The Linux Foundation

Subscribe to The Linux Foundation feed The Linux Foundation
Decentralized innovation, built on trust.
Updated: 59 min 53 sec ago

SPDX Specification Becomes the Second ISO/IEC JTC 1 Submission From JDF

Mon, 06/29/2020 - 22:30

Last month, the Joint Development Foundation (JDF), which became part of the Linux Foundation family in 2019, was recognized as an ISO/IEC JTC 1 PAS (“Publicly Available Specification”) submitter. With that recognition, Linux Foundation can put forward specifications to JTC 1 for national body approval and international recognition. Once JTC 1 approves a PAS submission, it becomes an international standard. Also in May, the JDF announced that The OpenChain Specification was the first specification submitted for JTC 1 review for recognition as an international standard.

The Linux Foundation today announced that the latest SPDX release (version 2.2) is the second specification to be submitted through the JDF to ISO/IEC JTC 1 for approval. In brief, the Software Package Data Exchange (SPDX) is an open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. SPDX reduces redundant work by providing a common format for companies and communities to share important data, thereby streamlining and improving compliance. The first version of the SPDX specification was 10 years ago, and it has continued to improve and evolve to support the automation of more software bill of materials information over the years.

SPDX serves to verify the accuracy software bill of materials information metadata which is important both from a security and compliance standpoint. Consider that there are millions of open source software projects (34m open repositories are on GitHub alone) making it hard to know which are most critical, who created them and what are their security vulnerabilities? SPDX plays an important role in building more trust and transparency in how software is created, distributed and consumed. While many consider SPDX a defacto standard already, JTC1 certification will encourage accelerated adoption and acceptance on a global scale.

“The SPDX specification has played a vital role over the last 10 years in enabling open source adoption and establishing a foundation for  automating compliance,” said Jim Zemlin. “Through the submission to the ISO/IEC JTC 1 by JDF, we are hopeful that it can become a accepted international standard that addresses how open source metadata  information is shared, while reducing the risks and costs of compliance for organizations.”

The post SPDX Specification Becomes the Second ISO/IEC JTC 1 Submission From JDF appeared first on The Linux Foundation.

Accelerating Open Standards development with Community Specifications

Mon, 06/29/2020 - 21:00
Introduction

In an earlier post back in May, the Linux Foundation and Joint Development Foundation (JDF) announced its ability to propose international standards by being recognized as an ISO/IEC JTC1 PAS submitter and that it had submitted its first standard, OpenChain, for international review. We also discussed why Open Standards were essential to the Linux Foundation’s efforts, just as Open Source projects are.

Today, we’re announcing a new way for communities to create Open Standards. We call it the Community Specification, and it allows communities to develop standards and specifications using the tools and approaches that are inspired and proven by open source developers. It’s standards development explicitly designed for Git-based workflows. The Community Specification brings the frictionless approach of open source collaborations to standards development.

It’s flexible, enabling small and large standards collaborations. And it’s built for growth. When or if the time is right, Community Specification projects can move to the Joint Development Foundation or another standards body. From there, the Joint Development Foundation can provide a path to international standardization.

Standards play a role in everyone’s life. Think about the things you touch every day, as simple as a power plug, the USB connector on your phone or laptop, or the WiFi that you use in your business and your home to connect your mobile devices wirelessly. All of these devices need to be able to interoperate with each other. 

Open Standards are best defined as specifications made available to the public, developed, and maintained via an inclusive, collaborative, transparent, and consensus-driven process. Open standards facilitate interoperability and data exchange among different products or services and are intended for widespread adoption.

Setting up a well-formed standards project is important. Items like due process, balance, inclusiveness, and intellectual property clarity are vital to developing technology that meets the needs of the broader community that can be implemented without intellectual property surprises.

The Community Specification builds on these best practices and brings them to the Git repository development environments that developers are already using. And it makes it easy to get started. You can start using the Community Specification by bringing its terms into your repository and getting to work — just like starting an open source project. 

Lowering the costs and reducing the level of effort of creating specifications

Starting a new standards effort is traditionally a time consuming and expensive project. It takes time, money, and effort — from negotiating multi-party agreements to dealing with the legal and corporate formalities to obtaining professional support.

The Joint Development Foundation created a much-streamlined alternative to setting up a traditional standards-setting activity. We created a standardized set of formation documents and procedures that allow the collaborators to choose from a predefined set of licensing terms. 

JDF took this expensive multi-month process and replaced it with a “check-the-box” approach that has already enabled over 13 communities like Open Manufacturing Platform, GraphQL, and Trust Over IP to get up and running quickly, and allowing these communities to create technologies with worldwide impact.

For these projects, the JDF shortened the process of creating a new standards project from many months to as quickly as a few days and removed much of the ongoing legal overhead of creating a new non-profit company to host the project.  

And while JDF has streamlined the creation of new standards organizations by providing a “standards organization in a box,” sometimes an even lighter-weight approach is desired. Today, the JDF is pleased to announce its latest innovation, the Community Specification.  

The Community Specification is the next step in reducing the friction of standards development.  By incorporating the Community Specification materials into a Git-based repository, communities can now start a standards development effort as quickly as an open source project, using proven standards-based best practices for governance and intellectual property. And it’s free. The Community Specification provides a “standards-organization-in-a-repo.” All you have to do is clone or copy the Community Specifications repository, fill in a few details, and get started.

JDF takes its inspiration from the developer community. We know the ultimate consumer of a specification is the implementer, and implementers are by and large developers. So it is no accident that the Community Specification relies on Git-based repositories like GitHub and GitLab as its platform for creating new standards. 

The tools that are natively available for managing contributions in a Git-based repository via an open and inclusive process are based on best practices from standards and open source development models. To make this process attractive to developers, we have adopted a single set of agreements for technical contributions, source code, governance, code of conduct, patents, and copyright. 

The Community Specification will allow communities to employ a fast and easy way to start a specification development process using software development-style tools and workflows that they already know. 

Conclusion

The new Community Specification process allows contributors to start a specification collaboration with a simple set of licenses and procedures at no cost. The Community specification is efficient and runs using tools and approaches that lower the administrative burden on the organizers and ensures contribution integrity. The project can run as a repository-based collaboration or as a legal entity under JDF, depending on the project’s needs. 

From this starting point, the collaborative can move seamlessly into a more structured JDF project that allows the project to scale up the support services to allow for broader member participation, collections of membership dues, test events, and marketing services. As part of the Joint Development ecosystem, the projects may also enjoy the benefits of being part of the world’s largest developer ecosystem at the Linux Foundation.  

In the ultimate expression of a standard’s success, the project may apply to submit the specification to JTC1/ISO/IEC through the JDF PAS submitter program, which allows the specification to reach national standards bodies worldwide.  

The Community Specification can dramatically reduce the time developers spend on building and meeting spec requirements and ensure important work is not lost and time is not wasted. By democratizing the specification build process, developers have more time to innovate and build the technologies that differentiate their work from others. 

We invite interested projects and people with great ideas to benefit from an organized collaboration platform to reach out to the Joint Development Foundation. 

Access Community Specifications

The post Accelerating Open Standards development with Community Specifications appeared first on The Linux Foundation.

Linux Foundation interview with NASA Astronaut Christina Koch

Sat, 06/27/2020 - 00:00

Jason Perlow, Editorial Director at the Linux Foundation, had a chance to speak with NASA astronaut Christina Koch. This year, she completed a record-breaking 328 days at the International Space Station for the longest single spaceflight by a woman and participated in the first all-female spacewalk with fellow NASA astronaut Jessica Meir. Christina gave a keynote at the OpenJS Foundation’s flagship event, OpenJS World, on June 24, 2020, where she shared more on how open source JavaScript and web technologies are being used in space. This post can also be found on the OpenJS Foundation blog.

JP: You spent nearly a year in space on the ISS, and you dealt with isolation from your friends and family, having spent time only with your crewmates. It’s been about three months for most of us isolating at home because of the COVID-19 pandemic. We haven’t been trained to deal with these types of things — regular folks like us don’t usually live in arctic habitats or space stations. What is your advice for people dealing with these quarantine-type situations for such long periods? 

CK: Well, I can sympathize, and it can be a difficult challenge even for astronauts, and it can be hard to work through and come up with strategies for. For me, the #1 thing was making sure I was in charge of the framework I used to view the situation. I flipped it around and instead about thinking about all the things I was missing out on and the things that I didn’t have available to me, I tried to focus on the unique things that I did have, that I would never have again, that I would miss one day. 

So every time I heard that thought in my head, that “I just wish I could…” whatever, I would immediately replace it with “this one thing I am experiencing I will never have again, and it is unique”. 

So the advice I have offered since the very beginning of the stay at home situation has been finding that thing about our current situation that you truly love that you’ll know you will miss. Recognize what you know is unique about this era, whether it is big, or small — whether it is philosophical or just a little part of your day — and just continually focus on that. The biggest challenge is we don’t know when this is going to be over, so we can quickly get into a mindset where we are continually replaying into our heads “when is this going to be over? I just want to <blank>” and we can get ourselves into a hole. If you are in charge of the narrative, and then flip it, that can really help.

I have to say that we are all experiencing quarantine fatigue. Even when it may have been fun and unique in the beginning — obviously, nobody wanted to be here, and nobody hopes we are in this situation going forward, but there are ways we can deal with it and find the silver lining. Right now, the challenge is staying vigilant, some of us have discovered those strategies that work, but some of us are just tired of working at them, continually having to be our best selves and bringing it every day. 

So you need to recommit to those strategies, but sometimes you need to switch it up — halfway through my mission, I changed every bit of external media that was available to me. We have folks that will uplink our favorite TV shows, podcasts, books and magazines, and other entertainment sources. I got rid of everything I had been watching and listening to and started fresh with a new palette. It kind of rejuvenated me and reminded me that there were new things I could feast my mind on and unique sensory experiences I could have. Maybe that is something you can do to keep it fresh and recommit to those strategies. 

JP: I am stuck at home here, in Florida, with my wife. When you were up in the ISS, you were alone, with just a couple of your crewmates. Were you always professional and never fought with each other, or did you occasionally have spats about little things?

CK: Oh my goodness, there were always little spats that could affect our productivity if we allowed it. I can relate on so many levels. Being on the ISS for eleven months, with a lot of the same people in a row, not only working side-by-side but also socializing on the weekends, and during meals at the end of the day. I can relate because my husband and I were apart for almost two years if you take into account my training in Russia, and then my flight. Of course, now, we are together 24 hours a day, and we are both fortunate enough that we can work from home. 

It is a tough situation, but at NASA, we all draw from a skill set called Expeditionary Behavior. It’s a fancy phrase to help us identify and avoid conflict situations and get out of those situations if we find ourselves in them. Those are things like communication — which I know we should all be doing our best at, as well as group living. But there are other things NASA brought up in our training are self-care, team care, leadership, and particularly, followership. Often, we talk about leadership as an essential quality, but we forget that followership and supporting a leader are also very important. That is important in any relationship, whether it is a family, a marriage, helping the other people on your team, even if it is an idea that they are carrying through that is for the betterment of the whole community or something like that. The self-care and team care are really about recognizing when people on your team or in your household may need support, knowing when you need that support, and being OK with asking for it and being clear about what needs you may have.

A common thread among all those lines is supporting each other. One way, in my opinion, the easiest way to get yourself out of feeling sorry for whatever situation you might be in is to think about the situation everyone else is in and what they might need. Asking someone else, “Hey, how are you doing today, what can I do for you?” is another way to switch that focus. It helped me on my mission, and it is helping me at home in quarantine and recognizing that it is not always easy. If you are finding that you have to try hard and dig deep to use some of these strategies, you are not alone — that is what takes right now. But you can do it, and you can get through it.

JP: I have heard that being in the arctic is not unlike being on another planet. How did that experience help you prepare for being in space, and potentially places such as the moon or even mars?

CK: I do think it is similar in a lot of ways. One, because of the landscape. It’s completely barren, very stark, and it is inhospitable. It gives us this environment to live where we have to remember that we are vulnerable, and we have to find ways to remain productive and not be preoccupied with that notion when doing our work. Just like on the space station, you can feel quite at home, wearing your polo shirt and Velcro pants, going about your day, and not recognizing that right outside that shell that you are in is the vacuum of space, and at any second, things could take a turn for the worse. 

In Antarctica and some of the Arctic areas that were very isolated, should you have a medical emergency, it can often be harder to evacuate or work on a person in those situations than even working on the ISS. At the ISS, you can undock and get back to earth in a matter of hours. At the south pole, weather conditions could prevent you from getting a medevac for weeks. In both situations, you have to develop strategies not to be preoccupied with the environmental concerns but still be vigilant to respond to them should something happen. That was something I took away from that experience — ways to not think about that too much and to rely on your training should those situations arise. And then, of course, all the other things that living in isolation gives us.

The one thing that I found in that realm is something called sensory underload. And this is what your mind goes through when you see all the same people and faces, you keep staring at the same walls, you’ve tasted all the same food, and you’ve smelled all the same smells for so long. Your brain hasn’t been able to process something new for so long that it affects how we think and how we go about the world. In these situations, we might have to foster new sensory inputs and new situations and new things to process. NASA is looking into a lot of those things like reality augmentation for long-duration spaceflight, but in situations like the Arctic and Antarctic, even bringing in a care package, just to have new things in your environment can be so important when you are experiencing sensory underload. 

JP: The younger people reading this interview might be interested in becoming an astronaut someday. What should the current, or next generation — the Gen Y’s, the Gen Z’s — be thinking about doing today — to pursue a career as an astronaut? 

CK: I cannot wait to see what that generation does. Already they have been so impressive and so creative. The advice I have is to follow your passions. But in particular, what that means is to take that path that allows you to be your best self and contribute in the maximum possible way. The story I like to tell is that when I was in high school, I was a true space geek, and I went to space camp, and there we learned all the things you need to do to become an astronaut. 

There was a class on it, and they had a whiteboard with a checklist of what you should do — so everyone around me who wanted to be an astronaut was just scribbling this stuff down. And at that moment, I realized if I were ever to become an astronaut, I would want it to be because I pursued the things that I was naturally drawn to and passionate about, and hopefully, naturally good at. If one day that shaped me into someone who could contribute as an astronaut, only then would I become truly worthy of becoming one. So I waited until I felt I could make that case to apply to become an astronaut, and it led me to this role of focusing on the idea of contributing. 

