The Linux Foundation

Subscribe to The Linux Foundation feed The Linux Foundation
Decentralized innovation, built on trust.
Updated: 2 hours 56 min ago

LF Edge’s State of the Edge 2021 Report Predicts Global Edge Computing Infrastructure Market to be Worth Up to $800 Billion by 2028

Thu, 03/11/2021 - 00:00
  • COVID-19 highlighted that expertise in legacy data centers could be obsolete in the next few years as the pandemic forced the development of new tools enabled by edge computing for remote monitoring, provisioning, repair and management.
  • Open source hardware and software projects are driving innovation at the edge by accelerating the adoption and deployment of applications for cloud-native, containerized and distributed applications.
  • The LF Edge taxonomy, which offers terminology standardization with a balanced view of the edge landscape, is based on inherent technical and logistical trade offs spanning the edge to cloud continuum is gaining widespread industry adoption.
  • Seven out of 10 areas of edge computing experienced growth in 2020 with a number of new use cases that are driven by 5G. 

SAN FRANCISCO – March 10, 2020 –  State of the Edge, a project under the LF Edge umbrella organization that established an open, interoperable framework for edge independent of hardware, silicon, cloud, or operating system, today announced the release of the 4th annual, State of the Edge 2021 Report. The market and ecosystem report for edge computing shares insight and predictions on how the COVID-19 pandemic disrupted the status quo, how new types of critical infrastructure have emerged to service the next-level requirements, and open source collaboration as the only way to efficiently scale Edge Infrastructure. 

Tolaga Research, which led the market forecasting research for this report, predicts that between 2019 and 2028, cumulative capital expenditures of up to $800 billion USD will be spent on new and replacement IT server equipment and edge computing facilities. These expenditures will be relatively evenly split between equipment for the device and infrastructure edges.

“Our 2021 analysis shows demand for edge infrastructure accelerating in a post COVID-19 world,” said Matt Trifiro, co-chair of State of the Edge and CMO of edge infrastructure company Vapor IO. “We’ve been observing this trend unfold in real-time as companies re-prioritize their digital transformation efforts to account for a more distributed workforce and a heightened need for automation. The new digital norms created in response to the pandemic will be permanent. This will intensify the deployment of new technologies like wireless 5G and autonomous vehicles, but will also impact nearly every sector of the economy, from industrial manufacturing to healthcare.”

The pandemic is accelerating digital transformation and service adoption

Government lockdowns, social distancing and fragile supply chains had both consumers and enterprises using digital solutions last year that will permanently change the use cases across the spectrum. Expertise in legacy data centers could be obsolete in the next few years as the pandemic has forced the development of tools for remote monitoring, provisioning, repair and management, which will reduce the cost of edge computing. Some of the areas experiencing growth in the Global Infrastructure Edge Power are automotive, smart grid and enterprise technology. As businesses began spending more on edge computing, specific use cases increased including: 

  • Manufacturing increased from 3.9 to 6.2 percent, as companies bolster their supply chain and inventory management capabilities and capitalize on automation technologies and autonomous systems. 
  • Healthcare, which increased from 6.8 to 8.6 percent, was buoyed by increased expectations for remote healthcare, digital data management and assisted living.
  • Smart cities increased from 5.0 to 6.1 percent in anticipation of increased expenditures in digital infrastructure in the areas such as surveillance, public safety, city services and autonomous systems.

“In our individual lock-down environments, each of us is an edge node of the Internet and all our computing is, mostly, edge computing,” said Wenjing Chu, senior director of Open Source and Research at Futurewei Technologies, Inc. and LF Edge Governing Board member. “The edge is the center of everything.” 

Open Source is driving innovation at the edge by accelerating the adoption and deployment of edge applications.

Open Source has always been the foundation of innovation and this became more prevalent during the pandemic as individuals continued to turn to these communities for normalcy and collaboration. LF Edge, which hosts nine projects including State of the Edge, is an important driver of standards for the telecommunications, cloud and IoT edge. Each project collaborates individually and together to create an open infrastructure that creates an ecosystem of support. LF Edge’s projects (Akraino Edge Stack, Baetyl, EdgeX Foundry, Fledge, Home Edge, Open Horizon, Project EVE, and Secure Device Onboard) support emerging edge applications across areas such as non-traditional video and connected things that require lower latency, and  faster processing and mobility.

“State of the Edge is shaping the future of all facets of just edge computing and the ecosystem that surrounds it,” said Arpit Joshipura, General Manager of Networking, IoT and Edge. “The insights in the report reflect the entire LF Edge community and our mission to unify edge computing and support a more robust solution at the IoT, Enterprise, Cloud and Telco edge. We look forward to sharing the ongoing work State of the Edge that amplifies innovations across the entire landscape.”

Other report highlights and methodology

For the report, researchers modeled the growth of edge infrastructure from the bottom up, starting with the sector-by-sector use cases likely to drive demand. The forecast considers 43 use cases spanning 11 verticals in calculating the growth, including those represented by smart grids, telecom, manufacturing, retail, healthcare, automotive and mobile consumer services. The vendor-neutral report was edited by Charlie Ashton, Senior Director of Business Development at Napatech, with contributions from Phil Marshall, Chief Research officer at Tolaga Research; Phil Shih, Founder and Managing Director of Structure Research; Technology Journalists Mary Branscombe and Simon Bisson; and Fay Arjomandi, Founder and CEO of mimik. Other highlights from the State of the Edge 2021 Report include:

  • Off-the-shelf services and applications are emerging that accelerate and de-risk the rapid deployment of edge in these segments. The variety of emerging use cases is in turn driving a diversity in edge-focused processor platforms, which now include Arm-based solutions, SmartNICs with FPGA-based workload acceleration and GPUs.
  • Edge facilities will also create new types of interconnection. Similar to how data centers became meeting points for networks, the micro data centers at wireless towers and cable headends that will power edge computing often sit at the crossroads of terrestrial connectivity paths. These locations will become centers of gravity for local interconnection and edge exchange, creating new and newly efficient paths for data.    
  • 5G, next-generation SD-WAN and SASE have been standardized. They are well suited to address the multitude of edge computing use cases that are being adopted and are contemplated for the future. As digital services proliferate and drive demand for edge computing, the diversity of network performance requirements will continue to increase.

“The State of the Edge report is an important industry and community resource. This year’s report features the analysis of diverse experts, mirroring the collaborative approach that we see thriving in the edge computing ecosystem,” said Jacob Smith, co-chair of State of the Edge and Vice President of Bare Metal at Equinix. “The 2020 findings underscore the tremendous acceleration of digital transformation efforts in response to the pandemic, and the critical interplay of hardware, software and networks for servicing use cases at the edge.”

Download Report

Download the report here

State of the Edge Co-Chairs Matt Trifiro and Jacob Smith, VP Bare Metal Strategy & Marketing of Equinix, will present highlights from the report in a keynote presentation at Open Networking & Edge Executive Forum, a virtual conference on March 10-12. Register here ($50 US) to watch the live presentation on March 12 at 7 am PT or access the video on-demand. 

Trifiro and Smith will also host an LF Edge webinar to showcase the key findings on March 18 at 8 am PT. Register here

About The Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

# # #

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact: 

Maemalynn Meanor

maemalynn@linuxfoundation.org

The post LF Edge’s State of the Edge 2021 Report Predicts Global Edge Computing Infrastructure Market to be Worth Up to $800 Billion by 2028 appeared first on Linux Foundation.

Industry-Wide Initiative to Support Open Source Security Gains New Commitments

Wed, 03/10/2021 - 01:00

Open Source Security Foundation adds new members, Citi, Comcast, DevSamurai, HPE, Mirantis and Snyk

SAN FRANCISCO, Calif., March 9, 2021 OpenSSF, a cross-industry collaboration to secure the open source ecosystem, today announced new membership commitments to advance open source security education and best practices. New members include Citi, Comcast, DevSamurai, Hewlett Packard Enterprise (HPE), Mirantis, and Snyk.

Open source software (OSS) has become pervasive in data centers, consumer devices and services, representing its value among technologists and businesses alike. Because of its development process, open source has a chain of contributors and dependencies before it ultimately reaches its end users. It is important that those responsible for their user or organization’s security are able to understand and verify the security of this dependency supply chain.

“Open source software is embedded in the world’s technology infrastructure and warrants our dedication to ensuring its security,” said Kay Williams, Governing Board Chair, OpenSSF, and Supply Chain Security Lead, Azure Office of the CTO, Microsoft. “We welcome the latest OpenSSF new members and applaud their commitment to advancing supply chain security for open source software and its technology and business ecosystem.”

The OpenSSF is a cross-industry collaboration that brings together technology leaders to improve the security of OSS. Its vision is to create a future where participants in the open source ecosystem use and share high quality software, with security handled proactively, by default, and as a matter of course. Its working groups include Securing Critical Projects, Security Tooling, Identifying Security Threats, Vulnerability Disclosures, Digital Identity Attestation, and Best Practices. 

OpenSSF has more than 35 members and associate members contributing to working groups, technical initiatives and governing board and helping to advance open source security best practices. For more information on founding and new members, please visit: https://openssf.org/about/members/

Membership is not required to participate in the OpenSSF. For more information and to learn how to get involved, including information about participating in working groups and advisory forums, please visit https://openssf.org/getinvolved.

New Member Comments

Citi

“Working with the open source community is a key component in our security strategy, and we look forward to supporting the OpenSSF in its commitment to collaboration,” said Jonathan Meadows, Citi’s Managing Director for Cloud Security Engineering.

Comcast

“Open source software is a valuable resource in our ongoing work to create and continuously evolve great products and experiences for our customers, and we know how important it is to build security at every stage of development. We’re honored to be part of this effort and look forward to collaborating,” said Nithya Ruff, head of Comcast Open Source Program Office.

DevSamurai

“We are living in an interesting era, in which new IT technologies are changing all aspects of our lives everyday. Benefits come with risks, that can’t be truer with open source software. Being a part of OpenSSF we expect to learn from and contribute to the community, together we strengthen security and eliminate risks throughout the software supply chain,” Said Tam Nguyen, head of DevSecOps at DevSamurai.

Mirantis

“As open source practitioners from our very founding, Mirantis has demonstrated its commitment to the values of transparency and collaboration in the open source community,” said Chase Pettet, lead product security architect, Mirantis. “As members of the OpenSSF, we recognize the need for cross-industry security stakeholders to strengthen each other. Our customers will continue to rely on open source for their safety and assurance, and we will continue to support the development of secure open solutions.”

Snyk

“As the number of digital transformation projects has exploded the world over, the mission of the Open Source Security Foundation has never been more critical than it is today,” said Geva Solomonovich, CTO, Global Alliances, Snyk. “Snyk is thrilled to become an official Foundation member, and we look forward to working with the entire community to together push the industry to make all digital environments safer.”

About the Open Source Security Foundation (OpenSSF)

Hosted by the Linux Foundation, the OpenSSF (launched in August 2020) is a cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. It combines the Linux Foundation’s Core Infrastructure Initiative (CII), founded in response to the 2014 Heartbleed bug, and the Open Source Security Coalition, founded by the GitHub Security Lab to build a community to support the open source security for decades to come. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page:  https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact

Jennifer Cloer

for the Linux Foundation

503-867-2304

jennifer@storychangesculture.com

The post Industry-Wide Initiative to Support Open Source Security Gains New Commitments appeared first on Linux Foundation.

