The Linux Foundation

Vertical industries are under constant pressure to innovate, facing the challenges of supply chains, diverse customer requirements, regulations, and a lack of talent to do everything leadership may envision in any complex business. 

These industries understand that their ownership of intellectual property for parts of their software stack is limiting business opportunities and expensive to develop and maintain. To accelerate adoption, openly working together on common infrastructure components presents more opportunities for business growth.

Our members in the automotive, motion picture, fintech, telecommunications, energy, and public health verticals have transformed their business processes and assets into software-defined assets. They are now building strategic frameworks that give them a competitive edge that only open source can provide. In 2021, verticals and new members continued innovating with newly formed communities in the agriculture industry and AAA-class 3D engines for entertainment and simulation.

While all of these vertical industries have unique open source projects and communities, they also share a common thread: All realize that open collaboration presents opportunities to reduce costs, cut time to market, increase quality, and open new areas of competition. The ability to achieve these results on a collective basis pushes innovation forward across respective industries.

Gaming and Simulation: Open3D Foundation and Open3D Engine

The Linux Foundation welcomed the Open 3D Foundation into its community of families in July of 2021. The first project in the foundation was the Open 3D Engine known as O3DE. Amazon Web Services donated it under an Apache 2.0 and MIT licensing model. The mission of the Open 3D Engine is to make an open source, fully-featured, high-fidelity, real-time 3D engine for building games and simulations available to every industry.

Since its inception, it has raised $2.7 million in commitments from 26 partners in over two years. It has received signed commitments from a range of companies such as Adobe, Intel, AWS, Niantic, Huawei, SideFX, HERE, and others.

The foundation is focused on industries that utilize 3D technologies. This includes video games, automotive, simulation, robotics, energy, real estate, training, film, special effects, machine learning, aerospace, and many other verticals.

Since its inception, it has grown to over 3600 stars, 1100 forks of the repository, 1,500 Discord users, and 500+ active members are online. It has increased to over 130 authors of code, 7000 file changes, 2,000,000 changes to lines of code, and a vibrant & active self-sustaining support community averaging 500 messages & minutes per day.

Motion Pictures and Visual Effects: The Academy Software Foundation

The Academy Software Foundation (ASWF) has continued to make an impact on the open source technologies that empower the motion picture and visual effects industries. To date, ASWF boasts 32 members and hosts 14 projects and working groups. 

Key achievements in 2021 include:

MaterialX being contributed as a project by Lucasfilm. MaterialX originated at Lucasfilm in 2012. It has grown into the central format for material description at Industrial Light & Magic (ILM) since the production of Star Wars: The Force Awakens.

The launch of the ASWF Assets Repository that gives open communities access to production-grade digital assets for testing, demonstration, and education purposes.

The launch of OpenColorIO v2.0, which is the output of three years in development and boasts numerous feature and performance improvements. In addition, a growing number of vendors are adopting their products and services, which is cementing OpenColorIO as an industry standard.

ASWF has seen the collaboration and sustainability of each of the projects and working groups it hosts increase, with each project seeing increases in organizational diversity and contributions in 2021 compared to the year before joining the ASWF.

ASWF looks forward to 2022 as it focuses on addressing new technology spaces such as virtual production.

Automotive Grade Linux (AGL)

Over the last decade, the Linux Foundation worked with industry leaders like Toyota and others to launch Automotive Grade Linux (AGL). AGL was established to build a common open source software platform to eliminate the fragmentation plaguing the automotive industry. AGL is the only organization with a mission to address all in-vehicle software, including infotainment, instrument cluster, telematics, heads-up display, advanced driver assistance systems (ADAS), and autonomous driving.

The AGL community is reducing that fragmentation by combining the best of open source to create the AGL Unified Code Base (UCB), a single, shared, open source software platform for the entire industry. The UCB includes an operating system, middleware, and application framework and can serve as the de facto industry standard for infotainment, telematics, and instrument cluster applications. Sharing an open source platform allows for code reuse and a more efficient development process as developers and suppliers can build their solution once and deploy that same solution for multiple automakers. 

Supported by eleven major automotive manufacturers, including the top three producers by worldwide volume (Volkswagen, Toyota, Daimler), AGL is deployed  in production vehicles today:

• Toyota’s AGL-based infotainment system is now in Toyota and Lexus vehicles globally.
• The 2020/2021 Subaru Outback and Subaru Legacy use open source software from the AGL UCB for the Subaru Starlink infotainment platform.
• Mercedes-Benz Vans is using AGL as a foundation for a new onboard operating system for its commercial vehicles.

Amazon AWS joined AGL as a Platinum member in January 2021 and is leading AGL initiatives around IoT and Connected Car. 

In early 2021, AGL announced a new Expert Group for Container and Service Mesh, led by Amazon AWS. The Container and Mesh Expert Group are developing an in-vehicle container solution for AGL and creating a service mesh and orchestration framework that can be deployed as part of AGL.

The IVI Production Readiness Expert Group, led by Toyota, has made significant progress in 2021. This EG is focused on bringing AGL closer to a production-ready state. By early 2022, major code contributions are expected from Toyota on Flutter for embedded IVI, a new cutting edge UI and App development framework for infotainment systems. This will allow manufacturers to cut the development time and cost of deploying innovative new applications in the vehicle. 

The Virtualization EG, led by Panasonic, has been busy working on cutting-edge VirtIO technology. This allows consolidation of vehicle cockpit systems such as IVI, Instrument Cluster, and Heads-Up-Display to run on a single processor. It also enables innovative use cases such as using Android for infotainment and AGL for Instrument Cluster on a single virtualized CPU. The consolidated cockpit is a vision of the future, and it’s being developed today at AGL. 

AGL also had two milestone platform releases this year, Unified Code Base (UCB) 11.0 Kooky Koi in February and 12.0 Lucky Lamprey in July. These releases included several updates to graphics, audio, speech recognition, application and security frameworks, web apps, and Chromium. Both releases are based on the Yocto 3.1 Long-Term-Support board support packages.

New Industry Vertical‭: ‬Agriculture

In May 2021, the Linux Foundation announced the launch of the AgStack Foundation, the open source digital infrastructure project for the world’s agriculture ecosystem. Thirty-three percent of all food produced is wasted, while nine percent of the people in the world are hungry or malnourished. These societal drivers are compounded with legacy technology systems that are too slow and inefficient and can’t work across the growing and more complex agricultural supply chain. AgStack Foundation will improve global agriculture efficiency by creating, maintaining, and enhancing free, reusable, open, and specialized digital infrastructure for data and applications. AgStack will use collaboration and open source software to build the 21st-century digital infrastructure that will be a catalyst for innovation on new applications, efficiencies, and scale.

AgStack consists of an open repository to create and publish models, free and easy access to public data, interoperable frameworks for cross-project use, and topic-specific extensions and toolboxes. It will leverage existing technologies such as agriculture standards (AgGateway, UN-FAO, CAFA, USDA, and NASA-AR); public data (Landsat, Sentinel, NOAA and Soilgrids; models (UC-ANR IPM), and open source projects like Hyperledger, Kubernetes, Open Horizon, Postgres, Django and more.

Founding members and contributors include leaders from both the technology and agriculture industries and across sectors and geographies. Members and partners include Agralogics, Call for Code, Centricity Global, Digital Green, Farm Foundation, farmOS, HPE, IBM, Mixing Bowl & Better Food Ventures, NIAB, OpenTeam, Our Sci, Produce Marketing Association, Purdue University / OATS & Agricultural Informatics Lab, the University of California Agriculture and Natural Resources (UC-ANR) and University of California Santa Barbara SmartFarm Project.

New Industry Vertical‭: ‬AI Voice Technologies

In June, the Linux Foundation announced the Open Voice Network, an open source association dedicated to advancing open standards that support the adoption of AI-enabled voice assistance systems. Founding members include Target, Schwarz Gruppe, Wegmans Food Markets, Microsoft, Veritone, and Deutsche Telekom.

Organizations are beginning to develop, design, and manage their own voice assistant systems independent of today’s general-purpose voice platforms. This transition is being driven by the desire to manage the entirety of the user experience — from the sound of the voice, the sonic branding, and the content — to integrating voice assistance into multiple business processes and brand environments from the call center, to the branch office and the store. Perhaps most importantly, organizations know they must protect the consumer and the proprietary data that flows through voice. The Open Voice Network will support this evolution by delivering standards and usage guidelines for voice assistant systems that are trustworthy, inclusive, and open.

Voice is expected to be a primary digital interface going forward and will result in a hybrid ecosystem of general-purpose platforms and independent voice assistants that demand interoperability between conversational agents of different platforms and voice assistants. Open Voice Network is dedicated to supporting this transformation with industry guidance on the voice-specific protection of user privacy and data security.

