The Linux Foundation

Decentralized innovation, built on trust.

Updated: 30 min 39 sec ago

The Linux Foundation Open Sources Hardware of Disaster Relief Project that Won First Call for Code Global Challenge Led by IBM

Wed, 03/11/2020 - 00:00

Developers can help extend Project OWL’s reach by leveraging new open source technology to build mesh network nodes for emergency communications networks globally

Lake Tahoe, Calif., March 10, 2020 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced Project OWL’s IoT device firmware effort will be hosted at the Foundation and is inviting developers worldwide to build mesh network nodes for global emergency communications networks. Project OWL, the winner of Call for Code 2018, is a cloud-based analytics tool that helps facilitate organization, whereabouts, and logistics for disaster response. The Linux Foundation’s open governance model will enable a global network of developers to accelerate the development of the mesh networks, which could help save lives following a natural disaster.

Project OWL (Organization, Whereabouts, and Logistics) has developed mesh network of Internet of Things (IoT) devices called “DuckLinks” that can be deployed or activated in disaster areas to quickly reestablish connectivity and improve communication between first responders and civilians in need. A central portal connects to solar- and battery-powered water resistant ‘DuckLinks’ that are placed in the field to generate a Local Area Network (LAN) using a Wi-Fi captive portal powered by low frequency Long-range Radio (LoRa) connectivity. These DuckLinks provide an emergency network to all mobile devices in their perimeter, instructing people how to connect to an emergency response portal. First responders can also use analytics and data sources to build a dashboard and formulate an action plan, such as coordinating resources, learning about weather patterns, and communicating with civilians who would otherwise be cut off.

Project OWL envisions the nodes creating large-scale communications networks in the wake of natural disasters. The open source release of OWL’s firmware can quickly turn a cheap wireless device into a DuckLink, a mesh network node capable of connecting to any other Ducks physically around it. This release marks a significant milestone putting the ClusterDuck Protocol into the hands of global developers. This is a starting point to even larger efforts in communities around the world to provide communications where infrastructure is degraded or nonexistent.

“Becoming part of The Linux Foundation community is a huge boost in accelerating our goal to better prepare communities and mitigate impact when hurricanes, floods or earthquakes strike. We want to challenge developers to build mesh network nodes for global emergency communications networks leveraging our newly open-sourced IoT firmware,” said Bryan Knouse, Co-Founder of Project OWL.

“When developing technologies that can have a direct impact on human life, it’s more important than ever to bring the largest possible global community of developers together working with an open governance model,” said Michael Dolan, VP of Strategic Programs at The Linux Foundation. “Project OWL’s technology solution is providing better information and analytics and enabling quicker distribution of resources and care where and when it’s needed most. We’re proud to support such a worthy cause.”

“As a developer, I am excited Project OWL’s firmware is open source and not just a hardware-software product. OWL has become a global movement that anyone from anywhere on the planet can join, contribute and address global issues,” said Vikas Singh, India-based open source developer.

In 2018, Project OWL emerged as the global winner in the inaugural Call for Code Global Challenge, competing with more than 100,000 participants from 156 nations. The Call for Code Global Challenge encourages and fosters the creation of practical applications built on open source software. The goal is to employ technology in new ways that can make an immediate and lasting humanitarian impact in communities around the world. Since winning in 2018, Project Owl has been fortified, tested, and deployed through IBM Code and Response, a $25 million, four-year deployment initiative to put open source technologies in the communities where they are needed most.

“Project OWL was our first Call for Code winner that went through the Code and Response incubation process, and we’re excited to see this solution grow closer to reality,” said Daniel Krook, IBM Chief Technology Officer for Call for Code and Code and Response. “We were impressed with their combination of a complete software and hardware open source solution, utilizing an AI-powered disaster coordination platform paired with a robust communication network to reach people when connections are down. IBM is committed to using the power of our network and technical know-how to alleviate suffering from climate change and natural disasters, and we’re thrilled to have the support of The Linux Foundation as we deploy the project globally.”

In March 2019, Project OWL and IBM took on a large-scale pilot trip to Puerto Rico, deploying over 63 ducks each covering two square miles. This was followed by two additional pilots in the west and southeast of the island, engaging with local students, businesses, government representatives, and first responders. OWL currently has 30 permanent, solar-powered devices deployed across Puerto Rico in areas that are vulnerable to earthquakes, flooding, fire or other weather conditions.

Resources:

Code and Response with The Linux Foundation: https://www.linuxfoundation.org/projects/code-and-response/

Contribute on GitHub: https://github.com/Code-and-Response/ClusterDuck-Protocol

Learn more about the ClusterDuck Protocol: http://clusterduckprotocol.org/

About Call for Code

Developers have revolutionized the way people live and interact with virtually everyone and everything. Where most people see challenges, developers see possibilities. That’s why David Clark Cause created and launched Call for Code in 2018 alongside Founding Partner IBM. This five-year, $30 million global initiative is a rallying cry to developers to use their skills and mastery of the latest technologies, and to create new ones, to drive positive and long-lasting change across the world with their code. Call for Code global winning solutions, among others, are further developed and deployed via the IBM Code and Response initiative.

About The Linux Foundation

Founded in 2000, The Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. The Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

Media Contacts

Beth Handoll

ReTHINKitMedia

beth@rethinkitmedia.com

+1 415 535 8658

The post The Linux Foundation Open Sources Hardware of Disaster Relief Project that Won First Call for Code Global Challenge Led by IBM appeared first on The Linux Foundation.

How Contributing to Diversity in Technology Made Me a Better Engineer

Wed, 03/04/2020 - 03:22

Because my family couldn’t afford tuition, I couldn’t pursue my true interest Computer Science and, instead, studied Metallurgical Engineering — a field that I had absolutely no interest in.

As I waited in line for the interview with an Iron extraction company, millions of thoughts running through my mind:

“Will be able to work in a field with no interest for my entire life?”,

“Will I be happy and satisfied here?”

“Is this opportunity big enough for the ambitions I have?”, “Has fortune done justice to all the sleepless nights of mine?”.

There was a part of me that kept asking whether this is what I wanted to do.

The very next moment, I left the line and went back to my room, skipping my interview.

After doing a lot of research for the next two days, I came to know about Google Summer of Code (GSoC), a program run by Google where students make contributions to open source software in return for recognition in the technology industry. I had 6 months in hand, for the only chance of getting selected in GSoC and steering my career path into software engineering.

I started learning to program, from basic algorithms in C, to building backend APIs in Django and building frontend UI in Angular and React.js. I gave it my all. This was followed by making significant contributions to open source projects to get selected for the program. Day in and day out, I kept making code contribution to recognised organisations such as Zulip, FOSSASIA, National Resource for Network Biology(NRNB) and Oppia. I decided to submit proposals for the first three, and managed to get shortlisted in all of them, finally going ahead with NRNB.

The following month, I got selected for another open source program called CodeSprint run by the Open Web Application Security Project (OWASP), a recognised organisation in web and application security. I worked on both the programs simultaneously and successfully completed my work, receiving good reviews from my mentors. A few months later, after making code contributions for 4 long months, I managed to become the Grand Prize Winner of another open source program called CodeHeat run by FOSSASIA.

Although I graduated with a degree in metallurgical engineering, I secured a job as a software engineer in the silicon valley of India, Bangalore. Open source software provided me a platform to showcase my skills, network with other developers and expand my knowledge of software development.

I also learnt about the lack of diversity in the technology field, and realized that I can actually make a difference to it through open source. I began mentoring students, the majority of which were women. I delivered talks about my journey and career transition in local meetups to inspire people and tell them how open source can help someone. I kept on teaching women, and people underrepresented in technology, in various open source programs such as GSoC, Google Code In, Rails Girls Summer of Code, LearnITGirl, Wootech Mentorship program Singapore to name a few. By that time, came to know about cloud native, and open source organisations such as Linux Foundation and CNCF. I also realized that I would need to learn more about these technologies in order to be better developer and mentor. I began learning more and more about these technologies to be better than average developers.

In order to improve myself and learn more of these advanced technologies, I went out of my comfort zone and started going to local hackathons and conferences. But I wanted to learn more about these technologies and also enhance my public speaking skills to deliver tech talks in conferences. I discovered the Linux Foundation’s Open Source Summit North America 2019, and how attending the event would help me improve myself. However, I did not have sufficient funds to support my trip to California. I applied for travel fund through Linux Foundation, but wasn’t very optimistic about it. But one fine day after 3 months of wait, I woke up to an email titled “Congratulations, your travel fund request for OSSNA has been accepted”. It was when I realized how much the community cherishes an open source contributor. I was thrilled and overjoyed!

The conference week arrived, I landed in Los Angeles, travelled to San Diego by Train, and arrived at the conference venue at Hilton. I started getting the Open Source Summit vibe the moment I arrived. I used the Sched app in order to plan my schedule and decide which talks to attend. The sheer diversity in the topics covered in talks from cloud technologies to embedded systems, coupled with an opportunity to network with attendees of various backgrounds doing phenomenal work in open source has made my experience memorable. The event started with keynote by Jim Zemlin, Executive Director at Linux Foundation, where he shared about Confidential Computing Consortium. This was followed by Jeff Clune, Senior Research Manager at Uber AI talking about Fueling Innovation by creating, collecting, and improving stepping stones. One other keynote that I would like to highlight is A.I. and Stephen Hawking ACAT by Kairan Quazi. He is truly an inspiration.

Some of the talks that really stood out includes “Peeling Layers: A Deep Dive into Kubernetes Networking”, “Helm 3: Navigating To Distant Shores”, “Machine Learning Made Easy on Kubernetes”, “Kubernetes Housekeeping”, “Out of the Box Observability and Tracing in Kubernetes with Kong, Zipkin and Prometheus”, “Use cases of Kubeflow” etc.

I also attended the sponsor showcase to know more about the latest advancement of their products, network with some of the most amazing people in open source, and learn more about the job opportunities they provide. Also, I would never be able to forget the Attendee Reception at USS Midway Museum and Puppy Pawlooza <3

I learnt so much and had lots of fun at the conference. This would not have been possible without Linux Foundation and I couldn’t thank them enough for giving me this opportunity. Special thanks to Jacynth Roberts for being so helpful. Looking forward to keep on contributing to FOSS and speaking at future Open Source Summits.

The post How Contributing to Diversity in Technology Made Me a Better Engineer appeared first on The Linux Foundation.