Linux Foundation Announces Free sigstore Signing Service to Confirm Origin and Authenticity of Software

Wed, 03/10/2021 - 01:00

Red Hat, Google and Purdue University lead efforts to ensure software maintainers, distributors and consumers have full confidence in their code, artifacts and tooling

SAN FRANCISCO, Calif., March 9, 2021 –  The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the sigstore project. sigstore improves the security of the software supply chain by enabling the easy adoption of cryptographic software signing backed by transparency log technologies.

sigstore will empower software developers to securely sign software artifacts such as release files, container images and binaries. Signing materials are then stored in a tamper-proof public log. The service will be free to use for all developers and software providers, with the sigstore code and operation tooling developed by the sigstore community. Founding members include Red Hat, Google and Purdue University.

“sigstore enables all open source communities to sign their software and combines provenance, integrity and discoverability to create a transparent and auditable software supply chain,” said Luke Hinds, Security Engineering Lead, Red Hat office of the CTO. “By hosting this collaboration at the Linux Foundation, we can accelerate our work in sigstore and support the ongoing adoption and impact of open source software and development.”

Understanding and confirming the origin and authenticity of software relies on an often disparate set of approaches and data formats. The solutions that do exist, often rely on digests that are stored on insecure systems that are susceptible to tampering and can lead to various attacks such as swapping out of digests or users falling prey to targeted attacks.

“Securing a software deployment ought to start with making sure we’re running the software we think we are. Sigstore represents a great opportunity to bring more confidence and transparency to the open source software supply chain,” said Josh Aas, executive director, ISRG | Let’s Encrypt.

Very few open source projects cryptographically sign software release artifacts. This is largely due to the challenges software maintainers face on key management, key compromise / revocation and the distribution of public keys and artifact digests. In turn, users are left to seek out which keys to trust and learn steps needed to validate signing. Further problems exist in how digests and public keys are distributed, often stored on websites susceptible to hacks or a README file situated on a public git repository. sigstore seeks to solve these issues by utilization of short lived ephemeral keys with a trust root leveraged from an open and auditable public transparency logs.

“I am very excited about the prospects of a system like sigstore. The software ecosystem is in dire need of something like it to report the state of the supply chain. I envision that, with sigstore answering all the questions about software sources and ownership, we can start asking the questions regarding software destinations, consumers, compliance (legal and otherwise), to identify criminal networks and secure critical software infrastructure. This will set a new tone in the software supply chain security conversation,” said Santiago Torres-Arias, Assistant Professor of Electrical and Computer Engineering, University of Purdue / in-toto project founder.

“sigstore is poised to advance the state of the art in open source development,” said Mike Dolan, senior vice president and general manager of Projects at the Linux Foundation. “We are happy to host and contribute to work that enables software maintainers and consumers alike to more easily manage their open source software and security.”

“sigstore aims to make all releases of open source software verifiable, and easy for users to actually verify them. I’m hoping we can make this easy as exiting vim,” Dan Lorenc, Google Open Source Security Team. “Watching this take shape in the open has been fun. It’s great to see sigstore in a stable home.”

For more information and to contribute, please visit: https://sigstore.dev

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page:  https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact

Jennifer Cloer

for Linux Foundation

503-867-2304

jennifer@storychangesculture.com

The post Linux Foundation Announces Free sigstore Signing Service to Confirm Origin and Authenticity of Software appeared first on Linux Foundation.

New Mobile Native Foundation to Foster Development Collaboration

Wed, 03/03/2021 - 00:00

Linux Foundation hosts effort to improve processes and technologies for large-scale mobile Android and iOS applications; Lyft makes initial contributions

SAN FRANCISCO, Calif., March 2, 2021 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the Mobile Native Foundation (MNF). The MNF will bring developers together to improve processes and technologies that support large-scale Android and iOS applications. Organizations contributing to this effort include Airbnb, Capital One, Corellium, Elotl, Flare.build, GitHub, GogoApps, Haystack, Line, LinkedIn, Lyft, Microsoft, Peloton, Robinhood, Sauce Labs, Screenplay.dev, Slack, Solid Software, Spotify, Square and Uber.

“Like many of our industry peers, Lyft discovered that platform vendors did not solve all of the problems we faced as our mobile team grew from a dozen engineers to hundreds of active contributors,” said Keith Smiley, Staff Engineer, Lyft. “The Mobile Native Foundation will foster a diverse community that encourages collaboration and builds libraries and tools to move the industry forward.”

The MNF is a forum for collaboration on open source software, standards and best practices that can result in common UI frameworks, architectural patterns, build systems and networking stacks that can accelerate time to market and reduce duplicative work across companies.

“The mobile developer community is innovating and we know that open source and collaboration can ensure that continues,” said Mike Dolan, executive vice president and GM of Projects at the Linux Foundation. “The MNF will accelerate and smooth mobile app development and brings new contributions to the Linux Foundation ecosystem.”

Lyft is making early project contributions to the MNF that includes Kronos, index-import and set-simulator-location. Matthew Edwards is also contributing Flank.

For more information and to begin contributing, please visit: https://mobilenativefoundation.org

Partner Statements

Elotl

“We are excited to pioneer the state of art Kubernetes stack to build, test, and run modern mobile applications at cloud scale. We appreciate the opportunity to collaborate with industry leaders on this vision! “said Madhuri Yechuri, Founder & CEO, Elotl.

Flare.build

“We look forward to collaborating with the community on many projects related to our core vision of decreasing friction and boosting productivity for teams creating applications at scale,” said Zach Gray, co-founder and CEO, Flare.build.

LinkedIn

“The Mobile Native Foundation will advance the state-of-the-art in mobile development by bringing together open source developers and leading tech companies in a place where we can collaborate and enable anyone to build and operate large scale mobile applications. We are excited to be part of the launch and look forward to what we can accomplish together,” said Oscar Bonilla, Engineer, LinkedIn.

Microsoft

“We see this as a great opportunity to more inclusively collaborate on challenges we face across the industry and we can’t wait to see the improvements to mobile development we can make when we all work together,” said Mike Borysenko, distinguished engineer, Microsoft.

Robinhood

“Robinhood’s award-winning mobile apps wouldn’t be possible without the open source tools we rely on and contribute back to. We look forward to working together with the open source community as we continue to scale and address shared technical challenges,” said Lee Byron, Engineering Manager, Robinhood.

Screenplay.dev

“We could not be more humbled or more excited to have the opportunity to work with industry leaders to push the state of mobile development forward,” said Tomas Reimers, Co-founder, Screenplay.

Slack

Slack’s mobile engineering has benefited tremendously from the open source community. We’re excited to see the energy and experience behind MNF and look forward to participating in shaping the future of mobile development at scale,” said Valera Zakharov, Tech Lead of the Mobile Developer Experience Team.

Spotify

“We are excited to join forces with the community in the mission of solving issues and providing better technologies to ship mobile apps at scale,” said Patrick Balestra, iOS Infrastructure Engineer, Spotify.

Uber

“Uber mobile apps have scaled with the help of a thriving open source community and we are now proud to collaborate with other organizations on the Mobile Native Foundation to further give back,” said Ty Smith, Android Tech Lead, Uber.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page:  https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact

Jennifer Cloer
for the Linux Foundation
503-867-2304
jennifer@storychangesculture.com

The post New Mobile Native Foundation to Foster Development Collaboration appeared first on Linux Foundation.

Linux Foundation, LF Networking, and LF Edge Announce Speaker Line-up for Open Networking & Edge Executive Forum, March 10-12

Fri, 02/26/2021 - 01:27

Technology leaders, change makers and visionaries from across the global networking & edge communities will gather virtually for this unique, one-of-a-kind executive event focusing on deployment progress, 2021 priorities, challenges and more.

SAN FRANCISCO, February 25, 2020 The Linux Foundation, the nonprofit organization enabling mass innovation through open source, along with co-hosts LF Networking, the umbrella organization fostering collaboration and innovation across the entire open networking stack, and LF Edge, the umbrella organization building an open source framework for the edge, announced today the speaker line-up for Open Networking & Edge Executive Forum. The schedule can be viewed here and the speaker details can be viewed here

Open Networking & Edge Executive Forum (ONEEF) is a special edition of Open Networking & Edge Summit, the industry’s premier open networking & edge event, gathering senior technologists and executive leaders from enterprises, telecoms and cloud providers for timely discussions on the state of the industry, imminent priorities and insights into Service Provider, Cloud, Enterprise Networking, and Edge/IOT requirements.

ONEEF will take place virtually, March 10-12. Times vary each day to best accommodate the global audience. Attendees will be able to interact with speakers and attendees directly via chat, schedule 1:1 meetings and more as they participate in this community call to action.

“ONEEF is a great opportunity for the community to come together virtually after a very hard year,” said Arpit Joshipura, General Manager, Networking, Edge, and IoT, The Linux Foundation. “We have an impressive line-up of speakers from across a diverse set of global organizations, ready to share their knowledge and passion about what’s next for our burgeoning industry. Hope you can join us!”

Confirmed Keynote Speakers Include:

  • Madeleine Noland, President, Advanced Television Systems Committee
  • Andre Fuetsch, Executive Vice President & Chief Technology Officer, AT&T Services, Inc.
  • Steve Mullaney, Chief Executive Officer & President, Aviatrix
  • Jacob Smith, Vice President, Bare Metal Marketing & Strategy, Equinix
  • Dr. Junlan Feng, Chief Scientist & General Manager, China Mobile Research
  • Sun Qiong, SDN Research Center Director, China Telecom Research Institute
  • Dr. Jonathan Smith, Program Manager, Information Innovation Office (I2O), DARPA
  • Tom Arthur, Chief Executive Officer, Dianomic     
  • Chris Bainter, Vice President, Global Business Development, FLIR Systems
  • George Nazi, Global Vice President, Telco, Media & Entertainment Industry Solutions Lead, Google Cloud
  • Amol Phadke, Managing Director: Global Telecom Industry Solutions, Google Cloud
  • Shawn Zandi, Head of Network Engineering, LinkedIn
  • Tareq Amin, Group Chief Technology Officer, Rakuten
  • Johan Krebbers, IT Chief Technology Officer & Vice President, TaCIT Architecture, Shell
  • Pablo Espinosa, Vice President, Network Engineering, Target
  • Manish Mangal, Chief Technology Officer, Network Services, Tech Mahindra
  • Matt Trifiro, Chief Marketing Officer, Vapor IO
  • Subha Tatavarti, Sr. Director Technology Commercialization, Walmart   
  • Said Ouissal, Founder & CEO, ZEDEDA

Registration for the virtual event is open and is just US$50. Members of The Linux Foundation, LF Networking and LF Edge can attend for free – members can contact us to request a member discount code. The Linux Foundation provides diversity and need-based registration scholarships for this event to anyone that needs it; for information on eligibility and to apply, click here. Visit our website and follow us on Twitter, Facebook, and LinkedIn for all the latest event updates and announcements.

Members of the press who would like to request a media pass should contact Jill Lovato.

ONEEF sponsorship opportunities are available through Tuesday, March 2. All packages include a keynote speaking opportunity, prominent branding, event passes and more. View the sponsorship prospectus here or email us to learn more. 

About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation Events are where the world’s leading technologists meet, collaborate, learn and network in order to advance innovations that support the world’s largest shared technologies.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

####

Media Contact:

Kristin O’Connell

The Linux Foundation

koconnell@linuxfoundation.org

The post Linux Foundation, LF Networking, and LF Edge Announce Speaker Line-up for Open Networking & Edge Executive Forum, March 10-12 appeared first on Linux Foundation.

Linux Foundation Announces DizmeID Foundation to Develop and Enable a Self-Sovereign Identity Credential Network

Thu, 02/25/2021 - 00:41

New DizmeID Foundation and technical project to advance the development of identity credentialing

SAN FRANCISCO, Calif., February 24, 2021 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the DizmeID Foundation and technical project with the intent to support digital identity credentialing. The effort will combine the benefits of self-sovereign identity with necessary compliance and regulation, with the aim to enable wallet holders with ownership and control over their digital identity and data access and distribution.