Much as open standards in the earliest days of the Internet brought a uniform way to exchange information and connect with any site anywhere, the Open Voice Network will bring the same standardized ease of development and use to voice assistant systems and conversational agents, leading to huge growth and value for businesses and consumers alike. Voice assistance depends upon technologies like Automatic Speech Recognition (ASR), Natural Language Processing (NLP), Advanced Dialog Management (ADM), and Machine Learning (ML).

The Open Voice Network will initially be focused on the following areas:

• Standards development: research and recommendations toward the global standards that will enable user choice, inclusivity, and trust.
• Industry value and awareness: identification and sharing of conversational AI best practices that are both horizontal and specific to vertical industries, serving as the source of insight and value for voice assistance.
• Advocacy: working with and through existing industry associations on relevant regulatory and legislative issues, including those of data privacy.

These efforts are made possible by the dozens of enterprises that support  Open3D Foundation, ASWF, AGL, AgStack, and Open Voice Network 

To learn how your organization can get involved with Open 3D Foundation, click here

To learn how your organization can get involved with ASWF, click here

To learn how your organization can get involved with AGL, click here

To learn how your organization can get involved with AgStack, click here

To learn how your organization can get involved with Open Voice Network, click here

The post In 2021, the Linux Foundation Drove Innovation Across the Technology Spectrum and in Key Industry Verticals appeared first on Linux Foundation.

Community debuts Developer Badge Program to recognize, reward  developer contributions as it begins plans for Spring 2022 release, codenamed ‘Kamakura’

SAN FRANCISCO – December 1, 2021 – EdgeX Foundry, a Linux Foundation project under the  LF Edge project umbrella, today announced the release of version 2.1 of EdgeX, codenamed ‘Jakarta.’  The project’s ninth release, it follows the recent Ireland release, which was the project’s second major release (version 2.0). Jakarta is significant in that it is EdgeX’s first release to offer long term support (LTS). 

Long Term Support

“Only a few open-source projects offer long term support; the rapid change of open source projects and the effort needed to LTS is significant,” said Arpit Joshipura, general manager, Networking, Edge and IoT, at the Linux Foundation. “By including LTS, EdgeX demonstrates it understands the needs of the operational technology (OT) user base, and how products in this space must work and operate over longer periods of time than traditional IT solutions,” said Arpit Joshipura. “This is a big milestone for any open source community, and we are incredibly proud of EdgeX Foundry for this achievement.”

“Our Jakarta release is a stabilization release,” said Jim White, the EdgeX Foundry Technical Steering Committee  (TSC) Chairman and co-founder of the project.  “As such, it is our project community’s pledge to adopters that EdgeX offers you a stable version of the platform that you can expect the community to stand behind and support for a period of two years.  We stand with you in support of EdgeX in real world, commercial deployments of the platform.”

 The EdgeX long term support policy states that the community will work as quickly as possible and give “best effort and development priority to fix major flaws as soon as possible.”  Major flaws by the project are defined as 

• bugs causing the system or service to crash and where there is no work around for the function
• bugs for a feature/function that does not work and there is no work around for the function
• a security issue deemed a critical or high-level CVE (per CVSS)

The project has further stipulated in its LTS policy that “no new major functionality (at the discretion of the TSC) will be added” to the LTS version after the release happens.

More information about the Jakarta release, including a list of new features, can be found here: https://wiki.edgexfoundry.org/display/FA/Jakarta. 

EdgeX Developer Badge Program

As a part of this release cycle, EdgeX  also announced a new EdgeX Developer Badge program.  EdgeX has created the Developer Badge program to thank those making initial impacts to the project by providing  something that they can use to highlight their efforts and volunteerism on social media platforms.   Contributors have started receiving an official digital badge (award through Credly) when 

• they make their first contribution (their first GitHub Pull Request is accepted by the project and merged into one of the project’s code repositories)
• they fix two documented bugs of the project

Additional badges for other work may be awarded by the community in the future.

Kamakura Release – Spring 2022

The next EdgeX release, codenamed “Kamakura,” is set for Spring 2022.  The community has held its semi-annual planning session to lay out the goals and objectives of this release.  Kamakura is likely to be another dot-release that will again be backward compatible with all EdgeX 2.x releases (Ireland and Jakarta).  Major additions currently under consideration and being developed by the community include:

• Initial north to south message bus.  Improved security secrets seeding and allowing for delayed service starts.
• Metrics collection. .
• Dynamic device profiles.  Better (native) Windows support
• Improve testing – including real hardware testing
• A second version release of the EdgeX Command Line Interface (CLI) which,  compatible with EdgeX v2.x.

 Learn more about this release on the project’s Wiki site.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open-source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

 ###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds. 

The post EdgeX Foundry Announces Jakarta, the Project’s First Long Term Support Release appeared first on Linux Foundation.

Attackers are increasingly targeting software supply chains (the processes, repositories, and toolchains used for developing and delivering software). The European Union Agency for Cybersecurity, ENISA, estimated in “Threat Landscape for Supply Chain Attacks” that there would be four times as many software supply chain attacks in 2021 as compared to 2020. The report states due to “…more robust security protection that [many] organizations have put in place [today], attackers successfully shifted towards suppliers.”

Governments around the world have noted and responded to this growing risk to the software supply chain. In May 2021, the US released an Executive Order on Improving the Nation’s Cybersecurity to enhance software supply chain security, including providing software purchasers with a Software Bill of Materials (SBOM). Similar efforts are underway around the world.

In 2021, our communities rose to the challenge of providing tools and best practices for the security hardening of the global software supply chains. Our efforts included launching Open Source Security Foundation (OpenSSF) as a funded project, expanding Let’s Encrypt — the world’s largest certificate authority, ensuring the ISO standardization of SPDX as the SBOM standard, directing funds to identify and fix vulnerabilities in critical open source software, and building new training curriculum to improve secure coding practices.

Community Highlight: OpenSSF

The Open Source Security Foundation (OpenSSF) was elevated to a funded project at the LF in October 2021. The OpenSSF is a cross-industry collaboration that brings together leaders to improve the security of open source software (OSS) by building a broader community, targeted initiatives, and best practices. The OpenSSF premier members include: 1Password, AWS, Cisco, Citi, Dell Technologies, Ericsson, Facebook, Fidelity, GitHub, Google, Huawei, Intel, IBM, JP Morgan Chase, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk, and VMWare.

The OpenSSF began many initiatives in 2021, including:

• Security Scorecard: automatically assesses many security-related heuristics to help estimate project security
• Allstar: an automated tool to enforce some security policies
• Security Reviews: collects security reviews of OSS
• Security Metrics Dashboard: provides easy access to security metrics/info about OSS projects
• OSS Vulnerability Guide: a guide to coordinated vulnerability disclosure for open source software projects
• Open Source Vulnerability (OSV) Schema
• Supply-Chain Levels for Software Artifacts (SLSA): security framework for software security and supply chain integrity
• Package Feeds / Package Analysis: analyzes uploaded packages to identify potentially malicious ones

The OpenSSF also continued to refine its existing work, including its free courses on how to develop secure software (over 4,000 registrants combined) and the CII Best Practices Badge Program (over 4,000 participating projects and over 600 passing projects). 

Shepherding Software Standards

The Linux Foundation strongly supports efforts to build and drive the adoption of open source standards and infrastructure. These efforts include:

• SPDX — an international standard for representing the metadata for SBOMs (ISO/IEC 5962)
• OpenChain — a standardized process management approach to identify inbound, internal, and outbound open software. It is primarily designed for compliance and has clear secondary use cases in security ( ISO 5230) 
• Compliance tooling from Automating Compliance Tooling (ACT) projects (including OSS Review Toolkit, FOSSology, Tern), and the OpenChain reference workflow, being extended to add new use cases. 
• Training on software transparency topics, including “Generating an SBOM“

We are thankful for all the participants in the SPDX community. Special thanks go to Gary O’Neall for his work developing the SPDX tooling; this work made it easier for developers across the ecosystem to adopt SPDX in their workflows. Special thanks also go to Steve Winslow and Jilayne Lovejoy for their tireless efforts in maintaining the SPDX License List over the past ten years. The SPDX standard continues to evolve thanks to the tireless efforts of many talented developers, including Alexios Zavras, William Bartholomew, Thomas Steenbergen, and Nisha Kumar.