The good news about following a path like that is even if you don’t end up achieving the exact dream that you may have. Whether that’s to become an astronaut or something else that may be very difficult to achieve, you’ve done what you’ve loved along the way, which guarantees that you will be successful and fulfilled. And that is the goal. Eyes on the prize, but make sure you are following the path that is right for you.

JP: Some feel that human-crewed spaceflight is an expensive endeavor when we have extremely pressing issues to deal with on Earth — climate change, the population explosion, feeding the planet, and recent problems such as the Coronavirus. What can we learn from space exploration that could potentially solve these issues at home on terra firma?

CK: It is a huge concern, in terms of resource allocation, so many things that are important also warrant our attention. And I think that your question, what can we learn from space exploration, is so important and there are countless examples — the Coronavirus, to start. NASA is studying how the immune system functions at a fundamental level for humans by the changes that occur in a microgravity environment. We’re studying climate change — numerous explorations, on the space station and other areas of NASA. Exploration is enabled by discovery and by technological advances. Where those take us, we can’t even determine. The camera in your smartphone or in your tablet was enabled by NASA technology. 

There are countless practical examples, but to me, the real answer is bigger than all of that — and what it can show us is what can be accomplished when we work together on a common goal and a shared purpose. There are examples of us overcoming things on a global scale in the past that seemed insurmountable at the beginning, such as battling the hole in the ozone layer. When that first came out, we had to study it, we had to come up with mitigation strategies, and they had to be adopted by the world, even when people were pointing out the potential economic drawbacks to dealing with it. 

But the problem was more significant than that, and we all got together, and we solved it. So looking towards what we can do when we work together with a unified purpose is really what NASA does for us on an even bigger scale. We talk about how exploration and looking into space is uplifting — I consider it to be uplifting for all across the spectrum. There are so many ways we can uplift people from all backgrounds. We can provide them with the tools to have what they need to reach their full potential, but then what? What is across that goal line? It is bigger things that inspire them to be their best, and that is how NASA can be uplifting for everyone, in achieving the big goals.

JP: So recently, NASA resumed human-crewed spaceflight using a commercial launch vehicle, the SpaceX Crew Dragon capsule. Do you feel that the commercialization of space is inevitable? Is the heavy lifting of the future going to come from commercial platforms such as SpaceX, Boeing, et cetera for the foreseeable future? And is the astronaut program always going to be a government-sponsored entity, or will we see private astronauts? And what other opportunities do you see in the private sector for startups to partner with NASA?

CK: For sure. I think that we are already seeing that the commercial aspect is playing out now, and it’s entirely a positive thing for me. You asked about private astronauts — there are already private astronauts training with a company, doing it at NASA through a partnership, and having a contract to fly on a SpaceX vehicle to the ISS through some new ways we are commercializing Low Earth Orbit. That’s already happening, and everyone I know is excited about it. I think anyone with curiosity, anyone who can carry dreams and hopes into space, and bring something back to Earth is welcome in the program.

I think that the model that NASA has been using for the last ten years to bring in commercial entities is ideal. We are looking to the next deeper set, going back to the moon, and then applying those technologies to go on to Mars. At the same time, we sort of foster and turn over the things we’ve already explored, such as Low Earth Orbit and bringing astronauts to and from the space station to foster a commercial space industry. To me, that strategy is perfect; a government organization can conduct that work that may not have that private motivation or the commercial incentives. Once it is incubated, then it is passed on, and that is when you see the commercial startups coming. 

The future is bright for commercialization in space, and I think that bringing in innovation that can happen when you pass off something to an entirely new set of designers is one of the most exciting aspects of this. One of the neat examples of that is SpaceX and their spacesuits — I heard that they did not consult with who we at NASA use as our spacesuit experts that have worked with us in the past. I think that is probably because they did not want to be biased by legacy hardware and legacy ways of doing things. They wanted to re-invent it from the start, to ensure that every aspect was re-thought and reengineered and done in a potentially new way. When you’ve been owners of that legacy hardware that’s difficult to do — especially in such a risky field and in a place where something tried and true has such a great magnetic draw. So, to break through the innovation barrier, bringing commercial partners onboard is so exciting and important.

JP: Let’s get to the Linux Foundation’s core audience here, developers. You were an engineer, and you used to program. What do you think the role of developers is in space exploration?

CK: Well, it cannot be understated. When I was in the space industry before becoming an astronaut, I was a developer of instrumentation for space probes. I built the little science gadgets and was typically involved in the sensor front-end, the intersection of the detectors’ physics and the electronics of the readouts. But that necessitated a lot of the testing, and it was fundamentals testing. Most of the programming I did was building up the GUIs for all the tests that we needed to run, and the I/O to talk to the instruments, to learn what it was telling us, to make sure it could function in a wide variety of environmental states and different inputs that it was expected to see, once it eventually got into space. 

That was just my aspect — and then there is all the processing of the data. If you think about astronomy, there is so much we know about the universe through different telescopes, space-based and ground-based, and one of the things we do is anticoincidence detection. We had to come up with algorithms that detect only the kind of particles or on wavelengths that we want to identify, and not the ones that deposit energy in different ways that we are trying to study. Even just the algorithms to suss out that tiny aspect of what those kinds of X-Ray detectors on those telescopes do, is entirely software-intensive. Some of it is actual firmware because it has to happen so quickly, in billionths of a second, but basically, the software enables the entire industry, whether it is the adaptive optics that allow us to see clearly, or the post-processing, or even just the algorithms we use to refine and do the R&D, it’s everywhere, and it is ubiquitous. The first GUIs I ever wrote were on a Linux system using basic open source stuff to talk to our instruments. As far as I know, there is no single person who can walk into any job at NASA and have no programming experience. It’s everywhere.

JP: Speaking of programming and debugging, I saw a video of you floating around in the server room on the ISS, which to me looked like a bunch of ThinkPad laptops taped to a bulkhead and sort of jury-rigged networked there. What’s it like to debug technical problems in space with computer systems and dealing with various technical challenges? It’s not like you can call Geek Squad, and they are going to show up in a van and fix your server if something breaks. What do you do up there?

CK: That is exactly right, although there is only one thing that is inaccurate about that statement — those Lenovos are Velcroed to the wall, not taped (laugh). We rely on the experts on the ground as astronauts. Interestingly, for the most part, just like an IT department, just like at any enterprise, the experts, for the most part, can remotely login to our computers, even though they are in space. That still happens. But if one of the servers is completely dead, they call on us to intercede, we’ve had to re-image drives, and do hardware swaps.

JP: OK, a serious question, a religious matter. Are you a Mac or a PC user, an iOS or an Android user, and are you a cat or a dog person? These are crucial questions; you could lose your whole audience if you answer this the wrong way, so be careful.

CK: I am terrified right now! So the first one I get to sidestep because I have both a Mac and a PC. I am fluent in both. The second — Android all the way. And as the third, I thought I was a cat person, but since I got my dog Sadie, I am a dog person. We don’t know what breed she is since she is from the Humane Society and is a rescue, so we call her an LBD — a Little Brown Dog. She is a little sweetheart, and I missed her quite a bit on my mission.

JP: Outside of being an astronaut, I have heard you have already started to poke around GitHub, for your nieces and nephews. Are there any particular projects you are interested in? Any programming languages or tools you might want to learn or explore?

CK: Definitely. Well, I want to learn Python because it is really popular, and it would help out with my Raspberry Pi projects. The app that I am writing right now in Android Studio, which I consulted on with my 4-year-old niece, who wanted a journal app. I’m not telling anyone my username on GitHub because I am too embarrassed about what a terrible coder I am. I wouldn’t want anyone to see it, but it will be uploaded there. Her brother wants the app too, so that necessitated the version control. It’s just for fun, for now, having missed that technical aspect from my last job. I do have some development boards, and I do have various home projects and stuff like that.

JP: In your keynote, you mentioned that the crew’s favorite activity in space is pizza night. What is your favorite food or cuisine, and is there anything that you wished you could eat in space that you can’t?

CK: My favorite food or cuisine on Earth is something you can’t have in space, sushi, or poke, all the fresh seafood type things that I got introduced to from living in American Samoa and visiting Hawaii and places like that, I missed those. All the food we have in space is rehydrated, or from MREs, so it doesn’t have a lot of texture, it has to have the consistency of like mac and cheese or something like that. So what I really missed is chips — especially chips and salsa. Because anything crunchy is going to crumble up is going to go everywhere. So we don’t have anything crunchy. Unfortunately, I have eaten enough to have made up for without chips and salsa since I was back. 

JP: Thank you very much, Christina, for your time and insights! Great interview.

Watch Christina’s full OpenJS World keynote here:

The post Linux Foundation interview with NASA Astronaut Christina Koch appeared first on The Linux Foundation.

The MLflow Project Joins Linux Foundation

Fri, 06/26/2020 - 00:00

First End-to-End Machine Learning Platform Is Embraced by the Community with over 2 Million Downloads Per Month and over 200 Contributors in Only 2 Years

San Francisco, JUNE 25, 2020 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced that MLflow, an open source machine learning (ML) platform created by Databricks, will join the Linux Foundation. Since its introduction at Spark + AI Summit two years ago, MLflow has experienced impressive community engagement from over 200 contributors and is downloaded more than 2 million times per month, with a 4x annual growth rate in downloads. The Linux Foundation provides a vendor neutral home with an open governance model to broaden adoption and contributions to the MLflow project even further.

“The steady increase in community engagement shows the commitment data teams have to building the machine learning platform of the future. The rate of adoption demonstrates the need for an open source approach to standardizing the machine learning lifecycle,” said Michael Dolan, VP of Strategic Programs at the Linux Foundation. “Our experience in working with the largest open source projects in the world shows that an open governance model allows for faster innovation and adoption through broad industry contribution and consensus building.”

Databricks created MLflow in response to the complicated process of ML model development. Traditionally, the process to build, train, tune, deploy, and manage machine models was extremely difficult for data scientists and developers. Unlike traditional software development that is only concerned with versions of code, ML models need to also track versions of data sets, model parameters, and algorithms, which creates an exponentially larger set of variables to track and manage. In addition, ML is very iterative and relies on close collaboration between data teams and application teams. MLflow keeps this process from becoming overwhelming by providing a platform to manage the end-to-end ML development lifecycle from data preparation to production deployment, including experiment tracking, packaging code into reproducible runs, and model sharing and collaboration.

Matei Zaharia, the original creator of Apache Spark and creator of MLflow, shared the news with the data community during his keynote presentation today at Spark + AI Summit. “MLflow has become the open source standard for machine learning platforms because of the community of contributors, which consists of hundreds of engineers from over a hundred companies. Machine learning is transforming all major industries and driving billions of decisions in retail, finance, and health care. Our move to contribute MLflow to the Linux Foundation is an invitation to the machine learning community to  incorporate the best practices for ML engineering into a standard platform that is open, collaborative, and end-to-end.“

Organizations are presenting their experience with MLflow at Spark+ AI Summit, including Starbucks, Exxonmobil, T-Mobile and Accenture. New features that continue to simplify MLflow and the ML lifecycle are also being announced today, including autologging for experiments, and enhanced model management and deployment in the MLflow model registry.

Spark + AI Summit is taking place virtually this week, offering free registration and access to keynotes, sessions and industry forums on-demand. Register and learn more about MLflow or visit MLflow.org.

 

About The Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

Media Contacts
Jennifer Cloer
ReTHINKitMedia
jennifer@rethinkitmedia.com
503-867-2304

The post The MLflow Project Joins Linux Foundation appeared first on The Linux Foundation.

The Zephyr Project Marks Critical Milestones for Security and Product-Ready Maturity

Fri, 06/26/2020 - 00:00

Zephyr also Welcomes Laird Connectivity and teenage engineering to its Open Source RTOS Ecosystem

SAN FRANCISCO, June 25, 2020 The Zephyr Project, an open source project at the Linux Foundation that builds a safe, secure and flexible real-time operating system (RTOS) for the Internet of Things (IoT) in space-constrained devices, announces continued momentum by marking critical milestones for security and product-ready maturity.

Earlier this year, the NCC Group, a global expert in cyber security and risk mitigation, notified the Zephyr Project of a number of security issues found as part of their independent research into the security posture of Zephyr. The research, which was driven by growing interest from their clients, found Zephyr to be a mature, and a highly active and growing project with increasing market share. The May 2020 report outlines the issues discovered in detail and acknowledges the proactive work of the Zephyr Project Security Committee to fix these issues and follow-up on recommendations of the report.  Priority fixes have been backported into Zephyr’s Long Term Support (LTS) and a maintenance release published. Learn more about Zephyr’s security assessment and response in this blog.

“The Zephyr Project brings together a community of experts to participate on all aspects of the solution, from the standards to adopt, policies and processes to follow, and methodologies for build, test, maintenance, distribution and incident response,” said Joel Stapleton, Zephyr Project Governing Board Chair and Technical Product Manager at Nordic Semiconductor. “Our aim is to make a solution that developers can trust for the lifecycle of their products. This third party research and our security team’s swift and proactive response to the vulnerabilities is the strength of open source and a testament to this community.”

The Zephyr community of more than 700 contributors recently launched the Zephyr 2.3.0 release. The 2.3.0 release includes integration with the Trusted Firmware M open source Trusted Execution Environment framework, which implements Arm’s Platform Security Architecture specification. Zephyr has long included support for Arm’s TrustZone hardware, including being able to target the secure side of the firmware, but by adding integration with the standard Trusted Firmware M project, it now also offers the option to combine TF-M and Zephyr to create a PSA-certified solution. Learn more about Zephyr 2.3.0 in this blog.

Product Makers Need Security

The Zephyr RTOS is unique as it is vendor-neutral, with a scope from multi-architecture board support packages, to cloud connectivity for IoT products. Several high-profile products have leveraged Zephyr including Intellinium Safety Shoes, ProGlove and HereO Core Box.

In fact, during this pandemic, Zephyr community members are doing their best to help find solutions to various challenges. For example, Adafruit has volunteered to make Personal Protection Equipment (PPE) and other medical devices. The Phytec Distance Tracker, which features Nordic Semiconductor technology, Bluetooth Low Energy (BLE), Ultra-wideband (UWB) and Zephyr RTOS, tracks distance measurement between two or more people. With this product, businesses will be able to help employees maintain and track the 6-feet distance between others.

As a sign of commitment to developers like these, the Zephyr Project created a form that will notify product makers, who are not currently members, of vulnerabilities that may impact their products during the embargo window. Zephyr Project members receive this information already. To learn more about Zephyr’s commitment to product makers or to sign up for the notifications, click here.