Founding Premier Members of the DizmeID Foundation include: Algorand, Fabrick and InfoCert.

A.P.S.P.  is an Associate Member. Participation also includes a Start-up Supporter program for small organizations that want to advance the development of digital identity. Initial startups include eTuitus, Faberbee, Mopso/Amlet and Nym.

The DizmeID technical project leverages the Trust Over IP metamodel and builds upon three areas of existing infrastructure to focus its work on layer 4 that defines and implements the DizmeID features and business model.

“I’m proud to see our InfoCert research project becoming today the DizmeID Foundation cornerstone. We are ready to work with DizmeID Foundation members and all the community contributors in a joint effort to push the adoption of decentralized identity vision and bridge the gap between SSI and eIDAS,” said Daniele Citterio, Chief Technology Officer of InfoCert.

The DizmeID Foundation and technical project will define and allow for implementation of Dizme features on top of Sovrin public identity utility. The Dizme ecosystem is expected to include various technological components leveraging Hyperledger stack and adding a monetization layer based on Algorand blockchain protocol, which will enable the exchange of verifiable credentials and the development of new vertical applications. The identity credentials are managed with three levels of assurance: low, self-declared information; medium, automatic checks; and substantial, trusted identification. These levels of assurance would enable industry to have safer, innovative and cost-effective onboarding processes.

“We are thrilled that the DizmeID Foundation and Linux Foundation have chosen Algorand as the efficient transactional layer for their innovative self-sovereign identity solutions. With a shared vision of decentralized digital identity as a key primitive of the new way of exchanging value, we are honored that Algorand is a Founding Member of this important initiative,” said Pietro Grassano, Business Solutions Director Europe for Algorand.

“We at Fabrick are happy to be one of the Founding Member of DizmeID Foundation. We are pleased to share the vision of building an innovative open and decentralized identity framework with top-notch partners such as InfoCert and Algorand. We strongly believe Dizme ecosystem will sooner be one of the key innovation pillars enabling our Open Finance Ecosystem growth,” said Paolo Zaccardi, CEO and cofounder of Fabrick.

“As part of the Linux Foundation, DizmeID Foundation will take advantage of existing innovations in open governance and blockchain technology communities,” said Mike Dolan, senior vice president and general manager of Projects at the Linux Foundation. “DizmeID Foundation will take us one step closer to a self-sovereign identity future.”

DizmeID Foundation is calling for members and contributors to help build the Dizme ecosystem. For more information and to contribute to this work, please visit: https://www.dizme.io/foundation

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact

pr@linuxfoundation.org

The post Linux Foundation Announces DizmeID Foundation to Develop and Enable a Self-Sovereign Identity Credential Network appeared first on Linux Foundation.

Google Funds Linux Kernel Developers to Focus Exclusively on Security

Thu, 02/25/2021 - 00:02

Long-time Linux kernel maintainers Gustavo Silva and Nathan Chancellor to dedicate their focus to maintaining and improving Linux security for the long-term

SAN FRANCISCO, February 24, 2021 — Today, Google and the Linux Foundation announced they are prioritizing funds to underwrite two full-time maintainers for Linux kernel security development, Gustavo Silva and Nathan Chancellor.

Silva and Chancellor’s exclusive focus is to maintain and improve kernel security and associated initiatives in order to ensure the world’s most pervasive open source software project is sustainable for decades to come.

The Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) recently published an open source contributor survey report that identified a need for additional work on security in open source software, which includes the massively pervasive Linux operating system. Linux is fueled by more than 20,000 contributors and as of August 2020, one million commits. While there are thousands of Linux kernel developers, all of whom take security into consideration as the due course of their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open source software.

“At Google, security is always top of mind and we understand the critical role it plays to the sustainability of open source software,” said Dan Lorenc, Staff Software Engineer, Google. “We’re honored to support the efforts of both Gustavo Silva and Nathan Chancellor as they work to enhance the security of the Linux kernel.”

Chancellor’s work will be focused on triaging and fixing all bugs found with Clang/LLVM compilers while working on establishing continuous integration systems to support this work ongoing. Once those aims are well-established, he plans to begin adding features and polish to the kernel using these compiler technologies. Chancellor has been working on the Linux kernel for four and a half years. Two years ago, Chancellor started contributing to mainline Linux under the ClangBuiltLinux project, which is a collaborative effort to get the Linux kernel building with Clang and LLVM compiler tools.

“I hope that more and more people will start to use the LLVM compiler infrastructure project and contribute fixes to it and the kernel – it will go a long way towards improving Linux security for everyone,” said Chancellor, Linux maintainer.

Gustavo Silva’s full-time Linux security work is currently dedicated to eliminating several classes of buffer overflows by transforming all instances of zero-length and one-element arrays into flexible-array members, which is the preferred and least error-prone mechanism to declare such variable-length types. Additionally, he is actively focusing on fixing bugs before they hit the mainline, while also proactively developing defense mechanisms that cut off whole classes of vulnerabilities. Silva sent his first kernel patch in 2010 and today is an active member of the Kernel Self Protection Project (KSPP). He is consistently one of the top five most active kernel developers since 2017 with more than 2,000 commits in mainline. Silva’s work has impacted 27 different stable trees, going all the way down to Linux v3.16.

“We are working towards building a high-quality kernel that is reliable, robust and more resistant to attack every time,” said Silva, Linux maintainer. “Through these efforts, we hope people, maintainers in particular, will recognize the importance of adopting changes that will make their code less prone to common errors.”

“Ensuring the security of the Linux kernel is extremely important as it’s a critical part of modern computing and infrastructure. It requires us all to assist in any way we can to ensure that it is sustainably secure,” said David A. Wheeler, the Linux Foundation. “We extend a special thanks to Google for underwriting Gustavo and Nathan’s Linux kernel security development work along with a thank you to all the maintainers, developers and organizations who have made the Linux kernel a collaborative global success.”

Funding Linux kernel security and development is a collaborative effort, supported by the world’s largest companies that depend on the Linux operating system. To support work like this, discussions are taking place in the Securing Critical Projects Working Group inside the OpenSSF.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact

Jennifer Cloer
Story Changes Culture
503-867-2304
jennifer@storychangesculture.com

The post Google Funds Linux Kernel Developers to Focus Exclusively on Security appeared first on Linux Foundation.

The Linux Foundation and IBM Announce New Open Source Projects to Promote Racial Justice

Fri, 02/19/2021 - 22:05

The Linux Foundation will host seven Call for Code for Racial Justice projects created by IBM and Red Hat employees

San Francisco, Calif., Feb. 19, 2021 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it will host seven projects from Call for Code for Racial Justice, an initiative driven by IBM and Creator David Clark Cause to urge the global developer ecosystem and open source community to contribute to solutions that can help confront racial inequalities.

Call for Code for Racial Justice launched in October 2020, and facilitates the adoption and innovation of open source projects by developers, ecosystem partners, and communities across the world to promote racial justice across three focus areas: Police & Judicial Reform and Accountability; Diverse Representation; and Policy & Legislation Reform. The initiative builds upon Call for Code, which was created in 2018 and has grown to over 400,000 developers and problem solvers across 179 countries, in partnership with Creator David Clark Cause, Founding Partner IBM, Charitable Partner United Nations Human Rights, and the Linux Foundation.

“Open source technology has an important role to play in addressing the greatest challenges of our time, and that includes racial justice,” said Mike Dolan, senior vice president and GM of Projects at the Linux Foundation. “We are excited to host and support these projects at the Linux Foundation, and look forward to how they will develop and deploy through contributions from the open source community.”

As part of today’s announcement, the Linux Foundation and IBM unveiled two new solution starters, Fair Change and TakeTwo:

Fair Change is a platform to help record, catalog, and access evidence of potentially racially charged incidents to help enable transparency, reeducation and reform as a matter of public interest and safety. For example, real-world video footage related to routine traffic stops, stop and search or other scenarios, may be recorded and accessed by the involved parties and authorities to determine whether the incidents were handled in a biased manner. Fair Change consists of a mobile application for iOS and Android built using React Native, an API for capturing data from various sources built using Node JS. It also includes a website with a geospatial map view of incidents built using Google Maps and React. Data can be stored in a cloud hosted database and object store. Visit the tutorial or project page to learn more.

TakeTwo aims to help mitigate bias in digital content, whether it is overt or subtle, with a focus on text across news articles, headlines, web pages, blogs, and even  code. The solution is designed to provide a consistent set of language recommendations, leveraging directories of inclusive terms compiled by trusted sources like the Inclusive Naming Initiative, which was co-founded by the Linux Foundation, Cloud Native Computing Foundation, IBM, Red Hat, Cisco, and VMware. The terminology is categorized and can be used to train an AI model to enhance its accuracy over time. TakeTwo is built using open source technologies including Python, FastAPI and Docker. The API can be run locally with an Adobe CouchDB backend database or IBM Cloudant database. IBM has already deployed TakeTwo within its existing IBM Developer tools that are used to publish new content produced by hundreds of IBMers each week. TakeTwo is being trialed by IBM for the IBM Developer website content. Visit the tutorial or project page to learn more.

“Viewed from an etymological perspective, language is a manifestation of our inherent viewpoints about society. Many phrases and words may be used in harmless contexts but bear a history that does not support our diverse, multi-cultural engineering community today. To that end, it gives me great pride that the TakeTwo project is leveraging the Inclusive Naming Initiative to provide language guidance to anyone seeking to write consciously across all platforms. By expanding beyond developers with solutions like TakeTwo, Inclusive Naming is becoming essential to a diverse and resilient community of doers and we are very honored,” said Priyanka Sharma, General Manager of the Cloud Native Computing Foundation.

In addition to the two new solution starters, the Linux Foundation will now host five existing and evolving open source projects from Call for Code for Racial Justice:

  • Five Fifths Voter: This web app empowers minorities to exercise their right to vote and helps ensure their voice is heard by determining optimal voting strategies and limiting suppression issues.
  • Legit-Info: Local legislation can have significant impacts on areas as far-reaching as jobs, the environment, and safety. Legit-Info helps individuals understand the legislation that shapes their lives.
  • Incident Accuracy Reporting System: This platform allows witnesses and victims to corroborate evidence or provide additional information from multiple sources against an official police report.
  • Open Sentencing: To help public defenders better serve their clients and make a stronger case, Open Sentencing shows racial bias in data such as demographics.
  • Truth Loop: This app helps communities simply understand the policies, regulations, and legislation that will impact them the most. 

These projects were built using technologies such as Red Hat OpenShift, IBM Cloud, IBM Watson, Blockchain ledger, Node.js, Vu.js, Docker, upstream Kubernetes and Tekton. The Linux Foundation and IBM are asking developers and ecosystem partners to contribute by testing, extending and implementing them, and adding their own diverse perspectives and expertise to make them even stronger.

“These applications emerged from an internal IBM program called the Call for Code Emb(race) Challenge, where Black IBMers, supported by Red Hat’s Blacks United in Leadership and Diversity (B.U.I.L.D.) community, and allies designed technology solutions to address the problem of systemic racism,” said Ruth Davis, IBM Director of Call for Code. “Since we released the original five projects in October, we have received enthusiastic support from the open source community. In collaboration with the Linux Foundation, we are committed to working to develop and deploy these solutions to help combat racial injustice.”

