The Linux Foundation

Decentralized innovation, built on trust.

Updated: 9 sec ago

Open Mainframe Project Welcomes New Project Tessia, HCL Technologies and Red Hat to its Ecosystem

Thu, 12/17/2020 - 22:00

SAN FRANCISCO, December 17, 2020 – The Open Mainframe Project (OMP), an open source initiative that enables collaboration across the mainframe community to develop shared tool sets and resources, today welcomes Tessia, a tool that automates and simplifies the installation, configuration and testing of Linux systems running on the Z platform, to its ecosystem. Additionally, HCL Technologies and Red Hat join the project to strengthen their commitment to open source mainframe technologies.

“Open Mainframe Project has experienced record growth this year in terms of membership and projects,” said John Mertic, Director of Program Management at the Linux Foundation. “We look forward to strengthening our role as the number one resource for programs that advance the technology and training for the mainframe, especially with new members HCL and Red Hat who will expand our leadership and expertise.”

OMP Projects Increase by 1500 Percent Since Launch

When Open Mainframe Project was launched in 2015 by The Linux Foundation, there was one open source project under its wing that helped advance mainframe technology. Today, OMP has become an umbrella project that is home to 16 different open source projects including a COBOL Working Group and a Zowe Conformance Program. This is a 1500 percent increase over time.

Today, Tessia joins ADE, Ambitus, ATOM, CBT Tape, COBOL Training Program, Feilong, GenevaERS, Mainframe Open Education, Mentorship, Polycephaly, Software Discovery Tool, TerseDecompress, Zowe and Zorow as projects led by the Open Mainframe community.

Tessia, an open source project for Z resource management and automated installation of Linux distribution, manages relationships between Z datacenter resources and allocates them to specific projects and users according to a role-based schema. Using these resources, Tessia can be included into existing pipelines and with pre-release distributions and drive faster release cycles and adoption of new technologies. Additionally, it enables developers to effortlessly bring up their environments or try out new releases before migration. In general, the mission of the new project improves experience with Linux on Z, which in turn facilitates faster adoption of open source on Z platform.

The OMP Ecosystem Increases by 225 Percent

The Open Mainframe Project, which launched with 12 founding members, is now comprised of 41 business and academic organizations including the newest members HCL Technologies and Red Hat. HCL is a leading global technology company with three main businesses including IT and Business Services (ITBS), Engineering and R&D Services (ERS) and HCL Software. HCL Software develops IBM mainframe software products as an IBM IP Partner as well as developing HCL-branded mainframe software products.

Red Hat, which is now a subsidiary of OMP Platinum member IBM, has a long history of building and supporting products and solutions from open source projects and giving back to those communities.

The new members will collaborate on vendor-neutral open source projects with the mission of building community and adoption of open source on the mainframe. The project strives to build an inclusive community through investment in open source projects and programs, career development, and events that provide opportunities for the mainframe community to collaborate and create sustainability.

To celebrate its 5th anniversary, Open Mainframe Project hosted its inaugural Open Mainframe Summit event in September. More than 385 seasoned professionals, developers, students and leaders from 175 companies attended the virtual conference to share best practices, discuss hot topics, and network with like-minded individuals who are passionate about the mainframe industry. Learn more about the event and the audience statistics in this blog.

Momentum for Open Mainframe Projects

As an umbrella, the Open Mainframe Project hosts projects that expand training the next generation of mainframers or how modern mainframe technology integrates with existing systems. Through the vendor-neutral governance structure, OMP invites developers and members worldwide to participate in the open source community. The community’s passionate and talent has helped move several of the Open Mainframe Projects to important milestones including:

Zowe, an open source software framework for the mainframe that strengthens integration with modern enterprise applications, has released version 1.17 with some notable features and enhancements. Learn more in the release notes.

Polycephaly, a set of Java and Groovy classes that enables building z/OS® source code files with Jenkins and Git, now offers developers an opportunity to choose their IDEs to use, including the popular Open Source Eclipse. Learn more in this blog.

The annual Open Mainframe Project Mentorship program, which has helped more than 40 students learn more and gain experience with Linux, open source, and mainframes, welcomed 11 new mentees in May. These mentees were paired with mentors from OMP member organizations such as IBM, Rocket Software, SUSE, Vicom Infinity, and Zoss Team LLC for four months and delivered a presentation at the Linux Foundation’s Open Source Summit Europe. The videos can be found here.

Students interested in participating in the 2021 Open Mainframe Project mentorship program can join a webinar on January 12th, 2021 at 10:00 am US Eastern Time to learn more about the program and projects participating. Register here for this webinar.

About the Open Mainframe Project

The Open Mainframe Project is intended to serve as a focal point for deployment and use of Linux and Open Source in a mainframe computing environment. With a vision of Open Source on the Mainframe as the standard for enterprise class systems and applications, the project’s mission is to build community and adoption of Open Source on the mainframe by eliminating barriers to Open Source adoption on the mainframe, demonstrating value of the mainframe on technical and business levels, and strengthening collaboration points and resources for the community to thrive. Learn more about the project at https://www.openmainframeproject.org.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

The post Open Mainframe Project Welcomes New Project Tessia, HCL Technologies and Red Hat to its Ecosystem appeared first on Linux Foundation.

Centaurus Infrastructure Project Joins Linux Foundation to Advance Cloud Infrastructure for 5G, AI and Edge

Thu, 12/17/2020 - 01:00

Centaurus today is becoming a Linux Foundation Project. The Centaurus Infrastructure Project is a cloud infrastructure platform for building distributed cloud as well as a platform for modern cloud native computing. It supports applications and workloads for 5G, Edge and AI and unifies the orchestration, network provisioning and management of cloud compute and network resources at a regional scale.

Founding members include Click2cloud, Distributed Systems, Futurewei, GridGain Systems, Reinvent Labs, SODA Foundation and Tu Wien Informatics. Centaurus is an umbrella project for modern distributed computing and hosts both Arktos and Mizar. Arktos is a compute cluster management system designed for large scale clouds, while Mizar is the high-performance cloud-network powered by eXpress Data Path (XDP) and Geneve protocol for high scale cloud. More members and projects are expected to be accepted in the coming months.

“The market is changing and customers require a new kind of cloud infrastructure that will cater to modern applications and workloads for 5G, AI and Edge,” said Mike Dolan, senior vice president and general manager for Linux Foundation Projects. “Centaurus is a technical project with strategic vision, and we’re looking forward to a deep collaboration that advances cloud native computing for generations to come.”

Current cloud infrastructure technology needs are evolving, requiring companies to manage a larger scale of compute and network resources across data centers and more quickly provision those resources. Centaurus unifies management across bare metal, VMs, containers and serverless, while reducing operational costs and delivering on the low latency and data privacy requirements of edge networks. Centaurus offers a consistent API experience to provision and manage virtual machines, containers, serverless and other types of cloud resources by combining traditional (Infrastructure as a Service) IaaS and Platform as a Service (PaaS) layers into one common infrastructure platform that can simplify cloud management.

“The Linux Foundation’s support in expanding the Centaurus community will accelerate cloud native infrastructure for the most pressing compute and networking demands,” said Dr. Xiong Ying, the current acting TSC chair, Centaurus Infrastructure Project. “It’s large network of open source developers and projects already supporting this future will enable mass collaboration and important integrations for 5G, AI and Edge workloads.”

To contribute to Centaurus, please visit: https://www.centauruscloud.io/

Supporting Member Quotes

Click2cloud
“Click2cloud has been part of the development of Centaurus, which is world class software that will lead organizations to have a clear transition from IaaS to Cloud Native Infrastructure. Click2cloud has already started a development program to enable the journey from IaaS (Openstack) to Cloud Native migration, 5G cloud based on Centaurus reference architecture to support the partner ecosystem. We are very excited for Centaurus to be a part of Linux Foundation,” said Prashant Mishra, CEO, Click2cloud.

Futurewei
“Distributed cloud architecture is a natural evolution for cloud computing infrastructure. Centaurus is a cloud native infrastructure platform aiming to unify management and orchestration of virtual machines, containers, and other forms of cloud resources natively at scale and at the edge. We have seen many enterprise users and partners wanting a unified solution to build their distributed cloud to manage virtual machines, containers or bare metal-based applications running at cloud as well as at edge sites. We are very pleased to see, today, the Centaurus Infrastructure project becomes a Linux Foundation open-source project, providing an option for community and enterprise users to build their cloud infrastructure to run and manage next generation applications such as AI, 5G and IoT. We look forward to working with the open-source community to realize the vision of Centaurus,” said Dr. Xiong Ying, Sr. Technical VP, Head of Cloud Lab, Futurewei.

GridGain Systems
“Creating and managing a unified and scalable distributed cloud infrastructure that extends from cloud to edge is increasingly a challenge for organizations worldwide. GridGain Systems has been a proud sponsor and active participant in the development of in-memory computing solutions to support the Centaurus project. We look forward to helping organizations realize the benefits of Centaurus and continuing to help extend its scalability and adoption,” said Nikita Ivanov, Co-Founder and CTO, GridGain Systems.

Reinvent Labs
“We are a young company, which specializes in cloud computing and delivering cloud-native solutions to our customers across various industries. As such, we are ever stronger witnessing the need to manage cloud services and applications that span across complex and heterogeneous infrastructures, which combine containers, VMs and serverless functions. What is more, such infrastructures are also starting to grow beyond traditional cloud platforms towards the edge on the network. Being part of the Centaurus project will not only allow us to innovate in this space and deliver a platform for unified management of infrastructure resources across both large Cloud platforms and the Edge, but it will also enable us to connect and collaborate with like-minded members for thought leadership and industry best practices,” said Dr. Stefan Nastic, founder and CEO of Reinvent Labs GmbH.

The SODA Foundation
“The SODA Open Data Framework is an open source data and storage management framework that goes from the edge to the core to the cloud. Centaurus offers the opportunity for SODA to be deployed in the next generation cloud infrastructure for 5G, AI and Edge, and allows both communities to innovate together,” said Steven Tan, SODA Foundation Chairman and VP & CTO Cloud Solution, Storage at Futurewei.

TU Wien
“We are very excited to be part of the Centaurus ecosystem and honored to be part of this open source movement and contributing in the fields of IoT, Edge intelligence, and Edge and Cloud Computing, including networking and communication aspects, as well as orchestration, resource allocation, and task scheduling,” said Prof. Schahram Dustdar, IEEE Fellow, Member Academia Europaea Professor of Distributed Systems, TU Wien, Austria.

The post Centaurus Infrastructure Project Joins Linux Foundation to Advance Cloud Infrastructure for 5G, AI and Edge appeared first on Linux Foundation.

Centaurus Infrastructure Project Joins Linux Foundation to Advance Cloud Infrastructure for 5G, AI and Edge

Thu, 12/17/2020 - 00:00

To contribute to Centaurus, please visit: https://www.centauruscloud.io/

Supporting Member Quotes

###

The post Centaurus Infrastructure Project Joins Linux Foundation to Advance Cloud Infrastructure for 5G, AI and Edge appeared first on The Linux Foundation.