A Growing IoT Ecosystem

Today, the Zephyr Project welcomes Laird Connectivity and teenage engineering to its growing IoT ecosystem. The new members join Adafruit, Antmicro, Eclipse Foundation, Foundries.io, Intel, Linaro, Nordic Semiconductor, NXP®, Oticon, SiFive, Synopsys, Texas Instruments and more to create an open hardware and software ecosystem using the Zephyr OS.

“Developers have many options when it comes to selecting an RTOS for embedded microcontrollers, but the Zephyr Project is one of the fastest growing open-source and broadly contributed RTOS projects of its kind,” said Jonathan Kaye, Senior Director, Product Management at Laird Connectivity.  “Joining the Zephyr Project allows Laird Connectivity to deliver more design flexibility than ever across our wireless modules, IoT Devices and Gateways. Our customers can leverage community support, better device security, high performance in resource-light environments, and license-free use for commercial applications. And by using one shared platform, they can build a highly reusable code base that rapidly accelerates their IoT development with Laird Connectivity products.”

“teenage engineering is developing embedded products in a wide range of complexity: from single core Cortex-M0 to multicore and multiprocessor systems with totals of up to 5 different mcu’s from various vendors,” said David Eriksson Head of Hardware at teenage engineering. “Our goal is to build the perfect multi-chip system where we capture what each breed of processor does best and allow them to work together in harmony. With Zephyr, we can develop anywhere. We make sure that code can run on host as well as device, and that interconnectivity is platform agnostic allowing a mix of real hardware and desktop emulation. We prefer to develop with open tools, so Zephyr is really the only sane choice for an RTOS where it is possible to achieve true transparency on all layers of the stack. We are happy to become members of The Linux Foundation and the Zephyr Project and to take part in shaping and influencing the future of embedded systems.”

In April, Zephyr celebrated 40,000 commits on Github and has now completed more than 41,000 to date with support for more than 200 boards.

Open Source Summit

The Zephyr Project will be present at the Linux Foundation’s Open Source Summit Virtual event on June 29-July 2. Several members will be giving presentations that include Zephyr including a keynote by Kate Stewart about open source in safety critical applications on July 1 at 9 am CST. Additional talks will be given by Zephyr project members from the Eclipse Foundation, Intel and Linaro. Learn more here.

Additionally, on July 2 from 2-3:30 pm, Zephyr will host a Mini-Summit that will offer an overview to the RTOS, introduction to west, how Bluetooth works with Zephyr and insight into security, safety certification and a product use case. Registration is free for OSS + ELC attendees. Learn more here.

To learn more about Zephyr RTOS, visit the Zephyr website and blog.

About the Zephyr Project

The Zephyr Project is a small, scalable real-time operating system for use on resource-constrained systems supporting multiple architectures. To learn more, please visit www.zephyrproject.org.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The post The Zephyr Project Marks Critical Milestones for Security and Product-Ready Maturity appeared first on The Linux Foundation.

Open Mainframe Project Announces Major Technical Milestone with Zowe’s Long Term Support Release

Thu, 06/25/2020 - 07:32

  • The LTS Release and Zowe V1 Conformance Program supports product stability, security and interoperability
  • Open Mainframe Project continues momentum with two new global members and new COBOL resources
  • Open Mainframe Project will have sessions at the Open Source Summit on June 29-July 2

SAN FRANCISCO, June 24, 2020 – The Open Mainframe Project (OMP) announced today that Zowe, an open source software framework for the mainframe that strengthens integration with modern enterprise applications, marks a major technical milestone with the first Long Term Support (LTS) release. The Zowe LTS release will offer vendors and customers product stability, security, interoperability as well as easy installation and upgrades.

OMP launched Zowe, the first-ever open source project based on z/OS, in 2018 to serve as an integration platform for the next generation of   administration, management and development tools on z/OS mainframes.  The Zowe framework uses the latest web technologies among products and solutions from multiple vendors. Zowe enables developers to use   familiar, industry-standard, open source tools to access mainframe resources and services.

“Mainframes are the foundation of businesses in every industry,” said John Mertic, Director of Program Management for the Linux Foundation and Open Mainframe Project. “Zowe continues to evolve rapidly due to numerous contributions from the open source community. The LTS release is our first major step into longevity and security that will offer innovative possibilities for the next generation of products and solutions.”

Benefits of the Zowe LTS release include:

  • Stability: Organizations can confidently adopt the technology for enterprise use and upgrade when appropriate for their environment, minimizing the risk of disruption
  • Interoperability: Zowe consumers can be assured LTS-conformant extensions have adapted to and support LTS features
  • Longevity: Zowe is designed for years of use and plans are in place for continued updates and support
  • Ease of Use: Mainframe System Administrators can use standard z/OS processes to install and upgrade Zowe z/OS components including SMP/E, Unix Shell Scripts, and z/OSMF workflows
  • Smaller Footprint: The updated install process leverages standard z/OS technology. In addition to being more intuitive, by eliminating optional services at install time the process lowers the number of configuration changes required for software updates and reduces the complexity of the Zowe footprint

The Zowe Conformance Program is Updated with LTS Guidelines

Aimed to build a vendor-neutral ecosystem around Zowe, Open Mainframe Project’s Zowe Conformance Program launched last year.  The program has helped Open Mainframe Project members such as Broadcom, IBM, Phoenix Software and Rocket Software incorporate Zowe with new and existing products that enable integration of mainframe applications and data across the enterprise. To date, more than 28 products have implemented extensions based on the Zowe framework and earned these members conformance badges.

“The extensible nature of Zowe offers an infinite number of pluggable products, processes and services,” said Leonard J Santalucia, Chair of the Open Mainframe Governing Board and CTO of Vicom Infinity.  “Extenders can creatively address business challenges with their own service APIs, web applications or drive product actions from off-platform using a command line plug-in. Consumers of these extensions need the same assurance that they are stable, reliable, interoperable, and consistent with core Zowe. The updated Zowe Conformance Program does just that.”

“When it comes to mission critical software, end users want to know that it will behave as expected, period,” said David Stokes, senior director engineering, Mainframe Division, Broadcom. “Achieving Zowe Conformant status for our products provides our customers with the assurance that they can expect smooth compatibility and a superior overall user experience from the extensions they adopt. As a major contributor to the program, Broadcom fully embraces the customer value that conformance delivers as a priority for all of our open and commercial Zowe extensions.”

“Rocket Software, as original authors and contributors to Zowe’s mainframe virtual desktop, is uniquely positioned to leverage the Zowe Application Framework for developing new virtual desktop products,” said Milan Shetti, President, Z Systems Business Unit, Rocket Software. “Rocket® is excited to see the Zowe Conformance Program taken to the next level as part of the broader effort to get Zowe ready for production deployment and drive Zowe adoption. Rocket has more Zowe plug-ins in the pipeline for 2020 as we develop a portfolio of apps for the virtual desktop.”

Each vendor follows the Testing Guidelines to ensure their offering is aligned with the conformance standards. For the LTS release, each extensible component’s test criteria was modified to allow exploitation of the new Zowe LTS capabilities. Applications that satisfy the new testing criteria requirements will earn a Zowe “V1” conformance badge as soon as they submit for / are approved for V1.

New products or solutions recently accepted into the updated Zowe Conformance Program include:

  • CA SYSVIEW® PERFORMANCE MANAGEMENT
  • CA File Master Plus
  • CA JCLCheck Workload Automation
  • CA Endevor® Bridge for Git
  • IBM RSE API Plug-in for Zowe CLI v1.0.0

The Open Mainframe Project hosted a Zowe LTS Release webinar earlier this month that shares more details. To watch the webinar on-demand, click here.

Open Mainframe Project Momentum Continues

Hosted by The Linux Foundation, the Open Mainframe Project is comprised of business and academic leaders within the mainframe community that collaborate to develop shared tool sets and resources. Today, the project welcomes YADRO, the largest technology vendor in Russia with full-cycle in-house R&D, manufacturing and services, and SOFTWARE ENGINEERING GmbH, providing strong Db2 z/OS solutions for more than 40 years.

“International technology collaboration and global partnerships are the core drivers in the YADRO strategy,” said Anna Egorova, Chief Delivery Officer for YADRO. “In this journey, we contribute significantly to the development and support of open source technologies and communities. The Open Mainframe Project ecosystem is perfect to leverage our hardware expertise and knowledge of local customers’ needs along with the resources available worldwide through the project community.”

“As experts in the mainframe industry continue to evolve, there is still time to modernize the mainframe and join forces with 3rd party vendors to work out a unified framework that merges proven and latest technology,” said Ulf Heinrich, Managing Director of SOFTWARE ENGINEERING GmbH. “With ZOWE being the very first open source project on z/OS designed to make the mainframe an agile, integrated platform. The common UI for senior mainframe staff and the new workforce will simplify the architecture and reduce the operational costs. For SOFTWARE ENGINEERING GmbH, Zowe is THE  ecosystem addressing everything from application developers, system programmers, DBA’s and DevOps architects.”

Last year, the number of projects that are hosted under the Open Mainframe Project doubled and include ADE, Ambitus, ATOM, Feilong, Mentorship, Polycephaly, TerseDecompress, Zorow. This year, the momentum continues with resources and a new project for COBOL.

In April, Open Mainframe Project announced several COBOL resources in response to the desperate call for help from government officials. The project followed this up with the availability of a COBOL Training Course that offers introductory-level COBOL materials with Microsoft’s Visual Studio Code editor (VS Code). The free COBOL Training Course educates those developers or students who would like to learn COBOL skills with VS Code and extensions. These materials provide an overview of the language with hands-on labs. The course has already gained lots of traction with more than 100,000 views and 27,000 unique visitors.

Open Mainframe Project will host a booth and several sessions at the Linux Foundation’s Open Source Summit + Embedded Linux Conference virtual event on June 29-July 2 and a Mini-Summit on July 2 from 2-3:30 pm. The Mini-Summit is free to OSS + ELC attendees. To register, click here. Learn more about the OMP sessions here.

Additional Resources:

About the Open Mainframe Project

The Open Mainframe Project is intended to serve as a focal point for deployment and use of Linux and Open Source in a mainframe computing environment. With a vision of Open Source on the Mainframe as the standard for enterprise class systems and applications, the project’s mission is to Build community and adoption of Open Source on the mainframe by eliminating barriers to Open Source adoption on the mainframe, demonstrating value of the mainframe on technical and business levels, and strengthening collaboration points and resources for the community to thrive. Learn more about the project at https://www.openmainframeproject.org.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

The post Open Mainframe Project Announces Major Technical Milestone with Zowe’s Long Term Support Release appeared first on The Linux Foundation.

ELISA Project Momentum Continues

Thu, 06/18/2020 - 21:54
Community growth and engagement, coupled with new member support, offers additional approaches for assessing safety in applications using Linux.

 

SAN FRANCISCO, June 18, 2020 – As ELISA (Enabling Linux in Safety Applications) nears its year and a half anniversary, the project continues to hit key milestones showing its value for delivering foundational support for safety-critical applications.   ELISA, formed in February 2019 and a hosted project of the Linux Foundation, aims to create a shared set of tools and processes to help companies build and certify Linux-based safety-critical applications and systems whose failure could result in loss of human life, significant property damage, or environmental damage. 

As Linux continues to be a key component in safety applications, autonomous vehicles, medical devices, and even rockets, ELISA will make it easier for companies to build and expand these safety-critical systems. As a show of support for this business-critical initiative, several new members have joined the ELISA project. New members include Premier Member Intel/Mobileye, General Members ADIT, Elektrobit, Mentor, SiFive, Suzuki, Wind River and Associate Members Automotive Grade Linux and Technical University of Applied Sciences Regensburg. 

“Since forming ELISA, we’ve had incredible support from members and the community. As we near 18 months as a project, we’ve agreed on a strategy for partitioning the problem into manageable pieces, and have working groups making progress towards approaches to bridge between the linux and safety standards communities and are looking forward to continuing the path we’ve been on,” said Kate Stewart, Senior Director of Strategic Programs, The Linux Foundation. “We are encouraged by broad participation, as demonstrated by our nine new members, including Intel, as well as very active working groups. These kinds of activities are indicators of achieving the critical mass needed to establish a widely discussed and accepted methodology.”

“Intel and Mobileye see the Linux Operating system as an important player in the functional safety software ecosystem,” said Simone Fabris, ELISA Governing Board member and senior director of system safety at Mobileye, an Intel Company.  “The impact and skills of the open source community will be harnessed through the ELISA project to increase the safety integrity of future embedded systems while, at the same time, contributing to a better quality, reduction of development costs and speed up the delivery of complex functional safety systems across multiple industry domains including autonomous driving and avionics.”

“Linux has evolved ever since its inception to run on devices small and large while serving the needs of a wide spectrum of technology, from an elevator to a supercomputer,” said Shuah Khan, ELISA Technical Steering Committee Member and Linux Foundation Fellow. “Each of these evolutions requires identifying what is needed and what is missing in the existing code base and enhancing existing features and adding new ones. ELISA project’s mission is to evolve Linux to serve an emerging and important safety-critical space that spans medical devices, civil infrastructure, caregiving robots, automotives, and others.”

In addition to incredible member growth, ELISA has established several work groups to further the crucial work of the cross-industry project and its work toward advancing open source in safety-critical systems. These groups include Kernel Development Process,  Safety Architecture, Medical Devices and is now forming an Automotive working group.

Community members will have the chance to learn more about this important work during the Linux Foundation’s Open Source Summit North America where Kate Stewart, Senior Director of Strategic Programs, The Linux Foundation, is set to give a keynote speech, “Keynote: Open Source in Safety Critical Applications: The End Game.” For the first time, this event will also include an Open Source Dependability track. See the full schedule for Open Source Summit North America taking place virtually from June 29, 2020 to July 2, 2020.

In addition, ELISA will continue to hold regular workshops to discuss approaches to solving the missing pieces and better tooling. Listen to previous workshops and get notified of upcoming events at https://elisa.tech/news/.

New Member Quotes

ADIT, a joint venture of Robert Bosch GmbH and DENSO Corporation

“Having followed ELISA since May 2019 and having participated in all workshops so far, I am excited to see the recent increase of interest in the field of Automotive and Linux; the core competence of ADIT. The enthusiastic collaboration between functional safety participants combined with the recent excellent contributions from Linux experts are adding the value and momentum needed to enable Linux in safety applications and to make ELISA a success story”, said Philipp Ahmann, manager at ADIT, a joint venture of Robert Bosch GmbH and DENSO Corporation.