For more information and to begin contributing, please visit: 

https://developer.ibm.com/callforcode/racial-justice/get-started/

https://developer.ibm.com/callforcode/racial-justice/projects/

https://www.linuxfoundation.org/projects/call-for-code/  

https://github.com/Call-for-Code-for-Racial-Justice

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,500 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

About Call for Code

Developers have revolutionized the way people live and interact with virtually everyone and everything. Where most people see challenges, developers see possibilities. That’s why David Clark Cause created and launched Call for Code in 2018 alongside Founding Partner IBM. This five-year, $30 million global initiative is a rallying cry to developers to use their skills and mastery of the latest technologies, and to create new ones, to drive positive and long-lasting change across the world with their code. Call for Code global winning solutions, among others, are further developed and deployed where they can make the greatest impact.

Red Hat, the Red Hat logo and OpenShift are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the U.S. and other countries.

The post The Linux Foundation and IBM Announce New Open Source Projects to Promote Racial Justice appeared first on Linux Foundation.

New Open Source Projects to Confront Racial Justice

Fri, 02/19/2021 - 22:00

Today the Linux Foundation announced that it would be hosting seven projects that originated at Call for Code for Racial Justice, an initiative driven by IBM and Creator David Clark Cause to urge the global developer ecosystem and open source community to contribute to solutions that can help confront racial inequalities. 

Launched by IBM in October 2020, Call for Code for Racial Justice facilitates the adoption and innovation of open source projects by developers, ecosystem partners, and communities across the world to promote racial justice across three distinct focus areas: Police & Judicial Reform and Accountability; Diverse Representation; and Policy & Legislation Reform. 

The initiative builds upon Call for Code, created by IBM in 2018 and has grown to over 400,000 developers and problem solvers in 179 countries, in partnership with Creator David Clark Cause, Founding Partner IBM, Charitable Partner United Nations Human Rights, and the Linux Foundation.

As part of today’s announcement, the Linux Foundation and IBM unveiled two new solution starters, Fair Change and TakeTwo: 

Fair Change is a platform to help record, catalog, and access evidence of potentially racially charged incidents to enable transparency, reeducation, and reform as a matter of public interest and safety. For example, real-world video footage related to routine traffic stops, stop and search, or other scenarios may be recorded and accessed by the involved parties and authorities to determine whether the incidents were handled in a biased manner. Fair Change consists of a mobile application for iOS and Android built using React Native, an API for capturing data from various sources built using Node JS. It also includes a website with a geospatial map view of incidents built using Google Maps and React. Data can be stored in a cloud-hosted database and object-store. Visit the tutorial or project page to learn more. 

TakeTwo aims to help mitigate digital content bias, whether overt or subtle, focusing on text across news articles, headlines, web pages, blogs, and even code. The solution is designed to leverage directories of inclusive terms compiled by trusted sources like the Inclusive Naming Initiative, which the Linux Foundation and CNCF co-founded. The terminology is categorized to train an AI model to enhance its accuracy over time. TakeTwo is built using open source technologies, including Python, FastAPI, and Docker. The API can be run locally with a CouchDB backend database or IBM Cloudant database. IBM has already deployed TakeTwo within its existing IBM Developer tools that are used to publish new content produced by hundreds of IBMers each week. IBM is trialing TakeTwo for IBM Developer website content. Visit the tutorial or project page to learn more.

In addition to the two new solution starters, The Linux Foundation will now host five existing and evolving open source projects from Call for Code for Racial Justice:

  • Five-Fifths Voter: This web app empowers minorities to exercise their right to vote and ensures their voice is heard by determining optimal voting strategies and limiting suppression issues.
  • Legit-Info: Local legislation can significantly impact areas as far-reaching as jobs, the environment, and safety. Legit-Info helps individuals understand the legislation that shapes their lives.
  • Incident Accuracy Reporting System: This platform allows witnesses and victims to corroborate evidence or provide additional information from multiple sources against an official police report.
  • Open Sentencing: To help public defenders better serve their clients and make a stronger case, Open Sentencing shows racial bias in data such as demographics.
  • Truth Loop: This app helps communities simply understand the policies, regulations, and legislation that will impact them the most.  

These projects were built using open source technologies that include Red Hat OpenShift, IBM Cloud, IBM Watson, Blockchain ledger, Node.js, Vu.js, Docker, Kubernetes, and Tekton. The Linux Foundation and IBM ask developers and ecosystem partners to contribute to these solutions by testing, extending, implementing them, and adding their own diverse perspectives and expertise to make them even stronger. 

For more information and to begin contributing, please visit: 

https://developer.ibm.com/callforcode/racial-justice/get-started/

https://developer.ibm.com/callforcode/racial-justice/projects/  

https://www.linuxfoundation.org/projects/call-for-code/  

https://github.com/Call-for-Code-for-Racial-Justice/

The post New Open Source Projects to Confront Racial Justice appeared first on Linux Foundation.

DARPA and the Linux Foundation Create Open Software Initiative to Accelerate US R&D Innovation, 5G End to End Stack

Thu, 02/18/2021 - 00:08
  • Partnership enables acceleration of innovation, collaboration, and US competitiveness in areas of 5G, Edge, IOT, AI and Security
  • New umbrella organization at the Linux Foundation, US GOV OPS, to host first project, OPS 5G (Open Programmable, Secure), to accelerate 5G, Edge & IoT technologies creation and deployment
  • Open Ecosystem efforts aligns on a common open source architecture and set of open source projects and focuses on integrations and enhancements to the secure open source end to end 5G stack.
  • Effort leverages the existing networking open source projects and community efforts at the Linux Foundation and industry disruptions like disaggregation, SDN/NFV, and cloud native. 

SAN FRANCISCO  February 17, 2021 – The Linux Foundation (LF), the nonprofit organization enabling mass innovation through open source, today announced it has signed a collaboration agreement with the  Defense Advanced Research Projects Agency (DARPA) to create open source software that accelerates United States government technology research and development innovation.

Under the agreement, DARPA and the LF will create a broad collaboration umbrella (US Government Open Programmable Secure (US GOV OPS) that allows United States Government projects, their ecosystem, and open community to participate in accelerating innovation and security in the areas of 5G, Edge, AI, Standards, Programmability, and IOT among other technologies. The project formation encourages ecosystem players to support US Government initiatives to create the latest in technology software.

The project will launch as a standard open source project with neutral governance and a charter similar to other projects within the Linux Foundation. Additionally, the agreement enables collaboration with upstream and downstream communities such as LF Networking, LF Edge, and Zephyr, among others, to build on a secure code base for use by the US Government.

“DARPA’s use of open source software in the Open Programmable Secure 5G (OPS-5G) program leverages transparency, portability and open access inherent in this distribution model,” said Dr. Jonathan Smith, DARPA Information Innovation Office Program Manager. “Transparency enables advanced software tools and systems to be applied to the code base, while portability and open access will result in decoupling hardware and software ecosystems, enabling innovations by more entities across more technology areas.” 

“We are eager to ally with DARPA and its intent to accelerate secure, open source innovation and US competitiveness across breakthrough technologies,” said Arpit Joshipura, general manager, Networking, Edge, & IOT, the Linux Foundation. “This partnership enables transformational change across open software and systems, leveraging the best shared resources across the ecosystem.” 

The new US GOV OPS umbrella will include the Open Programmable Secure- 5G (OPS-5G) program as its first project, currently in formation with the help of DARPA, the US Navy and additional performers. The goal of OPS-5G is to create open source software and systems enabling secure end to end 5G and follow-on mobile networks. OPS-5G will create capabilities to address feature velocity in open source software, mitigating large scale Botnet of Things (BoT), network slicing on suspect gear, and adaptive adversaries operating at scale.

DARPA’s Dr. Jonathan Smith will be presenting at the upcoming Open Networking and Edge Executive Forum (ONEEF) a virtual event taking place March 10-12. This special Executive Edition of Open Networking & Edge Summit, the industry’s premier open networking & edge computing event, will feature executive leadership across the networking and edge ecosystems sharing their visions with a global audience in the Telco, Cloud and Enterprise verticals.

To learn more about US GOV OPS and OPS-5G, please visit www.usgovops.org.      

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

The post DARPA and the Linux Foundation Create Open Software Initiative to Accelerate US R&D Innovation, 5G End to End Stack appeared first on Linux Foundation.

The Linux Foundation Announces the Election of Renesas’ Hisao Munakata and GitLab’s Eric Johnson to the Board of Directors

Wed, 02/17/2021 - 04:57

Today, the Linux Foundation announced that Renesas’ Hisao Munakata has been re-elected to its board, representing the Gold Member community. GitLab’s Eric Johnson has been elected to represent the Silver Member community. Linux Foundation elected board directors serve 2-year terms.

Directors elected to the Linux Foundation’s board are committed to building sustainable ecosystems around open collaboration to accelerate technology development and industry adoption. The Linux Foundation expands the open collaboration communities it supports with community efforts focused on building open standards, open hardware, and open data. It is dedicated to improving diversity in open source communities and working on processes, tools, and best security practices in open development communities. 

Hisao Munakata, Renesas (Gold Member)

Renesas is a global semiconductor manufacturer that provides cutting-edge SoC (system-on-chip) devices for the automotive, industry, and infrastructure. As open source support became essential for the company, Munakata-san encouraged Renesas developers to follow an “upstream-first” scheme to minimize gaps from the mainline community codebase. The industry has now accepted this as standard practice, following Renesas’ direction and pioneering work. 

Hisao Munakata

Munakata-san has served as an LF board director since 2019 and has reflected the voice from the embedded industry. 

Renesas, which joined the Linux Foundation in 2011, has ranked in the top twelve kernel development contributor firms in the past 14 years. Munakata-san serves pivotal roles in various LF projects such as the AGL (Automotive Grade Linux) Advisory Board, Yocto Project Advisory Board, Core Embedded Linux Project, and OpenSSF. In these roles, Munakata-san has supported many industry participants in these projects to achieve harmony. 

As cloud-native trends break barriers between enterprise and embedded systems, Munakata-san seeks to improve close collaboration across the industry and increase contribution from participants in the embedded systems space, focusing on safety in a post-COVID world.

Eric Johnson, GitLab (Silver Member)

Eric Johnson is the Chief Technology Officer at GitLab, Inc. — the first single application for the DevSecOps lifecycle. GitLab is a free, open core software used by more than 30 million registered users to collaborate, author, test, secure, and release software quickly and efficiently. 

Eric Johnson

At GitLab, Eric is responsible for the organization that integrates the work of over a hundred external open source contributors into GitLab’s codebase every month. During his tenure Eric has contributed to a 10x+ increase in annual recurring revenue and has scaled Engineering from 100 to more than 550 people while dramatically increasing team diversity in gender, ethnicity, and country-of-residence. He’s also helped turn GitLab, Inc. into one of the most productive engineering organizations in the world, as evidenced by their substantial monthly on-premise releases.

Eric is also a veteran of 4 previous enterprise technology startups in fields as varied as marketing technology, localization software, streaming video, and commercial drone hardware/software. He currently advises two startups in the medical trial software and recycling robotics industries. 

Eric brings his open source and Linux background to the Foundation. In his professional work, he has spent 17 years hands-on or managing teams that develop software that runs on Linux systems, administrating server clusters, orchestrating containers, open-sourcing privately built software, and contributing back to open source projects. Personally, he’s also administered a Linux home server for the past ten years.

As a Linux Foundation board member, Eric looks forward to using his execution-focused executive experience to turn ideas into results. Collaboration with the Linux Foundation has already begun with Distributed Developer ID and Digital Bill of Materials (DBoM). As a remote work expert with years of experience developing best practices, Eric will use his expertise to help the board, the Foundation, and its partners become more efficient in a remote, asynchronous, and geographically distributed way.

The post The Linux Foundation Announces the Election of Renesas’ Hisao Munakata and GitLab’s Eric Johnson to the Board of Directors appeared first on Linux Foundation.