Linux Foundation Training Announces a Free Online Course-Developing Blockchain-Based Identity Applications

Wed, 03/04/2020 - 00:43

SAN FRANCISCO, March 4, 2020 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced enrollment is now open for a new professional certificate program – Developing Blockchain-Based Identity Applications. This program, offered through the edX training platform, is geared towards developers interested in building and deploying applications using the new “self-sovereign” paradigm for digital identity. It explores the possibilities for issuing and managing secure digital identities and credentials offered by Hyperledger Indy, Aries, and Ursa, for building applications on a solid digital foundation of trust. The program will also do a deep-dive into Hyperledger Aries, teaching learners how to create production-ready applications by developing code for issuing and verifying credentials with their own Aries agent.

“Managing and securing identity information is one of the most challenging problems of the digital age,” said Brian Behlendorf, Executive Director, Hyperledger. “With the capacity to distribute the control of information and authority, blockchain technologies can rewrite the rules for identity management. Hyperledger Indy, Aries, and Ursa, are the building blocks our global community has developed to bring self-sovereign identity to market. Getting up to speed on these technologies through this professional certification program will help you shape the future on this important front.”

Any identity-related data available online can be subject to theft. Breach Level Index says that over 5,880,000 records are stolen every day. The 2019 MidYear QuickView Data Breach Report shows that reported breaches in the first half of 2019 were up 54% compared to midyear 2018 (over 4.1 billion records exposed), with web being the number one breach type for records exposed, and hacking being the number one breach type for incidents. Blockchain-based identity management is revolutionizing this space. The tools, libraries, and reusable components that come with the three open-source Hyperledger projects, Aries, Indy, and Ursa, provide a foundation for distributed applications built on authentic data using a distributed ledger, purpose-built for decentralized identity.

In this program comprised of two online, self-paced courses, Introduction to Hyperledger Sovereign Identity Blockchain Solutions: Indy, Aries & Ursa (LFS172x) and Becoming a Hyperledger Aries Developers (LFS173x), students can expect to learn to:

Understand the problems with existing Internet identity/trust mechanisms today and learn how a distributed ledger, such as Hyperledger Indy, can be used for identity.
Discuss the purpose, scope, and relationship between Aries, Indy, and, Ursa and understand how these open-source blockchain technologies provide reliable self-sovereign identity solutions that add a necessary layer of trust to the Internet.
Understand the Aries architecture and its components, as well as the DIDComm protocol for peer-to-peer messages.
Deploy instances of Aries agents and establish a connection between two or more Aries agents.
Create from scratch or extend Aries agents to add business logic and understand the possibilities available through the implementation of Aries agents.

Introduction to Hyperledger Sovereign Identity Blockchain Solutions: Indy, Aries & Ursa (LFS172x) is addressed to a wide-ranging audience, walking the line between business and technology. The course explores how Hyperledger Aries, Indy, and Ursa add a necessary layer of trust to the Internet by creating and using digital identities rooted on blockchains or other distributed ledgers.

Becoming a Hyperledger Aries Developer (LFS173x) focuses on building applications on top of Hyperledger Aries components, the area where Self-Sovereign Identity Application Developers can have the most impact.

Students may register for the professional certificate program for a price of $398. Students can also audit for free each of the two courses for 7 weeks, or they may add a verified certificate for individual courses for $199.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training, and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

# # #

Media Contact:

Clyde Seepersad
The Linux Foundation
404-964-6973
cseepersad@linuxfoundation.org

The post Linux Foundation Training Announces a Free Online Course-Developing Blockchain-Based Identity Applications appeared first on The Linux Foundation.

Linux Foundation Training Announces a New Certification- Developer Certification for Hyperledger Fabric

Tue, 03/03/2020 - 23:03

New CHFD credential aimed to help fuel the supply of technical talent to support the continued demand for smart contract development.

SAN FRANCISCO, March 3, 2020 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced enrollment is now open for the new Certified Hyperledger Fabric Developer certification exam. This is the latest in a series of training content and certification exams aimed at onboarding the next generation of technical talent for professional blockchain technologies.

“Hyperledger Fabric has become a core technology for organizations looking to implement blockchain-based distributed ledgers and smart contract systems – leading to a shortage of professionals who are qualified to create and implement such systems,” said Brian Behlendorf, Executive Director, Hyperledger. “We have had over 200,000 students take our free introductory Hyperledger course and look forward to providing them with this new pathway to prove their technical chops.”

As with all Linux Foundation certification exams, the exam will be available remotely from virtually any location with a stable internet connection and webcam. Those who fail to pass the exam on their first attempt will be able to retake the exam one additional time at no cost. The exam is designed to be 2 hours long although for an introductory period candidates will be allowed 3 hours to complete it.

Candidates will have a variety of real-world tasks to perform on a live system as this is not a multiple-choice exam. A Certified Hyperledger Fabric Developer (CHFD) should demonstrate the knowledge to develop and maintain client applications and smart contracts using the latest Fabric programming model. Such a developer must also be able to package and deploy Fabric applications and smart contracts, perform end-to-end Fabric application life-cycle and smart contract management and program in Java or Node.js (or Go for smart contracts).

Exam topics will include:

Identity Management – 7%
Network Configuration – 8%
Smart Contract Development – 40%
Smart Contract Invocation – 25%
Maintenance and Testing – 20%

The full list of Domains and Competencies for CHFD can be found here. Learn more about the CHFA and CHSA certification exams and the community members that contributed on the Hyperledger blog.

About The Linux Foundation

Linux is a registered trademark of Linus Torvalds.

# # #

Media Contact:

Clyde Seepersad
The Linux Foundation
404-964-6973
cseepersad@linuxfoundation.org

The post Linux Foundation Training Announces a New Certification- Developer Certification for Hyperledger Fabric appeared first on The Linux Foundation.

The Linux Foundation: It’s not just the Linux operating system

Tue, 03/03/2020 - 01:00

Why have so many of the world’s most important open source efforts come to the Linux Foundation? Because of the ability to scale and provide value-added services to its communities. Introduction

In April of 1991, while as an undergraduate student at the University of Helsinki, Linus Torvalds began a personal project to create a free operating system. In August of that year, he announced the project to the comp.os.minix newsgroup requesting input on features.

The rest, of course, is history. In the past 30 years, the Linux kernel and its surrounding userspace tools have become the most popular open source operating system in the entire world.

As part of its rise to prominence, increasing complexity, scope, and the number of project contributors, the kernel project required the necessary technology, administrative, and legal infrastructure to scale with the community. As a result, the Linux Foundation was founded in 2000 as the Open Source Development Lab (which subsequently changed its name to the Linux Foundation.)

The nonprofit purpose of the organization is to “support, promote, protect and standardize Linux and other open source software and technologies.”

Figure 1. Project communities hosted by the Linux Foundation increased dramatically between 2013-2019.

At the time of the Linux Foundation’s formation, the organization was focused on promoting and protecting one project — Linux itself.

Up until roughly 2010, approximately a dozen or so projects related to the Linux operating system were hosted at The Linux Foundation. Those projects were formed to enable Linux’s evolution and entry into new segments and industry verticals, with the objective of making Linux the dominant platform by market share in every category of enterprise computing.

Today, Linux is an undisputed industry leader — but we should remember that was not always the case. At the time of the Foundation’s inception, Linux occupied only a minority market share in high-performance computing. In 2020, it now has complete dominance of the supercomputer market, wholly displacing UNIX, which held 85 percent of all HPC systems just 20 years earlier.

As a result of the efforts of the Linux Foundation’s communities over the past two decades, Linux now occupies a majority share in automotive, embedded systems, mobile devices, and cloud computing, as well.

As Linux continued to take a dominant foothold in all major markets, the Linux Foundation embarked on becoming a “foundation of foundations” to enable developers, communities, and members that wanted to leverage the same model of the LF — but for non-Linux technologies. Over the past seven years, the number of new project communities that the Linux Foundation supports has increased dramatically — which is now 225 and growing. And while that figure may seem small in a world where there are 23 million open repositories on GitHub, the projects at the Linux Foundation are at the heart of multi-billion dollar economies in cloud computing, networking, embedded systems, film, energy, and more.

As we celebrate the 20th anniversary of the formation of the Linux Foundation, it’s a good time to reflect on how the Foundation approaches support for open source innovation.

Scaling to support the world’s most important open source software communities

In the last 20 years, The Linux Foundation has become a critical commons for administration, support, enablement, and protection of open source community assets. This would not have been possible without first building a governance model that communities could trust to work for them, then building value-added support programs to support scale. The design goal has been to build the best upstream community model for downstream commercial solution providers and users.

As of February 2020, the Linux Foundation has become home to approximately 230 distinct project communities, spread among multiple industry verticals. In addition to the core Linux OS, the Linux Foundation communities build open source software technologies for Cloud, Networking, Security, Automotive, Blockchain, the Web, and even motion pictures. Beyond software, the Linux Foundation also supports open hardware communities such as RISC-V, OpenPower, and CHIPS Alliance.

The Linux Foundation’s communities have then gone further, building industry specifications and standards. The Joint Development Foundation (“JDF”) is the home to many of these specifications covering technologies such as GraphQL, video codecs, decentralized identity, and more. JDF is now also approved as an ISO JTC1 PAS Submitter, meaning that the Linux Foundation’s communities can now follow a path to becoming an international standard.

Every single one of these projects has associated community assets.

These include:

Over 12,000 Contributor License Agreements (CLAs) signed by contributing organizations for project communities requiring them.
Over 700 registered project domains and DNS records
Over 700 trademark registrations and applications, as well as hundreds of unregistered marks
Over 3,400 source code repositories
Approximately 3,000 membership agreements supporting communities

Many of these communities also seek financial support from companies involved in the projects and raise funding to support their efforts. The Linux Foundation has supported projects with a process, templates, and agreements that make it easy for companies to support the project communities they rely on.

In addition to hosting the communities themselves, the Linux Foundation is also host to many open source in-person events, which feature some of the most highly recognizable open source brands, such as KubeCon, KVM Forum, Cloud Foundry Summit, the NodeJS Summit, and the Open Source Summit.

Why projects choose the Linux Foundation

Ultimately, the objective of open source software projects is to produce the best open source software. That sounds fairly obvious and straightforward, but the reality is that managing even a small open source project has a considerable amount of overhead attached to it. The lead maintainers generally have to deal with the burden, and as a community grows, the challenges get more complicated.