EdgeX Foundry, the Leading IoT Open Source Framework, Simplifies Deployment with the Latest Hanoi Release, New Use Cases and Ecosystem Resources

Fri, 12/11/2020 - 01:00

EdgeX Foundry, the Leading IoT Open Source Framework, Simplifies Deployment with the Latest Hanoi Release, New Use Cases and Ecosystem Resources

EdgeX’s Hanoi release offers better data tagging, customized editing and a new Command Line Interface for improved performance and scalability
New use cases across AI, IIoT, Manufacturing and Retail as part of the Adopter Video Series
Resources to get developers started on the platform, contributor case studies and a library of commercial offerings as part of the new EdgeX Foundry Website

SAN FRANCISCO – December 10, 2020 – EdgeX Foundry, a project under the LF Edge umbrella organization within the Linux Foundation that aims to establish an open, interoperable framework for IoT edge computing independent of connectivity protocol, hardware, operating system, applications or cloud, today announced the “Hanoi” release that makes IoT deployment easier and the launch of new ecosystem resources.

“EdgeX Foundry fosters an ecosystem of interoperable components from a variety of vendors to create a much-needed IoT framework for edge solutions,” said Arpit Joshipura, general manager, Networking, Automation, Edge and IoT, the Linux Foundation. “With the support of LF Edge members and EdgeX contributors from across the globe, we are paving the way to enable and support a more robust solution at the IoT, Enterprise, Cloud and Telco edge.”

Launched in April 2017, and now part of the LF Edge umbrella, EdgeX Foundry is an open source, loosely-coupled microservices framework that provides the choice to plug and play from a growing ecosystem of available third-party offerings or to augment proprietary innovations. With a focus on the IoT Edge, EdgeX simplifies the process to design, develop and deploy solutions across industrial, enterprise, and consumer applications.

The Hanoi Release

EdgeX Foundry’s Hanoi release is the seventh consecutive semi-annual release and has a number of features including simplified deployment, improved performance and scalability testing and launch of Command Line Interface (CLI). Hanoi also incorporates the first collection of new, platform-wide micro service APIs that allows adopters to get a feel for what’s coming with EdgeX 2.0 in the spring.

Key features include:

Launch of the CLI: allows developers and users to issue a variety of EdgeX API calls to its services using terminal commands for easier scripting of tasks.
Improved edge data tagging: developers can tag the data coming from a variety of edges, so that everything is organized and configured by a preferred process that ensures the location of data can be found more quickly and efficiently.
Easier and simplified deployment: users will find that EdgeX now has a Compose file “make” capability that allows users to more easily customize their file without a lot of manual editing.
Improved performance and scalability testing: Adopters can now calculate what a large-scale deployment with EdgeX would look, and put it in their roadmap plans. Hanoi brings the ability to provide guidance around EdgeX scaling as the amount of data is pushed through the system, or how many devices of particular types you can hang on an instance of EdgeX.

EdgeX Foundry has a history of working closely with other LF Edge projects including Akraino, Home Edge, EVE and Open Horizon. With the Hanoi release, EdgeX has provided a sample service to export data from EdgeX to Fledge, an industrial IoT framework that focuses on critical operations, predictive maintenance, situational awareness and safety. This allows EdgeX device connectors and capabilities to be used with Fledge instances. Conversely, with its next release, Fledge intends to provide a device service to allow Fledge instances to feed EdgeX instances.

To learn more about the Hanoi release, check out this blog post.

Moving Forward

The next step for EdgeX Foundry is the “Ireland” release, tentatively scheduled for spring 2021. Ireland will include a number of significant changes, including; EdgeX’s new V2 API set and V2 API testing; additional security improvements; and easier transition/communication between device services to message application services directly (allowing for better quality of service when needed and bypassing persistence when not needed).

New Ecosystem Resources

The new EdgeX Foundry website features a variety of resources that will help new developers get started, learn about new commercial offerings from LF Edge members and see the framework in action in real-world use cases across Artificial Intelligence (AI), Industrial IoT (IIoT), Manufacturing, and Retail. The recently launched Adopter Series showcases companies that already deploy the EdgeX framework in products and solutions including Accenture, HP, Intel, Jiangxing Intelligence, ThunderSoft and TIBCO.

Additionally, Canonical, an LF Edge member and long-time EdgeX Foundry contributor, has taken over the management of the EdgeX Snap Store. Since the Dehli release, the community has published EdgeX snap packages for desktop, cloud and IoT that are easy to install, secure, cross‐platform and dependency‐free.

“With this release, we are committing to the maintenance and publishing of the official EdgeX snaps in the Canonical Snap Store,” said Tony Espy, Canonical’s EdgeX Engineering Manager. “Taking over management of the EdgeX snap is an important step toward providing developers with a safe and secure path forward for their customers.”

Additional resources:

For more information about LF Edge and its projects, visit https://www.lfedge.org/

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

The post EdgeX Foundry, the Leading IoT Open Source Framework, Simplifies Deployment with the Latest Hanoi Release, New Use Cases and Ecosystem Resources appeared first on The Linux Foundation.

New Open Source Contributor Report from Linux Foundation and Harvard Identifies Motivations and Opportunities for Improving Software Security

Wed, 12/09/2020 - 00:00

New survey reveals why contributors work on open source projects and how much time they spend on security

SAN FRANCISCO, Calif., December 8, 2020 – The Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) today announced the release of a new report, “Report on the 2020 FOSS Contributor Survey,” which details the findings of a contributor survey administered by the organizations and focused on how contributors engage with open source software. The research is part of an ongoing effort to study and identify ways to improve the security and sustainability of open source software.

The FOSS (Free and Open Source Software) contributor survey and report follow the Census II analysis released earlier this year. This combined pair of works represents important steps towards understanding and addressing structural and security complexities in the modern-day supply chain where open source is pervasive but not always understood. Census II identified the most commonly used free and open source software (FOSS) components in production applications, while the FOSS Contributor Survey and report shares findings directly from nearly 1,200 respondents working on them and other FOSS software.

“The modern economy – both digital and physical – is increasingly reliant on free and open source software,” said Frank Nagle, assistant professor at Harvard Business School. “Understanding FOSS contributor motivations and behavior is a key piece of ensuring the future security and sustainability of this critical infrastructure.”

Key findings from the FOSS Contributor Survey include:

The top three motivations for contributors are non-monetary. While the overwhelming majority of respondents (74.87 percent) are already employed full-time and more than half (51.65 percent) are specifically paid to develop FOSS, motivations to contribute focused on adding a needed feature or fix, enjoyment of learning and fulfilling a need for creative or enjoyable work.
There is a clear need to dedicate more effort to the security of FOSS, but the burden should not fall solely on contributors. Respondents report spending, on average, just 2.27 percent of their total contribution time on security and express little desire to increase that time. The report authors suggest alternative methods to incentivizing security-related efforts.
As more contributors are paid by their employer to contribute, stakeholders need to balance corporate and project interests. The survey revealed that nearly half (48.7 percent) of respondents are paid by their employer to contribute to FOSS, suggesting strong support for the stability and sustainability of open source projects but drawing into question what happens if corporate interest in a project diminishes or ceases.
Companies should continue the positive trend of corporate support for employees’ contribution to FOSS. More than 45.45 percent of respondents stated they are free to contribute to FOSS without asking permission, compared to 35.84 percent ten years ago. However, 17.48 percent of respondents say their companies have unclear policies on whether they can contribute and 5.59 percent were unaware of what policies – if any – their employer had.

“Understanding open source contributor behaviors, especially as they relate to security, can help us better apply resources and attention to the world’s most-used software,” said David A. Wheeler, director of open source supply chain security at the Linux Foundation. “It is clear from the 2020 findings that we need to take steps to improve security without overburdening contributors and the findings suggest several ways to do that.”

For an in-depth analysis of these findings, suggested actions and more, please access the full report here: https://www.linuxfoundation.org/blog/2020/12/download-the-report-on-the-2020-foss-contributor-survey

The report authors are Frank Nagle, Harvard Business School; David A. Wheeler, the Linux Foundation; Hila Lifshitz-Assaf, New York University; and Haylee Ham and Jennifer L. Hoffman, Laboratory for Innovation Science at Harvard. They will host a webinar tomorrow, December 9, at 10 am ET. Please register here: https://events.linuxfoundation.org/webinar-why-wont-developers-write-secure-os-software/

The FOSS Contributor Report & Survey is expected to take place again in 2021. For contributors who would like to participate, please sign up here: https://hbs.qualtrics.com/jfe/form/SV_erjkjzXJ2Eo0TDD

About the OpenSSF

Hosted by the Linux Foundation, the OpenSSF is a cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. It combines the Linux Foundation’s Core Infrastructure Initiative (CII), founded in response to the 2014 Heartbleed bug, and the Open Source Security Coalition, founded by the GitHub Security Lab, to build a community to support the open source security for decades to come. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

About LISH

As a university-wide initiative, the Laboratory for Innovation Science at Harvard (LISH) is spurring the development of a science of innovation through a systematic program of solving real-world innovation challenges while simultaneously conducting rigorous scientific research. To date, LISH has worked with key partners in aerospace and healthcare, such as NASA, the Harvard Medical School, the Broad Institute, and the Scripps Research Institute to solve complex problems and develop impactful solutions. More information can be found at https://lish.harvard.edu/

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

Media Contact
Jennifer Cloer
Story Changes Culture
503-867-2304
jennifer@storychangesculture.com

The post New Open Source Contributor Report from Linux Foundation and Harvard Identifies Motivations and Opportunities for Improving Software Security appeared first on The Linux Foundation.

The Janssen Project Takes on World’s Most Demanding Digital Trust Challenges at Linux Foundation

Wed, 12/09/2020 - 00:00

New Janssen Project seeks to build the world’s fastest and most comprehensive cloud native identity and access management software platform

SAN FRANCISCO, Calif., December 8, 2020 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the Janssen Project, a cloud native identity and access management software platform that prioritizes security and performance for our digital society. Janssen is based on the Gluu Server and benefits from a rich set of signing and encryption functionalities. Engineers from IDEMIA, F5, BioID, Couchbase and Gluu will make up the Technical Steering Committee.

Online trust is a fundamental challenge to our digital society. The Internet has connected us. But at the same time, it has undermined trust. Digital identity starts with a connection between a person and a digital device. Identity software conveys the integrity of that connection from the user’s device to a complex web of backend services. Solving the challenge of digital identity is foundational to achieving trustworthy online security.

While other identity and access management platforms exist, the Janssen Project seeks to tackle the most challenging security and performance requirements. Based on the latest code that powers the Gluu Server–which has passed more OpenID self-certification tests than any other platform–Janssen starts with a rich set of signing and encryption functionality that can be used for high assurance transactions. Having shown throughput of more than one billion authentications per day, the software can also handle the most demanding requirements for concurrency thanks to Kubernetes auto-scaling and advances in persistence.

“Trust and security are not competitive advantages–no one wins in an insecure society with low trust,” said Mike Schwartz, Chair of the Janssen Project Technical Steering Committee. “In the world of software, nothing builds trust like the open source development methodology. For organizations who cannot outsource trust, the Janssen Project strives to bring transparency, best practices and collective governance to the long-term maintenance of this important effort. The Linux Foundation provides the neutral and proven forum for organizations to collaborate on this work.”