Understanding Open Governance Networks

Thu, 02/11/2021 - 22:00

Throughout the modern business era, industries and commercial operations have shifted substantially to digital processes. Whether you look at EDI as a means to exchange invoices or cloud-based billing and payment solutions today, businesses have steadily been moving towards increasing digital operations. In the last few years, we’ve seen the promises of digital transformation come alive, particularly in industries that have shifted to software-defined models. The next step of this journey will involve enabling digital transactions through decentralized networks. 

A fundamental adoption issue will be figuring out who controls and decides how a decentralized network is governed. It may seem oxymoronic at first, but decentralized networks still need governance. A future may hold autonomously self-governing decentralized networks, but this model is not accepted in industries today. The governance challenge with a decentralized network technology lies in who and how participants in a network will establish and maintain policies, network operations, on/offboarding of participants, setting fees, configurations, and software changes and are among the issues that will have to be decided to achieve a successful network. No company wants to participate or take a dependency on a network that is controlled or run by a competitor, potential competitor, or any single stakeholder at all for that matter. 

Earlier this year, we presented a solution for Open Governance Networks that enable an industry or ecosystem to govern itself in an open, inclusive, neutral, and participatory model. You may be surprised to learn that it’s based on best practices in open governance we’ve developed over decades of facilitating the world’s most successful and competitive open source projects.

The Challenge

For the last few years, a running technology joke has been “describe your problem, and someone will tell you blockchain is the solution.” There have been many other concerns raised and confusion created, as overnight headlines hyped cryptocurrency schemes. Despite all this, behind the scenes, and all along, sophisticated companies understood a distributed ledger technology would be a powerful enabler for tackling complex challenges in an industry, or even a section of an industry. 

At the Linux Foundation, we focused on enabling those organizations to collaborate on open source enterprise blockchain technologies within our Hyperledger community. That community has driven collaboration on every aspect of enterprise blockchain technology, including identity, security, and transparency. Like other Linux Foundation projects, these enterprise blockchain communities are open, collaborative efforts. We have had many vertical industry participants engage, from retail, automotive, aerospace, banking, and others participate with real industry challenges they needed to solve. And in this subset of cases, enterprise blockchain is the answer.

The technology is ready. Enterprise blockchain has been through many proof-of-concept implementations, and we’ve already seen that many organizations have shifted to production deployments. A few notable examples are:

  • Trust Your Supplier Network 25 major corporate members from Anheuser-Busch InBev to UPS In production since September 2019. 
  • Foodtrust Launched Aug 2017 with ten members, now being used by all major retailers. 
  • Honeywell 50 vendors with storefronts in the new marketplace. In its first year, GoDirect Trade processed more than $5 million in online transactions.

However, just because we have the technology doesn’t mean we have the appropriate conditions to solve adoption challenges. A certain set of challenges about networks’ governance have become a “last mile” problem for industry adoption. While there are many examples of successful production deployments and multi-stakeholder engagements for commercial enterprise blockchains already, specific adoption scenarios have been halted over uncertainty, or mistrust, over who and how a blockchain network will be governed. 

To precisely state the issue, in many situations, company A does not want to be dependent on, or trust, company B to control a network. For specific solutions that require broad industry participation to succeed, you can name any industry, and there will be company A and company B. 

We think the solution to this challenge will be Open Governance Networks.

The Linux Foundation vision of the Open Governance Network

An Open Governance Network is a distributed ledger service, composed of nodes, operated under the policies and directions of an inclusive set of industry stakeholders. 

Open Governance Networks will set the policies and rules for participation in a decentralized ledger network that acts as an industry utility for transactions and data sharing among participants that have permissions on the network. The Open Governance Network model allows any organization to participate. Those organizations that want to be active in sharing the operational costs will benefit from having a representative say in the policies and rules for the network itself. The software underlying the Open Governance Network will be open source software, including the configurations and build tools so that anyone can validate whether a network node complies with the appropriate policies.

Many who have worked with the Linux Foundation will realize an open, neutral, and participatory governance model under a nonprofit structure that has already been thriving for decades in successful open source software communities. All we’re doing here is taking the same core principles of what makes open governance work for open source software, open standards, and open collaboration and applying those principles to managing a distributed ledger. This is a model that the Linux Foundation has used successfully in other communities, such as the Let’s Encrypt certificate authority.

Our ecosystem members trust the Linux Foundation to help solve this last mile problem using open governance under a neutral nonprofit entity. This is one solution to the concerns about neutrality and distributed control. In pan-industry use cases, it is generally not acceptable for one participant in the network to have power in any way that could be used as an advantage over someone else in the industry.  The control of a ledger is a valuable asset, and competitive organizations generally have concerns in allowing one entity to control this asset. If not hosted in a neutral environment for the community’s benefit, network control can become a leverage point over network users.  

We see this neutrality of control challenge as the primary reason why some privately held networks have struggled to gain widespread adoption. In order to encourage participation, industry leaders are looking for a neutral governance structure, and the Linux Foundation has proven the open governance models accomplish that exceptionally well.

This neutrality of control issue is very similar to the rationale for public utilities. Because the economic model mirrors a public utility, we debated calling these “industry utility networks.” In our conversations, we have learned industry participants are open to sharing the cost burden to stand up and maintain a utility. Still, they want a low-cost, not profit-maximizing model. That is why our nonprofit model makes the most sense.

It’s also not a public utility in that each network we foresee today would be restricted in participation to those who have a stake in the network, not any random person in the world. There’s a layer of human trust that our communities have been enabling on top of distributed networks, which started with the Trust over IP Foundation

Unlike public cryptocurrency networks where anyone can view the ledger or submit proposed transactions, industries have a natural need to limit access to legitimate parties in their industry. With minor adjustments to address the need for policies for transactions on the network, we believe a similar governance model applied to distributed ledger ecosystems can resolve concerns about the neutrality of control. 

Understanding LF Open Governance Networks

Open Governance Networks can be reduced to the following building block components:

  • Business Governance: Networks need a decision-making body to establish core policies (e.g., network policies), make funding and budget decisions, contracting with a network manager, and other business matters necessary for the network’s success. The Linux Foundation establishes a governing board to manage the business governance.
  • Technical Governance: Networks will require software. A technical open source community will openly maintain the software, specifications, or configuration decisions implemented by the network nodes. The Linux Foundation establishes a technical steering committee to oversee technical projects, configurations, working groups, etc.
  • Transaction Entity: Networks will require a transaction entity that will a) act as counterparty to agreements with parties transacting on the network, b) collect fees from participants, and c) execute contracts for operational support (e.g., hiring a network manager).

Of these building blocks, the Linux Foundation already offers its communities the Business and Technical Governance needed for Open Governance Networks. The final component is the new, LF Open Governance Networks. 

LF Open Governance Networks will enable our communities to establish their own Open Governance Network and have an entity to process agreements and collect transaction fees. This new entity is a Delaware nonprofit, a nonstock corporation that will maximize utility and not profit. Through agreements with the Linux Foundation, LF Governance Networks will be available to Open Governance Networks hosted at the Linux Foundation. 

If you’re interested in learning more about hosting an Open Governance Network at the Linux Foundation, please contact us at governancenetworks@linuxfoundation.org

The post Understanding Open Governance Networks appeared first on Linux Foundation.

Linux Foundation Launches Industry Collaboration with Magma to Accelerate Deployment of Wireless Networks

Thu, 02/04/2021 - 00:00

Magma will enable open source applications and network function collaboration under a neutral governance framework at the Linux Foundation

San Francisco, CA – February 3, 2021 – Today, the Linux Foundation announced that it will launch an open source industry collaboration focused on enabling a converged cellular core network stack, starting with the Magma open source software platform. Previously open sourced by Facebook in 2019, Magma will now be managed under a neutral governance framework at the Linux Foundation.

Arm, Deutsche Telekom, Facebook, FreedomFi, Qualcomm, the Institute of Wireless Internet of Things at Northeastern University, the OpenAirInterface Software Alliance, and the Open Infrastructure Foundation, will join the collaboration as founding members to accelerate the path to production use cases at scale. 

Magma enables operators to build and augment modern and efficient mobile networks at scale. Magma features an access-agnostic mobile packet core, advanced network automation and management tools, and the ability to integrate with existing LTE networks with use cases across both virtual and container Network Functions (xNFs) including fixed wireless access, carrier Wi-Fi, private LTE and 5G, network expansion, and mobile broadband. A number of Magma community members are also collaborating in the Telecom Infra Project (TIP)’s Open Core Network project group to define, build, test, and deploy core network products that leverage Magma software alongside disaggregated hardware and software solutions by the TIP Open Core ecosystem.

By enabling automation of common network operations like element configuration, software updates and device provisioning, Magma reduces the complexity of operating mobile networks.

Magma enables better connectivity by:

  • Allowing operators to expand capacity and reach by using LTE, 5G, Wi-Fi and CBRS.
  • Allowing operators to offer cellular service without vendor lock-in with a modern, open source core network.
  • Enabling operators to manage their networks more efficiently with more automation, less downtime, better predictability, and more agility to add new services and applications.
  • Enabling federation between existing MNOs and new infrastructure providers to augment mobile network infrastructure more efficiently.
  • Supporting open source 5G technology and incubating future wireless network use cases like Private 5G, IAB, Augmented Networks and NTN.

“Arm is synonymous with a diverse technology ecosystem that underpins the compute, connectivity, and security required for solutions spanning cloud to edge to endpoint devices,” said Chris Bergey, senior vice president and general manager, Infrastructure Line of Business, Arm. “Together with the Linux Foundation and Facebook Connectivity, Magma is helping to solve the very real challenge of providing feature-rich, cost effective access for worldwide mobile networks.”

“Bringing Magma to the Linux Foundation is a huge milestone as the Magma ecosystem of developers continues to grow,” said Dan Rabinovitsj, vice president for Facebook Connectivity. “We are excited to see the contributions and innovations from this collective group of industry players, and we look forward to celebrating Magma’s success as the project continues to scale.” 

“Qualcomm Technologies strongly supports the evolution of the Magma core network efforts into a broader coalition among the key founding and contributing projects,” said Douglas Knisely, engineer, principal, Qualcomm Technologies, Inc. and OSA Advisory Board member. “This effort builds on the collaboration activities and code contributions from OAI into the Magma project and promotes the harmonization of a common 5G Core Network reference architecture, internal structure, APIs, and interfaces for all of the emerging 5G open source projects in the industry.”

“Magma is one of the most exciting projects I’ve seen in years. In our world, connectivity is directly linked to progress, and Magma’s mission to improve network access for the under-connected is inspiring and meaningful,” said Jonathan Bryce, Executive Director, Open Infrastructure Foundation. “The Open Infrastructure Foundation helps build communities like Magma who are writing the software that powers production infrastructure, and we look forward to working together to accelerate the growth of the Magma community, bringing Magma to new markets.”  

“The OpenAirInterface Software Alliance (OSA) is excited at the prospect of seeing Magma deployed in a number of use cases in wireless networks. The OSA has accompanied the Magma development efforts since the very inception of the project by not only providing the base code from OpenAirInterface for some of the components of the 4G core network but also by regularly and constantly developing new features,” said Irfan Ghauri, Director of Operations at the OSA. “The OpenAirInterface community will continue to participate in the ongoing efforts at developing and testing functionality for Magma alongside other partners. We look forward to the great success this initiative is on track to accomplish in deployments in various wireless use-cases. 

“We are excited to collaborate with our peers on a global cause of connectivity and open source software,” said Arpit Joshipura, GM Networking & Edge at the Linux Foundation. “Hosting this important project on behalf of the open source community allows us to bring open applications and network functions to end users.”