It’s easy to set up a new open source project with all the free tooling available today at sites such as GitHub and GitLab. However, beyond having a fundamental repository, if a project community wants to do something more such as building neutral ownership and taking donations from companies, that overhead goes up exponentially. Now the maintainers need to deal with issues they never anticipated:

Setting up a legal entity, which can take months of work and legal costs, then the ongoing maintenance of the entity and its associated state or federal filings
Setting up a bank account, checks, accounting systems, and payroll systems, as well as benefits administration and hiring staff
Getting legal agreements signed by the sponsoring companies
Filling out paperwork and forms to be set up as a supplier with a sponsoring company
Dealing with invoices, purchase orders, and procurement departments
Setting up a financial reporting process, so stakeholders have visibility into where the funds went

Once a project graduates from simple hosting infrastructure, continual paperwork needs to be processed for establishing legal tax status, logos, trademarks, license agreements, as well as addressing other financial, legal, and different administrative needs. The complexity grows, and the project maintainers prefer to focus on what they do best — writing code and shipping the next release. Most maintainers have no desire to become experts at setting up a nonprofit entity, managing accounting, and dealing with procurement departments.

This is where an organization like the Linux Foundation can offer significant assistance and support the developer community using a low overhead model. The Linux Foundation is chosen by major open source initiatives to serve as a home for their projects because of the level of effort, as well as the startup costs for setting up many of these core assets, can be substantial. Additionally, very few reputable organizations with a global presence exist that can provide the level of neutrality required to host these assets in a trustworthy manner that would otherwise be free of influence from an interested corporate entity.

Figure 2: The portfolio of support programs that the Linux Foundation has developed to help its project communities.

The Linux Foundation can attribute some of the interest from communities to the comprehensive support programs it provides, which include:

Providing funding support through membership models or securing one-off contributions through crowdfunding, leaving the complexities of managing the legal entity, financial oversight, and regulatory filings to professionals that are highly experienced and dedicated to their administration.
Providing base policies that offer a known framework for organizations to collaborate, including an antitrust policy, trademark policy, templates for a code of conduct, and more.
Providing entity management for maintaining the core administrative support infrastructure that enables communities to interact, including hiring leadership and community support personnel, in order to facilitate and guide projects on an ongoing basis.
Supporting community events for face to face opportunities, as well as marketing and communications support to grow a project’s community audience and help people learn about the great things they contribute to
Eliminating the burden of managing software releases through hiring neutral release engineers that support the maintainers
Providing a platform in the form of CommunityBridge to address common challenges with fundraising, mentoring, security vulnerability scanning, and managing CLAs.
Providing training and professional certification support that enables building an ecosystem of skilled professionals in order to use, implement, and manage solutions based on a project’s technology.
Providing support for license compliance, export control, and security by the routine scanning of project repositories in order to help the community identify license and security problems before an official release proliferates issues to downstream users.

The Linux Foundation model for open communities

The Foundation’s work with open source communities focuses on building a trusted “foundation as a service” model for open collaboration based on five key principles:

Organizational Neutrality: No single company or organization can ever “take away” assets from the community that forms around a project. As a neutral owner, the core assets, such as the internet domains, online service accounts, and trademarks, can never be held hostage by an interested commercial entity. The Linux Foundation “owns” the assets, but empowers the community to make decisions about how they want to use them through its governance model.
Clear Separation of Funding and Participation: Additionally, any organization’s developer participation in an open source project hosted by the Linux Foundation is entirely independent of their financial support. While an organization may support a community financially, they cannot steer technical direction without contributing to the codebase like everyone else. For example, financial support does not grant any member the ability to name a committer, contribute a project feature, or set project priorities. All of that work is done through an open governance model.
Open Governance: Successful open collaboration projects have neutral, well-defined governance models where those who do the work make the decisions. The Linux Foundation strives to provide “do-ocracies” where responsibilities attach to people who do the work rather than elected or selected by some identified decision-maker. Our projects operate transparently, and the community develops its own operational guidelines that serve to create a working technical community.
Intellectual Property Clarity: The removal of uncertainty over the licensing of intellectual property makes it easy for developers to contribute and end-users to implement projects supported by the Linux Foundation. The Linux Foundation engages with the key stakeholders to understand and document the intellectual property terms that will form the basis for the collaboration. Contributors retain individual ownership of contributed code under an open source license and/or the terms of a project Contributor License Agreement (CLA).
Commercial Support Ecosystem: Developers like to see the projects they’re working on show up in products and solutions — it’s great to have users. The Linux Foundation encourages commercial involvement in our projects, which leads to additional benefits for the community. There are opportunities to get new contributions from developers working at companies, expanding the use cases and features, and helping guide user requirements. Often our communities will see enhanced employment opportunities for project contributors. This commercial support ecosystem can also provide support for the project, helping cover the cost of running an event, paying for development infrastructure, or providing people to help with documentation or other needs.

Conclusion

The Linux Foundation permits its projects to concentrate on the daily business of software development, while also allowing the administrative overhead to be managed by seasoned professionals that can provide the necessary legal and financial oversight at scale.

The growth of the Linux Foundation over the past two decades, and most recently, the last seven years, can be attributed to the diversity of value-added support programs that make it unique among organizations enabling technical collaboration. Whether a collaboration covers software, hardware designs, standards, or open data, the Linux Foundation has developed templates, models, and best practices to support an open community model.

The Linux Foundation’s adherence to core principles of neutrality, transparent governance, intellectual property clarity, and its fostering of a vibrant commercial support ecosystem has enabled it to work with some of the most innovative communities developing technology the entire world depends on every day. That’s an amazing opportunity and responsibility — we hope you will consider working with us on your next open community project.

The post The Linux Foundation: It’s not just the Linux operating system appeared first on The Linux Foundation.

Linux Foundation, LF Networking, and LF Edge Announce Keynote Speakers for Open Networking & Edge Summit North America 2020

Sat, 02/22/2020 - 01:00

Industry’s Premier Open Networking & Edge Conference Features Keynote Speakers from AT&T, CNCF, Deutsche Telekom AG, Edgeworx, Equinix, Ericsson, Google, Huawei, IBM, Rakuten Mobile and more

The full conference schedule will be announced on March 5th featuring business, technical and architectural sessions

SAN FRANCISCO, February 20, 2020 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, along with co-hosts LF Networking, the umbrella organization fostering collaboration and innovation across the entire open networking stack, and LF Edge, the umbrella organization building an open source framework for the edge, today announced initial keynote speakers for Open Networking & Edge Summit (ONES) North America 2020. The event takes place April 20-21 in Los Angeles, California.

Open Networking & Edge Summit (formerly Open Networking Summit) is the industry’s premier open networking event now expanded to comprehensively cover Edge Computing, Edge Cloud and IoT. The event enables collaborative development and innovation across enterprises, service providers/telcos and cloud providers to shape the future of networking and edge computing with a deep focus on technical, architectural and business discussions in the areas of Open Networking & AI/ML-enabled use cases for 5G, IoT, Edge and Enterprise deployment, as well as targeted discussions on Edge/IoT frameworks and blueprints across Manufacturing, Retail, Oil and Gas, Transportation and Telco Edge cloud, among other key areas.

Keynote speakers this year include:

Andre Fuetsch, Executive Vice President & Chief Technology Officer, AT&T Services, Inc.
Dan Kohn, Executive Director, Cloud Native Computing Foundation
Alex Choi, Senior Vice President of Strategy and Technology Innovation, Deutsche Telekom AG
Farah Papaioannou, Co-Founder and President, Edgeworx, Inc.
Anders Rosengren, Head of Architecture & Technology, Ericsson
Justin Dustzadeh, Chief Technology Officer, Equinix
Aparna Sinha, Director of Product Management, Google Cloud
Bill Ren, Chief Open Source Liaison Officer, ICT Infrastructure Open Source GM, Huawei
Marisa S. Viveros, Vice President of Strategy and Offerings, IBM
Ashiq Khan, Head of Cloud and NFV, Rakuten Mobile, Inc.
Arpit Joshipura, General Manager, Networking, Edge & IoT, The Linux Foundation
Heather Kirksey, Vice President, Community and Ecosystem Development, The Linux Foundation

Additional keynote speakers, as well as the full schedule of sessions, will be announced the first week of March.

Conference Registration is $950 through March 10, 2020 with additional registration options available including $300 Hall Passes, $600 Academic Passes, and $500 Student Passes. Non-profit and group discounts are available as well; details are available on the event registration page. Members of The Linux Foundation and Linux Foundation Projects (including LFN and LF Edge) receive a 20 percent discount on all registration fees; contact events@linuxfoundation.org to request a member discount code. Applications for diversity and needs-based scholarships are currently being accepted; for information on eligibility and how to apply, please click here.

Open Networking and Edge Summit North America 2020 is made possible thanks to Platinum Sponsors Cloud Native Computing Foundation, Ericsson, and Huawei, Gold Sponsor IBM, and Silver Sponsor Red Hat. For information on becoming an event sponsor, click here.

Members of the press who would like to request a press pass to attend should contact Jill Lovato at jlovato@linuxfoundation.org.

Additional Resources

YouTube: Why Attend Linux Foundation Events: https://youtu.be/X_rLxfmLlYY
Open Networking Summit North America 2019 Event Recap: https://events.linuxfoundation.org/events/open-networking-summit-north-america-2019/

About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation Events are where the world’s leading technologists meet, collaborate, learn and network in order to advance innovations that support the world’s largest shared technologies.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

The post Linux Foundation, LF Networking, and LF Edge Announce Keynote Speakers for Open Networking & Edge Summit North America 2020 appeared first on The Linux Foundation.

LF Networking Expands Ecosystem — Adds Members, Leads Initiatives to Automate 5G deployments and accelerate Automation

Fri, 02/21/2020 - 00:59

LFN’s ONAP, OPNFV, ODL, and FD.io projects further automated 5G deployments with code releases in 1H as well as hybrid support for VNF/CNF/NFVI compliance

A10 Networks, AMD, Codilime, Mirantis, Robin.io, Solutions by STC, ULAK, University of California San Diego, University of Surrey, and Xilinx join more than 100 other leading organizations to collaborate, create, test and deploy open source networking software

Initiatives such as the Common NFVI Telco Taskforce (CNTT), the OPNFV Verification Program (OVP), and Cloud Native Network Functions evolve and expand across adjacent communities and organizations

SAN FRANCISCO – February 20, 2020 — LF Networking (LFN), which facilitates collaboration and operational excellence across open networking projects, today announced the addition of nine new members.The project welcomes new Silver members A10 Networks, AMD, Codilime, Mirantis, Robin.io, Solutions by STC, ULAK, and Xilinx, and Associate members University of California San Diego, and University of Surrey.