The Gluu engineering teams chose the Linux Foundation to host this community because of the Foundation’s priority of transparency in the development process and its formal framework for governance to facilitate collaboration among commercial partners.

New digital identity challenges arise constantly, and new standards are developed to address them. Open source ecosystems are an engine for innovation to filter and adapt to changing requirements. The Janssen Project Technical Steering Committee (“TSC”) will help govern priorities according to the charter. The initial TSC includes:

Michael Schwartz, TSC Chair, CEO Gluu
Rajesh Bavanantham, Domain Architect at F5 Networks/NGiNX
Rod Boothby, Head of Digital Trust at Santander
Will Cayo, Director of Software Engineering at IDEMIA Digital Labs
Ian McCloy, Principal Product Manager at Couchbase
Alexander Werner, Software Engineer at BioID

For more information, see the project Github site: https://github.com/JanssenProject

Supporting Comments

BioID

“BioID’s biometric authentication service provides GDPR compliant, device independent, 3D liveness detection and facial recognition APIs, supported out-of-the-box by the Janssen project. Exposing BioID’s capabilities via OpenID Connect makes sense in many cases, especially as part of the rollout for a large organization. The availability of a high-quality open source implementation of OpenID Connect gives us more options to build products and to expand the options for our customers to deploy our technology,” said Alexander Werner, Software Engineer at BioID.

Couchbase

“The Couchbase database is supported today in the Janssen project for both caching and persistence. This makes sense given the distributed, elastic, in-memory requirements for a multi-cloud, hyper-scale identity service. Contributing to this project aligns with our goal to advance open source infrastructure software that results in more options for the Couchbase community,” said Ian McCloy, Principal Product Manager at Couchbase.

“It’s an immense pleasure to join the Janssen Project, as it’s aimed to improve the performance, reliability and security on OAuth2 Components that are similar to NGINX Principles. Being part of Linux Foundation, the Janssen Project will be well governed and evolve with the open source community to achieve its goals,” said Rajesh Bavanantham, F5.

IDEMIA

“I have been a part of the Gluu community for many years. I’m excited to see the project moving to the Linux Foundation where we can collaborate with an even larger ecosystem of individuals and companies,” said Will Cayo, IDEMIA.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,500 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

Media Contact
Jennifer Cloer
Story Changes Culture
503-867-2304
jennifer@storychangesculture.com

The post The Janssen Project Takes on World’s Most Demanding Digital Trust Challenges at Linux Foundation appeared first on The Linux Foundation.

Download the Report on the 2020 FOSS Contributor Survey

Tue, 12/08/2020 - 21:00

Free and Open Source Software (FOSS) has become a critical part of the modern economy. It has been estimated that FOSS constitutes 80-90% of any given piece of modern software, and software is an increasingly vital resource in nearly all industries. This heavy reliance on FOSS is common in both the public and private sectors, in both tech and non-tech organizations. Therefore, ensuring the health and security of FOSS is critical to the future of nearly all industries in the modern economy.

To better understand the state of security and sustainability in the FOSS ecosystem, and how organizations and companies can support it, the Linux Foundation‘s Core Infrastructure Initiative (CII) and the Laboratory for Innovation Science at Harvard (LISH) collaborated to conduct a widespread survey of FOSS contributors as part of larger efforts to take a pre-emptive approach to strengthen cybersecurity by improving open-source software security.

These efforts — recently incorporated into the Open Source Security Foundation (OpenSSF) working group on securing critical projects — aim to support, protect, and fortify open software, especially software critical to the global information infrastructure.

This survey’s primary goal is to identify how best to improve FOSS’s security and sustainability — especially those projects that are widely relied upon by the modern economy. Specifically, the survey seeks to help answer the question,

“How can we better incentivize adequate maintenance and security of the most used FOSS projects?”

Importantly, in conducting this survey, the research team sought to take a holistic view of security. The methodology for recruiting survey participants emphasized contributors to FOSS projects that have been identified as widely used via previous research that culminated in the release of “CII Census II Preliminary Report – Vulnerabilities in the Core.”

This new report summarizes the results of a survey of free/open source software (FOSS) developers in 2020. The goal was to identify key issues in improving FOSS’s security and sustainability since the world now depends on it as a critical infrastructure that underlies the modern economy.

To capture a cross-section of the FOSS community, the research team distributed the survey to contributors to the most widely used open source projects and invited the wider FOSS contributor community through an open invitation. It captured more technical aspects of security and also considered the more human side.

The survey included questions about contributor motivations and level of involvement, corporate involvement in FOSS, the role of economic considerations in contribution behavior, and sought to answer the following:

Demographics: What are the demographics of FOSS contributors? In particular, what are their gender, employment, and geographic location?
Motivations: What are their reasons for starting, continuing, or stopping contributions to FOSS? How can projects keep contributors engaged, and do contributors feel that their employers or others value their work?
Pay: How many FOSS contributors are paid for their work on FOSS? If paid, by whom (e.g., by employers and/or corporate sponsorship)? If they are not, does the lack of payment lead to significantly poorer security or sustainability?
Time Spent: How much time do contributors spend contributing to FOSS, and how would they like to spend it? Is there an interest in increasing time spent on security issues?
Aid: What kinds of actions from external actors would help improve security (e.g., code contributions and/or money)?
Current activity: What kinds of security-related activities are already taking place in the FOSS projects represented by the respondents?
Education/training: How much education/training have FOSS contributors had in secure software development and operations? From which sources did they receive it?

The goals in running this survey were to understand the state of security and sustainability in FOSS and identify opportunities to improve them, and ensure FOSS’s viability in the future. In particular, this survey focused on the “human side” of FOSS, more than the technical side, although the two are certainly inter-related, and these findings relate to both.

The results identified reasons for optimism about the future of FOSS (individuals are continuing to contribute to FOSS, companies are becoming friendlier to FOSS to the point of paying some employees to contribute, etc.), but also areas of concern (in particular, the lack of security-related efforts, and potential difficulties in motivating such efforts).

In the end, free and open source software is, and always has been, a community-driven effort that has led to the development of some of the most critical building blocks of the modern economy. This survey highlights the importance of the security of this important dynamic asset. Likewise, it will take a community-driven effort, including individuals, companies, and institutions, to ensure FOSS is secure and sustainable for future generations.

Authors:

Frank Nagle, Harvard Business School
David A. Wheeler, The Linux Foundation
Hila Lifshitz-Assaf, New York University
Haylee Ham, Laboratory for Innovation Science at Harvard
Jennifer L. Hoffman, Laboratory for Innovation Science at Harvard

Download Report

The post Download the Report on the 2020 FOSS Contributor Survey appeared first on The Linux Foundation.

Download the 2020 Linux Foundation Annual Report

Thu, 12/03/2020 - 22:00

2020 has been a year of challenges for the Linux Foundation (“LF”) and our hosted communities. During this pandemic, we’ve all seen our daily lives and those of many of our colleagues, friends, and family around the world completely changed. Too many in our community also grieved over the loss of family and friends.

It was uplifting to see LF members join the fight against COVID-19. Our members worldwide contributed technical resources for scientific researchers, offered assistance to struggling families and individuals, contributed to national and international efforts, and some even came together to create open source projects under LF Public Health to help countries deal with the pandemic.

Our project communities continued to grow this year, with new initiatives across many open technology segments, open standards, open data, and open hardware. We welcomed over 150 new communities to the LF this year, including the FINOS Foundation, which serves as an umbrella home for open source financial services projects.

Our events team had to undergo a significant transformation, pivoting over a few weeks from in-person to virtual events ranging from under 100 to tens of thousands of participants. These virtual gatherings helped many in our communities connect during this difficult time. We also learned much about potentially offering a more inclusive experience by providing hybrid in-person events with virtual experiences in the future. We’ve missed seeing many in our communities in person this year and look forward to seeing you all again when it is safe to do so.

Our training and certification team was able to help over 1.7 million individuals who enrolled in our free training courses. I want to congratulate the more than 40,000 persons who received LF certifications this year.

The LF’s 2020 Jobs Report shows trained and certified open source professionals are in demand and can easily demonstrate their value despite the challenging business environment.

As part of our ongoing diversity efforts and in joining the fight against inequality, our communities are focused on how they use language in their projects and finding mentors to guide the next generation of contributors. Our communities, such as the Linux kernel team and the Inclusive Naming Initiative launched at KubeCon North America, stepped up to enable progress in how we interact.

This year was a breakout year for our Joint Development Foundation and open standards communities. We welcomed six new projects building open standards. JDF has also been approved as an ISO/IEC JTC 1 Publicly Available Specification (PAS) Submitter. This year also marked that our first open standard community, OpenChain, was formally recognized as an international standard through the PAS process. Today the Linux Foundation can take our communities from open source repository to a recognized global standard.

Many in our ecosystem have stepped up to help with security efforts this year. A new community, Open Source Security Foundation (OpenSSF), launched to coordinate efforts focused on improving the security of open-source software.

While we continue to battle challenges in the US, we also reaffirm that the LF is part of a global community.

Our members had to navigate a year of changes in international trade policies and learned open source thrives despite politics. From around the world, our member communities engage in open collaboration because it is open, neutral, and transparent. Those participants clearly desire to continue collaborating with their global peers on challenges large and small.

At the end of a difficult year, all this taken together leaves us assured that open collaboration is the model for solving the world’s most complex challenges. No single person, organization, or government alone can create the technology we need to solve our most pressing problems. On behalf of the entire Linux Foundation team, we look forward to helping you and our communities take on whatever challenges come next.

Jim Zemlin, Executive Director, The Linux Foundation

Download Report

The post Download the 2020 Linux Foundation Annual Report appeared first on The Linux Foundation.

November 2020 Linux Foundation Newsletter

Sat, 11/21/2020 - 01:36

Click on the image above to read the November 2020 Linux Foundation Newsletter

The post November 2020 Linux Foundation Newsletter appeared first on The Linux Foundation.

Open Source Web Engine Servo to be Hosted at Linux Foundation

Wed, 11/18/2020 - 00:00

The popular and lightning-fast web engine built using the Rust programming language will grow the community and expand its platform footprint

KubeCon, November 17, 2020 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it will host the Servo web engine. Servo is an open source, high-performance browser engine designed for both application and embedded use and is written in the Rust programming language, bringing lightning-fast performance and memory safety to browser internals. Industry support for this move is coming from Futurewei, Let’s Encrypt, Mozilla, Samsung, and Three.js, among others.

“The Linux Foundation’s track record for hosting and supporting the world’s most ubiquitous open source technologies makes it the natural home for growing the Servo community and increasing its platform support,” said Alan Jeffrey, Technical Chair of the Servo project. “There’s a lot of development work and opportunities for our Servo Technical Steering Committee to consider, and we know this cross-industry open source collaboration model will enable us to accelerate the highest priorities for web developers.”

Servo is an open source project that delivers components that can load, run, and display web pages, applications, and immersive WebXR experiences. Developers can integrate the Servo web engine — including a parallelized CSS engine that speeds page load times and improves stability and a rendering engine called WebRender — into their own user interfaces, 3D experiences, and other products. Servo currently runs on Linux, macOS, and Windows, and has been ported to devices such as Android phones, Oculus, Magic Leap, and Microsoft’s HoloLens. Servo was instrumental in building Mozilla’s Gecko browser engine that powered the launch of the Firefox Quantum web browser in 2017, and is still core to Firefox’s DNA today.