The Magma community will host a virtual Magma Developers Conference today beginning at 8:30am PT to highlight the growing community and how the platform enables service providers and systems integrators to deploy faster and more efficient networks. The schedule includes Magma use cases, a 5G demo, and other talks about the state of the project. Get involved with Magma by joining the project on Github

About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The post Linux Foundation Launches Industry Collaboration with Magma to Accelerate Deployment of Wireless Networks appeared first on Linux Foundation.

Goldman Sachs joins Linux Foundation Push for Open Source Climate Data

Wed, 02/03/2021 - 21:15

Today, OS-Climate announced that Goldman Sachs has joined its cross-industry coalition seeking to shift global investment toward zero-carbon emissions through the development of comprehensive data sets and evaluation tools that are available to all.  We expect Goldman Sachs to provide critical expertise in climate risk, product development, and financial reporting that will result in better tools to help all companies, asset managers, and investors more consistently and effectively evaluate progress against decarbonization goals.

“The world needs comprehensive data to meaningfully address climate change, and this diverse coalition is attacking a key shortcoming of so many efforts to make progress,” said Goldman Sachs Group CEO David Solomon.

OS-Climate is a collaborative, member-driven, non-profit platform hosted by the Linux Foundation for the development of open data and open source analytics for climate risk management and climate-aligned finance and investing. The membership currently consists of a global, cross-industry coalition of Allianz, Amazon, Federated Hermes, Microsoft, and S&P Global.  Goldman Sachs will be the first founding US bank member and the first Premier member of OS-Climate. 

“As corporates seek to integrate climate considerations into their business activities, they realize that the cost, the availability and quality of data, and analytical tools to make sound decisions is lacking,” said Solomon.  “More widely available data, and collaboratively developed analytics, will help companies measure progress against decarbonization goals and investors assess the physical and transition risks to which the industry is exposed.”

Using the Community-Based Open Source approach that has enabled breakthrough innovation in life sciences and tech, OS-Climate will leverage the Linux Foundation’s governance, licensing, and collaboration structures to efficiently coordinate climate data and tool development across a wide range of stakeholders.  As a founding board member, Goldman Sachs will not only support efforts to enhance OS-Climate’s data and analytics tool suite, but will also seek to leverage its networks and resources to make contributions to the broader stakeholder community.

“The cost and complexity of data and analytics for climate-aligned finance require systematic collaboration and resource sharing across hundreds of users and contributors,” said Truman Semans, Executive Director of OS-Climate.  “We are delighted Goldman Sachs will help lead this collaboration through OS-Climate, allowing investors, banks, regulators, companies, and civil society to deliver climate solutions with more speed and innovation than any one organization could achieve alone.”

“Goldman Sachs has already been a valued member of the Linux Foundation, and we are thrilled it has deepened its commitment in joining OS-Climate,” said Jim Zemlin, Executive Director of The Linux Foundation.  “To tackle the data and analytics needs holding back climate-alignment of the global economy, The Linux Foundation is uniquely capable, bringing its member companies across many sectors and 243,000 individual developers worldwide, along with world-class expertise from its initiatives LF AI and Data, Hyperledger, FINOS, and LF Energy.”

The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world. 

Founded in 2000, the Linux Foundation is supported by more than 2,160 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

# # #


Goldman Sachs Media Contact:
Andrew Williams
Tel: +1 212 902 5400

Linux Foundation OS-Climate Media Contact:

Hewson Baltzell

Email: media@os-climate.org

The post Goldman Sachs joins Linux Foundation Push for Open Source Climate Data appeared first on Linux Foundation.

SODA Foundation and SNIA to Advance Education for Data and Storage Management

Wed, 02/03/2021 - 00:15

San Francisco, Calif., February 2, 2021 – In a move that advances a common goal of increasing education for a unified framework and standardization for data and storage management, the SODA Foundation and Storage Networking Industry Association (SNIA) are pleased to announce they have entered into a marketing alliance.

The SODA Foundation is an open source project under the Linux Foundation that seeks to foster an ecosystem of open source data management and storage software for data autonomy, while SNIA is dedicated to developing standards and education programs to advance storage and information technology.

“Working with SNIA in a marketing capacity is an ideal stepping stone to combining our expertise for the advancement of storage management technology,” said Steven Tan, VP & CTO, Futurewei and SODA Foundation Chair. “Together, we will contribute to creating a more engaged and informed developer ecosystem and emphasize the importance of the standardization of storage management APIs.”

The alliance facilitates marketing collaboration to promote the SODA Foundation and SNIA standards through educational content that will include webcasts, social media, email campaigns, newsletters and inclusion in news and events.

“The goal of this alliance is to educate our respective communities on the importance of open source storage management standards and lay the groundwork for future collaborative technological developments, particularly leveraging SNIA’s work developing the SNIA Swordfish specification,” said Michael Oros, Executive Director, SNIA. “We are excited to be working closely with the SODA Foundation and look forward to the results of our joint efforts.”

To gain insight into how alliances work in SNIA, watch SNIA Board Advisor and storage architect Richelle Ahlvers during the video presentation replay of SODACON 2020, Day 2 here.

About SODA Foundation

Previously OpenSDS, the SODA Foundation is part of the Linux Foundation and includes both open source software and standards to support the increasing need for data autonomy. SODA Foundation Premiere members include China Unicom, Fujitsu, Huawei, NTT Communications and Toyota Motor Corporation. Other members include China Construction Bank Fintech, Click2Cloud, GMO Pepabo, IIJ, MayaData, LinBit, Scality, Sony, Wipro and Yahoo Japan.

About SNIA

The Storage Networking Industry Association is a not-for-profit global organization, made up of member companies spanning the global storage market. SNIA’s mission is to lead the storage industry worldwide in developing and promoting standards, technologies, and educational services to empower organizations in the management of information. To this end, the SNIA is uniquely committed to delivering standards, education, and services that will propel open storage networking solutions into the broader market.

Media Contact

info@sodafoundation.io

The post SODA Foundation and SNIA to Advance Education for Data and Storage Management appeared first on Linux Foundation.

Interview with Shuah Khan, Kernel Maintainer & Linux Fellow

Fri, 01/29/2021 - 01:57

Jason Perlow, Director of Project Insights and Editorial Content at the Linux Foundation, had an opportunity to speak with Shuah Khan about her experiences as a woman in the technology industry. She discusses how mentorship can improve the overall diversity and makeup of open source projects, why software maintainers are important for the health of open source projects such as the Linux kernel, and how language inclusivity and codes of conduct can improve relationships and communication between software maintainers and individual contributors.

JP: So, Shuah, I know you wear many different hats at the Linux Foundation. What do you call yourself around here these days?

SK: <laughs> Well, I primarily call myself a Kernel Maintainer & Linux Fellow. In addition to that, I focus on two areas that are important to the continued health and sustainability of the open source projects in the Linux ecosystem. The first one is bringing more women into the Kernel community, and additionally, I am leading the mentorship program efforts overall at the Linux Foundation. And in that role, in addition to the Linux Kernel Mentorship, we are looking at how the Linux Foundation mentorship program is working overall, how it is scaling. I make sure the LFX Mentorship platform scales and serves diverse mentees and mentors’ needs in this role. 

The LF mentorships program includes several projects in the Linux kernel, LFN, HyperLedger, Open MainFrame, OpenHPC, and other technologies. The Linux Foundation’s Mentorship Programs are designed to help developers with the necessary skills–many of whom are first-time open source contributors–experiment, learn, and contribute effectively to open source communities. 

The mentorship program has been successful in its mission to train new developers and make these talented pools of prospective employees trained by experts to employers. Several graduated mentees have found jobs. New developers have improved the quality and security of various open source projects, including the Linux kernel. Several Linux kernel bugs were fixed, a new subsystem mentor was added, and a new driver maintainer is now part of the Linux kernel community. My sincere thanks to all our mentors for volunteering to share their expertise.

JP: How long have you been working on the Kernel?

SK: Since 2010, or 2011, I got involved in the Android Mainlining project. My first patch removed the Android pmem driver.

JP: Wow! Is there any particular subsystem that you specialize in?

SK: I am a self described generalist. I maintain the kernel self-test subsystem, the USB over IP driver, usbip tool, and the cpupower tool. I contributed to the media subsystem working on Media Controller Device Allocator API to resolve shared device resource management problems across device drivers from different subsystems.

JP: Hey, I’ve actually used the USB over IP driver when I worked at Microsoft on Azure. And also, when I’ve used AWS and Google Compute. 

SK: It’s a small niche driver used in cloud computing. Docker and other containers use that driver heavily. That’s how they provide remote access to USB devices on the server to export devices to be imported by other systems for use.

JP: I initially used it for IoT kinds of stuff in the embedded systems space. Were you the original lead developer on it, or was it one of those things you fell into because nobody else was maintaining it?

SK: Well, twofold. I was looking at USB over IP because I like that technology. it just so happened the driver was brought from the staging tree into the Mainline kernel, I volunteered at the time to maintain it. Over the last few years, we discovered some security issues with it, because it handles a lot of userspace data, so I had a lot of fun fixing all of those. <laugh>.

JP: What drew you into the Linux operating system, and what drew you into the kernel development community in the first place?

SK: Well, I have been doing kernel development for a very long time. I worked on the LynxOS RTOS, a while back, and then HP/UX, when I was working at HP, after which I transitioned into  doing open source development — the OpenHPI project, to support HP’s rack server hardware, and that allowed me to work much more closely with Linux on the back end. And at some point, I decided I wanted to work with the kernel and become part of the Linux kernel community. I started as an independent contributor.

JP: Maybe it just displays my own ignorance, but you are the first female, hardcore Linux kernel developer I have ever met. I mean, I had met female core OS developers before — such as when I was at Microsoft and IBM — but not for Linux. Why do you suppose we lack women and diversity in general when participating in open source and the technology industry overall?

SK: So I’ll answer this question from my perspective, from what I have seen and experienced, over the years. You are right; you probably don’t come across that many hardcore women Kernel developers. I’ve been working professionally in this industry since the early 1990s, and on every project I have been involved with, I am usually the only woman sitting at the table. Some of it, I think, is culture and society. There are some roles that we are told are acceptable to women — even me, when I was thinking about going into engineering as a profession. Some of it has to do with where we are guided, as a natural path. 

There’s a natural resistance to choosing certain professions that you have to overcome first within yourself and externally. This process is different for everybody based on their personality and their origin story. And once you go through the hurdle of getting your engineering degree and figuring out which industry you want to work in, there is a level of establishing credibility in those work environments you have to endure and persevere. Sometimes when I would walk into a room, I felt like people were looking at me and thinking, “why is she here?” You aren’t accepted right away, and you have to overcome that as well. You have to go in there and say, “I am here because I want to be here, and therefore, I belong here.” You have to have that mindset. Society sends you signals that “this profession is not for me” — and you have to be aware of that and resist it. I consider myself an engineer that happens to be a woman as opposed to a woman engineer.

JP: Are you from India, originally?

SK: Yes.

JP: It’s funny; my wife really likes this Netflix show about matchmaking in India. Are you familiar with it?

SK: <laughs> Yes I enjoyed the series, and A Suitable Girl documentary film that follows three women as they navigate making decisions about their careers and family obligations.

JP: For many Americans, this is our first introduction to what home life is like for Indian people. But many of the women featured on this show are professionals, such as doctors, lawyers, and engineers. And they are very ambitious, but of course, the family tries to set them up in a marriage to find a husband for them that is compatible. As a result, you get to learn about the traditional values and roles they still want women to play there — while at the same time, many women are coming out of higher learning institutions in that country that are seeking technical careers. 