“It’s great to kick off 2020 by welcoming a new swath of global members to the LFN community,” said Arpit Joshipura, general manager, Networking, Edge & IoT, the Linux Foundation. “We’re expanding our member ecosystem in tandem with growth across initiatives that harmonize open source an open standards, enable automated testing and deployment, and further Cloud Native Network Functions as open source becomes more mainstream.”

The newest LFN members will work alongside the 100+ existing member organizations to drive development, testing and implementation of LFN’s networking projects, including FD.io, ONAP, OpenDaylight, OpenSwitch, OPNFV, PNDA, SNAS, and Tungsten Fabric.

LFN begins 2020 by evolving joint collaboration across the industry to enable cloud native network functions (CNFs) to shift workloads into Kubernetes clusters using ONAP to orchestrate a variety of functions and services. Other activity includes harmonization with open standards, via the Common NFVI Telco Taskforce (CNTT), jointly hosted by the GSMA. The group recently published an initial common Reference Model and Reference Architecture as well as hosting a joint hackathon with developers across the LFN community. CNTT enhances the OPNFV Verification Program (OVP) which combines open source-based automated compliance and verification testing for NFV stack specifications established by ONAP, multiple SDOs such as ETSI and GSMA, and the LF Networking End User Advisory Group (EUAG). Current efforts include the next iteration of OVP, with more automation integrated via ONAP.

Join the Community at Open Networking & Edge Summit (ONES)

Open Networking & Edge Summit (formerly Open Networking Summit), the industry’s premier open networking event now expanded to comprehensively cover Edge Computing, Edge Cloud & IoT, takes place in North America April 20-21 in Los Angeles, Calif and in Europe September 29-30 in Antwerp, Belgium. ONES enables collaborative development and innovation across enterprises, service providers/telcos and cloud providers to shape the future of networking and edge computing. Join the LFN community in Los Angeles and register by March 10 for Early Bird pricing: https://events.linuxfoundation.org/open-networking-edge-summit-north-america/register/

Member Supporting Quotes:

“The Linux Foundation and its members continue to advance open source initiatives across a range of technologies. As network functions become more virtualized and cloud-native, the work the foundation is doing will help enable these network functions as open source. We are honored to join the Linux Foundation to help drive joint initiatives like the end-to-end 5G cloud-native network proof of concept (POC),” said Yasir Liaqatullah, vice president of product management, A10 Networks.

Bartosz Górski, CodiLime’s Chief Relationship Officer & Board Member is excited about this new opening. “The Linux Foundation, LF Networking and CodiLime have a mutual interest in pursuing the development of open-source networking stack. This has led us to join forces to foster the development of a networking project for the benefit of the entire open-source community. For the last 9 years, CodiLime has gained considerable experience in network engineering providing solutions for industry leaders. Last year we had the opportunity to present our solution based on Tungsten Fabric at the LFN booth at the Open Networking Summit and we got very positive feedback from the community. I believe that 2020 will see even more fruitful collaboration.”

“The LF Networking community is the guiding force of innovation in 5G, Edge, and the next generation of software-defined networking technology,” said Shaun O’Meara, Field CTO at Mirantis. “Mirantis has a history of becoming a significant collaborator in the projects we are part of. As we continue to promote open standards and innovation in our work with Kubernetes, Edge/IoT, and CNFs, we welcome the opportunity to collaborate with other members to benefit our customers, partners, and the industry at large.”

“Cloud-native networking is a big challenge with many technologies and technology providers, that’s why open standards and working together as a community are key to solving problems that we all face. There are exciting possibilities in this area for speeding industry adoption of open CNFs and vRAN technology for cost-effective and performant 5G rollout and scaling,” said Mehran Hadipour, vice president, business development, robin.io.

“LF Networking’s community represents a vibrate, collaborative effort to further the networking industry, and its focus on activities such as VNF compliance and validation, interoperability testing, and ecosystem acceleration is industry-leading. We are pleased to become members of LFN, participate in the OVP program, and accelerate areas such as 5G, cloud native networking, and edge/IoT,” said Metin Balcı, PhD, CEO, ULAK.

“Joining the Linux Foundation Networking Consortium reinforces Xilinx’s commitment to sustainable, open-source ecosystems. Software, 5G, telco, data center and multi-access edge computing developers can now easily take advantage of our adaptable platforms. We’re delighted to join the LF Networking consortium to enable software developers to use our leadership technology,” said Dan Mansur, vice president, Wired and Wireless Communication Group, Xilinx.

About the Newest LFN Members:

A10 Networks (NYSE: ATEN) enables service providers, cloud providers and enterprises to ensure their 5G networks and multi-cloud applications are secure. With advanced analytics, machine learning and intelligent automation, business-critical applications are protected, reliable and always available. Founded in 2004, A10 Networks is based in San Jose, Calif. and serves customers in 117 countries worldwide. For more information, visit: www.a10networks.com and @A10Networks.

For 50 years AMD has driven innovation in high-performance computing, graphics and visualization technologies ― the building blocks for gaming, immersive platforms and the data center. Hundreds of millions of consumers, leading Fortune 500 businesses and cutting-edge scientific research facilities around the world rely on AMD technology daily to improve how they live, work and play. AMD employees around the world are focused on building great products that push the boundaries of what is possible. For more information about how AMD is enabling today and inspiring tomorrow, visit the AMD (NASDAQ: AMD) website, blog, Facebook and Twitter pages.

CodiLime specializes in building, developing and integrating SDN & NFV solutions in a single-multi- or hybrid-cloud environment. It offers a wide range of services related to network engineering, including front-end and back-end development, DevOps, quality assurance and UX/UI services designed specifically for network applications. The company is also a contributor to Tungsten Fabric, an open-source SDN Controller and has done multiple projects of OpenStack and Kubernetes implementation. Thanks to its expertise, the company has won the confidence of such global industry leaders as Juniper Networks, Nutanix, Nvidia, AT&T, Gigaspaces, Stratoscale, Cloudify, Huawei, IBM and Hitachi. Learn more about CodiLime at https://codilime.com/.

Mirantis helps enterprises move to the cloud on their terms, delivering a true cloud experience on any infrastructure, powered by Kubernetes. The company uses a unique as-a-service model empowering developers to build, share and run their applications anywhere – from public to hybrid cloud and to the edge. Mirantis serves many of the world’s leading enterprises, including Adobe, Citizens Bank, DocuSign, PayPal, Reliance Jio, Splunk, and Volkswagen. Learn more at www.mirantis.com

Robin.io provides an application automation platform that enables enterprises to deliver complex application pipelines as a service. Built on industry-standard Kubernetes, the Robin platform allows developers and platform engineers to rapidly deploy and easily manage data- and network-centric applications—including big data, NoSQL and 5G—independent of underlying infrastructure resources. The Robin platform is used globally by companies including BNP Paribas, Palo Alto Networks, Rakuten Mobile, SAP, Sabre and USAA. Robin.io is headquartered in Silicon Valley, California. More at www.robin.io and Twitter: @robin4K8S.

Solutions by STC is part of Saudi Telecom Company’s ongoing commitment to transform itself into a leading regional ICT player. Solutions is accelerating STC’s enterprise segment growth strategy through providing a wide range of Information and Communications Technology services beyond the traditional Telco offerings of STC. Today, Solutions is the #1 ICT service provider in Saudi Arabia and operates under the umbrella of the Enterprise Business Unit of STC. Solutions provides advanced services and solutions that include IoT/M2M and Digital services, VSAT Services, Cloud Services, Network & Business Continuity Solutions, Data Center Services, Managed Services and ICT Systems Integration; serving STC customers across a wide array of the Saudi market’s vertical segments including the Public Sector, Enterprise, Defense, Utilities, Healthcare, Retail and other private sectors. More about Solutions at https://www.stcs.com.sa/

ULAK provides end to end broadband communications infrastructure for telecom operators with LTE-A Base Stations fully operational in more than 1000 sites; SD-WAN and SD-DC solutions, and concentrates her efforts heavily on 5G technologies, 5GNR, NFV, VNF, MANO, and network virtualization. For more info visit thttps://www.ulakhaberlesme.com.tr/index.php/en/

At the University of California San Diego, we embrace a culture of exploration and experimentation. Established in 1960, UC San Diego has been shaped by exceptional scholars who aren’t afraid to look deeper, challenge expectations and redefine conventional wisdom. As one of the top 15 research universities in the world, we are driving innovation and change to advance society, propel economic growth and make our world a better place. Learn more at www.ucsd.edu.

The University of Surrey is a global community of ideas and people, dedicated to life-changing education and research. With a beautiful and vibrant campus, we provide exceptional teaching and practical learning to inspire and empower our students for personal and professional success.

Xilinx develops highly flexible and adaptive processing platforms that enable rapid innovation across a variety of technologies – from the endpoint to the edge to the cloud. Xilinx is the inventor of the FPGA, hardware programmable SoCs and the ACAP, designed to deliver the most dynamic processor technology in the industry and enable the adaptable, intelligent and connected world of the future. For more information, visit www.xilinx.com.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

###

The post LF Networking Expands Ecosystem — Adds Members, Leads Initiatives to Automate 5G deployments and accelerate Automation appeared first on The Linux Foundation.

New Linux Foundation | Harvard Study Reveals Hard Truths, Actionable Steps for Open Source Security

Fri, 02/21/2020 - 00:00

Open source has made its way into almost every server farm, consumer device and service we use, and it’s done so without most people even realizing it. Almost no one knows what is in their phones, apps or business data centers. This is wreaking havoc on the global supply chain, so much so that the U.S. House of Representatives Energy and Commerce Committee sent a letter to the Linux Foundation inquiring about it. The Linux Foundation did its best to summarize a very complex situation in its response.

So with the help of Harvard researchers and companies like Snyk and Synopsys, we set out to produce our second Census of open source software but this time, with a focus on what open source software projects show up in production applications. At the heart of this is a desire to understand how we take a preventative care approach to security, rather than a reactionary one.

VULNERABILITIES IN THE CORE: A Preliminary Report & Census II of Open Source Software shares the earliest results of a multi-year, data-intensive research project that identifies the most used open source software packages in production applications across the world. This is the first phase of research in our partnership with Harvard, after which we will begin to look into who wrote these popular packages and what are the software security practices for dealing with vulnerabilities.

Open source is the underpinning of the world’s technical infrastructure and has undoubtedly resulted in massive innovation and disruption. It demands a better understanding, from its creation to distribution. Organizations need to start thinking about their software supply chain and open source can be a guide. Cybersecurity concerns often focus on a zero-sum game or good vs. evil, but what is increasingly more important is how we can increase transparency and trust in software by improving the systems by which it is created, distributed and consumed. We must start there. Learn how you can contribute to this massive, industry-wide transformation:

The post New Linux Foundation | Harvard Study Reveals Hard Truths, Actionable Steps for Open Source Security appeared first on The Linux Foundation.