Kate Stewart, VP of Dependable Systems, The Linux Foundation Establishing Projects and Conferences to Improve Security

In addition to the projects listed earlier, the LF funds various projects to improve open source security. Some notables among them include:

• sigstore — development work on this technology suite to enable developers to sign software artifacts securely. Signing materials are stored in a tamper-resistant public log. (The project is managed by Google, Red Hat, and Purdue University)
• Alpine Linux — vulnerability processing for this security-oriented, lightweight Linux distribution.
• Alpine Linux, Arch Linux — reproducible builds for these two Linux distributions.
• OpenSSH, RPKI — development of infrastructure “plumbing” 
• Clang, Linux kernel — compiling Linux kernel with clang and fix warnings found during the compiling process
• Linux kernel — security audits for signing/key management policies and vulnerability reporting modules, respectively)

The LF also fostered approaches to discuss and address supply chain attacks online and in virtual venues, including Building Cybersecurity into the Software Supply Chain Town Hall and SupplyChainSecurityCon.

Community Highlight: Internet Security Research Group ‬

Let’s Encrypt provides the digital infrastructure for a more secure and privacy-respecting Internet. It operates the world’s largest certificate authority, securing traffic for more than 250 million websites.

In late 2020, ISRG launched Prossimo, a project whose goal is to move the Internet’s security-sensitive software infrastructure to memory-safe code. Many of the most critical software vulnerabilities are memory safety issues in C and C++ code. While deploying fuzzing, static analysis, and code reviews can catch vulnerabilities, such mitigations do not eliminate all risks. Moreover, these security mitigation tactics consume considerable resources on an ongoing basis. In contrast, using memory-safe languages eliminates the entire class of issues. This year, Prossimo worked with Linux kernel, cURL, and Apache maintainers to introduce new memory-safe code to these critical, widely-used pieces of software.

ISRG’s latest project effort, Prio, is to operate a privacy-preserving metrics service. Prio uses a system that enables the collection of aggregate statistics such as application metrics. Apple and Google’s Covid-19 Exposure Notification Express app uses this service. ISRG Prio has processed over two billion metrics and is helping operators optimize the user experience based on aggregate, privacy-respecting telemetry metrics.

These standardization efforts are made possible by the OpenSSF, the SPDX and OpenChain projects, and the ISRG.

To learn more about and get involved with OpenSSF, click here

To learn more about and get involved with the ISRG, click here

To learn more about the SPDX SBOM standard, click here

To learn more about the OpenChain standard, click here

The post Linux Foundation: Defending the Global Software Supply Chain from Cyberattacks in 2021 appeared first on Linux Foundation.

QIR Alliance is part of the Linux Foundation’s Joint Development Foundation work on open standards

SAN FRANCISCO, November 30, 2021 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the new QIR Alliance, a joint effort to establish an intermediate representation with the goal to facilitate interoperability within the quantum ecosystem and provide a representation suitable for current and future heterogenous quantum processors. Founding members include Honeywell, Microsoft, Oak Ridge National Laboratory, Quantum Circuits Inc. and Rigetti Computing. 

QIR, or Quantum Intermediate Representation, is based on the popular open source LLVM compiler toolchain. QIR specifies a set of rules for representing quantum programs within the LLVM IR. Examples of QIR applications include using the standard LLVM infrastructure to write quantum optimizers that operate on QIR and target it to specific hardware backends or linking it with classical high performance libraries for quantum simulation.

“We expect there to be exciting advances in how classical and quantum computations can interact at the hardware level. The QIR Alliance will provide a single representation that can be used for both today’s restricted capabilities and the more powerful systems of the future,” said Bettina Heim, principal software engineering manager, Microsoft. “This will allow the community to experiment with and develop optimizations and code transformations that work in a variety of use cases.”

Quantum development SDKs and languages appear and evolve at a fast pace, along with new quantum processors with unique and distinct capabilities from each other. To provide interoperability between new languages and new hardware capabilities and reduce development effort from all parties, it is imperative for the ecosystem to develop and share a forward-looking intermediate representation that works with present and future quantum hardware.

“Quantum technology is still quite nascent but the promise grows every day,” said Seth Newberry, general manager of standards at Joint Development Foundation. “The QIR Alliance is poised to enable the open and technical development necessary to realize these promises. We’re very happy to provide a forum for this work.”

For more information, please visit: https://qir-alliance.org 

Member Quotes

Honeywell

“The Quantum-Intermediate Representation Alliance, also known as QIRA, is a key piece of the quantum computing ecosystem that enables quantum hardware suppliers and quantum software suppliers to reduce redundant efforts involved in implementing programming languages across quantum computer architectures,” said Alex Chernoguzov, Honeywell Quantum Chief Engineer, Honeywell.

Oak Ridge National Laboratory

“ORNL is thrilled to be a part of the Quantum Intermediate Representation Alliance, which aims to develop a unified LLVM-based intermediate representation for quantum computing. A consistent IR of quantum programs will enable interoperability between quantum applications and hardware devices, making quantum computing more usable to researchers and developers. We look forward to contributing to the QIR specification and the associated compiler toolchain under this partnership,” said Thien Nguyen, Quantum Computer Science Researcher, Oak Ridge National Laboratory.

Quantum Circuits Inc.

At QCI, we are very pleased to be participating in the QIR Alliance. The QIR approach represents a revolutionary advance in the representation of quantum circuits, enabling users to take full advantage of the unique capabilities of quantum computing systems across a variety of different hardware platforms,” said Tom Lubinski, Chief Software Architect of Quantum Circuits Inc.

Rigetti

“Rigetti has pioneered hybrid system architectures that are quickly becoming the predominant approach for cloud-based quantum computing” said David Rivas, SVP Systems & Services at Rigetti Computing. “The QIR Alliance is focusing on precisely the interface between quantum and classical compute, enabling rapid advances in quantum programming language design and execution systems. We’re thrilled to be working closely with this community to design the necessary compiler technology and develop implementations for Rigetti hardware.”

About Joint Development Foundation

Launched in 2015, the Joint Development Foundation (the Joint Development Foundation) is an independent non-profit organization that provides the corporate and legal infrastructure to enable groups to quickly establish and operate standards and source code development collaborations. More information about the Joint Development Foundation is available at http://www.jointdevelopment.org/.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page:  https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact

Jennifer Cloer

Story Changes Culture

503-867-2304

jennifer@storychangesculture.com

The post New Quantum Intermediate Representation Alliance Serves as Common Interface for Quantum Computing Development appeared first on Linux Foundation.

Formerly Singularity, the newly named Apptainer project delivers a feature set that supports both application and microservice use cases

SAN FRANCISCO, Calif.,  — November 30, 2021— The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it will host the Apptainer project. Formerly the Singularity project, Apptainer is the most widely used container system for High-Performance (HPC) computing and is one of the container systems uniquely suited for both enterprise and HPC use cases. It is designed to execute applications at bare-metal performance while being secure, portable and completely reproducible.

“The Apptainer project has had massive growth and needs a neutral home with proven open source governance to support its next development and adoption phase,” said Gregory Kurtzer, CEO of CIQ and Founder and Project Lead of Singularity/Apptainer. “The Linux Foundation is the natural host for Apptainer, where it can also collaborate with the Cloud Native Computing Foundation, Open Container Initiative, OpenHPC and other projects to expand its ecosystem.”

The HPC community for many years has been isolated from the enterprise and cloud sectors of

the ecosystem, but those barriers are starting to come down. HPC consumers are looking to

modernize and take advantage of enterprise tech and enterprises are looking to make use of

decades of optimizations in performance and parallelization through use-cases like Artificial

Intelligence (AI), Machine Learning (ML) and compute- and data-driven analytics.

“The Apptainer project is at a pivotal moment in its growth and evolution,” said Mike Dolan,

senior vice president and general manager of projects at the Linux Foundation. “We look

forward to supporting this community and enabling cross collaboration with even more open

source developers and technologists to expand its ecosystem of contributors.”

Apptainer features include: public/private key signing of containers; Docker- and

OCI-compatible; container encryption and integration with Vault and other management

platforms; single-file SIF executable container format; runs “rootless” and prohibits privilege

escalation within the container; and supports GPU, FPGA, high-speed networks and

filesystems, among others.

For more information about Apptainer, please visit: http://www.apptainer.org

Supporting Comments

“For an open source project to be healthy, there needs to be a clear separation between the project and commercial support options.  Both are critical, and I see this move as a step in the right direction to ensure commercial viability and a healthy community,” said Brent Gorda, HPC veteran.

AMD

“The Apptainer project has been an important step for containerization in high performance computing, driving an open-source platform that allows users to run complex applications on HPC clusters in a simple, portable, and reproducible way. We’re excited to see the Singularity project rebranded as the Apptainer project under The Linux Foundation and continue to provide the HPC community access to open-source container software that’s critical for HPC,” said Brock Taylor, Global HPC Solutions Director, AMD.

Berkeley Lab

“As the founding organization, we are thrilled that Singularity[1] has experienced such broad adoption in HPC, and we are really looking forward to seeing its maturing to the next level now,” said Gary Jung, Scientific Computing Group Lead at LBNL. “The time has never been better to move this technology to the Linux Foundation, where both the HPC and Enterprise communities can collaborate and build this container system for the future.”