SK: India is a very fascinatingly complex place. But generally speaking, in a global sense, having an environment at home where your parents tell you that you may choose any profession you want to choose is very encouraging. I was extremely fortunate to have parents like that. They never said to me that there was a role or a mold that I needed to fit into. They have always told me, “do what you want to do.” Which is different; I don’t find that even here, in the US. Having that support system, beginning in the home to tell you, “you are open to whatever profession you want to choose,” is essential. That’s where a lot of the change has to come from. 

JP: Women in technical and STEM professions are becoming much more prominent in other countries, such as China, Japan, and Korea. For some reason, in the US, I tend to see more women enter the medical profession than hard technology — and it might be a level of effort and perceived reward thing. You can spend eight years becoming a medical doctor or eight years becoming a scientist or an engineer, and it can be equally difficult, but the compensation at the end may not be the same. It’s expensive to get an education, and it takes a long time and hard work, regardless of the professional discipline.

SK: I have also heard that women also like to enter professions where they can make a difference in the world — a human touch, if you will. So that may translate to them choosing careers where they can make a larger impact on people — and they may view careers in technology as not having those same attributes. Maybe when we think about attracting women to technology fields, we might have to promote technology aspects that make a difference. That may be changing now, such as the LF Public Health (LFPH) project we kicked off last year. And with LF AI & Data Foundation, we are also making a difference in people’s lives, such as detecting earthquakes or analyzing climate change. If we were to promote projects such as these, we might draw more women in.

JP: So clearly, one of the areas of technology where you can make a difference is in open source, as the LF is hosting some very high-concept and existential types of projects such as LF Energy, for example — I had no idea what was involved in it and what its goals were until I spoke to Shuli Goodman in-depth about it. With the mentorship program, I assume we need this to attract new blood — because as folks like us get older and retire, and they exit the field, we need new people to replace them. So I assume mentorship, for the Linux Foundation, is an investment in our own technologies, correct?

SK: Correct. Bringing in new developers into the fold is the primary purpose, of course — and at the same time, I view the LF as taking on mentorship provides that neutral, level playing field across the industry for all open source projects. Secondly, we offer a self-service platform, LFX Mentorship, where anyone can come in and start their project. So when the COVID-19 pandemic began, we expanded this program to help displaced people — students, et cetera, and less visible projects. Not all projects typically get as much funding or attention as others do — such as a Kubernetes or  Linux kernel — among the COVID mentorship program projects we are funding. I am particularly proud of supporting a climate change-related project, Using Machine Learning to Predict Deforestation.

The self-service approach allows us to fund and add new developers to projects where they are needed. The LF mentorships are remote work opportunities that are accessible to developers around the globe. We see people sign up for mentorship projects from places we haven’t seen before, such as Africa, and so on, thus creating a level playing field. 

The other thing that we are trying to increase focus on is how do you get maintainers? Getting new developers is a starting point, but how do we get them to continue working on the projects they are mentored on? As you said, someday, you and I and others working on these things are going to retire, maybe five or ten years from now. This is a harder problem to solve than training and adding new developers to the project itself.

JP: And that is core to our software supply chain security mission. It’s one thing to have this new, flashy project, and then all these developers say, “oh wow, this is cool, I want to join that,” but then, you have to have a certain number of people maintaining it for it to have long-term viability. As we learned in our FOSS study with Harvard, there are components in the Linux operating system that are like this. Perhaps even modules within the kernel itself, I assume that maybe you might have only one or two people actively maintaining it for many years. And what happens if that person dies or can no longer work? What happens to that code? And if someone isn’t familiar with that code, it might become abandoned. That’s a serious problem in open source right now, isn’t it?

SK: Right. We have seen that with SSH and other security-critical areas. What if you don’t have the bandwidth to fix it? Or the money to fix it? I ended up volunteering to maintain a tool for a similar reason when the maintainer could no longer contribute regularly. It is true; we have many drivers where maintainer bandwidth is an issue in the kernel. So the question is, how do we grow that talent pool?

JP: Do we need a job board or something? We need X number of maintainers. So should we say, “Hey, we know you want to join the kernel project as a contributor, and we have other people working on this thing, but we really need your help working on something else, and if you do a good job, we know tons of companies willing to hire developers just like you?” 

SK: With the kernel, we are talking about organic growth; it is just like any other open source project. It’s not a traditional hire and talent placement scenario. Organically they have to have credibility, and they have to acquire it through experience and relationships with people on those projects. We just talked about it at the previous Linux Plumbers Conference, we do have areas where we really need maintainers, and the MAINTAINERS file does show areas where they need help. 

To answer your question, it’s not one of those things where we can seek people to fill that role, like LinkedIn or one of the other job sites. It has to be an organic fulfillment of that role, so the mentorship program is essential in creating those relationships. It is the double-edged sword of open source; it is both the strength and weakness. People need to have an interest in becoming a maintainer and also a commitment to being one, long term.

JP: So, what do you see as the future of your mentorship and diversity efforts at the Linux Foundation? What are you particularly excited about that is forthcoming that you are working on?

SK: I view the Linux Foundation mentoring as a three-pronged approach to provide unstructured webinars, training courses, and structured mentoring programs. All of these efforts combine to advance a diverse, healthy, and vibrant open source community. So over the past several months, we have been morphing our speed mentorship style format into an expanded webinar format — the LF Live Mentorship series. This will have the function of growing our next level of expertise. As a complement to our traditional mentorship programs, these are webinars and courses that are an hour and a half long that we hold a few times a month that tackle specific technical areas in software development. So it might cover how to write great commit logs, for example, for your patches to be accepted, or how to find bugs in C code. Commit logs are one of those things that are important to code maintenance, so promoting good documentation is a beneficial thing. Webinars provide a way for experts short on time to share their knowledge with a few hours of time commitment and offer a self-paced learning opportunity to new developers.

Additionally, I have started the Linux Kernel Mentorship forum for developers and their mentors to connect and interact with others participating in the Linux Kernel Mentorship program and graduated mentees to mentor new developers. We kicked off Linux Kernel mentorship Spring 2021 and are planning for Summer and Fall.

A big challenge is we are short on mentors to be able to scale the structured program. Solving the problem requires help from LF member companies and others to encourage their employees to mentor, “it takes a village,” they say.

JP: So this webinar series and the expanded mentorship program will help developers cultivate both hard and soft skills, then.

SK: Correct. The thing about doing webinars is that if we are talking about this from a diversity perspective, they might not have time for a full-length mentorship, typically like a three-month or six-month commitment. This might help them expand their resources for self-study. When we ask for developers’ feedback about what else they need to learn new skill sets, we hear that they don’t have resources, don’t have time to do self-study, and learn to become open source developers and software maintainers. This webinar series covers general open source software topics such as the Linux kernel and legal issues. It could also cover topics specific to other LF projects such as CNCF, Hyperledger, LF Networking, etc.

JP: Anything else we should know about the mentorship program in 2021?

SK: In my view,  attracting diversity and new people is two-fold. One of the things we are working on is inclusive language. Now, we’re not talking about curbing harsh words, although that is a component of what we are looking at. The English you and I use in North America isn’t the same English used elsewhere. As an example, when we use North American-centric terms in our email communications, such as when a maintainer is communicating on a list with people from South Korea, something like “where the rubber meets the road” may not make sense to them at all. So we have to be aware of that.

JP: I know that you are serving on the Linux kernel Code of Conduct Committee and actively developing the handbook. When I first joined the Linux Foundation, I learned what the Community Managers do and our governance model. I didn’t realize that we even needed to have codes of conduct for open source projects. I have been covering open source for 25 years, but I come out of the corporate world, such as IBM and Microsoft. Codes of Conduct are typically things that the Human Resources officer shows you during your initial onboarding, as part of reviewing your employee manual. You are expected to follow those rules as a condition of employment. 

So why do we need Codes of Conduct in an open source project? Is it because these are people who are coming from all sorts of different backgrounds, companies, and ways of life, and may not have interacted in this form of organized and distributed project before? Or is it about personalities, people interacting with each other over long distance, and email, which creates situations that may arise due to that separation?

SK: Yes, I come out of the corporate world as well, and of course, we had to practice those codes of conduct in that setting. But conduct situations arise that you have to deal with in the corporate world. There are always interpersonal scenarios that can be difficult or challenging to work with — the corporate world isn’t better than the open source world in that respect. It is just that all of that happens behind a closed setting.

But there is no accountability in the open source world because everyone participates out of their own free will. So on a small, traditional closed project, inside the corporate world, where you might have 20 people involved, you might get one or two people that could be difficult to work with. The same thing happens and is multiplied many times in the open source community, where you have hundreds of thousands of developers working across many different open source projects. 

The biggest problem with these types of projects when you encounter situations such as this is dealing with participation in public forums. In the corporate world, this can be addressed in private. But on a public mailing list, if you are being put down or talked down to, it can be extremely humiliating. 

These interactions are not always extreme cases; they could be simple as a maintainer or a lead developer providing negative feedback — so how do you give it? It has to be done constructively. And that is true for all of us.

JP: Anything else?

SK: In addition to bringing our learnings and applying this to the kernel project, I am also doing this on the ELISA project, where I chair the Technical Steering Committee, where I am bridging communication between experts from the kernel and the safety communities. To make sure we can use the kernel the best ways in safety-critical applications, in the automotive and medical industry, and so on. Many lessons can be learned in terms of connecting the dots, defining clearly what is essential to make Linux run effectively in these environments, in terms of dependability. How can we think more proactively instead of being engaged in fire-fighting in terms of security or kernel bugs? As a result of this, I am also working on any necessary kernel changes needed to support these safety-critical usage scenarios.

JP: Before we go, what are you passionate about besides all this software stuff? If you have any free time left, what else do you enjoy doing?

SK: I read a lot. COVID quarantine has given me plenty of opportunities to read. I like to go hiking, snowshoeing, and other outdoor activities. Living in Colorado gives me ample opportunities to be in nature. I also like backpacking — while I wasn’t able to do it last year because of COVID — I like to take backpacking trips with my son. I also love to go to conferences and travel, so I am looking forward to doing that again as soon as we are able.

Talking about backpacking reminded me of the two-day, 22-mile backpacking trip during the summer of 2019 with my son. You can see me in the picture above at the end of the road, carrying a bearbox, sleeping bag, and hammock. It was worth injuring my foot and hurting in places I didn’t even know I had.

JP: Awesome. I enjoyed talking to you today. So happy I finally got to meet you virtually.

The post Interview with Shuah Khan, Kernel Maintainer & Linux Fellow appeared first on Linux Foundation.

Open Source Security Foundation (OpenSSF): Reflection and Future

Fri, 01/29/2021 - 00:17

The Open Source Software Foundation (OpenSSF) officially launched on August 3, 2020. In this article, we’ll look at why the OpenSSF was formed, what it’s accomplished in its first six months, and its plans for the future.

The world depends on open source software (OSS), so OSS security is vital. Various efforts have been created to help improve OSS security. These efforts include the Core Infrastructure Initiative (CII) in the Linux Foundation, the Open Source Security Coalition (OSSC) founded by the GitHub Security Lab, and the Joint Open Source Software Initiative (JOSSI) founded by Google and others.

It became apparent that progress would be easier if these efforts merged into a single effort. The OpenSSF was created in 2020 as a merging of these three groups into “a cross-industry collaboration that brings together leaders to improve the security of open source software (OSS).”

The OpenSSF has certainly gained that “cross-industry collaboration”; its dozens of members include (alphabetically) Canonical, GitHub, Google, IBM, Intel, Microsoft, and Red Hat. Its governing board also includes a Security Community Individual Representative to represent those not represented in other ways specifically. It’s also created some structures to help people work together: it’s established active working groups, identified (and posted) its values, and agreed on its technical vision.