In 2012, Mozilla started the Servo project, a community effort to create a new, open source browser engine that can take advantage of multicore hardware to improve speed, stability, and responsiveness. Today, Servo is more efficient than most web engines because it takes advantage of low-power multi-core CPUs. This is enabled by the open source Rust programming language that focuses on speed, memory safety, and parallelism. Rust and Servo co-evolved, and during their early days, Servo was the only large-scale Rust program other than the Rust compiler itself. Rust’s memory safety guarantees mean that Servo presents a smaller attack surface for security vulnerabilities such as buffer overflow attacks. Rust and Servo were both incubated by Mozilla, and the next step for Servo is through the Linux Foundation.

“Mozilla is a champion of the open source movement, working to unite passionate communities to build software that keeps the internet open and accessible to all,” said Adam Seligman, Chief Operating Officer at Mozilla. “We’re pleased to see Servo graduate from Mozilla and move on to the Linux Foundation where we know this technology will continue to thrive and power web-based innovation in the future.”

“Servo is the most promising, modern, and open web engine for building applications and immersive experiences using web technologies, and that has a lot to do with the Rust programming language,” said Mike Dolan, senior vice president, and general manager of projects at the Linux Foundation. “We’re excited to support and sustain this important work for decades to come.”

For more information about the Servo project and to contribute, please visit servo.org.

About the Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 1,500 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

Media Contact
Jennifer Cloer
503-867-2304
pr@linuxfoundation.org

The post Open Source Web Engine Servo to be Hosted at Linux Foundation appeared first on The Linux Foundation.

FINOS Launches Open Regtech Initiative as It Receives Record High Number of Open Source Contributions

Sat, 11/14/2020 - 03:48

Deutsche Bank, JPMorgan, ING, Alliance for Innovative Regulation (AIR) Contribute as Foundation Achieves Highest Monthly Commits in Its History

NEW YORK, NY / November 13, 2020 / At its annual, flagship Open Source Strategy Forum (OSSF) held virtually in conjunction with the Linux Foundation, FINOS (the Fintech Open Source Foundation), today announced the launch of its Open RegTech initiative, which aims to expand the successful open collaboration model built between financial institutions, fintech and technology firms to regulators and regtech companies. Additionally, FINOS announced a codebase contribution from Deutsche Bank of the Symphony Java Toolkit as well as the OpenMAMA project, which is led by JPMorgan, Deutsche Bank and several other FINOS members.

The announcement comes a day after FINOS announced six new members and also recorded the largest number of commits, the smallest unit of contribution, on its open source projects since its inception with a 40 percent growth with respect to the previous record.

“When we started the foundation two years ago, we couldn’t have predicted such a groundswell of support from the financial services industry for our community and are extremely proud of what we’ve accomplished,” said Gabriele Columbro, executive director, FINOS, whose mission is to foster adoption of open source, open standards, and collaborative software development practices in financial services. “This is just the beginning. By establishing an open source model for the regulatory community, building a strong project portfolio and adding active contributions from financial institutions, we have a unique opportunity to tackle other long-standing industry challenges.”

FINOS Board Approves Regulatory Special Interest Group (SIG) Led by ING and AIR
The FINOS board recently established the use of SIGs to bring together financial services stakeholders to define problem statements in specific areas that can be tackled through open source collaboration. Recognizing that efficiently defining and meeting financial services regulations is both critical and challenging, FINOS has created the “Regulation Innovation SIG”, led by AIR and supported by ING, for those interested in creating open source solutions for regulatory and compliance issues in financial services.

“The regulatory landscape is in need of a makeover, one that uses open source technology to help streamline regulatory interpretation and reporting through standardization and common approaches,” said Tosha Ellison, COO, FINOS and keynote speaker at OSSF. “FINOS believes that open source software and standards can change the way financial regulation is implemented, supervised and complied with, and is thrilled by the interest it has received from both regulators and the industry.”

“Global challenges need global solutions. That’s why at ING, we collaborate with others, both on existing platforms and on new ones we have yet to create,” said Ian Hollowbread, head of RegTech, ING Labs, ING. “Working together with open source communities, we can achieve greater coordination and bring standardization to regulatory processes to help proactively protect the financial services sector at large.”

OSSF keynote speaker Jo Ann Barefoot, CEO and co-founder of Alliance for Innovative Regulation (AIR) said: “As a former regulator, I know that agencies need to adopt a new, more coordinated approach that seeks to harmonize financial regulations and their implementation. The financial services industry and regulatory bodies have an opportunity to redesign the traditional regulatory framework using open source technology. We see great potential working with ING and FINOS to further that end.”

Deutsche Bank Contributes Open Source Symphony Java Toolkit

As industry adoption of the Symphony platform grows, and the use cases and trading scenarios for which it is being deployed expand, so too has the need grown to make Symphony’s capabilities available in what remains one of the most popular languages in financial services–Java.

A suite of libraries, which address common concerns around identity management, instance clustering, integration testing, “circle-of-trust” and building workflows, the Symphony Java Toolkit is now available through FINOS. Internally, these libraries have been deployed widely for delivering valuable client-focused functionality such as request-for-quote (RFQ), building orders, supporting chatbots and sharing axe information. Deutsche Bank will work with the community to continue building an open source, best-of-breed Java software stack that can be used by all Java developers working with Symphony.

“The Symphony Java Toolkit provides clients with an effective and powerful set of utilities to build Symphony solutions that drive their businesses forward,” said James Gibson, CIO of Deutsche Bank’s FIC Technology. “The toolkit makes it even easier for clients to connect with us, and other industry participants, to increase efficiencies, improve controls and create new opportunities for growth.”

“These libraries have been developed from the ground up within Deutsche Bank – they are interoperable together, are well documented, have been field-tested, with further modules and features added frequently,” said Rob Moffat, consultant at Deutsche Bank and the developer of this software. “The Symphony Java Toolkit follows in the footsteps of Plexus Interop and Waltz as the third collaborative project between Deutsche Bank and FINOS, all of which benefit from FINOS’ sound reputation within the open-source community and their impartial stewardship of projects within the finance industry.”

Deutsche Bank is already a leader in open source technology across the banking sector. This significant contribution to the community follows its Plexus Interop submission in 2017 that remains the largest outside open-source contribution to FINOS since its founding.

OpenMAMA Joins FINOS to Develop its Project for Market Data Sharing Across the Financial Service Industry
OpenMAMA‘s project maintainers include several FINOS members like JPMorgan, Deutsche Bank and Glue42, and was previously open sourced under the auspices of the Linux Foundation, and will now be consolidated under FINOS as the Linux Foundation wide umbrella for financial services collaboration. The project provides a high performance middleware agnostic messaging API that interfaces with a variety of message-oriented middleware systems. It provides a simplified way of sharing market data across investment banks, proprietary trading companies, hedge funds and data providers. It reduces the cost of ownership and time to market for these financial companies.

“We see significant value in Open MAMA becoming part of the FINOS open source ecosystem,” said Nigel Phelan, architecture lead for the market data services department within the Corporate and Investment Bank at JPMorgan Chase. “Open MAMA is strongly aligned with the FINOS community and its members, and we see a great opportunity to build upon our achievements to date.”

FINOS’s strong momentum is evidenced by a series of recently announced contributions in 2020, from members such as Goldman Sachs (Legend), Morgan Stanley (Morphir), Citi (DataHub) and Deutsche Bank (Waltz).

The announcement comes on the second day of FINOS’ Open Source Strategy Forum(OSSF), an annual conference recognizing leaders within the open source and financial services industry. The virtual conference will bring together experts for engaging conversations and breakout sessions on how to best leverage open source software to solve industry challenges.

Some notable keynotes include:

Open Remarks, Tosha Ellison, chief operating officer, FINOS
On the Importance of Securing the Open Source Supply Chain, Christopher Ferris, IBM fellow and CTO, Open Technology, IBM
FINOS Executive Director Gabriele Columbro in conversation with Neal Pawar, open source advocate and technology veteran
“The Future of Financial Regulation” featuring Jo Ann Barefoot and Matthew Van Buskirk, co-CEO, Hummingbird Regtech.
An interview with Dan Abramov, software engineer at Facebook, member of the React Core Team and co-author of Create React App

To check out sessions from today’s virtual conference, please visit: https://events.linuxfoundation.org/open-source-strategy-forum/program/schedule/.

About FINOS
FINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster adoption of open source, open standards and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts 33 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world.

Contact:
Jamie Kemp
+15164173975
jamie@calibercorporateadvisers.com

SOURCE: FINOS

The post FINOS Launches Open Regtech Initiative as It Receives Record High Number of Open Source Contributions appeared first on The Linux Foundation.

How to report security vulnerabilities to the Linux Foundation

Fri, 11/13/2020 - 06:22

We at The Linux Foundation (LF) work to develop secure software in our foundations and projects, and we also work to secure the infrastructure we use. But we’re all human, and mistakes can happen.

So if you discover a security vulnerability in something we do, please tell us!

If you find a security vulnerability in the software developed by one of our foundations or projects, please report the vulnerability directly to that foundation or project. For example, Linux kernel security vulnerabilities should be reported to <security@kernel.org> as described in security bugs. If the foundation/project doesn’t state how to report vulnerabilities, please ask them to do so. In many cases, one way to report vulnerabilities is to send an email to <security@DOMAIN>.

If you find a security vulnerability in the Linux Foundation’s infrastructure as a whole, please report it to <security@linuxfoundation.org>, as noted on our contact page.

For example, security researcher Hanno Böck recently alerted us that some of the retired linuxfoundation.org service subdomains were left delegated to some cloud services, making them potentially vulnerable to a subdomain takeover. Once we were alerted to that, the LF IT Ops Team quickly worked to eliminate the problem and will also be working on a way to monitor and alert about such problems in the future. We thank Hanno for alerting us!

We’re also working to make open source software (OSS) more secure in general. The Open Source Security Foundation (OpenSSF) is a broad initiative to secure the OSS that we all depend on. Please check out the OpenSSF if you’re interested in learning more.

David A. Wheeler

Director, Open Source Supply Chain Security, The Linux Foundation

The post How to report security vulnerabilities to the Linux Foundation appeared first on The Linux Foundation.

FINOS Expands Financial Services Open Source Ecosystem with Six New Members and Creation of Associate Member Program for Nonprofits

Fri, 11/13/2020 - 05:40

Intel, SUSE and Diffblue Broaden Industry Representation in the Open Ecosystem for Financial Services; Associate Membership Provides Open Source On-Ramp for Nonprofits, Industry Consortia, Academic Institutions and Public Agencies

NEW YORK, NY / ACCESSWIRE / November 12, 2020 / Today, at its annual flagship conference, the Open Source Strategy Forum (OSSF), the Fintech Open Source Foundation (FINOS), announced three new corporate members – Intel and SUSE, joining as gold members, and Diffblue at the silver level. FINOS also announced today the launch of its Associate Member Program and three inaugural associate members, the Alliance for Innovative Regulation (AIR), InterWork Alliance(IWA), and the International Swaps and Derivatives Association (ISDA).