Automotive Grade Linux 

“Functional safety is an increasingly important topic for Automotive Grade Linux as we expand into Instrument Cluster and eventually into Autonomous Vehicle solutions”, said Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation. “With the support of eleven car manufacturers and over 150 companies, we look forward to collaborating with ELISA Project and help drive the requirements from an automotive perspective.”

Elektrobit

“The research done in the ELISA project defines the future of enabling Linux for functional safety applications,” said Martin Schleicher, Executive Vice President Business Management, Elektrobit. “Vehicles are clearly products with special sensitivity.  EB is pleased to be part of this exciting project and looks forward to contributing its broad experience in automotive software and functional safety expertise to drive the development of mission critical automotive software.”

Mentor, a Siemens business

“The ELISA project enables Safety and Linux experts to work hand in hand on the future topics in using Linux in safety-related systems. Under the umbrella of the Linux Foundation the organizational frame allows constructive discussions about the main challenges for ‘making Linux safe,’” said Michael Ziganek, General Manager, Automotive Business Unit, Mentor, a Siemens business. “For us as Mentor, a Siemens business, being part of ELISA is an accelerator to have more customized technology offerings for our customers regarding our automotive software solutions, especially to integrate and maintain Linux in safety-critical systems.”

Technical University of Applied Sciences Regensburg

“After closely, but informally collaborating with the ELISA project via research, student and development projects, we are excited about joining ELISA as an associate member! Combining the industrial experience and insights of the world leaders in safety-critical Linux systems with the group’s research portfolio will bring marked benefits to both, industrial and academic communities, who are still too often at a distance from one another,” says Prof. Dr. Wolfgang Mauerer, head of the digitalization laboratory at OTH Regensburg.

Wind River

“Companies in all sectors will greatly benefit from the ELISA project’s goal of advancing open source to building and certifying Linux-based safety-critical applications and systems. When stakes are high and failure is not an option, it is vital for the ecosystem to work together to make safety a priority. Wind River has a long history in Linux and mission-critical systems and we look forward to contributing in order to help the ELISA project advance Linux for safety-critical applications,” said Gareth Noyes, senior vice president, Products, Wind River.

About ELISA

ELISA, Enabling Linux in Safety Applications, is an open source project hosted by the Linux Foundation. ELISA’s goal is to create a shared set of tools and processes to help companies build and certify Linux-based safety-critical applications and systems whose failure could result in loss of human life, significant property damage or environmental damage. Building off the work being done by SIL2LinuxMP project and Real-Time Linux project, ELISA will make it easier for companies to build safety-critical systems such as robotic devices, medical devices, smart factories, transportation systems and autonomous driving using Linux. Founding members of ELISA include Arm, BMW Car IT GmbH, KUKA, Linutronix, and Toyota.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

# # #

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

The post ELISA Project Momentum Continues appeared first on The Linux Foundation.

Linux Foundation & Harvard Announce Free/Libre and Open Source Software (FOSS) Contributor Survey

Thu, 06/18/2020 - 21:00
“Open source software is everywhere. Now, more than ever, we need to get a better understanding of it to help make it even more secure.” – David A. Wheeler, Director of Open Source Supply Chain Security, Linux Foundation

In 2020, given the wide proliferation of Free/Libre and Open Source Software (FOSS), we aim to identify how to improve security, including the sustainability of the FOSS ecosystem, especially the FOSS systems heavily relied upon by organizations worldwide.

To do this, the Linux Foundation’s Core Infrastructure Initiative (CII) and the Laboratory for Innovation Science at Harvard (LISH) have developed a survey for contributors to FOSS. If you contribute to FOSS, we would love for you to participate in our study. This voluntary survey takes around 15-20 minutes to complete and allows you to advocate for the FOSS projects you care about. 

Please participate now; we intend to close the survey in early August. In appreciation of your participation, we would like to offer our participants the option to have your name included in the overall results. If you opt to be attributed in the final report, you will still have the opportunity to keep your detailed survey responses confidential.

The CII takes a collaborative, pre-emptive approach for strengthening cybersecurity by improving open-source software security. We aim to support, protect, and fortify open software, especially software, critical to the global information infrastructure. We take a holistic view of security; we include security risks in critical projects that are inadequately sustained or vulnerable to supply chain attacks. We intend to use this survey information to help guide this approach.

To take the FOSS Contributor Survey, click the button below:

Take the CII 2020 FOSS Contributor Survey

The post Linux Foundation & Harvard Announce Free/Libre and Open Source Software (FOSS) Contributor Survey appeared first on The Linux Foundation.

Why CII best practices gold badges are important

Wed, 06/17/2020 - 21:00
“A CII Best Practices badge, especially a gold badge, shows that an OSS project has implemented a large number of good practices to keep the project sustainable, counter vulnerabilities from entering their software, and address vulnerabilities when found.” – David A. Wheeler, Director of Open Source Supply Chain Security

Open source software (OSS) is now widely used by many organizations. But with that popularity, that means the security of OSS is now more important than ever. The CII Best Practices badge project — including its top-ranked “gold” badge — helps improve that security.

In June 2020, two different projects managed to earn a gold badge: the Linux kernel and curl. Both are widely depended on, and yet in many other ways, they are radically different. The Linux kernel has a large number of developers, and as a kernel, it must directly interact with a variety of hardware. Curl has a far smaller set of developers and is a user-level application. They join other projects with gold badges, including the Zephyr kernel and the CII Best Practices badge application itself. Such radically different projects managed to earn a gold badge and thus demonstrated their commitment to security. It also shows that these criteria can be applied even to such fundamentally different programs.

But what are these badges? A Linux Foundation (LF) Core Infrastructure Initiative (CII) Best Practices badge is a way for Open Source Software (OSS) projects to show that they follow best practices. The badges let others quickly assess which projects are following best practices and are more likely to produce higher-quality secure software. It also helps OSS projects find areas where they can improve. Over 3,000 projects participate in the badging project, a number that grows daily.

There are three badge levels: passing, silver, and gold. Each level requires that the OSS project meet a set of criteria; for silver and gold that includes meeting the previous level. Each level requires effort from an OSS project, but the result is reduced risks from vulnerabilities for both projects and the organizations that use that project’s software.

The “passing” level captures what well-run OSS projects typically already do, and has 66 criteria grouped into six categories. For example, the passing level requires that the project publicly state how to report vulnerabilities to the project, that tests are added as functionality is added, and that static analysis is used to analyze software for potential problems. Getting a “passing” badge is an achievement, because while any particular criterion is met by many projects, meeting all the requirements often requires some improvements to any specific project. As of June 14, 2020, there were 3195 participating projects, and 443 had earned a passing badge.

The silver and gold level badges are intentionally more demanding. The silver badge is designed to be harder but possible for one-person projects. Here are examples of silver badge requirements (in addition to the passing requirements):

  • The project MUST have FLOSS automated test suite(s) that provide at least 80% statement coverage if there is at least one FLOSS tool that can measure this criterion in the selected language.
  • The project results MUST check all inputs from potentially untrusted sources to ensure they are valid (a whitelist) and reject invalid inputs if there are any restrictions on the data.

The gold badge adds additional requirements. Here are examples of gold badge requirements (in addition to the silver requirements):

  • The project MUST have a “bus factor” of 2 or more (a “bus factor” is the minimum number of project members that have to suddenly disappear from a project before the project stalls due to lack of knowledgeable or competent personnel).
  • The project MUST have at least 50% of all proposed modifications reviewed before release by a person other than the author.
  • The project MUST have a reproducible build. 
  • The project website, repository (if accessible via the web), and download site (if separate) MUST include key hardening headers with nonpermissive values.

Historically the LF has focused on getting projects to the passing level because projects not even at the passing level have a higher risk. But many projects are widely depended on or are especially important for security, and we love to see them earning higher-level badges.

Of course, a gold badge doesn’t mean that there are no vulnerabilities in the existing code, or that it’s impossible to improve their development processes. Perfection is rare in this life. But a CII Best Practices badge, especially a gold badge, shows that an OSS project has  implemented a large number of good practices to keep the project sustainable, counter vulnerabilities from entering their software, and address vulnerabilities when found. Projects take many such steps to earn a gold badge, and it’s a good thing to see.

We hope other projects will be inspired to pursue — and earn — a gold badge. Of course, the real goal isn’t a badge — the real goal is to make our software much more secure. But good practices can help make our software more secure, and we want to praise and encourage projects to have good practices.

For more background information on the best practices badge, see the presentation “Core Infrastructure Initiative (CII) Best Practices Badge in 2019”.

OSS projects can go to the CII Best Practices badge website to begin the process of earning a badge. If you’re considering the use of some OSS, we encourage you to check that website to see which projects have earned a badge.

Those who wish to learn more are welcome to contact David A. Wheeler, Director of Open Source Supply Chain Security at The Linux Foundation, at dwheeler AT linuxfoundation DOT org.

The post Why CII best practices gold badges are important appeared first on The Linux Foundation.

Building a sustainable open source community: training and certifications

Tue, 06/16/2020 - 23:23
Training and professional certifications are an important part of how open source technologies establish themselves as industry-leading solutions and adopted in commercial ecosystems Introduction

In an earlier piece, we discussed how, over the last 20 years, the Linux Foundation has grown from a single project, the Linux kernel, to an organization that has helped to convene and host hundreds of the world’s most important open source communities. 

The Linux Foundation’s support programs add value for our communities as they enable our projects to engage and grow a technology ecosystem worldwide.  

The Linux Foundation has over 1,600 member companies, representing 100% of the Fortune 100 tech and telecommunication firms, small businesses and startups, hundreds of end-user companies, and everything in between. It also has over 25,000 software developers contributing code, a shared investment that we estimate to be valued at $15.7B – and growing. Our hosted projects enable advancements in many technology areas and across many vertical industries, from security to networking, edge computing, cloud, automotive, blockchain, embedded systems, and web applications.

With the increased demand and adoption of open source technologies comes the desire for professionals with the skill sets to deploy, manage, and operate systems and support end-users. According to the Linux Foundation’s most recent Jobs Report, some key findings were revealed about open source employment opportunities:

Source: Linux Foundation 2018 Jobs Report

  • Hiring open source talent is a priority for 83% of hiring managers, a 7% increase from 76% in 2017. 
  • Hiring managers cited cloud (66%) as the technology most affecting their hiring decisions. Containers placed second at 57%, followed by security (49%) and networking (47%).
  • Finding the right mix of experience and skills is difficult for 87% of hiring managers. That included the 44% who rated it very difficult, a percentage that leaped from 34% in 2017.
  • Thirty percent of respondents working in open source technologies improved their ability to work on exciting projects, collaborate with a global community (19%), and work on the most cutting-edge technology challenges (16%). 

This report will be updated this autumn, and early indications show that these trends are accelerating given current market conditions.

The Linux Foundation provides a complete portfolio of support programs for training and certification, which align with the technologies that its communities develop. The support programs currently focus on eight primary domain areas:

  • Linux Internals
  • Open Source Developer Compliance
  • Systems Administration
  • Security 
  • Networking/Edge Computing
  • Cloud
  • Web Development
  • Blockchain

These programs are co-developed with the communities, and we add programs all the time as communities request support. 

Why training and certification are critical for open source communities

The Linux Foundation’s communities request support for training and certification because it creates a cadre of professionals that can implement solutions using their collaboratively developed technologies, with demonstrated expertise. Additionally, without trained and certified professionals, these technologies will face challenges achieving or scaling both industry adoption and commercial ecosystems supporting them. Having end-users adopt the technology, and commercial solution and support providers also provide a pipeline of future contributors back to the project’s codebase. As the open source technology is deployed, it gets tested, bugs are found, new features are requested, and all that feedback cycles its way into the upstream project, sustaining and making the project better for everyone dependent on its continued success.

For many open source projects, to gain adoption and generate a commercial support ecosystem, they will ultimately need to have training and certification programs. While this may sound similar to how other professional communities have matured and have become validated for developer and engineering certifications for commercial clouds and proprietary software systems, there are some important distinctions as to why a commitment to developing training and certification for open source technologies is critical to their long-term success.

The open source community works more organically and cyclically, which necessitates that a cadre of expertise is built for it not just to be deployed (as the commercial training and ecosystem have worked historically over the past 40 years) but also as part of its continuing development and for it and all of its participants to thrive. 

An open source software community develops software, and it gets deployed by professionals. Those professionals often eventually move on to different organizations and implement the same software. Those organizations will ultimately need more people to support deployments and write applications to extend and customize the software. These organizations also need system administration professionals and cloud providers to support solutions based on these open source software systems.

Why should communities create training and certification programs with the Linux Foundation? 

Straight from the source, and integrated into how communities are built and run. As the home of Linux and other major open source technologies, nobody is closer to these projects than The Linux Foundation itself — its training programs are uniquely integrated with our communities and projects. We understand how to align instruction with a community development model. Training is one of the support pillars that also enable the developers and engineers to focus on the open source project’s development and leave educating users and implementers of the code to the Linux Foundation’s training team. 

Accelerating community growth through free training. Thanks to our members’ support of the Linux Foundation and its projects, we are often able to provide free training courses from our communities. Free training is one of the fastest ways to bring more people into our open source communities as they learn, test, deploy and support solutions based on the open source technology, as they usually come back to offer suggestions, feedback, and fixes.

Vendor-neutral courseware. The Linux Foundation is a nonprofit organization and does not promote any particular commercial product, solution, or service.

Excess funds received go back to the project community. Although the Linux Foundation keeps pricing affordable and frequently offers further discounts, the overall program does generate a surplus. Since we are a nonprofit, the surplus is invested back into the open source community in a variety of ways: we provide scholarships to deserving individuals to become trained and certified at no cost, and the Foundation supports projects that are important to the world but do not receive individual or corporate financial support. Surplus funding is also used for linux.com as well as other digital assets and key initiatives such as CommunityBridge. 

Up-to-date Curriculum. Linux Foundation courses are current with the most recent version of the software or technology. As the host of many of the most critical open source projects that are continually changing, the Linux Foundation is in an excellent position to find experts and ensure the materials are maintained and updated alongside the project’s evolution. Additionally, enrolled students receive access to the latest course versions at no additional cost.

Current and cutting-edge technologies. The Linux Foundation hosts the fastest-growing and most influential open source projects and is the first to release courses about them. 