Fermilab

“The health of Apptainer as an open source project is of vital importance to the High Energy Physics community and the OSG consortium which both use Apptainer in their High Throughput Computing and High Performance Computing every day to advance their science missions. The CIO of Fermilab and the OSG executive team endorse this move of the Apptainer open source project to Linux Foundation hosting and expect it to help ensure the long term health of the project,” said Dave Dykstra, Fermilab.

HPCNow!

“For a global HPC consulting company like HPCNow!, moving Apptainer to a Linux Foundation project not only represents another massive step in maturity level but also ensures the future of this extraordinary technology. The evolution of Apptainer is extremely important for our clients, who widely adopted this strategic software to guarantee portability, long-term reproducibility, and performance,” said Jordi Blasco, CTO at HPCNow.

Intel

“Intel is a long supporter of the power of open source to unite and accelerate ecosystems.  As a user of Apptainer, we strongly support the contribution of Apptainer to the Linux Foundation and look forward to seeing the communities’ engagement in driving this project forward,” said Sanjiv Shah, Vice President – Software and Advanced Technology Group, General Manager of Developer Software Engineering.

Sandia National Laboratories

“Apptainer can support scalable containers on HPC and Cloud infrastructure, so its move to the Linux Foundation is both exciting and a natural evolution of this important technology,” said Andrew Younge from Sandia National Laboratories. “We’re looking forward to continuing to work with the project and participating in the growing community at the Linux Foundation.”

About the Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 1,800 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, Hyperledger, RISC-V, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contacts

Jennifer Cloer

503-867-2304

jennifer@storychangesculture.com

[1] Singularity is the former name of the Apptainer project.

The post New Linux Foundation Project Accelerates Collaboration on Container Systems Between Enterprise and High-Performance Computing Environments appeared first on Linux Foundation.

The Importance of Neutrality

Open Source Program Offices (OSPOs) at our member organizations recognize the importance of neutral governance in the projects they choose to take a dependency on for themselves. They also recognize the importance of “doubling down” on engineering investment. 

These organizations typically are past the stage where they want to be strictly consumers of open source software; they’re ready to be participants (hopefully among many) in the actual development process of the software and tools they are using. They ultimately recognize that the ancillary benefits are significant even if the technical vision might change from their internal priorities.

There are clear benefits to having their projects work under an open governance model designed to encourage other organizations to participate and contribute under a “do-ocracy” where the people doing the work make the decisions for the project community. 

A neutral home for projects can bring stability and trust, such as the community not worrying about the parent pulling back the source code or somehow acting against the community’s interests. It also eliminates any distinction between “Commercial Open Source Software,” where some permissions in the software are limited, and fully open versions of the software. 

The TODO Group: OSPO Collaboration

TODO is an open group of organizations that collaborate on practices, tools, and other ways to run successful and effective open source projects and programs. TODO Group functions as a community to bring the people managing Open Source Program Offices (OSPO) together in a meaningful way; check out the OSPO Landscape (ospolandscape.org) for some examples, or the OSPO101.org materials found at github.com/todogroup/ospo101.

TODO Group publishes guides on collected best practices from the leading companies engaged in open source development. These guides (todogroup.org/guides) aim to help organizations successfully implement and run an open source program office. The TODO Group also hosted the first OSPOCon in North America and Europe this year.

TODO published its 2021 Annual OSPO Survey results in September. The findings indicated there are many opportunities ahead to educate companies about how OSPOs can benefit them.

• OSPO Structure: Professionalization continued among OSPOs, with 58% formally structured programs up from 54% the previous year. Prospects for more funding brightened compared to 2020.
• OSPO Benefits and Responsibilities: OSPOs had a positive impact on their sponsors’ software practices, but their benefits differed depending on the size of an organization.
• Organizations without an OSPO: Almost half of the survey participants without an OSPO believed it would help their company, but of those that didn’t think it would help, 35% said they haven’t even considered it.
• Value of Open Source Participation: 27% of survey participants said a company’s open source participation is at least very influential in their organization’s buying decisions.

FinOps: Cloud Financial Operations‭ ‬

The FinOps Foundation joined the LF’s family of communities in June of 2020. Its mission is to advance the discipline of cloud financial operations (“FinOps”) through best practices, education, and standards among individuals responsible for cloud billing and operations.

The FinOps Foundation includes 4000 individual members worldwide and 40 corporate vendor members, including Google, VMware, Accenture, Deloitte, McKinsey, and others. In the same way that DevOps revolutionized development by breaking down silos and increasing agility, FinOps increases the cloud’s business value by bringing together technology, business, and finance professionals with a new cultural set, knowledge skills, and technical processes. 

These efforts are made possible by the dozens of enterprises that support the TODO Group and the FinOps Foundation.

To learn how your organization can get involved with TODO Group, click here 

To learn how your organization can get involved with FinOps Foundation, click here 

The post On Neutrality, OSPOs, and an Update on the Linux Foundation’s Best Practices Communities in 2021 appeared first on Linux Foundation.

The global pandemic brought the OpenJS Foundation closer to the end-users and contributors of its hosted JavaScript projects. With more than 97 percent of the world’s websites using JavaScript, it is the foundation for online commerce, economic growth, and innovation.

Following the 25th anniversary of JavaScript, the OpenJS Foundation continues to see an exciting future for the number one programming language, evidenced by the diverse, multi-stakeholder communities that make up OpenJS.

OpenJS is a global community — two years ago, created by the merger of the Node.js and JS Foundations. The OpenJS foundation hosts 38 JavaScript projects, including Node.js, AMP, Electron, jQuery, webpack, Node-RED, and Appium.

OpenJS is a member-supported organization, with companies like IBM, Google, Joyent, Microsoft, GoDaddy, and Netflix, and more providing financial support and active involvement in our governance process.

Netflix has been an end-user and contributor of the Node.js project since 2013 and one of the largest-scale Node.js deployments in production. As platforms grow, so do their needs. However, the core infrastructure is often not designed to handle these new challenges as it was optimized for a relatively simple task. Netflix, a member of the OpenJS Foundation, had to overcome this challenge as it evolved from a massive web streaming service to a content production platform. Netflix runs a serverless Node.js platform that powers all the devices’ user interfaces and use cases for web applications supporting content production.

In 2021 OpenJS welcomed new members: American Express, Bloomberg, Coinbase, NodeXperts, Sentry, and Stream. JavaScript is core to each of these companies’ leadership positions in the market, and by supporting OpenJS, they support the infrastructure and long-term growth of key open source projects on which they rely.

As a global leader in business and financial information, data, news, and analytics, Bloomberg has a long-term investment in JavaScript through contributions to core projects and ongoing participation in standards, notably for the JavaScript language itself. Bloomberg has more than 10,000 frontend apps and tens of millions of lines of JavaScript code that cover both consumer web and the Bloomberg Terminal, the desktop application core to Bloomberg’s business. Furthermore, more than 2,000 software engineers are writing JavaScript at Bloomberg, another testament to the company’s innovation and commitment to the programming language and the open source community.

At OpenJS World 2021, OpenJS Board President Todd Moore, VP of Open Technology and Developer Advocacy at IBM, joined OpenJS Executive Director Robin Ginn for an opening keynote. They described how, through OpenJS, the industry could confidently enter a JavaScript ecosystem that prioritizes stability and openness in the shared technologies while recognizing the unique needs of individual participants.

OpenJS Foundation Executive Director Robin Ginn extended an open invitation: “Our goal at OpenJS is to incubate and sustain a healthy JavaScript ecosystem. To get involved, go to our website at openjsf.org/collaboration. Through your participation, we know the best is yet to come for the future of JavaScript.”

Todd Moore shared why IBM invests in the OpenJS Foundation and why so many of their employees actively participate among OpenJS communities: “IBM and our customers today rely upon many of the open source JavaScript projects hosted at the OpenJS Foundation — it’s in all our economic interests to invest in that technology as it is the plumbing that creates the opportunity for all of us to share in.”

These efforts are made possible by the dozens of enterprises that support the OpenJS Foundation. To learn how your organization can get involved, click here

The post OpenJS Foundation End-of-Year Update appeared first on Linux Foundation.

In 2019, the Linux Foundation added the Joint Development Foundation (JDF) to its family of project communities to build upon its existing body of specification work. The addition of JDF to the Linux Foundation brought with it a unique but straightforward process that allows new projects to form quickly and collaborate under a standardized set of governance principles that ensure the resulting specification can be implemented with open source licenses. 

In 2021, the Linux Foundation has steadily increased interest and new project formation under Linux Foundation Standards (LFS) across various technical disciplines. We have also seen an acceleration of members and contributions in our established projects. 

