsibility is a very overused thing.

Alan Shimel 16:24
Developers are not security people, but I’ve never met a developer in my life who says, I’d like to develop insecure software, right. I want to use an old version of an open source, you know, component that has some known vulnerabilities. None of them want to, we don’t have pride in our work. It’s just we need to make it easier for them to do, and I think that’s something OpenSSF can really help with.

Alan Shimel 16:55
Anyway, I know you’re busy as heck, I want to thank you for coming down and hanging out with us a little bit. To you, Brian, the whole OpenSSF team, keep up the great work well, we’re expecting big things. No pressure. We’re expecting big things from you guys. You really make make a difference.

Jamie Thomas 17:11
Thank you, Alan. I’m really pleased to be here today and immerse myself in this topic and get to know many of the players that are here today. And thanks. Thanks for the opportunity to chat. No problem.

Alan Shimel 17:20
Just before we leave real quickly, the OpenSSF website. I think it’s openssf.org. So go check it out. If you’re not here in person, I believe it is virtual, as well. We love to see you as part of it in support the OpenSSF. We’re gonna take a break here in Austin. We’ll be back in a bit.

The post Jamie Thomas: What is the OpenSSF appeared first on Linux Foundation.

SODA Foundation Announces 2022 Data & Storage Trends Survey

Wed, 07/13/2022 - 21:56

To address evolving Data and Storage needs throughout the industry, SODA Foundation, in partnership with Linux Foundation Research, is once again conducting a survey to provide insights into challenges, gaps, and trends for data and storage in the era of cloud native, edge, AI, and 5G. The results will serve to guide the SODA Foundation technical direction and ecosystem. With this survey, we seek to answer:

  • What are the data & storage challenges faced by end users?
  • What are the key trends shaping the data & storage industry?
  • Which open source data & storage projects are users interested in?
  • What cloud strategies are being adopted by businesses?

Through new insights generated from the data and storage community, end users will be better equipped to make decisions, vendors can improve their products, and the SODA Foundation can establish new technical directions — and beyond!

Please participate now; we intend to close the survey in August.

Privacy and confidentiality are important to us. Neither participant names, nor their company names, will be displayed in the final results. 

This survey should take no more than 15 minutes of your time. 

To take the 2022 SODA Foundation Data & Storage Trends Survey, click the button below in your choice of English, Chinese, and Japanese.

Take Survey [EN] Take Survey [民意调查] Take Survey 調査 BONUS

As a thank you for participating in this research, once you have completed the survey, a code will be displayed on the confirmation page, which can be used for a 25% discount on any Linux Foundation training course or certification exam listed in our catalog: https://training.linuxfoundation.org/full-catalog/ 

PRIVACY

Your name and company name will not be displayed. Reviews are attributed to your role, company size, and industry. Responses will be subject to the Linux Foundation’s Privacy Policy, available at https://linuxfoundation.org/privacy. Please note that members of the SODA Foundation survey committee who are not LF employees will review the survey results. If you do not want them to have access to your name or email address in connection with the survey, please do not provide your name or email address.

VISIBILITY

We will summarize the survey data and share the learnings later this year on the SODA website. In addition, we will produce an in-depth survey report which will be shared with all survey participants.

ABOUT SODA FOUNDATION

The SODA Foundation is an open source project under the Linux Foundation that aims to foster an ecosystem of open source data management and storage software for data autonomy. SODA Foundation offers a neutral forum for cross-project collaboration and integration and provides end-users with quality end-to-end solutions. We intend to use this survey data to help guide the SODA Foundation and its surrounding ecosystem on important issues.

PARTNERS

We are grateful for the support of our many survey distribution partners, including:

  • China Electronics Standardization Institute (CESI)
  • China Open Source Cloud League (COSCL)
  • Chinese Software Developer Network (CSDN)
  • Cloud Computing Innovation Council of India (CCICI)
  • Cloud Native Computing Foundation (CNCF)
  • Electronics For You (EFY)
  • IEEE Bangalore Section
  • Japan Data Storage Forum (JDSF)
  • Mulan Project
  • Open Infra Foundation (OIF)
  • Storage Networking Industry Association (SNIA)
QUESTIONS

If you have questions regarding this survey, please email us at survey@sodafoundation.io or ask us on Slack at https://sodafoundation.io/slack/

Sign up for the SODA Newsletter at https://sodafoundation.io/

The post SODA Foundation Announces 2022 Data & Storage Trends Survey appeared first on Linux Foundation.