Expert instruction. The Linux Foundation’s courses are created and taught by some of the top developers and practitioners in open source, with decades of collective open source experience behind their belts and a deep familiarity with our open source communities.

Relevant material. The Linux Foundation’s courses are created using feedback from its massive community of open source practitioners and companies. Students can be confident that the topics they are learning are applicable in today’s business environment. Companies and organizations can integrate certifications in their hiring search and evaluations to find professionals with qualified skills.

Conclusion

With the most popular open source projects receiving upwards of 90% of their code from commercial companies, they are continually seeking trained people with the skills to deploy, support, and operate the open source technology. With Linux Foundation training, in most cases being free to access, our communities can efficiently train a vast ecosystem of people with skills companies are seeking to employ. The online delivery of our courses also makes our training accessible to people from low-income regions around the world, where access to training can provide a considerable boost to their career prospects.

Enterprises especially value certifications as evidence that employees are qualified and have demonstrated their expertise in a particular technology. Enterprises also want to train their existing employees on new technologies in an organized, efficient manner, which professional training courses can provide.

Offering training and certification is one of the best ways to scale any growing open source project community. For a project to continue growing and get more contributors involved, the community will need individuals to be able to gain an understanding of the project in a relatively quick and straightforward way. Our organized training curriculum was designed to fill this expertise gap.

The Linux Foundation’s training and certification offerings, combined with its community-organized events, provides a well rounded and neutral path to build skills and enable people to contribute back to its projects, sustaining their efforts into the future. 

The post Building a sustainable open source community: training and certifications appeared first on The Linux Foundation.

Linux kernel earns CII best practices gold badge

Sat, 06/13/2020 - 01:25

All: I want to formally congratulate the Linux kernel project for earning a gold badge!! You can see their details here:

https://bestpractices.coreinfrastructure.org/en/projects/34

The Linux kernel has been close for a while. The final one they completed was to add some HTTP hardening headers to key websites.

Of course, a gold badge doesn’t mean that there are no vulnerabilities, or that it’s impossible to improve their development processes. Perfection is rare in this life. But it *does* mean that they’ve implemented a large number of good practices to keep the project sustainable, to counter vulnerabilities from entering their software, and to address vulnerabilities when they are found. The Linux kernel project takes many steps to do this, and it’s good to see.

The Linux kernel joins some of the few other gold applications, such as the Zephyr project, who have been at gold for a while. You can see the current gold holders here:

https://bestpractices.coreinfrastructure.org/en/projects?gteq=300

My thanks to Greg Kroah-Hartman, who spearheaded getting the badge “over the finish line.” Thank you for your effort.

I hope that this result will help inspire other projects to pursue — and earn — a gold badge. Of course, the real goal isn’t a badge — the real goal is to make our software much more secure. But I think it’s clear that good practices can help make our software more secure, and we want to praise & encourage projects to have good practices.

David A. Wheeler

Director of Open Source Supply Chain Security, The Linux Foundation

The post Linux kernel earns CII best practices gold badge appeared first on The Linux Foundation.

Linux Foundation Support for the Black Community

Tue, 06/09/2020 - 01:32

The Linux Foundation and its communities stand in solidarity voicing support for the Black community. The system under which we operate requires change to make justice and equality a reality. We support the individuals and organizations offering solutions for such changes, and we will be planning how we can support change as well.

We are proud (and privileged) to work with communities and members that support our initiatives and reflect the same values. We have collected statements from across our communities that voice this collective support.

Statement from Arpit Joshipura, General Manager of Networking, IoT and Edge (LF Networking and LF Edge)

Members,

We at LFN and LF Edge are disheartened by the current situation of injustice, hate, and division we are seeing and believe recent actions are the opposite of our values. LFN and LF Edge are global umbrella organizations based on diversity, collaboration, mutual understanding, and respect. It is the essence of the very community building we engage in professionally.

The Linux Foundation has long stood for inclusion and open participation and has supported individuals and collective communities in our knowledge that diversity is a strength. We will continue to promote those values and do more.

Finally and most importantly, this is a time for most of us to listen, to listen to the experiences of our members who experience racism in their personal and professional lives. This is not a time to be defensive; this is a time to hear about experiences of our fellow members. We at LFN and LF Edge are here to listen. If you would like to have a discussion about this topic, please send me a note as well.

Statement from Kate Stewart, Sr. Director of Strategic Programs (Zephyr Project)

Dear Zephyr Project Community

When we started the Zephyr project, one of the goals was to come up with a solution to a very fragmented ecosystem for applications where Linux was just too big. Thanks to you, we have been succeeding, step by incremental step. We are focused on the common goal of building the best RTOS in the landscape while establishing a diverse and inclusive community. And while we may not always agree with each other in all details, one of the things that stands out for me is we’re all willing to listen to each other.

As we watch the news, the events in the U.S. over inequality and the ongoing COVID-19 pandemic, it’s hard to figure out how we can make a difference as individuals and as a larger group. Injustice, division, and isolation are causing harm in our society, and the effects are touching every single one of us. We’ve seen Zephyr members and our community start creating solutions to help with COVID-19, and it would be wonderful if the same creativity can be focused on the wider diversity problems as well.

While I don’t have the answers here, I do see this as a moment for us to listen and build from. We must seek to understand the enormous injustice and pain that results from inequality and isolation. Please take the time to engage on this topic with your families, friends, local and global communities, and use the creativity I see being demonstrated every day by the Zephyr community to help us come up with ideas for change.

If you would like to have a discussion about this topic, please send me a note as well.

Above all, let us continue to be examples within our broader and local communities, while staying engaged so that we can be a part of a larger change for the better.

Statement from John Mertic, Director (Open Mainframe)

We are all disheartened by the current issues in the US brought to the forefront of the news. Injustice and division are causing harm in our society, and the effects are touching every single one of us. I’ve personally seen the effects of this amongst my immediate family and close friends, which saddens me deeply. This is the opposite of our values as humans and my hope is that this brings the conversation of diversity to the forefront.

The Open Mainframe Project, along with The Linux Foundation, is an organization based on collaboration and mutual understanding. It is the essence of the very community-building we engage in professionally. All of us are stronger than one of us and diverse communities have always driven greater outcomes.

Our strength over the past decades has been the community’s desire to continue its legacy well past our lifetime. The only way to achieve this is by emphasising the focus on diversity – and events like what we’ve seen unfold nationwide illustrate how far we still need to go.

While I don’t have the answers here, I do see this as a moment for us to listen. We must seek to understand the enormous injustice and pain that results from inequality in our society. Please take the time to engage on this topic with your families, friends, local and global communities.

If you would like to have a discussion about this topic, please send me a note as well.

Above all, let us continue to be examples within our broader and local communities, while staying engaged so that we can be part of a larger change for the better.

We’ve decided to postpone the Node.js Security Working Group AMA this week. We’ll share a new date soon. In pressing pause we want to express our support to our entire community, and especially those facing racial inequity.

— OpenJS Foundation (@openjsf) June 1, 2020

The Power of Together. We Stand For Justice. #BlackLivesMatter pic.twitter.com/p4WpaCQqM6

— Continuous Delivery Foundation (@CDeliveryFdn) June 3, 2020

The power of together. We stand for justice.

Support the movement: https://t.co/UXGrBru8Sn pic.twitter.com/uEEWuiDWvA

— LF Energy Foundation (@LFE_Foundation) June 2, 2020

We stand in solidarity with the Black community.
Racism is unacceptable.
It conflicts with the core values of the Kubernetes project and our community does not tolerate it.#BlackLivesMatter https://t.co/AUNfkB3WOe

— Kubernetes (@kubernetesio) June 5, 2020

pic.twitter.com/3drrFjwOnL

— Cloud Foundry (@cloudfoundry) June 2, 2020

Racism is unacceptable, is incompatible with the Helm project goals, and has no place in our open source community. #BlackLivesMatter https://t.co/lJ8D1KP9Io

— Helm (@HelmPack) June 4, 2020

To our Black, Indigenous, and People of Color members of the @Linkerd community: just know that you are welcome here, you are celebrated, and we will make space for you and amplify your voices. You are a vital part of everything we’re building together. #BlackLivesMatter

— Linkerd (@Linkerd) June 3, 2020

We have changed the design of our documentation page to pay respect to George Floyd and show solidarity to the events happening in the United States right now. We ask that you consider financially supporting orgs mentioned in the banner. #BlackLivesMater #BlackOutTuesday Thanks! pic.twitter.com/TYdTssV3zk

— WebdriverIO (@webdriverio) June 2, 2020

The @webpack documentation will be temporarily down for today to pay respects to George Floyd and countless others who are the victims of police violence in the Black community and around the world. #blackoutday #BlackOutDay2020 https://t.co/FPy0JITmjs pic.twitter.com/CgSndheO4A

— webpack module bundler (@webpack) June 2, 2020

The post Linux Foundation Support for the Black Community appeared first on The Linux Foundation.

Building a successful open source community: How coordination and facilitation helps projects scale and mature

Fri, 05/29/2020 - 00:00
Why do you need program management as part of your open source project? We asked a few of the Linux Foundation’s program managers to tell us how they each approach the task. How does coordination and facilitation help improve my project? 

We tend to think of the primary goals of the Linux Foundation’s projects as producing open software, open hardware, open standards, or open data artifacts — the domain of participating programmers & engineers, system architects, and other technical contributors. 

However, successful projects engaging a broader ecosystem of commercial organizations, particularly when raising funds, benefit from active leadership besides pure technical contributions. Contributors often have work outside the project that often puts demands on their time. It takes real time to build and coordinate a commercial ecosystem, ensure stakeholders are engaged, recruiting and onboarding members, create a neutral governance culture (often amid competitors competing), and to keep various aspects of the ecosystem aligned such as when end users begin to participate.

Many Linux Foundation projects fundraise to provide resources for their community. This is an excellent benefit for the technical community when the business ecosystem comes together to invest and help the community obtain resources to build a thriving community and ecosystem. A typical fundraising model in our community is to offer an annual membership structure that provides a yearly fund for the project. 

The Linux Foundation’s approach to governance separates decisions about funds and business affairs from the technical project’s governance. The companies contributing money to a project’s fund can decide how those funds are spent and any related business decisions. The technical community can operate independently with open source best practices and continue to make decisions about what code to accept, how to build releases, etc. based on the technical merit of decisions in front of them and not based on what companies contributed funding.

We will always have representation from the technical community involved in the budget and business decisions to ensure funding decisions are well informed. This is how the Linux Foundation model preserves the development best practices of open source while enabling a community to benefit from the commercial ecosystem dependent on their work.

Guidance for your community

Within a technical project, there are roles for organizing how releases are built. Often some committers decide which code is accepted, and maintainers decide what to put into a release.  When scaling the project to create an ecosystem around it, there are other key roles and responsibilities that a project needs to stay on track and to continue to scale. These functions include:

    • Planning and Building.  Building a cohesive strategy is critical to the success of a project and requires investments in outcomes the core stakeholders want to see happen, and prioritize
    • Measuring KPIs. Tracking a project’s mission, goals, and objectives while moving those through the swim lanes is key to iterating on things that work and addressing things that don’t.
    • Facilitating. To be successful at facilitating, a coordinator must understand the landscape, and remain neutral. This can be difficult and is often the most challenging part of the job, NOT weighing in unless asked. 
    • Advising. Coordinators are a sounding board for these things with some expertise. To mature an organization, you must craft mechanisms for self-governance and sustainability.
    • Iterating and Reflecting. What happens along the way is that stakeholders in the community want to get things done — but when that happens without reflection, you lose sight of what and where you’re going. It’s essential to see the forest AND the trees, especially from an above-the-canopy view.

In the past, we have had a few communities with respected, neutral leaders who have provided these roles. The Xen Project is one example of a member of the community who has offered to perform this role for many years. There is a significant time investment from the community’s leadership to make it work, which is an excellent benefit for the community to have someone able and willing to spend their work time on this function. 

Many other projects are not able to find someone in the community to help. This is often where the Linux Foundation builds a support program to assist the projects we host that need help to obtain neutral coordination and facilitation professionals. We call the people who provide this support Program Manager (PM). PMs are often the first point of contact for community participants and potential members, and are usually involved in the following activities:

    • Program Managers help the governing and technical boards shape the project’s directions and goals. 
    • Program Managers will work with a project’s technical leadership to understand their technical goals. 
    • They work with the members to fill positions such as Chair and Treasurer and are involved with the voting process.
    • They ensure that both the governing and technical boards act within the agreed-upon guidelines of the project’s charter. 
    • They help onboard new members into the project community. 
    • They will engage resources from the Foundation’s Marketing, PR, Events, and Training teams to coordinate the support programs delivered for a project.  
    • Program Managers also oversee the delivery of other support programs provided by the Foundation and any services provided by vendors or contractors.
    • Program managers will pull in the Foundation’s IT service team members for a consultative discussion on the right development infrastructure, tools, and managed IT support programs based on the project community’s needs and roadmap. 
    • Program managers actively engage in community management and help the project’s leaders coordinate meetups, developer hackfests, and participation at events.
Setting strategic goals for your community

Identifying and articulating a project’s mission is essential with an open source project as it is with any business activity. Setting concrete goals enables the participants in a project to discuss and align around a single narrative that can guide their activities and inform decisions. 

Program Managers work with the project’s membership and technical leadership to define a strategy with goals, milestones, and metrics for the project. They coordinate discussions to assist the governing board in coming to a consensus on a budget that supports the technical community’s needs and aligns with the project strategy. 

For open source, very often, the goals include maximizing a project’s footprint in order to help the most people. Goals are often articulated to a fine granular level — enabling contributors to engage more easily, growing the membership from a particular sector of the ecosystem, or increase contributions from end users. 

The CHAOSS project is a community focused on defining community metrics around engagement, risks, etc. that are often helpful to project leaders in setting and establishing goals for measurably improving their ecosystem. 

Implementing a project lifecycle for your community

Open source projects often have subprojects and various efforts to innovate on new ideas that may not be ready to be included in an official release or as their independent release. We often refer to these communities as using an “umbrella” model with several coordinated sub-projects within the community. Within an umbrella community, the projects will typically follow a lifecycle. The lifecycle generally follows a path from imagination to planning to initial execution, expansion, and eventually maintenance and eventual retirement. 

Program managers often work with the technical leadership to codify this lifecycle according to milestones so that participants in the project can immediately understand where a project stands in terms of maturity and resources. CNCF, for example, has project phases that include Sandbox, Incubation, and Graduation. OpenJS Foundation has project phases that include Incubation, At-Large, Growth, Impact, and Emeritus, which map to the needs of their community.