“2021 can be characterized as a year of progress for LF Standards and JDF. We saw solid operational improvements in our traditional specification efforts, steady uptake on the Community Specification program, and some new wins with the acceptance of the SPDX specification by JTC1. The ability to quickly wrap a specification project with an open source project using well-established governance and standards-making processes seems to have fulfilled an unmet need in our industry,” said Seth Newberry, the General Manager of JDF.

“We reached out to the Linux Foundation because we wanted to create the Coalition for Content Provenance and Authenticity (C2PA.org) under a simple but formal project structure. Given our project goals of creating technical specifications for countering misleading information online through digital provenance, it was critical to get up and running quickly and with minimal complexity” said Andy Parsons of Adobe Systems. 

“The JDF program is great for us. It has a simple set of templates we used to ensure we employ good standards practices, and it was very quick to set up the legal entity and the project. We’ve also enjoyed excellent support from an experienced team at the Linux Foundation since its inception. We achieved a draft release of the specification in about 8 months, which may be a record in standards-setting. We could not have done this without the LF and JDF.”

Looking ahead, LF Standards expects to become more active and visible in the standards-setting community, especially leveraging the Community Specification as an entry point for new projects that need the established governance and process structure of a traditional standards project but with the low/no-cost project onramp. LF Standards will also begin to fully adapt the investment in project onboarding and reporting tools being developed in LFX, allowing the projects to bring on new contributors quickly, with low overhead, and gain insights about the engagement with the contributors and the progress of the specifications.

An example of the Linux Foundation’s increased standardization efforts has been The Coalition for Content Provenance and Authenticity (C2PA), which addresses the prevalence of misleading information online through the development of technical standards for certifying the source and history (or provenance) of media content. C2PA is a Joint Development Foundation project, formed through an alliance between Adobe, Arm, Intel, Microsoft, and Truepic.

C2PA unifies the efforts of the Adobe-led Content Authenticity Initiative (CAI) which focuses on systems to provide context and history for digital media, and Project Origin, a Microsoft- and BBC-led initiative that tackles disinformation in the digital news ecosystem. C2PA has been active in discussions with legislators, educating policymakers about technical and industry issues surrounding malicious synthetic media.

A public draft of the C2PA specification is currently available for review here.

The most significant improvement to the Linux Foundation Standards offerings is the breadth of options available to companies who want to create technical collaborations that can result in an important public specification. Traditional standards-making organizations are typically technology-specific, created for a specific purpose, and have highly customized bylaws that take time to develop, review and sustain with a bespoke legal entity. 

Linux Foundation Standards have a harmonized set of standardized project charters with compatible governance and process rules that allow contributors to germinate an idea using the free repository-based Community Specification. This can ultimately be matriculated to a compatible traditional-mode standards effort with a formal corporate structure that can hold assets in common and raise funds. All of these efforts can ultimately be submitted to the JTC1/ISO/IEC for consideration and adoption as an internationally recognized standard using the Publicly Available Specification (PAS) process. Additionally, in the spirit of expanding its industry relationships, JDF projects have added new Liaison agreements with standards bodies such as the IPTC, ETSI, SMPTE, and others.

These standardization efforts are made possible by the Joint Development Foundation. To learn how your organization can get involved and form a project, click here

To learn more about and get involved with C2PA, click here

The post Going Beyond Source Code in 2021‭: ‬Joint Development Foundation and Open Standards Efforts appeared first on Linux Foundation.

Linux Foundation Public Health is Still Making Strides in 2021

Linux Foundation Public Health (LFPH) hosts, supports and nurtures open source technology to benefit public health initiatives.

Since its founding a little over a year ago, the organization has become a go-to resource for governments and industry partners to get advice on the latest technologies coming to market. Over 50 jurisdictions worldwide have come to trust LFPH for unbiased, clear guidance on how to take advantage of technologies within our program areas of exposure notification and COVID credentials. National and global institutions such as the WHO, CDC, UN, and GAO have also invited LFPH to present at meetings, contribute to reports, and assist them in their own understanding of this technology.

Meanwhile, LFPH projects and initiatives continue to grow. The Global COVID Certificate Network and standard developments happening at the COVID-19 Credentials Initiative are becoming some of the leading groups solving the challenges of interoperability between divergent systems and standards emerging around the world. The organization’s leadership role in the Good Health Pass Collaborative has established LFPH’s voice as one of the leads in the ethical, privacy-first design of public health software. With the addition of Herald, Cardea, and MedCreds, the foundation’s projects are now used in over a dozen states, provinces, and countries worldwide to help fight COVID-19 and safely reopen borders. 

While COVID is not going anywhere, LFPH is charting a path forward beyond pandemic response. The pandemic has highlighted the need to overhaul public health infrastructure worldwide to create better ways to share data within and across borders. Open source software will be a crucial piece of solving that puzzle worldwide.

OpenTreatments‭ ‬&‭ ‬Rarecamp: Addressing Rare Diseases

In March of 2021, the Linux Foundation announced that it would be hosting RareCamp and the OpenTreatments Foundation. RareCamp enables treatments for rare genetic diseases regardless of rarity and geography.

Four hundred million patients worldwide are affected by more than 7,000 rare diseases, yet treatments for rare genetic disorders are underserved. More than 95 percent of rare diseases do not have an approved treatment, and new treatments are estimated to cost more than $1 billion.

The RareCamp open source project provides open governance for the software and scientific community to collaborate and create the software tools to aid in creating treatments for rare diseases. The community includes software engineers, UX designers, content writers, and scientists who are collaborating now to build the software that will power the OpenTreatments platform. The project uses the open source Javascript framework NextJS for frontend and the Amazon Web Services (AWS) Serverless stack – including AWS Lambda, Amazon API Gateway, and Amazon DynamoDB – to power the backend. The project uses the open source toolchain Serverless Framework to develop and deploy the software and is licensed under Apache 2.0 and available for anyone to use.

The project is supported by individual contributors and collaborations from companies that include Baylor College of Medicine, Castle IRB, Charles River, Columbus Children’s Foundation, GlobalGenes, Odylia Therapeutics, RARE-X, and Turing.com.

These efforts are made possible by the dozens of enterprises that support the LFPH and OpenTreatments foundations.

To learn how your organization can get involved with LFPH, click here

To learn how your organization can get involved with OpenTreatments, click here

The post In 2021, The Linux Foundation Became a Trusted Resource for Public Health and Industry Partners‭, and OpenTreatments Tackled Rare Diseases‬ appeared first on Linux Foundation.

The transition from centralized fossil-fuel generation to renewable and distributed energy resources will mark the most significant reimagining of power systems in over 140 years, and it will fundamentally transform our economies. Approximately 75% of carbon emissions can be mitigated through the electrification of energy, transportation, and the built environment. By adopting an open source strategy that maximizes flexibility, agility, and interoperability, we can innovate at the speed of the urgency needed to decarbonize and save our planet.

Since nearly all aspects of life on Earth will be touched, our future rests on cooperation that will enable the evolution of the marketplace, driven by competition and innovation. Collaboration is central to finding a path to decarbonization, which is the fundamental and existential paradigm shift facing humanity. Collaboration is also at the heart of why over the next 30 years, the Linux Foundation will play an increasingly important role as the planet negotiates the transformation of the world’s largest machine — the electrical power grid — and the economies and societies that depend on it. 

The Linux Foundation has the opportunity to take a proactive position and tremendous potential to help address the critical global challenges stemming from climate change which, if left unabated, guarantee catastrophic disruptions in our physical and emotional worlds. The LF shows a path forward that is open and collaborative so that companies, countries, even continents can work together versus the often uncoordinated and piecemeal efforts in place so far that, if left unchecked, will fall short.

The threat is real

Undoubtedly, worldwide climate change is the greatest existential threat facing humanity since asteroids caused the 5th extinction 65 million years ago. 

And it is now locked in, with climate change driving the planet’s health past tipping points that we cannot reverse. We are now in a battle of staving off our own demise, and we must transition whole economies off fossil fuels to renewables without tanking those economies and unleashing chaos. 

Since the mid-1800s, three charts reveal a lock-step progression of fossil fuel, GDP, and carbon parts per million — the pollution that contributes to a warming world. The externalities that have driven the economic expansion of the last 150 years are now forcing a reconciliation. We are at the last possible moment. 

Climate solutions at the Linux Foundation

Several Linux Foundation projects are already working on various climate solutions.

LF Energy is accelerating the decarbonization of the global economy through the transformation of power system networks and delivering a full interoperability stack for EVs and vehicles to grid (V2G) to onboard intermittent and renewable energy at scale. 

2021 was a pivotal year for LF Energy in its mission to lead the energy transition through global open source collaboration. Highlights include:

• Increasing the size of the effort to 20 open source projects, 
• Stretching to 44 members, adding Microsoft and Hitachi ABB 
• Adding new entrants into the energy sector like Savoir-Faire Linux. 