“From big tech to financial institutions, from regulators to fintech vendors, we are bringing together a community that is actively contributing valuable IP and sweat equity because it has now realized how the ‘open source way’ has the concrete potential to solve long standing challenges in this industry and beyond,” said Gabriele Columbro, executive director, FINOS.

These six new members further broaden industry representation across FINOS’ membership base, which now includes over 10 financial institutions and 20 technology vendors. Today’s announcement is also the latest example of accelerating growth in FINOS membership in the last year; with today’s announcement, the total count of FINOS members is now 38. “Our continued growth in members reflects the ongoing shift in financial services as more institutions embrace open collaboration to drive new business models, reduce costs, attract and retain talent, and gain competitive advantage,” remarked Tosha Ellison, FINOS Chief Operating Officer.

“Open source in financial services is a positive-sum game,” added Columbro. “Not only does it help industry consortia and regulators resolve important and complex issues at the crossroads of policy and technology, but it also provides technology and fintech companies with the ability to generate business opportunities through a commercial open source ecosystem, especially for those who will enjoy a first-mover advantage by engaging early in communities like FINOS.”

Technology Companies Join the Financial Open Source Movement

Intel is joining FINOS as a gold member. The company is an industry leader, creating world-changing technologies that enable global progress and enrich lives. Intel is also one of the largest software organizations in the world, and a leader in the development of open source technology.

“Intel technology can help banks unleash the power of data to deliver real-time insights and more value to their customers,” said Mike Blalock, general manager for the financial services industry at Intel. “As a strategic partner with FINOS, we will actively collaborate with the open source community to deliver leading-edge hardware and help bring this transformation to reality.”

SUSE, also joining FINOS as a gold member, is similarly an open source innovator. The world’s largest independent open source company, SUSE is a leader in enterprise Linux, edge computing and artificial intelligence. Its container and cloud platforms and software-defined infrastructure, enable businesses to create, deploy, and manage workloads.

“SUSE is passionate about open source innovation. We foster the potential to simplify complexities, modernize systems and accelerate discovery in banks and financial institutions,” said Alan Clark, who leads the SUSE Industry Standards and New Initiatives Program. “SUSE is proud to be a contributing member of FINOS and we will collaborate and address industry challenges around financial technologies, data modeling, machine learning, edge computing, hybrid cloud, security and containerization. Building on our FinTech experience and partnerships, SUSE will be an active member and guidepost for the FINOS community.”

A spin-out from Oxford University backed by Goldman Sachs, Diffblue is the creator of one of the world’s first AI for code solutions that automates writing unit tests and will join FINOS as a silver member. Its first product, Cover, writes Java unit regression tests that help software teams to find bugs sooner and so ship faster, with fewer defects. Its pioneering technology, developed by researchers from the University of Oxford, is based on reinforcement learning.

“We’re thrilled to be joining FINOS as a silver member so that we can collaborate more broadly with our financial services customers on open source projects that matter to them,” said Mathew Lodge, CEO of Diffblue. “As a commercial open source company, Diffblue’s Community Edition is free for open source projects so we will be contributing both better tests and tools as part of the community.”

New Associate Members Showcase FINOS’ Capabilities Beyond Traditional Financial Services

FINOS’ Associate Membership is for nonprofits, foundations and academic institutions with complementary missions to FINOS. These organizations can contribute to projects and bring attention to the numerous applications of open source technology, while FINOS provides its expertise and battle-tested open source governance to enable faster innovation in these adjacent communities.

As the regulatory landscape is ever changing, globally, AIR, a nonprofit dedicated to modernizing the financial regulatory system, will share its expertise with FINOS to drive open source solutions that standardize the way financial regulation is implemented and supervised.

“The mission of FINOS and the open source orientation of the FINOS community are an ideal complement to the work we do with financial regulators,” said David Ehrich, executive director, AIR.

ISDA is a trade association for participants in the global derivatives market, with more than 925 member firms in 75 countries. A key part of ISDA’s role is the development of standards and mutualized industry solutions for the derivatives market, including the Common Domain Model (CDM), which establishes a set of digital standards for trade events and processes. ISDA joins FINOS as an associate member, having recently participated in the successful pilot of Legend, the data platform contributed to FINOS by Goldman Sachs.

“The standards developed by ISDA are critical to derivatives workflows and, by extension, tons of fintech use cases,” said Rob Underwood, Chief Development Officer of FINOS. “In the pilot phase of Legend, extensions to the CDM were built using Legend. ISDA was central to Legend’s pilot and that overall open sourcing effort.”

“ISDA has long produced standards and definitions for the derivatives industry, and we have been working to digitize and distribute those standards in formats that work best for the fintech community. Engaging with fintech firms and providing those standards in open source should result in a rapid development of industry solutions and contribute to the transformation of financial markets,” said Ian Sloyan, Director, Market Infrastructure and Technology, ISDA.

IWA is a nonprofit, member-led organization creating platform-neutral specifications and trusted certification to define how digital token business processes can interwork regardless of location or market segment. Areas of expected collaboration include specifications for tokenizing institutional bond and equity instruments.

“World-scale adoption of standards is accelerated when those standards can be paired with open source reference implementations,” said Paul DiMarzio, executive director, IWA. “The IWA is excited to collaborate with FINOS to build pairings between FINOS open source projects and the IWA business working groups standardizing tokenized services for financial services.”

The announcement comes on the first day of OSSF, which is an annual conference recognizing leaders within the open source and financial services industry. The virtual event will bring together experts for engaging conversations and breakout sessions on how to best leverage open source software to solve industry challenges.

Some notable keynotes include:

Opening Remarks by FINOS Chair and Global Head Kim Prado – RBC and Dov Katz FINOS Chair, Morgan Stanley
Welcome and Opening Remarks – Gabriele Columbro, executive director, FINOS
“Open Sourcing Legend: The Flagship of Goldman Sachs’ Data Strategy — and Now Yours?” – Pierre de Belen, managing director, Goldman Sachs
“Innovation + Security = Innovation Joy: Stop Sacrificing Customer Experience for Security” – John Jeremiah, product marketing leader & DevOps evangelist, GitLab
“Quickly Deliver Modern Open Source Projects and Services with Modularity, the Enterprise Open Source Way” – Alessandro Petroni, global director and head, strategy financial services, Red Hat
Talks with Sarah Novotny, open source wonk, Azure Office of the CTO, Microsoft and Alejandra Villagra, managing director, Citi

To check out sessions from today’s virtual conference, please visit: https://events.linuxfoundation.org/open-source-strategy-forum/program/schedule/.

About FINOS

FINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster adoption of open source, open standards and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts 33 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world.

FOR MEDIA INQUIRIES PLEASE CONTACT:
Stephen Sumner
Caliber Corporate Advisers
p. 917.985.6630 ext.15
stephen@calibercorporate.com

SOURCE: FINOS

The post FINOS Expands Financial Services Open Source Ecosystem with Six New Members and Creation of Associate Member Program for Nonprofits appeared first on The Linux Foundation.

The Linux Foundation Launches LF Live: Mentorship Series

Tue, 11/10/2020 - 20:30

Open Source Maintainers and community leaders will host virtual mentorship sessions designed to provide expert knowledge and valuable interactive discussion across a range of topics related to the Linux Kernel and other OS projects, primarily around development. These Mentorship Webinars are free for anyone to attend, and are being offered to support the development of skills and further empowerment of the community.

SAN FRANCISCO, November 10, 2020 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, is launching a virtual mentoring series entitled LF Live: Mentorship Series. The goal of this program is to (1) continue offering opportunities to learn and re-skill to those that have been displaced from jobs as a result of the COVID-19 pandemic; (2) serve those considering jobs in open source by helping to grow their skills and build their network so they are better set up for successful careers; (3) grow the number of people entering the open source job market which has a huge demand for new talent; and (4) encourage new people to apply to The Linux Foundation’s Mentoring Program and other community mentoring programs. These webinars will be complimentary. There is no cost to participate in this program.

Each webinar topic will be different, but will primarily be technical and applicable to the Linux Kernel, as well as to other open source projects. The first webinar was held on October 29 and covered ‘Writing Change Logs that Make Sense, led by Shuah Khan, Kernel Maintainer & Fellow, The Linux Foundation. The recording of the session can be viewed here and the slides can be viewed here. Upcoming Mentorship Webinars include:

- How Do I Get Started with an Open Source Project?, with Clyde Seepersad, SVP & General Manager, Training & Certification, The Linux Foundation – December 2
- Best Practices to Getting Your Patches Accepted, with Greg Kroah-Hartman, Kernel Maintainer & Fellow, The Linux Foundation – December 8
- Open Source Licensing, with Steve Winslow, Director of Strategic Programs, The Linux Foundation – January 13, 2021
- Kselftest, with Shuah Khan, Kernel Maintainer & Fellow, The Linux Foundation – Date TBA
- Best Practices to be an Effective Maintainer, with Dan Williams, Linux Kernel Developer, Intel – Date TBA
- Static Analysis & Tools, with Jan-Simon Möller, AGL Release Manager, The Linux Foundation – Date TBA
- Coccinelle, with Julia Lawall, Senior Researcher at Inria – Date TBA

Additional sessions will continue to be added, covering topics such as: Smatch (Static Analysis Tool), Dynamic Analysis and Tools, Fuzz Testing, Kunit, and Tracing. To be alerted when registration is live for each session, please subscribe at the bottom of this page: https://events.linuxfoundation.org/lf-live-mentorship-series/.

To learn more about the LF Live: Mentorship Series, please visit our webpage. To learn more about the Linux Foundation Mentoring Program, please click here. To learn more about the Linux Foundation Events, visit our website and follow us on Twitter and Facebook for all the latest event updates and announcements.

About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation Events are where the world’s leading technologists meet, collaborate, learn and network in order to advance innovations that support the world’s largest shared technologies.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

####

Media Contact:
Kristin O’Connell
The Linux Foundation
koconnell@linuxfoundation.org

The post The Linux Foundation Launches LF Live: Mentorship Series appeared first on The Linux Foundation.

An open guide to evaluating software composition analysis tools

Mon, 11/02/2020 - 22:07

Overview

With the help of software composition analysis (SCA) tools, software development teams can track and analyze any open source code brought into a project from a licensing compliance and security vulnerabilities perspective. Such tools discover open source code (at various levels of details and capabilities), their direct and indirect dependencies, licenses in effect, and the presence of any known security vulnerabilities and potential exploits. Several companies provide SCA suites, open source tools, and related services driven as community projects. The question of what tool is most suitable for a specific usage model and environment always comes up. It is difficult to answer given the lack of a standard method to compare and evaluate such tools.

The goal of this paper is to recommend a series of comparative metrics when evaluating multiple SCA tools.

Download Whitepaper

The post An open guide to evaluating software composition analysis tools appeared first on The Linux Foundation.

Open Source Security Foundation Announces Education Courses and Participation Initiatives to Advance its Commitment to Securing the World’s Software Infrastructure

Thu, 10/29/2020 - 23:00

Free training opportunities, new member investments, consolidation with Core Infrastructure Initiative and new opportunities for anyone to contribute accelerate work on open source security

SAN FRANCISCO, Calif., Oct 29, 2020 – OpenSSF, a cross-industry collaboration to secure the open source ecosystem, today announced free training for developing secure software, a new OpenSSF professional certificate program called Secure Software Development Fundamentals and additional program and technical initiatives. It is also announcing new contributors to the Foundation and newly elected advisory council and governing board members.