A project lifecycle is an essential tool for a foundation to signal the maturity of multiple projects and identify for the community what the path towards a fully mature project requires. It is both a pathway and a signal, noting that projects grow and change, and what the community thinks a project should rely on to guide itself. 

In most projects, there is an entry-level, a mid-level, and a graduate level. The entry-level projects indicate a promising start for an emerging project and something to be considered. Mid Level projects show growth and development for an audience that might consider using this project, and graduated projects indicate full maturity and a project that many in the ecosystem rely upon.

“Within the Cloud Native Computing Foundation, the various project stages have been beneficial for encouraging projects to grow, not only from a development standpoint but from a community standpoint. A project looking to graduate has to demonstrate both a strong codebase and a strong community.”

Amye Scavarda Perrin, CNCF Program Manager

Linux Foundation Networking (LFN) Program Manager Trishan De Lanerolle notes how the Technical Advisory Council plays an active role in a project’s lifecycle management:

“Linux Foundation Networking project (LFN) technical leadership (Technical Advisory Council) developed and published a model that lays out criteria and checkpoints for projects in various stages of maturity, including an LFN Entry review and evaluation for new candidate projects to the LFN umbrella. The entry process provides a mechanism to amicably and fairly assess upcoming projects. In LFN, that entails asking whether a proposed project: falls within the LFN scope, provides a snapshot into the status or health of the community, and ensures the project’s documented governance is clear, complete, and easily accessible.”

Through facilitating the work of the Strategy Subcommittee, whose primary goal is to assist the Governing Board with developing and implementing Continuous Delivery Foundation (CDF) strategic planning, Program Manager Dan Lopez was able to guide CDF toward sustainable, long-lasting strategic goals. 

“The immense value of a Program Manager lies in their ability to foster a space for progress to happen. It’s not their role to necessarily make the tough decisions, but rather be the ‘glue’ of a program, ask the tough questions, and spark inspiration and critical thinking within their stakeholder group to create, in this case, sustainable goals that will create long term value for the CDF,”

Dan was able to approach strategic planning, as a neutral party who understood the landscape of the CDF, and assist the Governing Board in creating well-aligned goals that mapped to key performance indicators that can be measured and managed over time. 

The importance of open governance in your community

The Program Manager is also a vital member of the leadership team, working collaboratively to facilitate and operationalize the wants, needs, and priorities of the governing bodies. Each Linux Foundation Program Manager works with each project community to establish a transparent, open governance model for the technical community.

In open governance, a project is managed by a group of people representing the stakeholders in a project — generally project members and leaders of the project’s technical efforts. The concept of conducting a major technical effort using an open form of governance, in which all stakeholders’ needs must be addressed, and people are required to cooperate to get work done, is founded on the basic concept of democracy. It differs from closed or proprietary governance due to the transparency and coordination required to reach consensus.

Open governance provides a balance that can never be found in a proprietary, restrictive environment — the dynamics of that activity drive creativity and innovation, and significantly increase the speed of development. Program managers and community managers often guide these processes and help keep governance bodies on track with each other.

DPDK’s Program Manager Trishan de Lanerolle discusses how his project is divided into two bodies of equal responsibility:

“DPDK is one model of open governance, with co-equal governing bodies; the Governing Board has ownership and oversight, over budget, marketing, lab resources, administrative, legal, and licensing issues, and a Technical Board with ownership and oversight on technical issues including approval of new sub-projects, deprecating old sub-projects, the project’s technical roadmap, recruiting maintainers, defining the processes for contributing, testing, and managing security. The Technical Board comprises individuals from various organizations, that are not necessarily corporate members of the project, recognized for their technical contributions. The governing board comprises representatives from member organizations, who financially support the project, working hand in hand to make the project mission a reality.” 

Other projects, such as LF Energy, take a somewhat different path towards how their governance is structured. 

LF Energy represents an example of open, representative governance within a rapidly growing open source foundation. LF Energy has a board of directors, like most foundations, made up of Premier members, and includes a representative from the General members and a representative from the Technical Advisory Council (TAC), which is made up of technical project leaders. No single company has more than one representative on the board, which provides corporate as well as cultural diversity and voices from all over the industry, not just focused on one niche. 

The Linux Foundation’s neutral program management support program can help

Active program management and program management support is one of the main reasons why open source projects join an organization like the Linux Foundation. Our program management professionals provide a unique set of operational skills and capabilities that nearly all of our projects take advantage of — which is to offload operational and facilitation work from the community. 

In summary, a successful project should have community coordination and program managers that can plan and build, that can measure a project’s performance, that can act as prime facilitators and advise, and can help project stakeholders iterate and reflect to learn from their experiences in order to move a project forward.

“Managing Open source projects can be compared to nurturing a young sapling as it grows into a mature, healthy tree — or in this case, a community. Our job is to supply it with the right balance of nutrients and conditions for successful growth. Following proven governance models with strategic program management, helps increase the odds of nurturing a healthy community. Program Managers help clear the path, allowing communities to focus on the code and achieving technical goals. We are horticulturalists, toiling away in the background, and if we are doing our job correctly, you shouldn’t notice us.” 

Trishan de Lanerolle, Technical Program Manager & Community Architect, LF Networking

The post Building a successful open source community: How coordination and facilitation helps projects scale and mature appeared first on The Linux Foundation.

EdgeX Foundry Hits Major Milestone with 5 Million+ Container Downloads and a New Release that Simplifies Deployment for AI, Data Analytics and Digital Transformation

Thu, 05/21/2020 - 22:52

  • EdgeX’s sixth release (Geneva) offers more scalable and secure solutions to move more data faster from multiple edge devices to cloud, enterprise and on-premises applications.
  • As one of LF Edge’s Stage 3 Projects, EdgeX Foundry is seeing increased community growth and adoption and deployments.
  • New LF Edge project Open Horizon is building an integration project that will demonstrate automated delivery and lifecycle management of EdgeX Foundry as a containerized application.

SAN FRANCISCOMay 21, 2020EdgeX Foundry, a project under the LF Edge umbrella organization within the Linux Foundation that aims to establish an open, interoperable framework for IoT edge computing independent of connectivity protocol, hardware, operating system, applications or cloud, today announced a major milestone of hitting 5 million container downloads and the availability of its “Geneva” release. This release offers more robust security, optimized analytics, and secure connectivity for multiple devices.

“EdgeX Foundry is committed to developing an open IoT platform for edge-related applications and shows no signs of slowing down the momentum,” said Arpit Joshipura, general manager, Networking, Edge and IoT, the Linux Foundation. “As one of the Stage 3 projects under LF Edge, EdgeX Foundry is a clear example of how member collaboration and diversity are the keys to creating an interoperable open source framework across IoT, Enterprise, Cloud and Telco Edge.”

Launched in April 2017, and now part of the LF Edge umbrella, EdgeX Foundry is an open source, loosely-coupled microservices framework that provides the choice to plug and play from a growing ecosystem of available third-party offerings or to augment proprietary innovations. With a focus on the IoT Edge, EdgeX simplifies the process to design, develop and deploy solutions across industrial, enterprise, and consumer applications.

Currently, there are more than 170 unique contributors to the project and EdgeX Foundry averages one million container downloads a month, with a total of 5 million reached last month, and rising.

“The massive volume of devices coming online represents a huge opportunity for innovation and is making edge computing a necessity,” said Keith Steele, EdgeX Foundry Chair of the Technical Steering Committee. “With at least 50% of data being stored, processed and analyzed at the edge we need an open, cloud-native edge ecosystem enabled by EdgeX to minimize reinvention and facilitate building and deploying distributed, interoperable applications from the edge to the cloud. In 3 short years, EdgeX has achieved incredible global momentum and is now being designed into IOT systems and product roadmaps.”

The Geneva Release

As the sixth release in the EdgeX Foundry roadmap, Geneva offers simplified deployment, optimized analytics, secure connectivity for multiple devices and more robust security. Key features include:

  • Automate on-boarding: simplify, scale and quicken connection of devices by allowing automatic provisioning of devices
  • Improved Performance: A new rules engine that is written in Go for faster performance, a smaller footprint and more memory
  • Connectivity: Improved bandwidth utilization and efficiency through use of new batch and send capabilities provided in the App Functions SDK
  • Secure Authentication: Store and use/authenticate secrets to connect with cloud providers
  • Testing: New integration and backward compatibility testing along with enhanced security and blackbox testing

EdgeX Foundry works closely with several of the other LF Edge projects such as Akraino Edge Stack and new project Open Horizon. During this release cycle, EdgeX was made to work under the Akraino Edge Lightweight IOT (ELIOT) Blueprint and tested under the Akraino Community Lab.

Launched last month, Open Horizon is a platform for managing the service software lifecycle of containerized workloads and related machine learning assets. Open Horizon is building an integration project that will demonstrate delivery and management of EdgeX Foundry as a containerized solution in stages, beginning with a single deployable unit and then progressing to a more modular set of services and alternate delivery targets.

Support from Contributing Members and Users of EdgeX Foundry:

“To further enhance use in production environments, EdgeX Foundry’s Geneva release brings simplified deployments and improved security,” said Tony Espy, Technical Architect at Canonical. “With EdgeX available as a snap, this aligns to the fundamentals of snaps’ core principles which allow developers to benefit from confinement and transactional updates to ensure deployments are secure and with minimal need for manual intervention. As the EdgeX ecosystem continues to see strong traction, we look forward to continuing our contribution to building an open, interoperable framework for edge computing.”

“EdgeX Foundry’s middleware solution is an important component of an open, vendor-neutral pipeline connecting IoT devices and their data to analytics and data management at the on-premise edge,” said Joe Pearson, Engineering Strategy & Innovation Leader, Edge Computing, IBM. “This latest release underscores the importance of working within LF Edge to encourage interoperability as we build a comprehensive open edge computing framework, beginning with Open Horizon.”

“With the evolution of IoT and edge computing, there is a growing realization to deploy and run compute engines near the data source in a truly globally distributed manner. This architecture requires running intelligent AI-based functionality at the edge while processing a significant amount of data at high-throughput and low latency on small form-factor devices,” said Yiftach Shoolman, CTO and co-founder at Redis Labs. “EdgeX Foundry with Redis as the primary data store provides an open-source data platform to meet these expectations by combining in-memory data processing with modern data-models, and can be extended with a serverless engine and AI-serving platform.”

Additional resources:

For more information about LF Edge and its projects, visit https://www.lfedge.org/

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

 ###

The post EdgeX Foundry Hits Major Milestone with 5 Million+ Container Downloads and a New Release that Simplifies Deployment for AI, Data Analytics and Digital Transformation appeared first on The Linux Foundation.

Linux Foundation Newsletter: May 2020

Sat, 05/16/2020 - 02:29



The post Linux Foundation Newsletter: May 2020 appeared first on The Linux Foundation.

Joint Development Foundation recognized as an ISO/IEC JTC 1 PAS submitter and submits OpenChain for international review

Tue, 05/12/2020 - 23:05
In its role as an ISO PAS submitter, JDF and LF now can move from idea to code, to standard, to an internationally recognized standard, vastly improving the reach and availability of the technologies created by our amazing communities. Introduction

This week, we are proud to announce that the Joint Development Foundation (JDF), which became part of the Linux Foundation family in 2019, has been accepted as an ISO/IEC JTC 1 PAS (“Publicly Available Specification”) Submitter. The OpenChain Specification is the first specification submitted for JTC 1 review and recognition as an international standard. 

The JDF was formed to simplify the process of creating new technical specification collaboration efforts.  Standards and specifications are vitally important for the creation or advancement of new technologies, ensuring that the resulting products are well defined, provide predictable performance and that different implementations can interoperate with one another.  

Why the Linux Foundation cares about standards

The Linux Foundation itself was formed out of the merger of the Free Standards Group, which maintained the LSB (“Linux Standards Base”) and the Open Source Development Labs. Open standards and open source software have been part of the mission from the very beginning.

Standards play a role in everyone’s life. Think about the things you touch every day, as simple as a power plug, the USB connector on your phone or laptop, or the WiFi that you use in your business and your home to connect your mobile devices wirelessly. All of these devices need to be able to interoperate with each other.

A pragmatic and sensible approach to solving interoperability issues would be to create open source software projects everyone can use. However, there are cases where open source software alone will not solve all the implementation challenges that open standards can achieve. 

Open source software in and of itself may not solve particular situations where there will be many implementations in many different device or delivery models (e.g., video codecs or 3D printer designs with many software design tools and many hardware printers and scanners). Still, in other cases, that fragmentation is due to different device capabilities, implementation details, or limitations that open source software cannot resolve alone.

The design and capacities of many things are defined by industry stakeholders as a standard so that every plug and device is interoperable and capable of the same connectivity.  Every country in the world has its own national standards bodies that define the standards it deems necessary, from power transmission, radio spectrum, food safety, and others.

Not all standards bodies are national standards bodies, with standards organizations coming in many shapes and sizes. Many standards are developed by industry-specific organizations that have a common set of technical objectives and are seeking a common set of use cases, a shared set of key design and performance criteria, and a common test specification to ensure interoperability.  

For the Linux Foundation, our collaborations can range in size from small to large, but their impact can extend internationally. There is not a Linux kernel per country or an Open Container Initiative specification per country, and so on. The world is dependent on our communities.

Like Linux Foundation source code projects, JDF standards and specification development projects can range from small, industry-specific efforts, to large multi-industry collaborations. And it is the JDF’’s goal to serve these various communities.  By obtaining PAS status, JDF can help specification and standards communities ranging from the smallest collaborations through to international standardization.   

How Open Standards differ from Open Source projects

Open standards are best defined as specifications made available to the public, which are developed and maintained via an inclusive, collaborative, transparent, and consensus-driven process. Open standards facilitate interoperability and data exchange among different products or services and are intended for widespread adoption.

Open source software is defined by the OSI’s Open Source Definition. In practice, we generally care more about communities that form to work on open source software in a public, transparent collaboration where the code evolves over time to address new use cases, features, requirements, and gaps.  

Sustainable open source software communities also see continuous improvements as bugs and security issues are identified and fixed. Open source code is typically created as a collaborative effort in which programmers improve upon the code and often share the changes among the programming community for such projects. At a high level, open source licenses allow users the freedom to use, modify, and distribute the source code without requiring any further permission.