LF Energy software projects in development are innovating on substations and multi-protocol gateways, electrifying transportation, improving grid automation, reducing grid congestion, creating flexible markets, enabling avoided energy markets, increasing grid resilience, improving data monitoring and analysis, and optimizing network operations.

Via the collaboration that forums like LF Energy provide, innovative technologies can get to market faster. As LF Energy members grow to include traditional utility OEMs like GE and Hitachi ABB, those technologies are more likely to be adopted and spread faster throughout the energy ecosystem.

OS-Climate is developing a platform of data and analytics to close the $1.2 Trillion gap in financing and investment required to achieve Paris Climate Accord goals. Avoiding catastrophic global warming levels and ensuring resilience to climate impacts requires rapidly closing the $1.2 trillion gap in investment for climate solutions each year. But pension funds, asset managers, banks, corporations, and regulators lack the data and analytics required to reallocate financing toward decarbonization. 

Related:

• BNY Mellon Joins Linux Foundation to Drive
• GLEIF, OS-Climate & Amazon Drive Broader and Faster Development of Climate-Aligned Financial Applications
• Linux Foundation’s Open Source Climate Welcomes Airbus, EY, and Red Hat

At COP-26 in Glasgow this week, OS-Climate rolled out its prototype Data Commons and AI-enhanced tools for climate-alignment and physical risk analysis of portfolios — key for transitioning the global economy to Net Zero emissions and a sustainable future. In the last year, membership and number of active contributors have grown by more than 300% and more than 600%.respectively.

In May of 2021, the Linux Foundation, with Joint Development Foundation Projects LLC, along with its partners Accenture, GitHub, and Microsoft, announced the formation of the Green Software Foundation to build a trusted ecosystem of people, standards tooling, and leading practices for building green software.

As we think about the software industry’s future, we believe we have a responsibility to help build a better future – a more sustainable future – both internally at our organizations and in partnership with industry leaders around the globe. With data centers worldwide accounting for 1% of global electricity demand, and projections to consume 3-8% in the next decade, we must address this as an industry.

The Green Software Foundation was born out of a mutual desire to collaborate across the software industry. Organizations with a shared commitment to sustainability and an interest in green software development principles are encouraged to join the Foundation to help grow the field of green software engineering, contribute to standards for the industry, and work together to reduce the carbon emissions of software.

The rest of the Linux Foundation ecosystem can play a substantial role going forward by enabling that power quality and power consumption — so that one day, every device running Linux or embedded Linux on the edge which draws energy from power networks can provide arbitrage to the grid by accepting a price signal.

On that day, every project at the Linux Foundation will address some part of the decarbonization of the global economy. Linux helped build the world we see today; The Linux Foundation will be central to transforming the world so that future power systems will enable our grandchildren’s children to inherit a healthier planet.

These efforts are made possible by the dozens of enterprises that support the LF Energy, OS-Climate, and Green Software Foundation projects. 

To learn how your organization can help transform and decarbonize our power system networks while accelerating the transition to electric mobility from fossil fuels, get involved with LF Energy by clicking here 

To learn how your organization can get involved with OS-Climate, click here 

To learn how your organization can get involved with Green Software Foundation, click here

The post The Linux Foundation Meets Its Biggest Challenge Yet: Saving the Planet appeared first on Linux Foundation.

Authors: John Mertic, Maemalynn Meanor, Jason Perlow

The mainframe is a foundational technology that has powered industries for decades, including government, financial, healthcare, and transportation. With the help of surrounding communities, the technologies built around this platform have paved the way for the emergence of a new set of technologies we see deployed today. Notably, a significant number of mainframe technologies are profoundly embracing open source.

Linux comes to the mainframe

As Linux began to take the world by storm in the 1990s, a small group of mainframe enthusiasts started experimenting with Linux on IBM System 390 (a previously current generation of mainframe hardware). Over the last 20 years, others like Hitachi and Fujitsu also invested in enabling open source and Linux on their mainframe platforms. Linux on mainframe marked its official start on December 18, 1999, with IBM publishing a collection of patches and additions to the Linux 2.2.13 kernel. 

The year 2000 brought momentum to Linux on the mainframe. The first true “Linux distribution” for these systems came in early 2000 as a collaboration between Marist College in Poughkeepsie, N.Y., and Think Blue Linux by Millenux in Germany. By October of that year, SUSE became the first vendor-supported Linux Distribution, in the first release of what’s now known as SUSE Enterprise Linux. SUSE’s first s390x distro represented an early example of the mainframe leading the way in the evolution of computing technology.

Today, nine known Linux distributions currently provide an s390x architecture variant: Alpine, ClefOS, Debian, Fedora, Gentoo, OpenSUSE, RHEL, SUSE, and Ubuntu.

The expansion of the mainframe as a platform for Linux continues to be nurtured in the Open Mainframe Project, with key projects outlined below helping Linux on the mainframe continue to be a platform used by Fortune 100 companies worldwide.

• Feilong, which provides an interface between z/VM (the primary hypervisor for mainframe, is directly based on technology and concepts dating back to the 1960s) and modern cloud stack systems such as OpenStack, is jointly developed by IBM, SUSE, and others.
• Tessia is a tool that automates and simplifies the installation, configuration, and testing of Linux systems running on the Z platform.

Developments in COBOL 

COBOL, which stands for “Common Business-Oriented Language,” is a compiled, English-like computer programming language developed for use as a business applications language. Its roots go back to the 1950s, and COBOL is still frequently used in many industries for key applications.

The COVID-19 pandemic in April 2020 put high levels of stress on various government services due to the unprecedented number of unemployment applications and other similar needs. This put the spotlight on COBOL, as it was then the predominant technology used for these systems. This also highlighted the perceived lack of talent to support these systems, which have code going back to the 1960s. 

The vast COBOL and mainframe communities quickly addressed this need and made several efforts to provide a sustainable home for COBOL.

• Calling all COBOL Programmers Forum – an Open Mainframe Project forum where developers and programmers who would like to volunteer can post their profiles or are available for hire. Whether they are actively looking for employment, retired skilled veterans looking to stay involved, students who have completed COBOL courses, or are professionals wanting to volunteer, the forum offers the opportunity for job seekers to specify their level of expertise and availability to assist. Employers can then connect with these individuals as needed. 

• COBOL Technical Forum – a new forum created specifically to address COBOL technical questions in which experienced COBOL programmers monitor activity. The forum allows all programmers to quickly learn new techniques and draw from a broad range of community expertise to address common questions and challenges exacerbated during this unprecedented time. 
• Open Source COBOL Training – the Open Mainframe Project Technical Advisory Council has approved hosting a new open source project that will lead collaborative efforts to create training materials on COBOL. The courseware was contributed by IBM based on its work with clients and institutions for higher education and is provided under an open source license. 

These initiatives were followed by a formal COBOL Working Group established later in 2020 to address the long-term challenges in building a sustainable COBOL ecosystem. 

In early 2021, attention turned to the tooling ecosystem for COBOL developers with the launch of the COBOL Check project. This initiative enables test-driven development (TDD) practices for COBOL by providing a unit testing framework.

Zowe brings together the industry leaders to drive the future development paradigms of the mainframe

Traditionally, organizations have been challenged by integrating mainframe applications and data with the other systems that power their enterprise. This integration task further created a talent development challenge, as the paradigms between mainframe and other enterprise computing systems differed enough to make skills not easily transferable.

Broadcom, IBM, and Rocket Software saw this challenge and independently developed various frameworks to close this gap with the mainframe development experience. These include:

• An API Mediation Layer for standardizing the API experience for mainframe applications and services
• A CLI tool that could be run on a developer’s laptop or other non-mainframe systems and used for DevOps tooling integration.
• A Web Desktop interface to make it easier to develop web-based applications that leverage mainframe services and data using common development toolkits.

These components came together in August 2018 in Zowe, which was the first open source project launched that targeted the z/OS operating system (the predominant operating system on mainframe systems). The intention of bringing this project into the vendor-neutral Open Mainframe Project was to establish Zowe as the dominant development and integration tool for mainframe systems, aligning the mainframe community around Zowe.

After Zowe 1.0 was released in February 2019, the project quickly turned to enable a downstream ecosystem of vendor offerings to flourish by establishing the Zowe Conformance Program in August 2019. To date, there are more than 50 Zowe Conformant offerings from 6 different vendors in the mainframe industry.

In addition, Zowe has brought new projects into its scope, with the following incubator projects as of August 2021:

• ZEBRA, which provides re-usable and industry compliant JSON formatted RMF/SMF data records so that many other ISV SW and users can exploit them using open-source SW in many ways (contributed by Vicom Infinity).
• Workflow WiZard helps developers and systems programmers simplify the generation and management of z/OSMF workflows (contributed by BMC).