Open Mainframe Project Announces Schedule for the 3rd Annual Open Mainframe Summit on September 21-21 in Philadelphia, PA

Wed, 07/13/2022 - 21:45

 The first-ever in-person Summit will focus on security, training, AI, Linux on Z and Cloud Native  and will be accessible online for attendees around the world

SAN FRANCISCO, July 13, 2022 The Open Mainframe Project, an open source initiative that enables collaboration across the mainframe community to develop shared tool sets and resources, announces the schedule for the 3rd annual Open Mainframe Summit, which will be in-person in Philadelphia, PA, and streaming online for global attendees. This year’s theme focuses on security, which is top of mind for every company that uses mainframes.

Critical enterprise systems are more connected than ever, which means vulnerabilities have increased. In fact, according to The Essential Holistic Security Strategy, a recent report by Forrester Consulting, commissioned by Open Mainframe Project Silver Member BMC, 81 percent of organizations surveyed are prioritizing the integration of security functions and improving security detection and response.

This year will highlight security as it relates to all aspects of mainframes and beyond including cloud native services, automation, software supply chain management and more. The Summit will also highlight projects such as Zowe and COBOL, education and training topics that will offer seasoned professionals, developers, students and thought leaders an opportunity to share best practices and network with like-minded individuals.

Some of the security sessions include:

Additionally, David Wheeler, Open Source Supply Chain Security Director at the Linux Foundation, will also give a keynote.  

Other highlights include:

See the full conference schedule here.

Open Mainframe Project would like to thank this year’s Open Mainframe Summit planning committee including Alan Clark, CTO Office and Director for Industry Initiatives, Emerging Standards and Open Source at SUSE; Donna Hudi, Chief Marketing Officer at Phoenix Software; Elizabeth K. Joseph, Developer Advocate at IBM; and Michael Bauer, Staff Product Owner at Broadcom, Inc.

Early bird pricing ($500 US) for in-person attendees ends on July 15. Registration for academia is $50 for in-person and $15 for a virtual pass. Register here.

Open Mainframe Summit is made possible thanks to Platinum Sponsors Broadcom Mainframe Software, IBM, and SUSE and Gold Sponsors BMC, Micro Focus and Vicom Infinity, a Converge Company. For information on becoming an event sponsor, click here by August 5. 

Members of the press who would like to request a press pass to attend should contact Maemalynn Meanor at maemalynn@linuxfoundation.org.

About the Open Mainframe Project

The Open Mainframe Project is intended to serve as a focal point for deployment and use of Linux and Open Source in a mainframe computing environment. With a vision of Open Source on the Mainframe as the standard for enterprise class systems and applications, the project’s mission is to build community and adoption of Open Source on the mainframe by eliminating barriers to Open Source adoption on the mainframe, demonstrating value of the mainframe on technical and business levels, and strengthening collaboration points and resources for the community to thrive. Learn more about the project at https://www.openmainframeproject.org.

About The Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 2,950 members. The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

A

O

The post Open Mainframe Project Announces Schedule for the 3rd Annual Open Mainframe Summit on September 21-21 in Philadelphia, PA appeared first on Linux Foundation.

FDC3 2.0 Drives Desktop Interoperability Across the Financial Services Ecosystem

Wed, 07/13/2022 - 16:45
The Fintech Open Source Foundation builds on the success of FDC3, its most adopted open source project to date

New York, NY – July 13, 2022 – The Fintech Open Source Foundation (FINOS), the financial services umbrella of the Linux Foundation, announced today during its Open Source in Finance Forum (OSFF) London the launch of FDC3 2.0. FDC3 supports efficient, streamlined desktop interoperability between financial institutions with enhanced connectivity capabilities. 

The global FDC3 community is fast-growing and includes application vendors, container vendors, a large presence from sell-side firms and a growing participation from buy-side firms all collaborating together on advancing the standard. 

You can check out all the community activity here: http://fdc3.finos.org/community

The latest version of the standard delivers universal connectivity to the financial industry’s desktop applications with a significant evolution of all four parts of the Standard: the Desktop Agent API, the App Directory providing access to apps and the intent and context messages that they exchange. 

MAIN IMPROVEMENTS

  • FDC3 2.0 significantly streamlines the API for both app developers and desktop agent vendors alike, refining the contract between these two groups based on the last three years’ working with FDC3 1.x. 
  • Desktop agents now support two-way data-flow between apps (both single transactions and data feeds), working with specific instances of apps and providing metadata on the source of messages – through an API that has been refined through feedback from across the FDC3 community.
  • This updated version also redefines the concept of the “App Directory”, simplifying the API, greatly improving the App Record and the discoverability experience for users and making the App Directory fit-for-purpose for years to come (and the explosion of vendor interest FDC3 is currently experiencing).
  • Finally, FDC3 2.0 includes a host of new standard intents and context, which define and standardize message exchanges for a range of very common workflows, including interop with CRMs, Communication apps (emails, calls, chats), data visualization tools, research apps and OMS/EMS/IMS systems. This is one of the most exciting developments as it represents diverse parts of the financial services software industry working together through the standard.