So, for example, software such as the Linux kernel is open source software in an open community, whereas the IETF curates open standards that enable the world to connect through an open Internet.

Another excellent example of how standards come into play across different hardware and software platforms are web servers. There are many web server platforms, both open source, and proprietary — such as Apache’s and Microsoft’s IIS. Some are optimized for speed, others for large deployments, some for low power devices, and for other applications. But as long as they can all speak HTTP (and other standards), they can still all communicate across the spectrum of devices.

The process of creating standards

Standards bodies are usually formed by industry stakeholders to support the activities needed to develop a specific solution to a common problem. The resulting solution is generally referred to as a specification, a blueprint for building an implementation of a solution to the problem. In some cases, the same group may also create an open source implementation, but the implementation will be specific to a set of use cases and requirements.

A standards body is the legal organization often created to provide a neutral home to the collaboration, including financial and legal support, guardrails against antitrust issues, managing copyrights and other intellectual property terms that might bear on the specification. Many will say the most important role of a standards body is to provide a neutral governance model that enables inclusive participation from all parties, where no one organization controls the specification.

The challenges in creating specifications

For something as crucial as a specification, the process of creating a specification setting body can be complicated.  

And even when the participants are aligned, the devil is always in the details. The negotiations to establish a new standards organization often involves hundreds of hours of lawyer time and a method of negotiating the nuances of the working rules and the license terms for copyrights, patents, and trademarks related to the effort.  The entire process can take many months — and it’s a requisite precursor in most cases to the technical contributors getting started. So before anyone knows what the output will be, or if it will even work, many organizations collectively invest thousands to millions of dollars on months of negotiations that delay the start.

Once the mass negotiation is done, the legal entity needs to file for non-profit status, set up bank accounts, set up accounting, finance, and HR operations, collect fees from its members, and file its taxes, just like a commercial company. These activities need to occur even if all the initiating organizations are 100% aligned on the need for the specification. Once that is all done, the engineers can get together to develop a specification, often a year after the initial idea was created.

The JDF was founded to make the entire process of forming a new standards body faster, and remove the negotiations. The JDF has created a set of default terms that reflect industry best practices and proven widely accepted legal terms.  By providing a choice of pre-existing, industry-accepted terms, JDF replaces custom negotiation with a “check the box” model. This model adopts best practices while giving flexibility through a few commonly known choices to the founders about essential terms such as copyright, intellectual property licensing, source code licensing, and governance structures.  It also allows JDF projects to be customized to meet the needs of the community, without resorting to time-consuming line-by-line negotiations.  

And once those terms are in place, the new project is formed as an entity under the non-profit JDF.  In combination with world-class operational support programs, a new project can get started in a matter of days, with resources ready to go, rather than the months to the years-long process required to form a traditional standards body. The cost of this effort is so low that a specification project can be established without any funding needed for the creation or ongoing entity management.

In essence, the JDF provides a “standards organization in a box.” Just pick a few menu options, give the effort a name and off you go creating specifications. 

The net impact of the JDF process means that companies with the need to collaborate can form the project, define the technical scope and begin inviting engineers to contribute to the project in a matter of days with minimal friction.

Internationally recognized standards through the ISO/IEC JTC 1 PAS process

One method of recognizing international standards is via the ISO/IEC JTC 1 PAS (Publicly Available Specification) Process. Once accepted through this process, the specification is recognized as an international standard. 

ISO is an independent, non-governmental international organization with a membership of 164 national standards bodies, and its standards are among the most universally recognized and accepted throughout the world.  

The IEC (International Electrotechnical Commission) is the world’s leading organization for the preparation and publication of International Standards for all electrical, electronic, and related technologies. 

ISO and IEC joined together to create ISO/IEC JTC 1, which is the international group dedicated to developing worldwide Information and Technology (ICT) standards. JTC 1 has been responsible for many key IT standards — including video compression technology and programming languages, among many others.

The Publicly Available Specification (“PAS”) process was created by a collaboration between ISO/IEC JTC 1 to allow for transposition of technical specifications from recognized standards bodies, which will enable them to become an ISO/IEC recognized standard. 

PAS Submitters must first be approved after a review of an extensive set of criteria by the external standards bodies. Once approved, a PAS Submitter may put forward some of its specifications (the publicly available specifications, PAS) to JTC 1 for national body approval and thereby international recognition. 

And once ISO/IEC JTC 1 approves a PAS submission, it becomes an international standard.

The JDF’s acceptance as a PAS Submitter is vital to the industry because it reduces friction on the path from great ideas, to well-formed technical specifications, to international recognition of the best of those specifications. JDF has the responsibility for ensuring that the process of creating the specifications is rigorous, inclusive, and conforms to the quality standards set by ISO/IEC JTC 1. The benefit of having a professionally managed standards organization like JDF is that we help ensure those requirements are met.  

And it also means that JDF provides a capability that few other organizations can — a path for communities to start from a small collaboration and grow to become an international standard.  

Understanding the OpenChain specification, our first PAS submission

The OpenChain Specification identifies the key requirements of a quality open source compliance program. It is intended to foster a software supply chain where open source is delivered with trusted and consistent compliance information. It provides a clear way to achieve effective management of open source for software supply chain participants, such that the requirements and associated collateral are developed collaboratively and openly by representatives from the software supply chain, open source community, and academia.

“The OpenChain Project is a clear example of cooperative development to share a common challenge,” says Shane Coughlan, OpenChain General Manager. “Hundreds of companies have come together, shared knowledge, and built a clear, focused industry standard based on their experience. The result is a compact but effective standard suitable for companies of all sizes in all markets.”

The OpenChain Specification has been in the market since late 2016 and has seen increasingly broad adoption to-date. The OpenChain participants include national user groups exceeding 100 participants and over 3,500 subscribers to the primary communication channel mailing list. ISO/IEC JTC 1 recognition will help to guide the evolution of the specification from de facto to de jure standard, and in the process assist procurement, sales, and other departments around the world adopt and manage OpenChain specification-related activities easily.

Conclusion

With its recognition as a PAS Submitter, JDF now provides the broadest range of support to standards communities – from small collaborations to those seeking international standards. As part of the Linux Foundation family, JDF is providing communities with new ways to collaborate.  

By affiliating with JDF, the Linux Foundation ecosystem can benefit from the support and expertise to move open source specifications into an open standards-track, that empowers engineers and developers to collaborate in the creation of a specification and standard. By using this new submissions process, they can take their standard a step further to achieve international recognition. Conversely, the importance of the JDF joining the Linux Foundation family is significant because it is in alignment with the organization’s overall goal of furthering the commitment to neutral governance and alignment of open source software and open standards. — Jim Zemlin, Executive Director, The Linux Foundation

The post Joint Development Foundation recognized as an ISO/IEC JTC 1 PAS submitter and submits OpenChain for international review appeared first on The Linux Foundation.

Joint Development Foundation Adds a Path for Formal International Standardization

Tue, 05/12/2020 - 23:00

 JDF projects now have a clear path from open source project or specification to an internationally recognized standard, OpenChain is the first submission

SAN FRANCISCO, Calif., May 12, 2020 – The Joint Development Foundation (JDF) today announced it has been formally approved as an ISO/IEC JTC 1 Publicly Available Specification (PAS) Submitter[1] and that the OpenChain specification is the first standard to be submitted. This status offers JDF’s standards development projects a path to international standardization and benefits the global business and technical ecosystem by enabling accelerated adoption of open standards and specifications.

ISO and IEC are organizations that develop and promote international standards that touch almost all aspects of daily life. ISO and IEC joined together to create ISO/IEC JTC 1, which is the international group dedicated to developing worldwide Information and Technology (ICT) standards. JTC 1 has been responsible for many important IT standards – including video compression technology and programming languages, among many others. PAS submitters like JDF play an important role in establishing international standards by submitting their specifications to JTC 1 for a vote to adopt them as ISO/IEC JTC 1 international standards. The Linux Foundation, home to JDF, is experienced in this process, having previously submitted the Linux Standard Base for adoption as ISO/IEC 23360-1:2006[2].

The JDF’s first PAS submission is for OpenChain, a specification that identifies the key requirements of an open source compliance program. It is designed to build trust between companies in the supply chain while reducing internal resource costs. The outcome is increased trust and consistency in open source software across the supply chain. International standardization will help to guide the evolution of the OpenChain Specification from de facto to de jure standard, a process that will assist procurement, sales and other departments to increasingly engage with OpenChain-related activities.

“Open source is now a mainstream means of building infrastructure and providing a platform for innovation. While open source development models focus on lowering the barriers to innovate and change, there comes a time when industries decide the next step is to agree on one approach to an issue and work together on that solution,” said Seth Newberry, executive director at Joint Development Foundation. “These de facto standards are just one step away from becoming recognized standards, and JDF provides a path to international recognition as a standard by ISO/IEC JTC 1. This is a key additional capability to further support our open project communities with a path to engage on standards with the worldwide business and industry ecosystems.”

To become a JTC 1 PAS Submitter, the Joint Development Foundation had to meet a rigorous set of criteria. It was required to demonstrate its process for developing the specifications that are neutral to all of the contributors (no one company may dominate the process); the specification must be developed with sufficient industry participation to ensure that the resulting work is representative of an industry-wide consensus, and the specification must be formed in accordance with standard PAS editing standards so that each specification is easily understood by the readers.

About the Joint Development Foundation

The Joint Development Foundation is a nonprofit organization within the Linux Foundation ecosystem that provides turnkey corporate and legal infrastructure to enable groups to quickly establish and begin working on standards and open source code development collaborations. JDF offers Linux Foundation communities and members a ‘standards in a box’ approach to advancing industry-wide transformation. JDF includes more than 250 participation companies and projects that include the Open Manufacturing Platform, GraphQL, DIF, Alliance for Open Media and more.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

 

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

 

Media Contacts
Jennifer Cloer
reTHINKit Media
jennier@rethinkitmedia.com
503-867-2304

 

[1] https://jtc1info.org/page-3/page-4/jtc-1-pas-submitters/
[2] https://www.iso.org/standard/43781.html

The post Joint Development Foundation Adds a Path for Formal International Standardization appeared first on The Linux Foundation.

SPDX 2.2 Specification Released

Fri, 05/08/2020 - 04:37

The SPDX technical community is delighted to announce that the 2.2 version of the specification has been released!  We started working on the first version of the SPDX specification 10 years ago, and it has continued to improve and evolve to support the automation of more software bill of materials information over the years.  This release incorporates a significant amount of input from our tooling and user communities to enable new use cases to be better represented.

Some of the highlights for this release include:

The project members would like to thank our recent contributors to this release, who have enriched it with their new perspectives, as well as our ongoing participants.  A full list of those who have contributed by participating in the many discussions, adding comments, and making suggestions for improvements to the SPDX specification as it’s evolved over the last 10 years can be found at the Credits page!

The post SPDX 2.2 Specification Released appeared first on The Linux Foundation.

Cross-Industry Coalition Advances Digital Trust Standards

Tue, 05/05/2020 - 18:00
Governments, nonprofits and private sectors across finance, health care, enterprise software and more team up with Linux Foundation to enhance universal security and privacy protocols for consumers and businesses in the digital era

The ToIP Foundation is being developed with global, pan-industry support from leading organizations with sector-specific expertise. Founding Steering members include Accenture, BrightHive, Cloudocracy, Continuum Loop, CULedger, Dhiway, esatus, Evernym, Finicity, Futurewei Technologies, IBM Security, IdRamp, Lumedic, Mastercard, MITRE, the Province of British Columbia and SICPA. Contributing members include DIDx, GLEIF, The Human Colossus Foundation, iRespond, kiva.org, Marist College, Northern Block, R3, Secours.io, TNO and University of Arkansas.

Businesses today are struggling to protect and manage digital assets and data, especially in an increasingly complex enterprise environment that includes the Internet of Things (IoT), Edge Computing, Artificial Intelligence and much more. This is compounding the already low consumer confidence in the use of personal data and is slowing innovation on opportunities like digital identity and the adoption of new services that can support humanity.

Without a global standard for how to ensure digital trust, these trends are bound to continue. The ToIP Foundation will use digital identity models that leverage interoperable digital wallets and credentials and the new W3C Verifiable Credentials standard to address these challenges and enable consumers, businesses and governments to better manage risk, improve digital trust and protect all forms of identity online.

“The ToIP Foundation has the promise to provide the digital trust layer that was missing in the original design of the Internet and to trigger a new era of human possibility,” said Jim Zemlin, executive director at the Linux Foundation. “The combination of open standards and protocols, pan-industry collaboration and our neutral governance structure will support this new category of digital identity and verifiable data exchange.”

The Linux Foundation’s open governance model enables the ToIP Foundation to advance a combination of technology and governance standards for digital trust in a neutral forum that supports pan-industry collaboration. An open governance model that can be integrated into the development of the standards for digital trust is essential where the business, legal and social guidelines for technology adoption impacts human trust and behavior.

The ToIP Foundation will initially host four Working Groups. The Technical Stack Working Group and the Governance Stack Working Group will focus on building out and hardening the Technical and Governance halves of the ToIP stack, respectively. The Utility Foundry Working Group and the Ecosystem Foundry Working Group will serve as communities of practice for projects that wish to collaborate on the development of ToIP utility networks or entire ToIP digital trust ecosystems.

The ToIP Foundation will host an all-digital launch event on May 7, 2020 at 9AM PDT that will feature a panel discussion, interoperability demonstration and live Q&A. Register now for the live event. A second event will be hosted for the APAC region.

For more information about the ToIP Foundation, please visit www.trustoverip.org

Steering Member Comments

Accenture

“The internet and digital technologies are a critical part of the way we engage with each other and with organizations. Accenture has a deep commitment to developing solutions to build trust, protect privacy and put control of an individual’s data squarely in their hands. The Trust over IP (ToIP) Foundation is bringing together a powerful mix of experts and doing it at the exact right time given the urgent need to encourage greater adoption and increase trust in data privacy and ownership,” said Christine Leong, managing director, global lead for Decentralized Identity & Biometrics at Accenture.

BrightHive

“Now, perhaps more than ever, networks of public and private sector organizations know the value that can be created by collaborating with one another around their combined data to create novel insights and better align their work. But they also want to collaborate in the most responsible way possible. The work of the Trust over IP Foundation will radically strengthen the infrastructure of responsible data sharing by establishing a global standard for digital trust—ensuring that the very way that data is exchanged and verified creates a much-needed layer of security, privacy and trust. BrightHive is excited by the promise of this standard, and proud to partner with the other members to help see it realized,” said Matt Gee, CEO, BrightHive.