The Linux Foundation and Harvard’s Lab for Innovation Science Release Census for Open Source Software Security

Wed, 02/19/2020 - 00:00

New analysis identifies most widely used software and uncovers critical questions for the future of securing one of the world’s greatest shared resources

SAN FRANCISCO, Calif., February 18, 2020 – The Linux Foundation’s Core Infrastructure Initiative (CII), a project that helps support best practices and the security of critical open source software projects, and the Laboratory for Innovation Science at Harvard (LISH), today announced the release of ‘Vulnerabilities in the Core,’ a Preliminary Report and Census II of Open Source Software.`

This Census II analysis and report represent important steps towards understanding and addressing structural and security complexities in the modern day supply chain where open source is pervasive, but not always understood. Census II identifies the most commonly used free and open source software (FOSS) components in production applications and begins to examine them for potential vulnerabilities, which can inform actions to sustain the long-term security and health of FOSS. Census I (2015) identified which software packages in the Debian Linux distribution were the most critical to the kernel’s operation and security.

“The Census II report addresses some of the most important questions facing us as we try to understand the complexity and interdependence among open source software packages and components in the global supply chain,” said Jim Zemlin, executive director at the Linux Foundation. “The report begins to give us an inventory of the most important shared software and potential vulnerabilities and is the first step to understand more about these projects so that we can create tools and standards that results in trust and transparency in software.”

Working in collaboration with Software Composition Analysis (SCAs) and application security companies, including developer-first security company Snyk and Synopsys Cybersecurity Research Center (CyRC), the Linux Foundation and Harvard were able to combine private usage data with publicly available datasets and develop a methodology for identifying more than 200 of the most used open source software projects, 20 of which are detailed in the findings. For the detailed methodology and list, including elaboration on each project, please read the report.

“FOSS was long seen as the domain of hobbyists and tinkerers. However, it has now become an integral component of the modern economy and is a fundamental building block of everyday technologies like smart phones, cars, the Internet of Things, and numerous pieces of critical infrastructure,” said Frank Nagle, a professor at Harvard Business School and co-director of the Census II project. “Understanding which components are most widely used and most vulnerable will allow us to help ensure the continued health of the ecosystem and the digital economy.”

With FOSS constituting 80-90 percent of all software, it is more important than ever that we understand what FOSS is most used and where it could be vulnerable to attack. The increasing importance of this has been underscored with US government agencies pushing for deeper insights into the software building blocks that make up various packages and devices via a software bill of materials (SBOM). For example, in April 2018, the leaders of the US Congress House of Representatives Energy and Commerce Committee sent a letter to the Linux Foundation, acknowledging the critical importance of FOSS and exploring the opportunities and challenges related to FOSS.

The increasing importance of FOSS throughout the economy became critically apparent in 2014 when the Heartbleed security bug in the OpenSSL cryptography library was discovered. By some estimates, the bug impacted nearly 20 percent, or half a million, of secure web servers on the Internet. It was the impetus for the Core Infrastructure Initiative, which has raised millions of dollars for open source security in just the last six years.

“Open source is an undeniable and critical part of today’s economy, providing the underpinnings for most of our global commerce. Hundreds of thousands of open source software packages are in production applications throughout the supply chain, so understanding what we need to be assessing for vulnerabilities is the first step for ensuring long-term security and sustainability of open source software,” said Zemlin.

Partner Quotes

Snyk

“The Snyk security team understands how complex and challenging it is to sustain a database with highly actionable, accurate, and timely vulnerability information,” said Snyk’s Co-founder, Danny Grander, a veteran security researcher who leads Snyk’s security team.

“We’ve worked closely with the Linux Foundation for many years on important research and security initiatives to help mitigate the risk involved in application development. Our team is proud to contribute Snyk’s proprietary, enriched data to the new Census II report, recognizing that industry-wide efforts like this are beneficial to improving the security and viability of open source.”

Synopsys

“Considering the ubiquity of open source software and the essential role it plays in the technology powering our world, it is more important than ever that we take a collaborative approach to maintain the long term health of the most foundational open source components,” said Tim Mackey, principal security strategist for the Synopsys Cybersecurity Research Center. “Identifying the most pervasive FOSS components in commercial software ecosystems, combined with a clear understanding of both their security posture and the communities who maintain them, is a critical first step. Beyond that, commercial organizations can do their part by conducting internal reviews of their open source usage and actively engaging with the appropriate open source communities to ensure the security and longevity of the components they depend on.”

About the Linux Foundation

Founded in 2000, The Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

About the Laboratory for Innovation Science at Harvard

The Laboratory for Innovation Science at Harvard (LISH) is spurring the development of a science of innovation through a systematic program of solving real-world innovation challenges while simultaneously conducting rigorous scientific research. To date, LISH has worked with key partners in aerospace and healthcare, such as NASA, the Harvard Medical School, the Broad Institute, and the Scripps Research Institute to solve complex problems and develop impactful solutions. More information can be found at https://lish.harvard.edu/

###

Media Contact
Jennifer Cloer
reTHINKit Media
for Linux Foundation
503-867-2304
jennifer@rethinkitmedia.com

The post The Linux Foundation and Harvard’s Lab for Innovation Science Release Census for Open Source Software Security appeared first on The Linux Foundation.

Open Source Software Supply Chain Security

Wed, 02/19/2020 - 00:00

Open Source Software Supply Chain Security

While innumerable strategies, frameworks, and “best practices” guides have emerged, few of which agree and some of which outright contradict each other, general consensus has grown around the need for increased diligence regarding the “software supply chain.”

As cybersecurity incidents have continued to grow in magnitude, frequency, and consequences, both public and private sector attention has turned to questions of what, if anything, organizations may do to better manage the risks of today’s modern, connected world.

We explore the security and reliability issues currently affecting the software supply chain, and identify where and how changes may be made to improve it overall.

Download Now

Thank you for your interest in the Core Infrastructure Initiative’s Census efforts! We are always looking for new partners to join us in our mission to strengthen the security and health of key open source projects. To get more involved, please enter your name and preferred email address, then check any boxes below that apply:

input[type=text] {
width: 100%;
padding: 12px 20px;
margin: 8px 0;
box-sizing: border-box;
border: 1px solid #000;
outline: none;
background-color: #fff;
}

input, select, textarea{
color: #000;
}
textarea:focus, input:focus {
color: #000;
}

input[type=button], input[type=submit], input[type=reset] {
border: none;
color: #fff;
padding: 16px 32px;
text-decoration: none;
margin: 4px 2px;
cursor: pointer;
}
label{
color: #000;
}

textarea {
width: 100%;
height: 150px;
padding: 12px 20px;
box-sizing: border-box;
border: 2px solid #000
border-radius: 4px;
background-color: #000;

resize: none;
}
First Name

Last Name

Email*

GitHub

Please select one of the options below:

I am a part of a company that would like to partner with CII to share data on FOSS usage.
I am a developer that would be interested in participating in the FOSS Contributor survey.
I would like to receive the results and findings of the developer survey when they are available.
I would like to receive the CII Census final report when it is available.

document.getElementById('txtUrl').value = window.location.href;

The post Open Source Software Supply Chain Security appeared first on The Linux Foundation.

Improving Trust and Security in Open Source Projects

Wed, 02/19/2020 - 00:00

Improving Trust and Security in Open Source Projects

A proposal to build and operate a program called the Trust and Security Initiative (TSI) and a set of recommendations for other security issues that need investment and help.

If you open the news on any given day and read about the latest data breach, you are reminded that software security is hard.

When you take a step back and think about the volume of emerging technology and think about industry trends such as increasing the velocity of software releases and the reuse of code and services, you could be forgiven for holding your hands up and concluding that things are trending in the wrong direction for us to ever have secure software.

input[type=text] {
width: 100%;
padding: 12px 20px;
margin: 8px 0;
box-sizing: border-box;
border: 1px solid #000;
outline: none;
background-color: #fff;
}

input, select, textarea{
color: #000;
}
textarea:focus, input:focus {
color: #000;
}

input[type=button], input[type=submit], input[type=reset] {
border: none;
color: #fff;
padding: 16px 32px;
text-decoration: none;
margin: 4px 2px;
cursor: pointer;
}
label{
color: #000;
}

textarea {
width: 100%;
height: 150px;
padding: 12px 20px;
box-sizing: border-box;
border: 2px solid #000
border-radius: 4px;
background-color: #000;

resize: none;
}
First Name

Last Name

Email*

GitHub

Please select one of the options below:
I am a part of a company that would like to partner with CII to share data on FOSS usage.
I am a developer that would be interested in participating in the FOSS Contributor survey.
I would like to receive the results and findings of the developer survey when they are available.
I would like to receive the CII Census final report when it is available.

document.getElementById('txtUrl').value = window.location.href;

The post Improving Trust and Security in Open Source Projects appeared first on The Linux Foundation.

Linux Foundation Training Announces a Free Online Course- Ethics in AI and Big Data

Tue, 02/11/2020 - 22:57

Artificial Intelligence (AI) today is a reality, and Big Data is its fuel. There is no AI without Big Data. And there is no Big Data without people, generating it every single minute of every single day. As the existence of humans and machines are starting to merge, it is imperative to consider how to create ethical business frameworks for responsible AI development.

SAN FRANCISCO, February 11, 2020 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the availability of a new, free course – Ethics in AI and Big Data. This course is offered through edX, the trusted platform for learning.

The Fourth Industrial Revolution is upon us; the physical, digital, and biological worlds are being fused in a way that has a tremendous impact on our global culture and economy. It is no secret that people, machines, data, and processes are increasingly connected in today’s world. While technological advancements like AI bring along promises and opportunities, they also raise concerns about security, user privacy, data misuse, and more. Trust is critical when it comes to AI adoption. People have a tendency to distrust artificial intelligence. It is the responsibility of business and data professionals to change that: add transparency, develop standards and share best practices to build trust, and drive AI adoption. A recent IBM study highlights that globally, 78% of respondents believe “it is very or critically important that they can trust that their AI’s output is fair, safe, and reliable.”

Business and data professionals need AI frameworks and methods to achieve optimal results while also being good technology and business stewards. This course teaches learners why AI and Big Data ethics are so critical and how to apply ethical and legal frameworks to initiatives in the data and analytics profession. Learners will explore practical approaches to data, and analytics problems posed by work in AI, Big Data, and Data Science.