But none of that matters unless they actually produce results. It’s still early, but they already have several accomplishments. They have released:

  • Secure Software Development Fundamentals courses. This set of 3 freely-available courses on the edX platform is for software developers to learn to develop secure software. It focuses on practical steps that any software developer can easily take, not theory or actions requiring unlimited resources.  Developers can also pay a fee to take tests to attempt to earn certificates to prove they understand the material.
  • Security Scorecards. This auto-generates a “security score” for open source projects to help users as they decide the trust, risk, and security posture for their use case.
  • Criticality Score. This project auto-generates a criticality score for open source projects based on a number of parameters. The goal is to better understand the most critical open source projects the world depends on.  
  • Security metrics dashboard. This early-release work provides a dashboard of security and sustainment information about OSS projects by combining the Security ScoreCards, CII Best Practices, and other data sources.
  • OpenSSF CVE Benchmark. This benchmark consists of vulnerable code and metadata for over 200 historical JavaScript/TypeScript vulnerabilities (CVEs). This will help security teams evaluate different security tools on the market by enabling teams to determine false positive and false negative rates with real codebases instead of synthetic test code.
  • OWASP Security Knowledge Framework (SKF). In collaboration with OWASP, this work is a knowledge base that includes projects with checklists and best practice code examples in multiple programming languages. It includes training materials for developers on how to write secure code in specific languages and security labs for hands-on work.
  • Report on the 2020 FOSS Contributor Survey, The OpenSSF and the Laboratory for Innovation Science at Harvard (LISH) released a report that details the findings of a contributor survey to study and identify ways to improve OSS security and sustainability. There were nearly 1,200 respondents.

The existing CII Best Practices badge project has also been folded into the OpenSSF and continues to be improved. The project now has more Chinese translators, a new ongoing Swahili translation, and various small refinements that clarify the badging requirements.

The November 2020 OpenSSF Town Hall discussed the OpenSSF’s ongoing work. The OpenSSF currently has the following working groups:

  • Vulnerability Disclosures
  • Security Tooling
  • Security Best Practices
  • Identifying Security Threats to Open Source Projects (focusing on a metrics dashboard)
  • Securing Critical Projects
  • Digital Identity Attestation

Future potential work, other than continuously improving work already released, includes:

  • Identifying overlapping and related security requirements in various specifications to reduce duplicate effort. This is to be developed in collaboration with OWASP as lead and is termed the Common Requirements Enumeration (CRE). The CRE is to “link sections of standard[s] and guidelines to each other, using a mutual topic identifier, enabling standard and scheme makers to work efficiently, enabling standard users to find the information they need, and attaining a shared understanding in the industry of what cyber security is.” [Source: “Common Requirements Enumeration”]
  • Establishing a website for no-install access to a security metrics OSS dashboard. Again, this will provide a single view of data from multiple data sources, including the Security Scorecards and CII Best Practices.
  • Developing improved identification of critical OSS projects. Harvard and the LF have previously worked to identify critical OSS projects. In the coming year, they will refine their approaches and add new data sources to identify critical OSS projects better.
  • Funding specific critical OSS projects to improve their security. The expectation is that this will focus on critical OSS projects that are not otherwise being adequately funded and will work to improve their overall sustainability.
  • Identifying and implementing improved, simplified techniques for digitally signing commits and verifying those identity attestations.

As with all Linux Foundation projects, the work by the OpenSSF is decided by its participants. If you are interested in the security of the OSS we all depend on, check out the OpenSSF and participate in some way. The best way to get involved is to attend the working group meetings — they are usually every other week and very casual. By working together we can make a difference. For more information, see https://openssf.org

David A. Wheeler, Director of Open Source Supply Chain Security at the Linux Foundation

The post Open Source Security Foundation (OpenSSF): Reflection and Future appeared first on Linux Foundation.

Preventing Supply Chain Attacks like SolarWinds

Wed, 01/13/2021 - 22:54

In late 2020, it was revealed that the SolarWinds Orion software, which is in use by numerous US Government agencies and many private organizations, was severely compromised. This was an incredibly dangerous set of supply chain compromises that the information technology community (including the Open Source community) needs to learn from and take action on.

The US Cybersecurity and Infrastructure Security Agency (CISA) released an alert noting that the SolarWinds Orion software included malicious functionality in March 2020, but it was not detected until December 2020. CISA’s Emergency Directive 21-01 stated that it was being exploited, had a high potential of compromise, and a grave impact on entire organizations when compromised. Indeed, because Orion deployments typically control networks of whole organizations, this is a grave problem. The more people look, the worse it gets. As I write this, it appears that a second and third malware have been identified in Orion.

Why the SolarWinds Attack Is Particularly Noteworthy

What’s especially noteworthy is how the malicious code was inserted into Orion: the attackers subverted something called the build environment. When software is being developed it is converted (compiled) from source code (the text that software developers update) into an executable package using a “build process.” For example, the source code of many open source software projects is then used in software that is built, compiled, and redistributed by other organizations, so that it is ready to install and run on various computing platforms. In the case of SolarWinds’ Orion, CrowdStrike found a piece of malware called Sunspot that watched the build server for build commands and silently replaced source code files inside the Orion app with files that loaded the Sunburst malware. The SolarWinds Orion compromise by Sunspot isn’t the first example of these kinds of attacks, but it has demonstrated just how dangerous they can be when they compromise widely-used software.

Unfortunately, a lot of conventional security advice cannot counter this kind of attack: 

SolarWinds’ Orion is not open source software. Only the company’s developers can legally review, modify, or redistribute its source code or its build system and configurations. If we needed further evidence that obscurity of software source code doesn’t automatically provide security, this is it.

Recommendations from The Linux Foundation 

Organizations need to harden their build environments against attackers. SolarWinds followed some poor practices, such as using the insecure ftp protocol and publicly revealing passwords, which may have made these attacks especially easy. The build system is a critical production system, and it should be treated like one, with the same or higher security requirements as its production environments. This is an important short-term step that organizations should already be doing. However, it’s not clear that these particular weaknesses were exploited or that such hardening would have made any difference. Assuming a system can “never be broken into” is a failing strategy.

In the longer term, I know of only one strong countermeasure for this kind of attack: verified reproducible builds. A “reproducible build” is a build that always produces the same outputs given the same inputs so that the build results can be verified. A verified reproducible build is a process where independent organizations produce a build from source code and verify that the built results come from the claimed source code. Almost all software today is not reproducible, but there’s work to change this. The Linux Foundation and Civil Infrastructure Platform has been funding work, including the Reproducible Builds project, to make it possible to have verified reproducible builds.

The software industry needs to begin shifting towards implementing and requiring verified reproducible builds. This will not be easy. Most software is not designed to be reproducible in their build environments today, so it may take years to make software reproducible. Many changes must be made to make software reproducible, so resources (time and money) are often needed. And there’s a lot of software that needs to be reproducible, including operating system packages and library level packages. There are package distribution systems that would need to be reviewed and likely modified. I would expect some of the most critical software to become reproducible first, and then less critical software would increase over time as pressure increases to make more software verified reproducible. It would be wise to develop widely-applicable standards and best practices for creating reproducible builds. Once software is reproducible, others will need to verify the build results for given source code to counter these kinds of attacks. Reproducible builds are much easier for open source software (OSS) because there’s no legal impediment to having many verifiers. Closed source software developers will have added challenges; their business models often depend on hiding source code. It’s still possible to have “trusted rebuilders” worldwide to verify closed source software, even though it’s more challenging and the number of rebuilders would necessarily be smaller.

The information technology industry is generally moving away from “black boxes” that cannot be inspected and verified and towards components that can be reviewed. So this is part of a general industry trend; it’s a trend that needs to be accelerated.

This is not unprecedented. Auditors have access to the financial data and review the financial systems of most enterprises. Audits are an independent entity verifying the data and systems for the benefit of the ecosystem. There is a similar opportunity for organizations to become independent verifiers for both open source and closed source software and build systems. 

Attackers will always take the easiest path, so we can’t ignore other attacks. Today most attacks exploit unintentional vulnerabilities in code, so we need to continue to work to prevent these unintentional vulnerabilities. These mitigations include changing tools & interfaces so those problems won’t happen, educating developers on developing secure software (such as the free courses from OpenSSF on edX), and detecting residual vulnerabilities before deployment through various detection tools. The Open Source Security Foundation (OpenSSF) is working on improving the security of open source software (OSS), including all these points.

Applications are mostly reused software (with a small amount of custom code), so this reused software’s software supply chain is critical. Reused components are often extremely out-of-date. Thus, they have many publicly-known unintentional vulnerabilities; in fact, reused components with known vulnerabilities are among the topmost common problems in web applications. The LF’s LFX security tools, GitHub’s Dependabot, GitLab’s dependency analyzers, and many other tools & services can help detect reused components with known vulnerabilities.

Vulnerabilities in widely-reused OSS can cause widespread problems, so the LF is already working to identify such OSS so that it can be reviewed and hardened further (see Vulnerabilities in the Core Preliminary Report and Census II of Open Source Software).

The supply chain matters for malicious code, too; most malicious code gets into applications through library “typosquatting” (that is, by creating a malicious library with a name that looks like a legitimate library). 

That means that Users need to start asking for a software bill of materials (SBOM) so they will know what they are using. The US National Telecommunications and Information Administration (NTIA) has been encouraging the adoption of SBOMs throughout organizations and the software supply chain process. The Linux Foundation’s Software Package Data Exchange (SPDX) format is a SBOM format by many. Once you get SBOM information, examine the versions that are included. If the software has malicious components, or components with known vulnerabilities, start asking why. Some vulnerabilities may not be exploitable, but too many application developers simply don’t update dependencies even when they are exploitable. To be fair, there’s a chicken-and-egg problem here: specifications are in the process of being updated, tools are in development, and many software producers aren’t ready to provide SBOMs.  So users should not expect that most software producers will have SBOMs ready today. However, they do need to create a demand for SBOMs.

Similarly, software producers should work towards providing SBOM information. For many OSS projects this can typically be done, at least in part, by providing package management information that identifies their direct and indirect dependencies (e.g., in package.json, requirements.txt, Gemfile, Gemfile.lock, and similar files). Many tools can combine this information to create more complete SBOM information for larger systems.

Organizations should invest in OpenChain conformance and require their suppliers to implement a process designed to improve trust in a supply chain.  OpenChain’s conformance process reveals specifics about the components you depend on that are a critical first step to countering many supply chain attacks.

Conclusion

The attack on SolarWinds’ Orion will have devastating effects for years to come. But we can and should learn from it. 

We can:

  1. Harden software build environments
  2. Move towards verified reproducible builds 
  3. Change tools & interfaces so unintentional vulnerabilities are less likely
  4. Educate developers (such as the free courses from OpenSSF on edX)
  5. Use vulnerability detection tools when developing software
  6. Use tools to detect known-vulnerable components when developing software
  7. Improve widely-used OSS (the OpenSSF is working on this)
  8. Ask for a software bill of materials (SBOMs), e.g., in SPDX format. Many software producers aren’t ready to provide one yet, but creating the demand will speed progress
  9. Determine if subcomponents we use have known vulnerabilities 
  10. Work towards providing SBOM information if we produce software for others
  11. Implement OpenChain 

Let’s make it much harder to exploit the future systems we all depend on. Those who do not learn from history are often doomed to repeat it.

David A. Wheeler, Director of Open Source Supply Chain Security at the Linux Foundation

The post Preventing Supply Chain Attacks like SolarWinds appeared first on Linux Foundation.

Pages