Cloudocracy

“Trust is the foundational element of all relationships between government, organizations, and each of us as individuals. Trust at Internet-scale, serves our greater global community and is best accomplished by communities of trust ecosystems. The Trust Over IP Foundation is the next stage of enabling this journey globally. The paradigm-shifting model of decentralized, person-centric identity is likely one of the most important breakthroughs in data privacy, cyber security and unlocking business value in many years. Cloudocracy seeks to facilitate coalitions of government, supply-chains and individuals to embark on journeys to establish value-based trust ecosystems towards achieving highly secure and empowered private ecosystems and the public-private ‘Internet of Value.’ The global shift will go beyond enabling government and organizations to reduce costs, complexity and add value but will also help steer to a better compass heading in protecting individual data privacy, health and biometric information, while also reducing risks and economic impacts of cyber security data breaches,” said Will Groah, executive director, Cloudocracy.

Continuum Loop

“The leaders we work with know that trust on the Internet isn’t working. They want to start building deep trust with their customers and partners. Our clients are investing, as are we, in the Trust Over IP Foundation. We all want to make sure we are involved in building the digital trust layer that the Internet needs. The technology works – now it is about building business cases and governance,” said Darrell O’Donnell, president and CEO, Continuum Loop.

CULedger

“The credit union movement is based on the idea that trusted interactions between people connected by a common bond are the best interactions.  A self-sovereign, secure, trusted identity, like MemberPass, is essential in the world ahead, and CULedger is paving the way for credit unions and financial cooperatives worldwide to pioneer this important effort and bring this frictionless digital experience to more than 270 million credit union members.  The work developed out of the Trust over IP Foundation will be the cornerstone to facilitate these trusted interactions in the new digital age.  We are excited about the opportunity to be working with other leading organizations in support of this effort,” said John Ainsworth, president/CEO, CULedger.

Dhiway

“Dhiway is happy to join the Trust over IP (ToIP) Foundation as one of the founding members. Our strategic initiatives are designed to bring a higher degree of assurance to the exchange of data between peers, over the Internet and other digital networks. Our participation is aligned with our vision to make the world more transparent and trusted, using digital frameworks that can be universally referenced, understood and consumed.  We intend to contribute our knowledge and expertise to support the ToIP foundation in its mission to build an interoperable architecture for Internet-scale digital trust –  empowering a growing ecosystem of companies and communities to exercise control over their digital assets. It’s encouraging to see the open collaboration that has led to the formation of this Foundation, and we are humbled and thrilled to be a part of this pioneering effort,” said Satish Mohan, Founder & CTO, Dhiway.

esatus

“On our mission of enforcing information security, strong trust relationships are essential. We need them to be equally strong in the real world and online. The Trust over IP Foundation facilitates easy composition, ramp-up and maintenance of digital trust components. Conveying real-world trust online is ultimately possible at flexibility and scale. esatus enterprise solutions employ digital trust components already, making next-gen security and privacy available to its customers today. Being a founding member of the Trust over IP Foundation is a natural fit,” said Dr. André Kudra, CIO at esatus AG. 

Evernym

“Evernym believes the only way to truly solve the avalanche of trust problems on the Internet is with an open standard and open governance model that is as universal as the TCP/IP stack that created the Internet itself. We have helped build the architecture of the ToIP stack layer by layer for the past three years, including the W3C Verifiable Credentials and Decentralized Identifiers standards that are at the heart of this new model, because we believe it will unlock a new explosion of value for every person, business, community and government using digital communications. We are thrilled to help stand up the ToIP Foundation at the Linux Foundation and hope that it attracts every company and contributor who wants to build a strong and lasting trust layer for the Internet,” said Drummond Reed, chief trust officer at Evernym and co-editor of the W3C Decentralized Identifier (DID) specification.

Finicity

“The Internet has fueled incredible innovation over that past few decades. And yet it has been significantly handicapped due to a general lack of trust. As we solve the trust dilemma, we will see a rapid acceleration of innovations that will change the way we do business, connect with others and consume information and entertainment,” said Nick Thomas, president & chief scientist and innovation officer, Finicity. “Finicity looks forward to advancing digital trust standards through its participation in the Trust over IP (ToIP) Foundation.”

IBM

“In today’s digital economy, businesses and consumers need a way to be certain that data being exchanged has been sent by the rightful owner and that it will be accepted as truth by the intended recipient. Many privacy focused innovations are now being developed to solve this challenge, but there is no ‘recipe book’ for the exchange of trusted data across multiple vendor solutions,” said Dan Gisolfi, CTO, Decentralized Identity, IBM Security. “The new Trust over IP Foundation marks an evolutionary step which goes beyond standards, specs and code, with the goal of creating a community-driven playbook for establishing ‘ecosystems of trust.’ IBM believes that the next wave of innovation in identity access management will be for credential issuers and verifiers to partake in these ecosystems, where trusted relationships are built upon cryptographic proofs.”

IdRamp

“Formation of The ToIP Foundation will transform and improve how digital services operate. Traditional centralized identity systems are hinged to vast security vulnerabilities that are not sustainable in a growing digital economy. Centralized services for things like mufti-factor authentication or social login encumber user flow and unnecessarily expose sensitive information to third parties. Decentralized systems resolve these problems but struggle with interoperability and standards to accelerate mass adoption. The Trust Over IP Foundation will help formalize and simplify adoption of Trust as a basic digital utility for everyone. The TOIP stack provides the foundation for a new generation of digital identity services. These services will provide high security frictionless interaction that put the user in control of their personal data. Organizations will establish personal connections with employees and user communities that are immune to the vulnerabilities of centralized systems. Individuals will be able to connect with one another without exposing personal information to the mediators that regulate digital interactions today. This will help businesses move beyond complex identity security investments that erode the bottom line and slow innovation. Verifiable digital trust in a decentralized data economy will open a world of possibilities for all individuals and businesses. As a founding member of the ToIP foundation, IdRamp is committed to helping businesses build a new decentralized digital economy that will evolve organically from traditional centralized systems,” said Mike Vesey, CEO, IdRamp.

Lumedic

“As the first representative of the health care industry on the Steering Committee, Lumedic sees tremendous potential for the Trust over IP Foundation to contribute to health care interoperability,” said Chris Ingrao, chief operating officer of Lumedic. “In confronting the challenges raised by the COVID-19 pandemic, we’ve seen that modern technologies can make a powerful difference when paired with strong governance models. The TOIP stack ensures that the way we exchange trusted health care information meets industry needs at a global scale.”

Mastercard

“We are building a bridge to a world where a person’s identity can be verified immediately, safely and securely for use in the digital world – where now, more than ever, identity is essential for delivery of digital health, education and government services. This cannot be accomplished in isolation. We are collaborating and innovating with governments, technology companies, financial institutions and industry sectors to make this a reality. Our participation within the Trust over IP Foundation builds atop the groundwork we currently have in place to ensure industry standards to guarantee we all transact and interact in a secure, convenient and trusted manner,” said Charles Walton, senior vice president, Digital Identity, Mastercard.

MITRE

“Advances in digital technologies and the Internet have brought great convenience to our lives.  But they also present risk – the inability to verify with confidence the identity of those you are connected with leaves us vulnerable to cyberattacks, identity theft, human trafficking, and financial fraud,” said Jim Cook, vice president of Strategic Engagement and Partnerships at MITRE. “As a not-for-profit company working in the public interest with a mission to solve problems for a safer world, we at MITRE are committed to creating a digital world in which people can interact safely and with confidence.  We applaud the Linux Foundation initiative to launch the Trust over IP Foundation, and we are honored to be a founding member.  We believe real innovation is made possible through open partnership, collaboration and cooperation, and we look forward to contributing to a safer internet through the Trust over IP Stack project.”

The Province of British Columbia

“The Province of British Columbia sees our collective potential to enable global-scale digital trust. The Trust over IP Foundation will be a significant leap forward in establishing a standards-based way for individuals and businesses around the world to interact and transact in safe and secure ways over the Internet,” said Dave Nikolejsin, Deputy Minister of Energy, Mines and Petroleum Resources and Chair of the Board of Digital Identity and Authentication Council of Canada. “From our perspective, this work augments our foundational regulatory role in the economy. In the natural resources sector, we see the potential to empower companies to have a new digitally trusted means to demonstrate due diligence on environmental and social impacts of projects as they work with Indigenous peoples and government. The Province of British Columbia is a founding member of the Trust over IP Foundation to help promote this new era of trusted digital services that everyone can rely on.”

SICPA

“For over 90 years, SICPA has partnered with governments, companies and organizations worldwide, to enable trust in banknotes, identities, products and brands. Our customers’ physical and digital lives are increasingly entwined, at work and at home, and our mission is to help shape trusted digital interactions by collaborating in enabling initiatives like the Trust over IP Foundation.  Building trust at a distance and at scale is a global challenge that will form the keystone in delivering the ultimate promise of an interconnected world: to respect the rights, privacy and security of everyone online and offline,” said Kalin Nicolov, Head of Digital Currency, SICPA.

 

Contributing Member Comments

DIDx

“The Internet lacks a digital trust layer that is not centrally controlled and managed. It is more important than ever to take control of our digital identities and data. The ToIP stack provides full control of digital identities and enables secure, privacy-preserving trust channels with verifiable data exchange. The digital trust layer of the internet. DIDx (a South African based startup) is excited to contribute and build interoperable trust ecosystems across Africa using the ToIP stack and are pleased to join the establishment of the ToIP Foundation together with the Linux Foundation,” said Lohan Spies, CEO DIDx.

GLEIF

“Trust is paramount within today’s digital world and we shouldn’t be afraid to challenge existing online processes for the greater good. The Trust over IP Foundation provides a neutral environment for these important conversations and will facilitate industry collaboration to create a global standard which businesses and consumers can trust. This aligns closely with GLEIF’s work to date as a not-for-profit organization which enables smarter, less costly and more reliable decisions about who to do business with. Our Global LEI System solves the problem of trust for legal entities worldwide, and we look forward to applying our expertise alongside many leading organizations within the foundation,” said Stephan Wolf, CEO, Global Legal Entity Identifier Foundation (GLEIF).

kiva.org

“As internet connectivity and digital services reach the world’s most vulnerable populations, it is paramount that we implement standardized, interoperable systems,” said Matthew Davie, chief strategy officer at Kiva. “The Trust over IP Foundation provides a framework to bring trust to this emerging segment of the digital economy and does so in a way that is consumer-centric and privacy-centric by design.”

The Human Colossus Foundation

“The synergistic domains of trusted identity and immutable semantics are required for organizations to integrate into a new decentralized data economy. The Human Colossus Foundation mission to implement decentralized semantics is aligned with the Trust over IP Foundation. We are proud to contribute to the collaborative projects and initiatives being launched,” said Paul Knowles, Head of the Advisory Board at The Human Colossus Foundation.

iRespond

“Trust is the foundation of every ecosystem, and governance is critical to build trust.  The creation of the ToIP foundation is a critical step toward both trust and governance, built on inclusion, transparency and open standards. We expect ToIP to be part of the essential glue that binds decentralized networks and identity.  The disadvantaged beneficiaries we serve will likely gain from this critical step to address challenges of guardianship and disruption of traditional barriers to establishing identity,” said Scott Reid, CEO, iRespond.

Marist College

“Marist College has long been on the cutting edge of technology innovation. We are excited to be a founding member of this effort to address digital trust and decentralized identity management at a time when internet transactions are a vital part of higher education and our growing digital economy,” said Michael Caputo, MS, vice president for Information Technology/CIO, Marist College.

Northern Block

“Northern Block is committed to empowering the mass adoption of digital verifiable credentials, which we believe won’t be possible without robust and common standards. The launch of the ToIP Foundation is the beginning of a new chapter for any organization who has been working diligently to enhance trust in life’s experiences. We look forward to supporting increasing participation in trusted ecosystems and burgeoning innovation in consumer experiences through digital trust,” said Mathieu Glaude, CEO at Northern Block.

R3

“R3 remains committed to supporting the development of secure, trusted and privacy preserving digital identity ecosystems and our participation in the Trust over IP Foundation is a reflection of that commitment. Our customers across industries including banking, insurance health care and telecommunications all agree that identity cannot be solved in isolation. With the industry coming together under the Trust Over IP Foundation we can work on the standards that will enable interoperability and unlock new opportunities for all. Our Corda platform is designed to enable private transactions, and by incorporating the work of the ToIP Foundation, we can develop solutions uniquely suitable for self-sovereignty in the digital world,” said Abbas Ali, Head of Digital Identity at R3.

Secours.io

“Our past inability to deal with privacy has cost human lives, because it limits innovation that can save lives. Trust over IP gives government the verification and governance it needs, and the public gets the trust it needs now allowing innovation to save lives,” said Sgt. J. Stirling Ret., Ontario Provincial Police, Provincial SAR Coordinator.

TNO

“TNO has deep involvement in the standardization and ecosystems of self-sovereign identity, including W3C, DIF, Hyperledger, Sovrin, RWoT and IIW. Our national and international partners and customers are looking for full-stack Trust-over-IP solutions. The ToIP approach is unique, as it includes the complexities of the top ‘business’ parts of the Trust-over-IP stack, as well as the governance of all layers. We believe that ToIP provides an excellent ground to contribute and further develop this knowledge base and apply it to many projects in ‘admintech’ and other industry sectors where trust in the provenance of data is essential,” said Dr. Oskar van Deventer, senior scientist Self-Sovereign Identity, TNO.

University of Arkansas

“The Internet was built in the 1970s and 1980s to allow machine-to-machine transfer of information, but it was missing the trust layer that identifies the people, organizations, or objects running those machines. The Trust over IP (ToIP) Foundation is building the technical and governance standards to provide that missing layer, which will enable trusted, secure, peer-to-peer transfers of value.  Voices from industry, governments and academia are needed to realize the vision. As an academic partner, the Blockchain Center of Excellence at the University of Arkansas is pleased to join this effort to develop open standards for a trust layer over the Internet,” said Mary Lacity, Walton Professor and Director of the Blockchain Center of Excellence at the University of Arkansas.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

 

Media Contacts
Beth Handoll
ReTHINKitMedia
beth@rethinkitmedia.com
+1 415 535 8658

The post Cross-Industry Coalition Advances Digital Trust Standards appeared first on The Linux Foundation.

Pages