Zowe boasts more than 300 contributors with more than 34,000 contributions as of August 2021.

Mentorship to support the mainframes of tomorrow

Open Mainframe Project has experienced record growth in contributions this year, with more than 105.31 Million Lines of Code written and over 9,600 commits submitted by Open Mainframe Project communities to date— a 100 percent increase across 20 projects and working groups. These numbers will only increase as Open Mainframe continues to be the cornerstone of governance and innovation for modernizing the mainframe and its path to IoT, Cloud, and Edge Computing.

But the mainframe workforce is aging — in fact, many organizations employ mainframers who half or more of their staff will be eligible for retirement soon. The aging workforce will be a global issue as many schools have shifted from teaching mainframe skills and important languages like COBOL and assembler. Some students don’t even know what a mainframe is or aren’t aware they use one each day. 

The mainframe isn’t going away, so that means we need to get younger mainframers on board.

That’s why the Linux Foundation chose to help close the skills gap through education and training. Through the Open Mainframe Project’s Mentorship program, the project offered a hands-on experience in an open source environment with leaders from member companies such as BMC/Compuware, Broadcom, IBM, Micro Focus, Rocket Software, and many others.

This year, the mentorship program welcomed its largest mentee class from around the globe that worked on popular projects such as ATOM, COBOL Programming Course, COBOL Working Group, Mainframe Open Education, Polycephaly, Software Discovery Tool, and Zowe. Through one-on-one conversations, collaborative community meetings, technical development, and accessibility to mainframe technology, Open Mainframe helped lay the groundwork for the next generation of mainframers. 

Additionally, as COBOL continues to be on-demand this year, Open Mainframe continued to enhance resources: 

• The COBOL Programming Course, which also became the first Open Mainframe project to complete the lifecycle and graduate to become a mature active project, went through an extensive overhaul to provide more detailed content for a better experience and deeper understanding for students and developers looking for a refresher course.
• COBOL Check launched in March to improve the design, understandability, maintainability, and longevity of core business applications. It supports IBM’s mainframe modernization program by enabling restructuring of existing applications of APIs. COBOL Check will complement the COBOL Programming Course and will leverage the support of the COBOL Working Group.

The future is bright for the mainframe

The mainframe has seen a resurgence in the past five years, with the launch of the Open Mainframe Project and the industry coming together in key open source projects in the COBOL, Linux on System Z, and z/OS ecosystems. The Open Mainframe Project hosts more than 20 projects and working groups supported by over 45 organizations as of August 2021, with no signs of slowing anytime soon.

Open Mainframe Summit 2021

For the second consecutive year, Open Mainframe Project hosted its flagship event virtually on September 22-23.

The theme of this year’s Open Mainframe Summit expanded beyond the mainframe to highlight influencers with strengths in the areas supporting or leveraging the technology like continuous delivery, edge computing, financial services, and open source. Keynote speakers for the event included Gabriele Columbro, Executive Director of Fintech Open Source Foundation (FINOS); Jason Shepherd, Vice President of Ecosystem at ZEDEDA and Chair of the LF Edge Governing Board; Jono Bacon, a leading community and collaboration speaker and founder of Jono Bacon Consulting; Steve Winslow, Vice President of Compliance and Legal at The Linux Foundation; Tracy Ragan, CEO and Co-Founder of DeployHub and Continuous Delivery Foundation Board Member, and more.

The event also highlighted projects, diversity, and business topics that offered seasoned professionals, developers, students, and leaders an opportunity to share best practices and network with like-minded individuals.

Open Mainframe Summit ended with 219 registered attendees that represented 83 companies. During the conference, there were 167 unique users on the platform, a 77% attendance rate, which is a slight increase when compared to last year.

The conference videos are available on the Open Mainframe Project Youtube Channel. Click here for the complete playlist.

These efforts are made possible by the dozens of enterprises that support the Open Mainframe Project. To learn how your organization can get involved, click here

The post In Case You Missed It: State of the Open Mainframe 2021 appeared first on Linux Foundation.

Author: Chris Friedt, Sofware Release Manager, Zephyr Project

Here we are – 2 ½ years since the release of Zephyr Long Term Support (LTS) V1.

In what seems like the blink of an eye, Linux has turned 30 and has gone where no penguin has gone before. Some may forget that the Zephyr Real-Time Operating System went to space, too (albeit under a different name).

Meanwhile, here on Earth, the Zephyr Project received 26,845 commits, 1,764,230 lines of code added, and published ten tagged releases since the LTS V1.

Our contributing community continues to grow – 500 to 1384. If you haven’t met our Embla Flatlandsmo, our 1000th contributor, you can do so here. Numerous Zephyr-based products have been launched (one day, I would like to know just how many). Companies have been formed around Zephyr, and many of them contribute back to the Zephyr Project on GitHub.

Zephyr is now a common theme at technical conferences:

• Of course, the very first Zephyr Developer Summit was held this year
• Open Source Summit featured several Zephyr-related talks
• At Linux Plumbers Conference, Zephyr was a consistent theme in both the IoT Micro-conference as well as the Refereed Track
• At the Embedded Linux Conference, we had a live demonstration of the Zephyr RTOS, broadcast across the globe, going from 0 to “Hello, world!” in 1 minute!

Let’s take a quick look at some of the changes that have enabled Zephyr’s success.

What’s New in LTS V2

In September, when we said that this is the biggest release of Zephyr ever, we weren’t kidding! Below are some of the highlights extracted from the complete v2.7.0 ChangeLog.

• Zephyr SDK users should adopt the new Zephyr 0.13.1 SDK release
• The new SDK includes
  • initial support for building Zephyr on macOS
  • updated Qemu version to 6.0.0
  • updated to GCC 10.3
  • updated to support ARC64
  • improved C++ support
  • switched to using newlib-nano
  • updated to Yocto 3.2.3 baseline
  • updated OpenOCD snapshot

Major enhancements with this release include

• Bluetooth Audio, Direction Finding, and Mesh improvements
• Support for Bluetooth Advertisement PDU Chaining
• Added support for armclang / armlinker toolchain via toolchain abstraction
• Added support for MWDT C / C++ toolchain via toolchain abstraction
• Update to CMSIS v5.8.0 (Core v5.5.0, DSP v1.9.0)
• Support for M-Profile Vector Extensions (MVE) on ARMv8.1-M
• Improved thread safety for Newlib and C++ on SMP-capable systems
• IEEE 802.15.4 Software Address Filtering
• New Action-based Power Management API
• USB Device Framework now includes all Chapter 9 defines and structures
• Generic System Controller (syscon) driver and emulator
• Linker Support for Tightly-Coupled Memory in RISC-V
• Additional Blocking API calls for LoRa
• Support for extended PCI / PCIe capabilities and improved MIS-X support
• Added Service Type Enumeration (STE) with mDNS / DNS Service Discovery
• Added Zephyr Thread Awareness for OpenOCD to West
• EEPROM now can be emulated in flash
• Added both Ethernet MDIO and Ethernet generic PHY drivers

Growth Since LTS V1

Since LTS 1.14.0, the number of unique contributors to the Zephyr Project has nearly tripled from 500 to 1384. Zephyr is now supported on more than twice as many boards, increasing from 160 to 400, and now runs on 12 different architectures (counting ARM cortex-a, cortex-r, and ARC64). Our peak commit velocity has nearly doubled from 1.4 to 2.5 commits per hour.

Zephyr’s team of maintainers has doubled from approximately 25 to 50 and our team of collaborators has nearly tripled from 30 to 81.

The total number of distinct areas (subsystems, OS features, etc.) requiring maintainership in Zephyr has increased from 80 to 113, and there are no signs of slowing down.

1.14.0 (LTS V1)2.7.0 (LTS V2)Contributors5001384Boards160400Architectures812Commit Velocity1.4 commits per hour2.5 commits per hour# of Maintainers~2550# of Collaborators~3081# of Areas~80113 Major Enhancements Since LTS V1

Most of our community members have eagerly adopted tagged releases. Still, for companies that have based products on the LTS V1 release, there have been a tremendous number of major enhancements since then.