“As we enter into this new era of technology with artificial intelligence infused in so many products and services around us, it is imperative for those working on these cutting edge technologies to innovate within certain ethical and legal frameworks,” said Dr. Ibrahim Haddad, Executive Director, LF AI Foundation, “Ethics in AI and Big Data teaches the learner the key principles and steps needed to be responsible stewards as they lay the blueprint affecting how people and technology interact in the future.”

Commissioned by the LF AI Foundation, LFS112x is aimed toward a wide-ranging audience, walking the line between business and technology. Students can expect to learn about:

Business drivers for AI, as well as business and societal dynamics at work in an AI world.
Key principles for building responsible AI, and the initial steps to take when planning an AI framework.
What ethics means and how to apply it to AI.
Where to start, what considerations should inform the ethical framework, and what this framework should include.
Pan-industry initiatives on ethical AI.
Drivers for open source to support AI.
Technical and non-technical implications of AI.

Ethics in AI and Big Data is available at no cost, with content access for up to 6 weeks. Learners may upgrade to the verified track for $199, which includes all graded assessments, unlimited access to the course content and the ability to earn a Verified Certificate upon passing the course.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

Linux is a registered trademark of Linus Torvalds.

# # #

Media Contact:

Clyde Seepersad
The Linux Foundation
404-964-6973
cseepersad@linuxfoundation.org

The post Linux Foundation Training Announces a Free Online Course- Ethics in AI and Big Data appeared first on The Linux Foundation.

New Collaboration Brings Increased Open Source Security Support and Assurances to Software Developers

Wed, 01/29/2020 - 00:00

The Linux Foundation Core Infrastructure Initiative and the Open Source Technology Improvement Fund to partner on advancing state-of-the-art open source security

SAN FRANCISCO, Calif. January 28, 2020 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, and the Open Source Technology Improvement Fund (OSTIF) today announced a strategic partnership to advance security for open source software (OSS) that has become critical to the world’s infrastructure.

The organizations will bring together and build on a depth of their experience supporting security audits for widely deployed open source communities. This formal and strategic agreement will allow the Linux Foundation to augment its work on security audits, of which it has already invested more than $1m across more than 20 security audits for open source projects to date, by including audit sourcing experts through OSTIF’s network. OSTIF will share the resources available through the Linux Foundation’s Community Bridge, a funding and support ecosystem for developers and projects, with its community to help fundraise for new audits.

“The Linux Foundation’s ability to fundraise across industries to support thousands of developers around the world is unprecedented,” said Amir Montazery, vice president of development at OSTIF. “The Linux Foundation is a pioneer in open source software and one of the few organizations taking the actions required to truly support it for generations to come. We are excited to join forces and increase our collective impact on improving critical software.”

As part of the strategic partnership, The Linux Foundation will appoint Mike Dolan, vice president of strategic programs, to the OSTIF Advisory Board.

“OSTIF represents a global community and network of security experts and developers and demonstrates an important commitment to the improvement and sustainability of open source software,” said Mike Dolan, vice president of strategic programs, Linux Foundation. “This is a natural collaboration that we hope will increase trust in the global open source software supply chain that underpins modern society.”

About the Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

About Open Source Technology Improvement Fund
The Open Source Technology Improvement Fund is a non-profit organization that connects open source security projects with much needed funding and logistical support. This core value is driven by public fundraising and by soliciting donations from corporate and government donors. For more information, please visit https://ostif.org

###
Media Contact
pr@linuxfoundation.org

The post New Collaboration Brings Increased Open Source Security Support and Assurances to Software Developers appeared first on The Linux Foundation.

Akraino Edge Stack Enables Connected Car, AR/VR, AI Edge, and Telco Access Edge Application Use Cases

Fri, 01/17/2020 - 01:00

Akraino R2 delivers new levels of flexibility for scale, efficiency, and high availability while accelerating deployment of edge application
Augments edge stacks delivered in R1 – including Network Cloud, IoT Edge, Enterprise Edge, and Telecom Edge– with new and enhanced tested and validated deployment-ready blueprints

SAN FRANCISCO – January 16, 2020 – LF Edge, an umbrella organization within the Linux Foundation that aims to establish an open, interoperable framework for edge computing independent of hardware, silicon, cloud, or operating system, today announced the availability of Akraino Edge Stack Release 2 (“Akraino R2”). Akraino’s second release furthers the power of intelligent edge with new and enhanced deployable, self-certified blueprints for a diverse set of edge use cases.

Launched in 2018, and now a Stage 3 (or “Impact” stage) project under the LF Edge umbrella, Akraino Edge Stack is creating an open source software stack that supports a high-availability cloud stack optimized for edge computing systems and applications. Designed to improve the state of edge cloud infrastructure for enterprise edge, over-the-top (OTT) edge, and carrier edge networks, it offers users new levels of flexibility to scale edge cloud services quickly, to maximize the applications and functions supported at the edge, and to help ensure the reliability of systems that must be up at all times.

“The Akraino community has grown rapidly in the past year, and now includes contributions from 70 percent of LF Edge Premium member companies and countless other ecosystem partners beginning to deploy the blueprints across the globe,” said Arpit Joshipura, general manager, Networking, Automation, Edge and IoT, the Linux Foundation. “With R2, strong community collaboration brings even more blueprints to the ecosystem that support current and future technology at the open source edge.”

About Akraino R2
Akraino Release 2 delivers the next iteration of open source edge cloud innovation for new levels of flexibility that scale 5G, industrial IoT, telco, and enterprise edge cloud services quickly, by delivering community-vetted edge cloud blueprints to deploy edge services. The blueprints address interoperability, packaging, and testing under open standards, which reduces users’ overall deployment costs and integration time.

Akraino R2 includes 6 blueprint families and 14 blueprints, all tested and validated on real hardware labs supported by users and community members. This release enhances the edge stacks delivered in R1 for cross-disciplinary edge use cases as well as new edge stacks to support connected vehicles, AR/VR, NFV, Telco Access, integration with SDN solutions and project promotions to maturity, with rigorous community standards.

The 14 “ready and proven” blueprints, include both updates to existing R1 blueprints, and the introduction of five new blueprints:

Connected Vehicle: This blueprint establishes an open source MEC platform to enable use cases such as accuracy of location, smarter navigation with real-time traffic updates, driver safety improvements, and traffic rule alerts.
IEC type 4: AR/VR-oriented Edge Stack: Focused on focused on AR/ VR applications running on the edge, the blueprint builds the AR/VR infrastructure and introduces a virtual classroom application, which improves online education experiences for teachers and students through a virtual classroom simulation.
Integrated Cloud Native NFV/Application Stack (ICN): ICN addresses the overall challenges of edge deployments in a single deployment model that enables Edge Providers for Zero Touch Provisioning support in multi-cloud, multi-edge and multi-party orchestration. It integrates Kubernetes and ONAP4K8s for container run times and service orchestration and supports bare metal and virtual deployments.
Network Cloud and Tungsten Fabric: This blueprint implements the Network Cloud with LF Networking’s Tungsten Fabric as an SDN Controller supporting cloud native integration for Kubernetes as well as the Neutron plugin for OpenStack, allowing operators to leverage Tungsten Fabric as a deployment tool and control infrastructure.
SDN-Enabled Broadband Access (SEBA): Part of the the Telco Appliance blueprint family, SEBA provides an appliance tuned to support the SDN-enabled Broadband Access (SEBA) platform. The blueprint utilizes a reusable set of modules introduced by the Radio Edge Cloud (REC), introduced in Akraino R1.

More information on Akraino R2, including links to documentation, can be found here. For details on how to get involved with LF Edge and its projects, visit https://www.lfedge.org/.

Looking Ahead
The community is already planning R3, which will include more new blueprints such as Edge AI/ML, 5G MEC/Slice, Time Critical Edge, and Micro-MEC and more, as well as enhancements to existing blueprints and tools for automated blueprint validations

Don’t miss the Open Networking and Edge Summit (ONES) North America, April 20-21 in Los Angeles, where Akraino and other LF Edge communities will be onsite to share the latest open source edge developments.

###

The post Akraino Edge Stack Enables Connected Car, AR/VR, AI Edge, and Telco Access Edge Application Use Cases appeared first on The Linux Foundation.

Copyright Notices in Open Source Software Projects

Fri, 01/10/2020 - 23:00

“What copyright notice should appear at the top of a file in an OSS project with many contributors?” This is a question we get all the time. Many of our communities have discussed this issue and aligned on a common approach that we thought would be useful to share.

When source code, documentation and other content is contributed to an OSS project, the copyrights in those contributions typically remain owned by the original copyright holders1.

What follows is a discussion of the typical OSS project where each contributing organization and individual retains ownership of their copyrights that they make available under the project’s open source software license. In this case, the copyrights are licensed for distribution as part of the project. Whether a project uses the Developer Certificate of Origin (“DCO”) and/or a Contributor License Agreement (“CLA”), the original copyright holders retain their copyrights.

Copyright Notices – Community Best Practice

Most LF project communities do not require or recommend that every contributor include their copyright notice in contributed files. See below for more details on why not.

Instead, many LF project communities recommend using a more general statement in a form similar to the following (where XYZ is the project’s name):

These statements are intended to communicate the following:

the work is copyrighted;
the contributors of the code licensed it, but retain ownership of their copyrights; and
it was licensed for distribution as part of the named project.

By using a common format, the project avoids having to maintain lists of names of the authors or copyright holders, years or ranges of years, and variations on the (c) symbol. This aims to minimize the burden on developers and maintainers as well as redistributors of the code, particularly where compliance with the license requires that further distributions retain or reproduce copyright notices.

What if I want my copyright notice included?

Please note that it is not wrong, and it is acceptable, if a contributor wishes to keep their own copyright notices on their contributions. The above is a recommended format for ease of use, but is not mandated by LF project communities.

If you are contributing on behalf of your employer, you may wish to discuss with your legal department about whether they require you to include a copyright notice identifying the employer as the copyright holder in contributions. Many of our members’ legal departments have already approved the above recommended practice.

What about code copied into the project repository from a Third Party?

If a file only contains code that originates from a third party source who didn’t contribute it themselves, then you would not want to add the notices above. (In a similar vein, you wouldn’t add a notice identifying you as the copyright holder either, if you didn’t own it.) Just preserve the existing copyright and license notices as they are.

If, however, you add copyrightable content to a pre-existing file from another project, then at that point you could add a copyright notice similar to the one above.

Don’t change someone else’s copyright notice without their permission

You should not change or remove someone else’s copyright notice unless they have expressly (in writing) permitted you to do so. This includes third parties’ notices in pre-existing code.

Why not list every copyright holder?