MAIN USES

  • Help Manage Information Overload. Finance is an information-dense environment. Typically, traders will use several different displays so that they can keep track of multiple information sources at once. FDC3 helps with this by sharing the “context” between multiple applications, so that they collectively track the topic the user is focused on.
  • Work Faster. FDC3 standardizes a way to call actions and exchange data between applications (called “intents”). Applications can contribute intents to each other, extending each other’s functionality. Instead of the user copy-and-pasting bits of data from one application to another, FDC3 makes sure the intents have the data they need to seamlessly transition activity between applications.
    • Platform-Agnostic. As an open standard, FDC3 can be implemented on any platform and in any language. All that is required is a “desktop agent” that supports the FDC3 standard, which is responsible for coordinating application interactions. FDC3 is successfully running on Web and Native platforms in financial institutions around the world.
  • End the integration nightmare. By providing support for FDC3, vendors and financial organizations alike can avoid the bilateral or trilateral integration projects that plague desktop app roll-out, cause vendor lock-in and result in a slow pace of change on the Financial Services desktop.

“It is very rewarding to see the recent community growth around FDC3,” said Jane Gavronsky, CTO of FINOS. “More and more diverse participants in the financial services ecosystem recognize the key role a standard such as FDC3 plays for achieving a true open financial services ecosystem. We are really excited about FDC3 2.0 and the potential for creating concrete, business-driven use cases that it enables.” 

What this means for the community 

“The wide adoption of the FDC3 standard shows the relevance of the work being conducted by FINOS. At Symphony we are supporters and promoters of this standard. This latest version, FDC3 2.0, and its improvements demonstrate substantial progress in this work and its growing importance to the financial services industry,” said Brad Levy, Symphony CEO.

“The improvements to the App Directory and its ramifications for market participants and vendors are game-changing enough in themselves to demand attention from everyone: large sell-sides with large IT departments, slim asset managers who rely on vendor technology, and vendors themselves”, said Jim Bunting, Global Head of Partnerships, Cosaic.

“FDC3 2.0 delivers many useful additions for software vendors and financial institutions alike. Glue42 continues to offer full support for FDC3 in its products. For me, the continued growth of the FDC3 community is the most exciting development”, said Leslie Spiro, CEO, Tik42/Glue42. “For example recent contributions led by Symphony, SinglePoint and others have helped to extend the common data contexts to cover chat and contacts; this makes FDC3 even more relevant and strengthens our founding goal of interop ‘without requiring prior knowledge between apps”. 

“Citi is a big supporter of FDC3 as it has allowed us to simplify how we create streamlined intelligent internal workflows, and partner with strategic clients to improve their overall experience by integrating each other’s services. The new FDC3 standard opens up even more opportunities for innovation between Citi and our clients,” said Amit Rai, Technology Head of Markets Digital & Enterprise Portal Framework at Citi.

“FDC3 has allowed us to build interoperability within our internal application ecosystem in a way that will allow us to do the same with external applications as they start to incorporate these standards,” said Bhupesh Vora, European Head of Capital Markets Technology, Royal Bank of Canada. “The next evolution of FDC3 will ensure we continue to build richer context sharing capabilities with our internal applications and bring greater functionality to our strategic clients through integration with the financial application ecosystem for a more cohesive experience overall.”

“Interoperability allows the Trading team to take control of their workflows, allowing them to reduce the time it takes to get to market. In addition they are able to generate alpha by being able to quickly sort vast, multiple sources of data,” said Carl James, Global Head of Fixed Income Trading, Pictet Asset Management. 

As FINOS sees continued growth and contribution to the FDC3 standard, the implementation of FDC3 2.0 will allow more leading financial institutions to take advantage of enhanced desktop interoperability. The contribution of continued updates also represents the overall wider adoption of open source technology, as reported in last year’s 2021 State of Open Source in Financial Services annual survey. To get involved in this year’s survey, visit https://www.research.net/r/ZN7JCDR to share key insights into the ever-growing open source landscape in financial services. 

Skill up on FDC3 by taking the free Linux Foundation’s FDC3 training course, or contact us at https://www.finos.org/contact-us. Hear from Kris West, Principal Engineer at Cosaic and Lead Maintainer of FDC3 on the FINOS Open Source in Finance Podcast, where he discusses why it was important to change the FDC3 standard in order to keep up with the growing amount of use cases end users are contributing to the community.

About FINOS

FINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster adoption of open source, open standards and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world.

The post FDC3 2.0 Drives Desktop Interoperability Across the Financial Services Ecosystem appeared first on Linux Foundation.

Pages