Open source software has become pervasive across industries, and ensuring its security is of primary importance. The OpenSSF, hosted at the Linux Foundation, provides a structured forum for a collaborative, cross-industry effort. The foundation is committed to working both upstream and with existing communities to advance open source security for all.

Open Source Security Training and Education

OpenSSF has developed a set of three free courses on how to develop secure software on the non-profit edX learning platform. These courses are intended for software developers (including DevOps professionals, software engineers, and web application developers) and others interested in learning how to develop secure software. The courses are specifically designed to teach professionals how to develop secure software while reducing damage and increasing the speed of the response when a vulnerability is found.

The OpenSSF training program includes a Professional Certificate program, Secure Software Development Fundamentals, which can allow individuals to demonstrate they’ve mastered this material. Public enrollment for the courses and certificate is open now. Course content and the Professional Certificate program tests will become available on November 5.

“The OpenSSF has already demonstrated incredible momentum which underscores the increasing priorities placed on open source security,” said Mike Dolan, Senior VP and GM of Projects at The Linux Foundation. “We’re excited to offer the Secure Software Development Fundamentals professional certificate program to support an informed talent pool about open source security best practices.”

New Member Investments

Sixteen new contributors have joined as members of OpenSSF since earlier this year: Arduino; AuriStor; Canonical; Debricked; Facebook; Huawei Technologies; iExec Blockchain Tech; Laboratory for Innovation Science at Harvard (LISH); Open Source Technology Improvement Fund; Polyverse Corporation; Renesas; Samsung; Spectral; SUSE; Tencent; Uber; and WhiteSource. For more information on founding and new members, please visit: https://openssf.org/about/members/

Core Infrastructure Initiative Projects Integrate with OpenSSF

The OpenSSF is also bringing together existing projects from the Core Infrastructure Initiative (CII), including the CII Census (a quantitative analysis to identify critical OSS projects) and CII FOSS Contributor Survey (a quantitative survey of FOSS developers). Both will become part of the OpenSSF Securing Critical Projects working group. These two efforts will continue to be implemented by the Laboratory for Innovation Science at Harvard (LISH). The CII Best Practices badge project is also being transitioned into the OpenSSF.

OpenSSF Leadership

The OpenSSF has elected Kay Williams from Microsoft as Governing Board Chair. Newly elected Governing Board members include:

Jeffrey Eric Altman, AuriStor, Inc.;
Lech Sandecki, Canonical;
Anand Pashupathy, Intel Corporation; and
Dan Lorenc from Google as Technical Advisory Committee (TAC) representative.

An election for a Security Community Individual Representative to the Governing Board is currently underway and results will be announced by OpenSSF in November. Ryan Haning from Microsoft has been elected Chair of the Technical Advisory Council (TAC).

There will be an OpenSSF Town Hall on Monday, November 9, 2020, 10:00a -12:00p PT, to share updates and celebrate accomplishments during the first three months of the project. Attendees will hear from our Governing Board, Technical Advisory Council and Working Group leads, have an opportunity for Q+A and learn more about how to get involved in the project. Register here.

Membership is not required to participate in the OpenSSF. For more information and to learn how to get involved, including information about participating in working groups and advisory forums, please visit https://openssf.org/getinvolved.

New Member Comments

Arduino

“As an open-source company, Arduino always considered security as a top priority for us and for our community,” said Massimo Banzi, Arduino co-founder. ’”We are excited to join the Open Source Security Foundation and we look forward to collaborating with other members to improve the security of any open-source ecosystem.”

AuriStor

“One of the strengths of the open protocols and open source software ecosystems is the extensive reuse of code and APIs which expands the spread of security vulnerabilities across software product boundaries. Tracking the impacted downstream software projects is a time-consuming and expensive process often reaching into the tens of thousands of U.S. dollars. In Pixar’s Ratatouille, Auguste Gusteau was famous for his belief that “anyone can cook”. The same is true for software: “anyone can code” but the vast majority of software developers have neither the resources or incentives to prioritize security-first development practices nor to trace and notify impact downstream projects. AuriStor joins the OSSF to voice the importance of providing resources to the independent developers responsible for so many critical software components.” – Jeffrey Altman, Founder and CEO or AuriStor.

Canonical Group

“It is our collective responsibility to constantly improve the security of open source ecosystem, and we’re excited to join the Open Source Security Foundation,” said Lech Sandecki, Security Product Manager at Canonical. “As publishers of Ubuntu, the most popular Linux distribution, we deliver up to 10 years of security maintenance to millions of Ubuntu users worldwide. By sharing our knowledge and experience with the OSFF community, together, we can make the whole open source more secure.”

Debricked

“The essence of open source is collaboration, and we strongly believe that the OSSF initiative will improve open source security at large. With all of the members bringing something different to the table we can create a diverse community where knowledge, experience and best practices can help shape this space to the better. Debricked has a strong background in research and extensive insight in tooling; knowledge which we hope will be a valuable contribution to the working groups,” said Daniel Wisenhoff, CEO and co-founder of Debricked.

Huawei

“With open source software becoming a crucial foundation in today’s world, how to ensure its security is the responsibility of every stakeholder. We believe the establishment of the Open Source Security Foundation will drive common understanding and best practices on the security of the open source supply chain and will benefit the whole industry,” said Peixin Hou, Chief Expert on Open System and Software, Huawei. “We look forward to making contributions to this collaboration and working with everybody in an open manner. This reaffirms Huawei’s long-standing commitment to make a better, connected and more secure and intelligent world.”

Laboratory for Innovation Science at Harvard

“We are excited to bring the Core Infrastructure Initiative’s research on the prevalence and current practices of open source into this broader network of industry and foundation partners,” said Frank Nagle, Assistant Professor at Harvard Business School and Co-Director of the Core Infrastructure Initiative at the Laboratory for Innovation Science at Harvard. “Only through coordinated, strategically targeted efforts – among competitors and collaborators alike – can we effectively address the challenges facing open source today.”

Open Source Technology Improvement Fund

“OSTIF is thrilled to collaborate with industry leaders and apply it’s methodology and broad expertise for securing open-source technology on a larger scale. The level of engagement across organizations and industries is inspiring, and we look forward to participating via the Securing Critical Projects Working Group,” said Chief Operating Officer Amir Montazery. “Linux Foundation and OpenSSF have been instrumental in aligning efforts towards improving open-source software, and OSTIF is grateful to be involved in the process.”

Polyverse

“Polyverse is honored to be a member of OpenSSF. The popularity of open source as the ‘go-to’ option for mission critical data, systems and solutions has brought with it increased cyberattacks. Bringing together organizations to work on this problem collaboratively is exactly what open source is all about and we’re eager to accelerate progress in this area,” said Archis Gore, CTO, Polyverse.

Renesas

“Renesas provides embedded processors for various application segments, including automotive, industrial automation, and IoT. Renesas is committed to ensuring the integrity and confidentiality of systems and data while mitigating cybersecurity risks. To enable our customers to develop robust systems, it is essential to provide root-of-trust of the open source software that runs on our products,” said Shinichi Yoshioka, Senior Vice President and CTO of Renesas. “We are excited to join the Open Source Security Foundation and to collaborate with industry-leading security professionals to advance more secure computing environments for the society.”

Samsung

“Samsung is trying to provide best-in-class security with our technologies and activities. Not only are security risks reviewed and removed in all development phases of our products, but they are also monitored continuously and patched quickly,” said Yong Ho Hwang, Corporate Vice President and Head of Samsung Research Security Team, Samsung Electronics. “Open source is one of the best approaches to drive cross-industry effort in responding quickly and transparently to security threats. Samsung will continue to be a leader in providing high-level security by actively contributing and collaborating with the Open Source Security Foundation.”

Spectral

“Spectral’s mission is to enable developers to build and ship software at scale without worry. We feel that the OpenSSF initiative is the perfect venue to discuss and improve open source security and is a natural platform that empowers developers. The Spectral team is happy to participate in the working groups and share their expertise in security analysis and research of technology stacks at scale, developer experience (DX) and tooling, open source codebases analysis and trends, developer behavioral analysis, though the ultimate goal of improving open source security and developer happiness,” said Dotan Nahum, CEO and co-founder of Spectral.

SUSE

“At SUSE, we power innovation in data centers, cars, phones, satellites and other devices. It has never been more critical to deliver trustworthy security from the core all the way to the edge,” said Markus Noga, VP Solutions Technology at SUSE. “We are committed to OpenSSF as the forum for the open source community to collaborate on vulnerability disclosures, security tooling, and to create best practices to keep all users of open source solutions safe.”

Tencent

“Tencent believes in the power of open source technology and collaboration to deliver incredible solutions to today’s challenges. As open source has become the de facto way to build software, its security has become a critical component for building and maintaining the software and infrastructure,” said Mark Shan, Chair of Tencent Open Source Alliance and Board Chair of the TARS Foundation. “By bringing different organizations together, OpenSSF provides a platform where developers can collaboratively build solutions needed to protect the open source security supply chain. Tencent is very excited to join this collaborative effort as an OpenSSF member and contribute to its open source security initiatives and best practices.

WhiteSource

“In today’s world, software development teams simply cannot develop software at today’s pace without using open source. Our goal has always been to empower teams to harness the power of open source easily and securely. We’re honored to get the opportunity to join the Open Source Security Foundation where we can join forces with others to contribute, together, towards open source security best practices and initiatives.” David Habusha, VP Product.

About the Open Source Security Foundation (OpenSSF)

Hosted by the Linux Foundation, the OpenSSF (launched in August 2020) is a cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. It combines the Linux Foundation’s Core Infrastructure Initiative (CII), founded in response to the 2014 Heartbleed bug, and the Open Source Security Coalition, founded by the GitHub Security Lab to build a community to support the open source security for decades to come. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

About the Linux Foundation

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact
Jennifer Cloer
Story Changes Culture
503-867-2304
jennifer@storychangesculture.com

The post Open Source Security Foundation Announces Education Courses and Participation Initiatives to Advance its Commitment to Securing the World’s Software Infrastructure appeared first on The Linux Foundation.

New AI & Data Foundation Combines Industry’s Fastest-Growing Open Source Developments in Artificial Intelligence and Open Data

Mon, 10/26/2020 - 22:15

San Francisco, Calif., October 26, 2020 – LF AI Foundation (LF AI), the organization building an ecosystem to enable and sustain open source innovation in artificial intelligence (AI), machine learning (ML), and deep learning (DL), and ODPi, a nonprofit organization accelerating the open ecosystem of big data solutions, today announced they will come together under the new LF AI & Data Foundation. The LF AI & Data The Linux Foundation’s AI Foundation & ODPi merge to support growing portfolio of technologies and drive open source collaboration across AI and data

Foundation will build and support an open community and a growing ecosystem of open source AI, data and analytics projects, by accelerating development and innovation, enabling collaboration and the creation of new opportunities for all the members of the community.