There are several reasons why LF project communities do not require or recommend trying to list every copyright holder for contributions to every file:

Copyright notices are not mandatory in order for the contributor to retain ownership of their copyright.
Copyright notices are rarely kept up to date as a file evolves, resulting in inaccurate statements.
Trying to keep notices up to date, or to correct notices that have become inaccurate, increases the burden on developers without tangible benefit.
Developers and maintainers often do not want to have to worry about e.g. whether a minor contribution (such as a typo fix) means that a new copyright notice should be added.
Adding many different copyright notices may increase the burden on downstream distributors, when their license compliance processes involve reproducing notices.
The specific individual or legal entity that owns the copyright might not be known to the contributor; it could be you, your employer, or some other entity.

1 For all of the LF’s projects, copyright in each contribution remains owned by the original copyright owner who makes the contribution. Other organizations and projects outside the LF may use a contribution agreement to require assignment of contributions, meaning that your ownership of copyrights in the contributions is transferred to the entity maintaining the project. You should check a project’s contribution terms, mechanisms and policies to make sure you understand the effect of contributing.

The post Copyright Notices in Open Source Software Projects appeared first on The Linux Foundation.

Subaru Adopts AGL Software for Infotainment on New 2020 Subaru Outback and Subaru Legacy

Wed, 01/08/2020 - 01:00

LAS VEGAS – CES 2020, January 7, 2020 – Automotive Grade Linux (AGL), a cross-industry effort developing an open source platform for all connected car technologies, today announced that the Subaru Starlink infotainment platform on the all-new 2020 Subaru Outback and the 2020 Subaru Legacy uses open source software from the AGL Unified Code Base (UCB) platform.

Subaru Starlink on the 2020 Subaru Outback

“Using AGL’s open source software allows us to easily customize the user experience and integrate new features, creating an integrated cockpit entertainment system that is more enjoyable for drivers,” said Mr. Naoyoshi Morita, General Manager of Electronic Product Design Dept. of Subaru Corporation. “We believe that shared software development through Automotive Grade Linux benefits the entire industry, and we look forward to our continued involvement and collaboration with other automakers and suppliers.”

AGL is supported by more than 150 members, including 11 automakers, who are working together to develop the AGL Unified Code Base (UCB) platform, a shared software platform that can serve as the de facto industry standard for infotainment, telematics, and instrument cluster applications. Sharing an open platform allows for code reuse and a more efficient development process as developers and suppliers can build once and have a product work for multiple automakers.

“Subaru has been an AGL member for many years, and we are very excited to see them use AGL in production,” said Dan Cauchy, Executive Director of Automotive Grade Linux. “The AGL platform continues to gain traction, and we expect to see more automakers using it in production in the years to come.”

AGL BOOTH AT CES 2020
The AGL booth at CES 2020 in the Westgate Hotel Pavilion, booth 1815, features 19+ demos by AGL members showing infotainment, instrument cluster, autonomous driving, security, connectivity, and other applications running on the AGL open source software platform.

The AGL booth will be open to the public during CES show hours and during the AGL Evening Reception & Demo Showcase on Wednesday, January 8, from 6:00 – 8:00 pm PT. Additional details and registration for the Evening Reception are available here.

Media and analysts are also invited to attend an AGL Media Happy Hour at CES on Tuesday, January 7, from 3:00 – 5:00 pm PT in the AGL booth. Please RSVP here.

###

About Automotive Grade Linux (AGL)
Automotive Grade Linux is a collaborative open source project that is bringing together automakers, suppliers and technology companies to accelerate the development and adoption of a fully open software stack for the connected car. With Linux at its core, AGL is developing an open platform from the ground up that can serve as the de facto industry standard to enable rapid development of new features and technologies. Although initially focused on In-Vehicle-Infotainment (IVI), AGL is the only organization planning to address all software in the vehicle, including instrument cluster, heads up display, telematics, advanced driver assistance systems (ADAS) and autonomous driving. The AGL platform is available to all, and anyone can participate in its development. Learn more: https://www.automotivelinux.org/

Automotive Grade Linux is a Collaborative Project at The Linux Foundation. Linux Foundation Collaborative Projects are independently funded software projects that harness the power of collaborative development to fuel innovation across industries and ecosystems. www.linuxfoundation.org

###

Media Inquiries
Emily Olin

The post Subaru Adopts AGL Software for Infotainment on New 2020 Subaru Outback and Subaru Legacy appeared first on The Linux Foundation.

Linux Foundation Training Announces a Free Online Course- Introduction to Site Reliability Engineering and DevOps

Tue, 12/17/2019 - 23:08

SAN FRANCISCO, December 17, 2019 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced enrollment is now open for a new, free course – Introduction to Site Reliability Engineering and DevOps. This course is offered through edX, the trusted platform for learning.

As Agile practices started revolutionizing software development, there has been an increasing need to bridge the gap between faster development and traditional waterfall practices. With its modern principles, practices and an array of state-of-the-art automation tools, DevOps provides a path to bring your operations into the Agile era, ultimately resulting in faster software delivery, without compromising on quality. The 2018 Open Source Jobs Report from Dice and the Linux Foundation highlighted the strong popularity of DevOps practices, along with cloud and container technologies. DevOps skills are in high demand, and DevOps jobs are among the highest-paid tech jobs.

As DevOps processes mature, there is a growing need for professionals with expertise in key practices and tools. DevOps has not only opened up new opportunities for Operations personnel but also provides them with a logical career progression. There is also an emergence of Site Reliability Engineering as a specific job description. This course is designed as a first step in the journey of transforming operations personnel into an all-round DevOps expert.

“Deep understanding of DevOps is a critical skill set that stands out in the workplace and translates into promotions and new job opportunities. Investing time in improving your skills is critical to modern technology jobs and the ease and accessibility of the Linux Foundation online courses brings self-training within reach,” said Dan Lopez, CDF program manager. ” The CD Foundation is seeing an explosion of interest in DevOps and continuous integration/continuous delivery (CI/CD) and this ‘Introduction to Site Reliability Engineering and DevOps’ is a great way to quickly take advantage of the explosive growth of opportunities in the field.”

Created by Gourav Shah from the School of DevOps, LFS162x is addressed to a wide audience: from managers looking for guidelines on how to start transforming organizations and understand where to start, to professionals looking to make a career in the world of Site Reliability/DevOps Engineering. Upon completion, students should have a good understanding of the foundation, principles, and practices of DevOps and Site Reliability Engineering. Students will gain an understanding of:

How DevOps is influencing software delivery and why it is important for IT operations personnel to skill up with DevOps practices.
How Cloud Computing has enabled organizations to rapidly build and deploy products and expand capacity.
How the open container ecosystem, with Kubernetes in the lead, is truly revolutionizing software delivery and what role an Operations Engineer plays in it.
The why, what and how of writing Infrastructure as a Code.
The role played by Continuous Integration in software delivery.
What is Continuous Deployment and Continuous Delivery and what does a deployment pipeline look like.
The role played by Observability systems, what to observe and why.

This course is a great starting point for aspiring DevOps and Site Reliability professionals looking to get the knowledge and skills to understand how to deploy software with confidence, agility and high reliability using modern DevOps and SRE practices.

Introduction to Site Reliability Engineering and DevOps is available at no cost, with content access for up to 10 weeks. Learners may upgrade to the verified track for $99, which includes all graded assessments, unlimited access to the course content and the ability to earn a Verified Certificate upon passing the course.

About The Linux Foundation

Linux is a registered trademark of Linus Torvalds.

# # #

Media Contact:

Clyde Seepersad

The Linux Foundation

404-964-6973

cseepersad@linuxfoundation.org

The post Linux Foundation Training Announces a Free Online Course- Introduction to Site Reliability Engineering and DevOps appeared first on The Linux Foundation.

Uber Announces OpenChain Conformance

Tue, 12/17/2019 - 09:00

TOKYO, DECEMBER 17 – Today Uber, a Platinum Member of the OpenChain Project, announces their conformance to the OpenChain Specification. This builds on their long-standing engagement and commitment to the project and a deep engagement with developing our industry standard, accompanying reference material, and our evolution into a formal ISO standard.

The OpenChain Project establishes trust in the open source from which software solutions are built. It accomplishes this by making open source license compliance simpler and more consistent. The OpenChain Specification defines inflection points in business workflows where a compliance process, policy or training should exist to minimize the potential for errors and maximize the efficiency of bringing solutions to market. The companies involved in the OpenChain community number in the hundreds. The OpenChain Specification is being prepared for submission to ISO and evolution from a growing de facto standard into a formal standard.

“Consistent and transparent compliance standards are critical for building trust among the open source community and our business partners,” said Matthew Kuipers, Senior Counsel, Uber. “ We’re increasing our commitment to the community and our partnerships by adopting the Linux Foundation’s OpenChain Specification.”

“Our collaboration with Uber began as the OpenChain Project scaled as an industry standard,” says Shane Coughlan, OpenChain General Manager. “Their engagement in our formative growth period provided valuable insight into how next-generation services companies operate today and where they are going tomorrow. Matt and his team have been a pivotal part of our evolution towards becoming an ISO standard and their commitment to excellence has raised the bar for great community engagement globally. We are looking forward to next steps together, particularly in fostering further adoption in areas where agile companies are establishing new markets.”

About Uber

Our mission is to ignite opportunity by setting the world in motion.

We revolutionized personal mobility with Ridesharing, and we are leveraging our platform to redefine the massive meal delivery and logistics industries.

We are a technology platform that uses a global network, leading technology, operational excellence and product expertise to power movement from point A to point B. We develop and operate proprietary technology applications supporting a variety of offerings on our platform. We connect consumers with providers of ride services, restaurants and food delivery services, public transportation networks, e-bikes, e-scooters and other personal mobility options. We use this same network, technology, operational excellence and product expertise to connect shippers with carriers in the freight industry. We are developing technologies to provide autonomous driving vehicle solutions to consumers, networks of vertical take-off and landing vehicles and new solutions to solve everyday problems.

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The post Uber Announces OpenChain Conformance appeared first on The Linux Foundation.

DENT Launches To Simplify Enterprise Edge Networking Software

Fri, 12/13/2019 - 22:00

Linux Foundation open ecosystem enables low cost, standardized network solutions for campus and remote offices

San Francisco, Calif., Dec 13, 2019 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the launch of DENT, a project to enable the creation of Network OS for Disaggregated Network Switches in campus and remote enterprise locations. Under the Linux Foundation, DENT hopes to unify and grow the community of Silicon Vendors, Original Design Manufacturers (ODM), System Integrators (SI), Original Equipment Manufacturers (OEM) and end users to create an ecosystem of contributors around a full-featured network operating system. The initial use case will focus on the retail industry with premier members including Amazon, Cumulus Networks, Delta Electronics Inc, Marvell, Mellanox, Wistron NeWeb (WNC).