As one entity under the Linux Foundation, this consolidated and focused effort will enable additional collaboration and integration in the space of AI/ML/DL and Data. With the creation of LF AI & Data, both communities will now support a growing ecosystem of artificial intelligence, machine learning, deep learning and data technologies. AI and Data are inseparable and codependent on each other. Combining efforts in both spaces will bring developers and projects under a single roof, orchestrated by a single Technical Advisory Council and several committees (Trusted AI, BI & AI), to work together towards building the open source AI & Data ecosystem and accelerating development and innovation. Hosting projects under a single umbrella enables closer collaboration, integration, and interoperability across projects and is a proven recipe for building strong open ecosystems. At the same time, it will provide a unified guidance for end users on tools, interoperability, integration, standards, and the future of AI, Data and Analytics as its use continues to grow in every industry. Furthermore, as member driven organizations, joining forces under LF AI & Data will allow greater efficiency for members across the various services we offer to our hosted projects.

“LF AI has been growing at the rate of one new project per month, including several data projects. It is a natural move to bring together the open AI and data communities to enable better interoperability and capabilities across all of our hosted projects and to enable closer collaboration, which has been a proven recipe for building a strong open ecosystem. It will also provide our members greater cost efficiency when supporting our projects,” said Dr. Ibrahim Haddad, LF AI Executive Director. “We look forward to supporting innovation in the open source ecosystem focused on AI, Data and Analytics.”

“Over the past 5 years, ODPi has been a part of driving standardization and consolidation in the Big Data and Hadoop ecosystem, as well as becoming a focal point for the data challenges of the enterprises of today such as metadata, governance, and data science,” said John Mertic, Director, ODPi. “Coming together to form LF AI & Data is the next natural step in this mission, enabling greater interoperability to drive both innovation and sustainable growth for key projects.”

ODPi and its projects Egeria and OpenDS4All will become hosted projects under the LF AI & Data Foundation, with BI and AI becoming a committee within the foundation. They will maintain their current open technical governance model, establish collaboration with other hosted projects in LF AI & Data via the efforts of the its Technical Advisory Council, and benefit from a host of services offered to facilitate collaboration and increased adoption.

Charles “Starlord” Xie, Chairperson, LF AI Governing Board, said: “Today’s announcement of LF AI & Data is very exciting news for the open source AI ecosystem. LF AI & Data brings together companies, projects and communities focusing on AI and Data under a single organization to foster collaboration and integration across projects. We look forward to the months and years to come as we anticipate significant growth in our project portfolio and the development of many collaboration opportunities.”

Craig Rubendall, Chairperson, ODPi, said: “The ODPi Board of Directors and technical community are excited to come together with LF AI to form LF AI & Data. This joint foundation will enable the key open source projects our industry depends on to have a sustainable home, which will drive further innovation and collaboration.”

Jim Spohrer, Director, IBM Center for Open Source Data and AI Technologies and LF AI Technical Advisory Council Chairperson, said: “If you are committed to advancing open source AI and data as an industry-standard infrastructure and democratizing access to AI, there is a great opportunity to contribute within the community. Join our bi-weekly TAC meetings and connect with us on the LFAI slack channel.”

LF AI launched two years ago with nine founding members and one hosted project, and today has 25 members and 20 technical projects. ODPi launched five years ago, and is supported by a strong roster of industry-leading members. Together, under the LF AI & Data Foundation, there are 22 projects supported by more than 60 companies, 20 universities and more than 1,300 active developers contributing to these projects.

New members of LF AI & Data Foundation include aivancity School for Technology, Business & Society, AlphaBravo, Cloudera, Databricks, Index Analytics, ING Bank, OpenI, Precisely, Peng Cheng Laboratory, SAS Institute, and the Shanghai OpenSource Information Technology Association.

“The future of open source is directly linked to the AI ecosystem and a multitude of data communities. Therefore, it is a natural pairing for LF AI and ODPi to join forces and Cloudera is thrilled to be aiding their efforts in growing the project portfolio to encourage innovation and enable stronger interoperability and collaboration.” – Arun Murthy, CPO, Cloudera.

“Both fresh ingredients and a wonderful recipe are important for a delicious meal. Index Analytics is happy to join this feast as AI (Recipe) and Data (Ingredients) converge!” – Cupid Chan, CTO, Index Analytics

“Precisely is proud to be a member of the Linux Foundation AI & Data to help accelerate the growth and adoption of artificial Intelligence (AI). At Precisely we are committed to delivering the trusted data that is required to enable trusted AI and analytics. We believe that providing data integrity – data with accuracy, consistency, and context – help enable organizations to accelerate their adoption of AI and drive better business decisions.” – Tendü Yoğurtçu, PhD, Chief Technology Officer, Precisely

For more information and to get involved please visit: https://lfai.foundation/about/join/. If you’re interested in hosting a project, please review the Proposal and Hosting Process and check out the Hosting Requirements. For questions, please email info@lfaidata.foundation.

Helpful Resources

LF AI & Data website
Learn about membership opportunities
Explore the interactive landscape
Check out our technical projects
Join us at upcoming events
Read the latest announcements on the blog
Subscribe to the mailing lists
Follow us on Twitter or LinkedIn
Access other resources on LF AI & Data’s GitHub or Wiki

About LF AI & Data Foundation

The LF AI & Data Foundation, a Linux Foundation project, accelerates and sustains the growth of Artificial Intelligence (AI), Data Management, Machine Learning (ML), Deep Learning (DL) and Data open source projects. Backed by many of the world’s largest technology leaders, LF AI & Data is a neutral space for harmonization and ecosystem engagement to advance AI and Data innovation. To get involved with the LF AI & Data Foundation, please visit https://lfaidata.foundation.

Media Contact
pr@linuxfoundation.org

The post New AI & Data Foundation Combines Industry’s Fastest-Growing Open Source Developments in Artificial Intelligence and Open Data appeared first on The Linux Foundation.

Linux Foundation Focuses on Science and Research to Advance Diversity and Inclusion in Software Engineering

Mon, 10/26/2020 - 22:15

Open Source Summit Europe, October 26, 2020 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the Software Developer Diversity and Inclusion (SDDI) project. SDDI will explore, evaluate, and promote best practices from research and industry to increase diversity and inclusion in software engineering. Founding contributors include Comcast, Facebook, GitHub, Intel and VMware and research professors from Beijing University of Posts and Telecommunications, Eindhoven University of Technology, Oregon State University, University of Auckland and University of Victoria.

According to StackOverflow’s 2020 survey of more than 65,000 developers, 91.7 percent identify as male and 70.7 percent as white or of European descent. There is a tremendous amount of work to be done to create inclusive environments that can lead to a more diverse community building the software that is the foundation for our digital society. Research indicates that racially diverse groups make better decisions, diverse open source projects are more productive and that working on gender diverse teams improves attitudes towards women.

“While there are a variety of important diversity and inclusion initiatives in the technology industry, none are focused on increasing diversity across categories – race, gender, age and cognitive ability – in software engineering and informed by science and research,” said Kate Stewart, senior director of strategic programs at Linux Foundation. “We have optimism about the future of the open source community and our collective ability to increase diversity and inclusion. The work we do today can influence the vibrancy of the community and effectiveness of our technologies tomorrow.”

SDDI will include a steering committee and working groups that explore, evaluate and promote best practices from research and industry to increase diversity and inclusion in software engineering. The steering committee will be responsible for prioritizing the initial working groups, which could address research methods, ethics, resources and data, as well as diversity in the areas of gender, age, cognitive ability and education.

Open source projects are encouraged to participate in SDDI to inform best practices and to benefit from the findings of the Project. Existing Linux Foundation projects – TODO, which focuses on open source program office best practices, and the CHAOSS Project, which identifies tooling and metrics for diversity and inclusion – will also work closely with the new SDDI Project.

Supporting Comments

“The Software Developer Diversity and Inclusion Project (SDDI) is an excellent initiative that complements the work of the CHAOSS Project. Through collaboration, we can accelerate progress towards building a better virtual workplace for all developers,” said Nicole Huesman, Governing Board Co-Chair, the CHAOSS Project. “We’re looking forward to the research and best practices that surface from this work, so we can implement it in our work on metrics and tooling.”

“Diversity and inclusion are the cornerstone of building long term sustainable open source communities and programs,” said Chris Aniszczyk, co-founder of the TODO Group and CTO, CNCF. “The TODO Group looks forward to collaborating with the SDDI to share lessons and best practices from corporate open source programs.”

“Inclusive Open Source is of vital importance to industry and academia. The Software Developer Diversity and Inclusion (SDDI) project is a great initiative to bring inclusivity to OSS projects and products. For example, gender biases are embedded in the very tools that OSS projects use and the way information is structured. I look forward to working with SDDI to bring down these barriers, one feature at a time,” said Dr. Anita Sarma, Associate Professor, Computer Science, School of EECS, Oregon State University.

“Software systems are responsible for all aspects of modern life. They help humans make critical short-term and long-term societal and personal decisions, and yet the diversity and values of the people designing software systems do not remotely represent the diversity and values of people on our planet. The SDDI initiative, an active collaboration between industry and academia, will drive essential and rigorous research towards understanding barriers to diversity and inclusion while also discovering and promoting best practices,” said Margaret-Anne Storey, University of Victoria, Canada.

“Despite significant efforts over recent years to increase diversity and inclusion in many software companies, little traction has been made. This signals that new ways of thinking are needed to better understand the barriers and best practices. This initiative can help to stimulate new understanding and develop improved diversity and inclusion practices, which will lead to more innovative and useful software products,” said Kelly Blincoe, University of Auckland, New Zealand.

“Diversity is essential not only to create products that address needs of diverse groups of users but also to create sustainable and vibrant development teams. SDDI has the power and the promise to combine best industrial practices, insights from open source software developments and findings of the academic research to bring change in the ways teams are are organised and work together, and ultimately both in more comfortable and sustainable working environment, and better software products,” said Alexander Serebrenik, Eindhoven University of Technology, The Netherlands.

“Diversity and inclusion in software development have broad impact beyond our industry, particularly for those who are living in low and medium HDI countries. For them, being included in the software development profession is often a life-changing opportunity. I believe SDDI, a strong collaboration between academia and industry, would benefit the disadvantaged groups around the world,” said Yi Wang, Professor, Beijing University of Posts and Telecommunications.

“Diversity of thought is a vital component for building sustainable and healthy open source communities. Individuals from diverse backgrounds injecting new and innovative ideas advances an inclusive and welcoming ecosystem for all. SDDI with its focus on best practices in increasing D&I will be instrumental in providing the right direction for all committed to increasing diversity,” said Shuah Khan, Kernel Maintainer & Fellow, the Linux Foundation.

“Without an intentional and coordinated effort like the SDDI, it will be hard to move the needle on more diversity in software engineering. There are many great practices across open source, companies and universities that we need to aggregate, make easier to discover and put into action. The Linux Foundation is at the center of all of these communities and can get us together to improve the state of diversity in tech,” said Nithya Ruff, Head of Comcast Open Source Program Office, Chair, Linux Foundation Board.