Networking solutions today are customized for each market and each use case, whether telecom, cloud or enterprise data center markets. They use proprietary silicon (ASIC) for packet processing and closed operating systems to enable workloads and applications on a network switch. Disaggregation is the new way for Open Networking and has been well accepted in data centers and telecom infrastructures. However, in enterprise networking– especially with distributed locations– nothing currently exists for Enterprise Edge properties that fall outside the traditional public cloud as they have very specific requirements to take advantage of disaggregation and the networking stack.

Remote campus locations and retail stores require a simple networking OS stack that is low cost and Linux-based. DENT is an Open Source project that will enable the community to build this solution without complicated abstractions. It uses the Linux Kernel, Switchdev and other Linux based projects to allow developers to treat networking ASICs and silicon like any other hardware. It simplifies abstractions, APIs, drivers and overheads that currently exist in these switches and on other open software.

With new technologies like 5G, Edge, IOT, AI, the next generation of remote buildings, retail stores and enterprises will have a lot of innovative workloads and services close to the applications and users. Having a simple disaggregated Linux/SwitchDev-based switch to power the remote offices will enable an ecosystem of apps that simplifies and standardizes integration across the ecosystem.

“The Linux Foundation will establish a neutral home from the start for DENT – vital for community infrastructure, meetings, events and collaborative discussions,” said Arpit Joshipura, GM of Networking at The Linux Foundation. ”Our goal is to create an open source, open participation technical community to benefit the ecosystem of solution providers and users focused on network operating system, control plane and management plane use cases across a variety of industry solutions.”

For more information, please visit www.dent.dev

Additional Quotes

“Delta is excited to participate in DENT and applauds the Linux Foundation for tackling the challenges in enterprise and campus networking,” said Honda Wu, Vice President of solutions and open source at Delta. “We stand ready to support with our deep knowledge and expertise in networking.”

“We are excited to have the Linux Foundation join with us to grow the community and accelerate this open source networking revolution,” said Amit Katz, vice president of Ethernet switches at Mellanox Technologies. “DENT OS is a native Linux Network Operating System which leverages switchdev, a Linux driver for Ethernet switch ASICs that Mellanox pioneered. Switchdev exposes the unique hardware innovations in the Mellanox Spectrum family of Ethernet Switches. DENT promotes network disaggregation, which benefits customers by eliminating vendor lock-in and allows hardware vendors to compete on a level playing field, where the very best switch ASICs and systems can win by delivering the highest ROI possible.”

“As a provider of intelligent wireless and wireline solutions, including those for distributed enterprise networking, Wistron NeWeb Corporation (WNC) fully embraces open software architecture,” said Larry Lee, EVP and GM of the Networking BG at WNC. “We are delighted to partner with the Linux Foundation and other industry leaders for this DENT project. WNC will first tackle distributed switching for the initial retail use case. We see great potential for this full-featured networking OS and look forward to working together in this partnership to improve network efficiency and provide conveniences for campuses and other remote distributed networking markets.”

“Open source is in Cumulus’ DNA and we’re excited to be the first software platform to contribute to DENT. We have a deep history with the Linux Foundation, from driving the FRRouting project, the most contributed open source routing project in the world, to our contributions to ONIE, EVPN, among others,” said Partho Mishra, President and Chief Product Officer at Cumulus Networks. “Cumulus is the natural choice to support DENT given our deep roots with networking contributions to the Linux kernel, our latest support for SwitchDev, and our expansive reach in the data center with more than 2,000 customers. We are looking forward to partnering on the DENT project to extend open source in kernel networking capabilities from the data center to the campus edge.”

“As a leading silicon provider in access networking and a firm believer in customer choice through disaggregated hardware and software, Marvell is excited to bring our technology leadership to Linux Foundation’s DENT project as a founding member,” said Gavin Cato, vice president of product management and marketing at Marvell Semiconductor, Inc. “Marvell’s innovative switch portfolio lays the foundation for the transformation of access networks and the edge into an intelligent future while creating significant total cost of ownership advantages for customers. We are well positioned to be a game changer in retail networking and the smart edge, bringing a holistic approach to the ecosystem.”

About The Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The post DENT Launches To Simplify Enterprise Edge Networking Software appeared first on The Linux Foundation.

The Linux Foundation’s Automated Compliance Work Garners New Funding, Advances Tools Development

Thu, 12/12/2019 - 22:20

Google, Siemens and VMware commit to the Automated Compliance Tooling project, community accelerating work on Tern, OSS Review Toolkit, FOSSology and Quartermaster

San Francisco, USA – December 12, 2019 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced founding member commitments from Google, Siemens and VMware for the Automated Compliance Tooling (ACT), as well as key advancements for tools that increase ease and adoption of open source software.

Using open source code comes with a responsibility to comply with the terms of that code’s license. The goal of ACT is to consolidate investments in these efforts and to increase interoperability and usability of open source compliance tooling. Google, Siemens and VMware are among the companies helping to underwrite and lead this collaborative work.

Also announced today is the availability of Tern 1.0. Tern was originally contributed by VMware and is an inspection tool that finds the metadata of the packages installed in a container image. It is now able to generate SPDX. There is also the new FOSSology 3.7 release available today for reading SPDX headers have also been added to more than 75 percent of the source code files in the Linux kernel. And the Google Summer of Code (GSoC) interns have updated the spdx-tools libraries to support translations in Java, Python and Go. This enables other tools to smooth the import and export of SPDX documents.

“One of the most exciting parts of the ACT Project is its integration with pre-existing activities around the Linux Foundation Open Compliance Project,” says Shane Coughlan, OpenChain General Manager. “This includes the OpenChain Reference Tooling Work Group, with its focus on addressing real world challenges as efficiently as possible, an area where targeted investment is critical. The end result of these activities will ensure that open source tooling for open source compliance is more mature, more effective and easier to adopt for entities of all sizes.”

“Open Source tools that support the Open Source compliance process have seen great progress in recent months.” says Mirko Boehm, co-founder of Endocode and the QMSTR project. “With ACT, the efforts of the community, businesses and the funding for QMSTR from the European Commission’s Horizon 2020 program come together under one roof in direct collaboration with related industry projects like OpenChain. We expect an acceleration of the development of Open Source compliance solutions and are excited to collaborate with the partners at ACT, the community and the Linux Foundation”.

“It’s a testament to the community and the importance of automating compliance in software development that ACT membership and tools development and integration are coming together to create open source integrated solutions,” said Kate Stewart, senior director of Strategic Programs at Linux Foundation. “We applaud the contributions coming in from all corners of the community and look forward to what 2020 will bring to the work.”

Community members will be meeting this week at Open Compliance Summit in Tokyo, Japan. ACT is seeking new members, community partners and additional tooling projects. To get involved, contact act@linuxfoundation.org

ACT is composed of five primary projects:

FOSSology: An open source license compliance software system and toolkit allowing users to run license, copyright and export control scans from a REST API. As a system, a database and web UI are provided to provide a compliance workflow. License, copyright and export scanners are tools available to help with compliance activities. FOSSology is an existing Linux Foundation project that will move under ACT.

OSS Review Toolkit (ORT) enables highly automated and customizable Open Source compliance checks the source code and dependencies of a project by scanning it, downloading its sources, reporting any errors and violations against user-defined rules, and by creating third-party attribution documentation. ORT is designed for the CI/CD world and supports a wide variety of package managers including Gradle, Go modules, Maven, npm and SBT. The project is being contributed to ACT by HERE Technologies.

Quartermaster(QMSTR), originally contributed by Encode, integrates into the build systems to learn about the software products, their sources and dependencies. Developers can run QMSTR locally to verify outcomes, review problems and produce compliance reports. By integrating into DevOps CI/CD cycles, license compliance can become a quality metric for software development. The project is being contributed to ACT by Endocode.

SPDX Tools: Software Package Data Exchange (SPDX) is an open standard for communicating software bill of material information including components, licenses, copyrights and security references. The main SPDX specification will remain separate from, yet complementary to, ACT, while the SPDX tools that meet the spec and help users and producers of SPDX documents will become part of ACT. SPDX is an existing Linux Foundation project.

Tern: Tern is an inspection tool to find the metadata of the packages installed in a container image. It provides a deeper understanding of a container’s bill of materials so better decisions can be made about container based infrastructure, integration and deployment strategies. Tern was created by VMware, who are contributing the project to ACT, to help developers meet open source compliance requirements for containers.

Member Quotes

Google, founding member

“To do open source compliance well, at scale, we need to ensure the community has easy access to advanced automation and tooling,” said Will Norris, Open Source Engineering Manager at Google. “Google has invested heavily in our own compliance tooling, and we are proud to be a part of the Automated Compliance Tooling project to share our experience and expertise with the broader community. We look forward to helping make it easier for everyone using open source code to do so respectfully and in accordance with open source licenses.”

New York University’s Secure Systems Lab, affiliate member

“The software compliance ecosystem has long needed an initiative such as ACT, and projects such as SPDX-tools and Tern are key elements in the challenge of automating compliance” said Santiago Torres-Arias, lead of the in-toto project and member of the New York University’s Secure Systems Lab, “We are most excited about the integration of in-toto into SPDX, which will help in providing strong, cryptographically-enforced compliance checks. Security is not just a matter of protecting against outsiders, but also a matter of ensuring all actors within your supply chain are following the rules.”

Siemens, founding member

“An Open Source license compliance toolchain has to be Open Source itself. ACT is a milestone in building an integrated and automated end to end OSS compliance toolchain consisting of open source. ACT will boost the effort of the OpenChain Reference Tooling Work Group in realizing such a toolchain, which easily can be used free of charge – OSS license compliance for everyone.”

VMware, founding member

“Compliance is at the core of how companies need to engage with open source projects,” said Dirk Hohndel, vice president and chief open source officer, VMware. “The more we automate compliance processing, the better we are able to advance agile development and rapid response to address required changes such as security issues. For years, VMware has worked towards automating compliance tooling and we are committed to helping enterprises better understand what’s inside containers and manage their compliance obligations.”

For more information, please contact: act@linuxfoundation.org

About The Linux Foundation
Founded in 2000, The Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The post The Linux Foundation’s Automated Compliance Work Garners New Funding, Advances Tools Development appeared first on The Linux Foundation.

The Linux Foundation

Pages