“At Intel, we believe diverse and inclusive teams are more creative and innovative. We continue to raise the bar in areas such as representation, pay equity, and inclusion initiatives. This year, we announced our 2030 goals, global challenges and RISE strategy to create a more responsible, inclusive, and sustainable world, enabled through technology and our collective actions. We welcome the Linux Foundation’s new SDDI initiative to focus on improving inclusion and representation in the Open Source community and look forward to furthering this effort,” said Melissa Evers-Hood, Vice President, General Manager of Software Business Strategy, Intel Architecture, Graphics and Software, Intel Corporation

“Open source lifts all boats — creating innovation and opportunity for developers around the world. For Facebook, investing in open source is a way to empower developers as well as broader communities of individuals and businesses. To that end, we’re thrilled to support Linux Foundation’s SDDI effort which will not only help us invest in the next generation of open source developers but also promote increasing diversity in tech,” said Kathy Kam, Head of Open Source, Facebook.

“As home to most of the world’s open source software, GitHub believes deeply in the potential of a passionate, diverse open source community to move our world forward and accelerate human progress. GitHub is thrilled to collaborate on this project, which will allow us to “open source diversity and inclusion” for the benefit of us all. By making software development more accessible, inclusive, and sustainable, we can support the growth of a community where all developers — no matter who or where they are in the world — can learn, contribute, grow, and feel like they belong,” said Demetris Cheatham, Senior Director of Diversity, Inclusion and Belonging, GitHub.

“Innovation is a core tenet of VMware. We know that to make faster progress around Diversity and Inclusion we need to apply innovation and research the same way we do to technology problems. Supporting initiatives like this aligns with our values and is critical to the long term success of the technology industry as a whole,” said Shanis Windland, vice president, Diversity and Inclusion, VMware.

“SDDI will be an important initiative,” said Daniel Izquierdo, cofounder of Bitergia. “We at Bitergia do D&I research for customers and we look forward to sharing our experience and learning from others through SDDI.”

For more information about SDDI and to contribute, please visit: https://sddiproject.org/

About the Linux Foundation

###

Media Contact
Jennifer Cloer
503-867-2304
pr@linuxfoundation.org

[1] Sommers, Samuel R. “On racial diversity and group decision making: identifying multiple effects of racial composition on jury deliberations.” Journal of personality and social psychology 90.4 (2006): 597. Vasilescu, Bogdan, et al. “Gender and tenure diversity in GitHub teams.” Proceedings of the 33rd annual ACM conference on human factors in computing systems. 2015. Wang, Oliver and Zhang, Min. “Reducing Implicit Gender Biases in Software Development: Does Intergroup Contact Theory Work?” Proceedings of Foundations of Software Engineering. 2020.

The post Linux Foundation Focuses on Science and Research to Advance Diversity and Inclusion in Software Engineering appeared first on The Linux Foundation.

Linux Foundation Newsletter: October 2020

Sat, 10/24/2020 - 03:48

Click on the above graphic for the October 2020 Linux Foundation Newsletter

The post Linux Foundation Newsletter: October 2020 appeared first on The Linux Foundation.

Goldman Sachs Open Sources its Data Modeling Platform through FINOS

Tue, 10/20/2020 - 02:00

Open Sourced Codebase Contribution Addresses Data Efficiency and Governance Challenges in the Financial Services Industry

October 19, 2020 / The Fintech Open Source Foundation (“FINOS“), together with platinum member Goldman Sachs (GS), today announced the launch of Legend, Goldman’s flagship data management and data governance platform. Developed internally and used by both engineers and non-engineers alike across all divisions of the bank, the source code for five of the platforms’ modules have today been made available as open source within FINOS.

Today’s launch comes on the heels of the completion of a six-month pilot in which other leading investment banks, such as Deutsche Bank, Morgan Stanley and RBC Capital Markets, used a shared version of Legend, hosted on FINOS infrastructure in the public cloud, to prototype interbank collaborative data modeling and standardization, in particular to build extensions to the Common Domain Model (CDM), developed by the International Swaps and Derivatives Association (ISDA). This shared environment is now, starting today, generally available for industry participants to use and build models collaboratively. With the Legend code now available as open source, organizations may also launch and operate their own instances. The components open-sourced today allow any individual and organization across any industry to harness the power of Goldman Sachs’ internal data platform for their own data management and governance needs as well as contribute to the open code base.

“Legend provides both engineers and non-engineers a single platform that allows everyone at Goldman Sachs to develop data-centric applications and data-driven insights,” said Atte Lahtiranta, chief technology officer at Goldman Sachs. “The platform allows us to serve our clients better, automate some of the most difficult data governance challenges, as well as provide self-service tools to democratize data and analytics. We anticipate that the broad adoption of Legend will bring real, tangible value for our clients as well as greater standardization and efficiency across the entire financial services ecosystem.”

“Information is the lifeblood of financial services, but it is becoming increasingly more difficult to ensure you have accurate, complete and timely information,” said Neema Raphael, chief data officer and head of data engineering at Goldman Sachs. “Over the last seven years, Goldman Sachs has been developing, in the form of the Legend platform, a new way to provide fast, easy, secure access to our information-for revenue generation, better client service, operational efficiency and regulatory compliance. We believe this new data platform is so powerful and important that we are making it available to our clients and the world fully open and free of charge as an open source platform through FINOS.”

The Legend platform and language were together known as “Alloy” and “PURE” internally within the bank. “The choice of a new holistic name, Legend, reflects our vision of a singular platform to serve as a critical guide-a legend-for Goldman’s internal data strategy, whether building data services for the full lifecycle of a trade or more easily servicing client and regulatory requests,” added Pierre De Belen, head architect of the Legend platform.

“Financial services firms have much to gain from open source adoption as the potential for its use to reduce financial burdens and needless complexity is nearly unlimited,” said Gabriele Columbro, executive director of FINOS. “A leader in our foundation from day one, Goldman Sachs shares this vision. Legend provides a concrete path towards greater collaboration and data standardization which will benefit all market participants, large and small.”

“Legend is an impressive technology with great potential for improving industry efficiency,” said Stephen Goldbaum, an executive director at FINOS platinum member Morgan Stanley, which participated in the Legend Pilot. “We see tremendous potential for synergies between Legend and our own Morphir project, also open-sourced through FINOS, just last month. These contributions together validate the FINOS model of bringing industry competitors together to solve industry challenges.”

“Elements of a complex instrument, such as a currency option, might be stored in dozens, even hundreds, of systems within a modern investment bank’s infrastructure across its front, middle, and back office-Legend is a critical tool Goldman Sachs uses to maintain data consistency across those various applications and databases and now it’s available for the entire industry to use,” said Rob Underwood, FINOS’ chief development officer who led the open sourcing effort for the foundation.

“Fierce market competitors, such as those that participated in pilot, do tremendous amounts of trading business with each other daily. They operate under common regulatory frameworks across the globe, such as MiFID II, which necessitate advanced data lineage tooling such as what’s available in Legend. The power of Legend to help drive data consistency and improve interoperability will compound as it’s adopted by more institutions, both sell-side and buy-side,” added Underwood.

Along with Goldman Sachs, FINOS members Deutsche Bank, Itau Unibanco, Morgan Stanley, RBC Capital Markets, ScottLogic, Wells Fargo as well as Digital Asset, ISDA and REGnosys participated in the pilot. The pilot group chose to use Legend for modeling work in two areas-FX option extensions to the CDM, as well as nascent work on commodities reference data. The pilot group also identified ESG data as a good potential future use case for Legend. The FX option extensions, specifically the Averaging Model used in the CDM, modeled collaboratively by the pilot group financial institutions participants using Legend, were proposed into the CDM and have since been accepted, released and integrated into a recent release to the public.

“The Legend pilot proved FINOS to be a great vehicle for open source enablement of the CDM for ISDA and its members,” said Ian Sloyan, director, market infrastructure and technology at ISDA. “Community use of the shared environment to do even more collaborative modeling will generate more interest in Legend, as well as the CDM and other standards maintained by ISDA. This is a win-win for all concerned.”

“Data architecture and modeling teams need to consistently innovate in order to improve data governance and controls, increase efficiency, reduce operating costs and deliver a seamless user experience,” said Russell Green, head of group architecture, Deutsche Bank, and a FINOS board member. “This is in addition to meeting the ever increasing data modeling requirements from data sourcing needs. Deutsche Bank is keen to explore and operationalize data modeling tools to further build seamless integration between different participants, toolkits and simplify data management. From our participation in the FINOS pilot, we believe that Legend Studio holds promise to enhance collaborative and federated data architecture and modeling within the bank and the industry.”

“We see great potential for banks and financial institutions to address common challenges of the industry collaboratively, with great potential for sustainability, ESG, market data distribution and risk management. We look forward to experimenting with the platform further and working together with an amazing community,” said Vanessa Fernandes, chief technology officer of emerging technologies & open source at FINOS Silver member Itau Unibanco.

“As an open core company, we are proud to have Legend deployed using GitLab for modeling source control which is now fully available to the open source community for further innovation within the financial services industry,” said Sid Sijbrandij, CEO at GitLab, a FINOS silver member. “GitLab is committed to open source contribution and stewardship and we see an incredible potential to simplify complexity, improve compliance, reduce costs and increase efficiencies, which ultimately strengthens institutions and supports the customers they serve.”

“REGnosys was founded on the premise that to solve the regulatory compliance challenge, the industry must collaborate out of shared, open source data and processing models,” said Leo Labeis, CEO, REGnosys, another participant in the pilot and curator of the Rosetta DSL used in the ISDA CDM. “We are extremely pleased to collaborate with FINOS and Goldman Sachs to further promote the development of industry standards, such as the ISDA CDM, which has stood the test of working across platforms.”

“At Scott Logic, we’ve long been proponents of the benefits of open source in creating common industry standards and a shared ecosystem of value. We were delighted to participate in the Legend pilot and look forward to contributing to its future development-including possible integrations with some of our own FINOS contributions, such as DataHelix,” said Colin Eberhardt, Scott Logic’s chief technology officer and FINOS board member.

Raphael first announced Goldman Sachs’ intention to open source Legend at last November’s Open Source Strategy Forum (OSSF), FINOS’ annual conference, and the only conference dedicated to driving collaboration and innovation in financial services through open source. Speakers from Goldman Sachs will return this year to OSSF, to be held virtually on November 12-13, to present on the next steps in Legend’s developments and adoption, including the bank’s intentions to open source additional portions of Legend in 2021.

The five modules open sourced today are Legend Studio, Legend Engine, Legend SDLC, Legend Shared, and the Legend-PURE language itself.

To request an account on the hosted instance of Legend, go to www.finos.org/legend. Legend’s documentation is available at legend.finos.org. To view, download and contribute to the Legend source code open sourced today, go to http://github.com/finos/legend.

To find out more about how to contribute to FINOS projects and participate in the FINOS open source community, please visit www.finos.org/get-involved.

About FINOS

About Goldman Sachs

The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.

Media Contacts:

Stephen Sumner
Caliber Corporate Advisers
stephen@calibercorporateadvisers.com
917-985-6630 ext.15

Patrick Lenihan
Goldman Sachs
Patrick.R.Lenihan@gs.com
201-819-9871

The post Goldman Sachs Open Sources its Data Modeling Platform through FINOS appeared first on The Linux Foundation.

The Linux Foundation

Pages