• The kernel now supports both 32- and 64-bit architectures
• We added support for SOCKS5 proxy
• Introduced support for 6LoCAN, a 6Lo adaption layer for Controller Area Networks
• We added support for Point-to-Point Protocol (PPP)
• We added support for UpdateHub, an end-to-end solution for over-the-air device updates
• We added support for ARM Cortex-R Architecture
• Normalized APIs across all architectures
• Expanded support for ARMv6-M architecture
• Added support for numerous new boards and shields
• Added numerous new drivers and sensors
• Added BLE support on Vega platform
• Memory size improvements to Bluetooth host stack
• We added initial support for 64-bit ARMv8-A architecture
• CANopen protocol support through 3rd party CANopenNode stack
• LoRa support was added along with the SX1276 LoRa modem driver
• A new Zephyr CMake package has been introduced
• A new Devicetree API which provides access to virtually all DT nodes and properties
• The kernel timeout API has been overhauled
• A new k_heap/sys_heap allocator, with improved performance
• Zephyr now integrates with the TF-M (Trusted Firmware M) PSA-compliant framework
• The Bluetooth Low Energy Host now supports LE Advertising Extensions
• The CMSIS-DSP library is now included and integrated
• Introduced initial support for virtual memory management
• Added Bluetooth host support for periodic advertisement and isochronous channels.
• Added a new TCP stack which improves network protocol testability
• Introduced a new toolchain abstraction with initial support for GCC and LLVM/Clang
• Moved to using C99 integer types and deprecate Zephyr integer types
• Introduced support for the SPARC architecture and the LEON implementation
• Added Thread Local Storage (TLS) support
• Added support for per-thread runtime statistics
• Added support for building with LLVM on X86
• Added new synchronization mechanisms using Condition Variables
• Add support for demand paging, initial support on X86
• Logging subsystem overhauled
• Added support for 64-bit ARCv3
• Split ARM32 and ARM64, ARM64 is now a top-level architecture
• Added initial support for Arm v8.1-m and Cortex-M55
• Removed legacy TCP stack support which was deprecated in 2.4
• Tracing subsystem overhaul / added support for Percepio Tracealyzer
• Device runtime power management (PM) completely overhauled
• Automatic SPDX SBOM generation has been added to West
• Added an example standalone Zephyr application

Areas to Improve

New technical features and enhancements are proposed every day. However, it’s also important to periodically step back and look at how efficiently our wheels are turning as an organization. At the request of our valued community members, several areas have been tagged for improvement.

• We need more Collaborators and Maintainers (Reviewers) to match our growth
  • More reviewers mean less time in review for each PR; on average
  • Some Maintainers oversee multiple areas, giving them less time to focus
  • We want you! (if you have what it takes)
  • Technical expertise, patience, time, and a good track record of contributing
  • See Project Roles for Maintainer responsibilities
• Record and publish Zephyr commit statistics similar to the Linux kernel
• Use a finer granularity of permissions on GitHub (currently in progress)
• Provide a qualification process and Rolodex of Zephyr consultants

Looking to the Future

There are currently 107 RFC tickets open for virtually every kind of enhancement. Below are just a few that I am personally quite excited about!

• native_posix board support for macOS
• A sensor and message-bus framework (based on Android’s CHRE)
• A generic State Machine Framework
• Addition of a Pin Control API and Devicetree bindings
• A USB-C Driver Framework (based on the ChromeOS stack)
• A unified framework for multiple clock sources, domains, and timer resolutions
• Multiple network interface auto-configuration via Devicetree
• Improved support for multiple radio devices and wireless coexistence
• Improved Language and Runtime Support: MicroPython, C++, Rust, eBPF
• Improved support for ISO C, C++, and POSIX standards
• Additional support for Remote Procedure Call frameworks like gRPC and Thrift

Of course, one of the greatest facets of Zephyr’s future is the community, and we welcome all of our future community members with open arms. For those new to Zephyr, the best place to begin is the Zephyr Getting Started Guide. At any time, please feel free to reach out to us on Discord to chat.

Closing Remarks

Every second of every day, millions of Zephyr-based Internet-enabled devices wake up, process a few bytes of data, resonate at GHz frequencies, and then quietly go back to sleep, consuming precious micro-amps of battery power. While others, at the opposite end, never get to sleep at all and process immense payloads in custom hardware accelerators in some of the world’s largest data centers.

This is our community. We scale. We solve categorically hard problems. We hold each other to high standards. We help one another through thick and thin, and in doing so, we are able to achieve the most incredible things!

We’re excited to announce the release of Zephyr LTS V2. And to our community, I say thank you!

These efforts are made possible by the dozens of enterprises that support the Zephyr project. To learn how your organization can get involved, click here

The post In Case You Missed It: Zephyr LTS V2 Release appeared first on Linux Foundation.

Open source software tools and services are often created quickly and out of necessity. Linus Torvalds, for example, created the first version of git in a weekend when the Linux kernel team could no longer use BitKeeper for Source Control Management. 

sigstore was created earlier this year to address the massive gap for an easy, trustable and efficient digital signing tool to confirm the provenance (origin) of software. Since March 2021 sigstore has been growing rapidly and is being used for various projects. This includes Kubernetes, one of the world’s largest open source projects.

But like Let’s Encrypt and the Linux Kernel, sigstore requires resources. Building the first version of the tool is different from bringing together resources to enable widespread adoption and support it for the long term. That’s why we’re excited to announce today that the project has received generous contributions from Chainguard, Cisco, HPE, Google, Red Hat and VMware to conduct an extensive security audit and hire a full-time developer relations engineer. 

The reality is that today the majority of software isn’t digitally signed. Without signatures, there’s little evidence of the software’s provenance,  so most software consumed is cryptographically untrusted. With sigstore, developers can digitally sign containers, artifacts, config-as-code, policy, and any given computer file. sigstore has the potential of becoming to digital signing what Let’s Encrypt is to HTTPS. 

“By working to eliminate the requirements for specialized skills in cryptography, sigstore is committed to establishing trust and transparency in the open source supply chain. Removing this exclusivity is key to increasing developers’ access to cryptographic signing and creating an open log for accountability. Red Hat is proud to support sigstore’s constant commitment to open source in the supply chain security space,” said Luke Hinds, Senior Principal Software Engineer, Red Hat.

For more information about sigstore, please visit: https://blog.sigstore.dev/

The post sigstore, the free digital signing service for open source supply chain security, gets additional support appeared first on Linux Foundation.

More than 40 companies commit to build open source ecosystem to enable next-generation architectures for microservices use cases

Napa Valley, Calif., Linux Foundation Membership Summit, November 2, 2021 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the NextArch Foundation. The new Foundation is a neutral home for open source developers and contributors to build next-generation architecture that can support compatibility between an increasing array of microservices.

Cloud-native computing, Artificial Intelligence (AI), the Internet of Things (IoT), Edge computing and much more have led businesses down a path of massive opportunity and transformation. According to market research, the global digital transformation market size was valued at USD 336.14 billion in 2020 and is expected to grow at a compound annual growth rate (CAGR) of 23.6 percent from 2021 to 2028. But a lack of intelligent, centralized architecture is preventing enterprises and the developers who are creating innovation based on these technologies to fully realize their potential.

“Developers today have to make what feel like impossible decisions among different technical infrastructures and the proper tool for a variety of problems,” said Jim Zemlin, Executive Director of the Linux Foundation. “Every tool brings learning costs and complexities that developers don’t have the time to navigate yet there’s the expectation that they keep up with accelerated development and innovation. NextArch Foundation will improve ease of use and reduce the cost for developers to drive the evolution of next-generation technology architectures.”

Next-generation architecture describes a variety of innovations in architecture, from data storage and heterogeneous hardware to engineering productivity, telecommunications and much more. Until now, there has been no ecosystem to address this massive challenge. NextArch will leverage infrastructure abstraction solutions through architecture and design and automate development, operations and project processes to increase the autonomy of development teams. Enterprises will gain easy to use and cost-effective tools to solve the problems of productization and commercialization in their digital transformation journey.

“NextArch Foundation understands that solving the biggest technology challenges of our time requires building an open source ecosystem and fostering collaboration,” said Mike Dolan, senior vice president and general manager of projects at Linux Foundation. “This is an important effort with a big mission and it can only be done in the open source community. We are happy to support this community and help build open governance practices that benefit developers throughout its ecosystem.”

“I am really excited to be involved with the NextArch Foundation in an advisory role. In the past five years, we’ve witnessed major advances in various technology domains such as cloud, artificial intelligence, IoT, AR/VR, quantum computing, serverless computing, and many more. These advances have produced enormous amounts of open source software assets. A core challenge is bridging all these technologies and software assets under a single next generation architecture that supports diverse computing environments and enables enterprise digital transformation. NextArch Foundation will be at the heart of this effort, building a community and enabling an ecosystem that brings together organizations and communities to address this challenge in an open environment,” said Dr. Ibrahim Haddad, Executive Director of LF AI & Data.

For more information about the NextArch Foundation or to contribute, please visit: nextarch.io

Supporting Comments

Aftership

“Congratulations on launching the NextArch Foundation! By being part of the NextArch Foundation, AfterShip hopes to build a next-generation technical architecture to better serve customers around the world,” said Xiaojun Hong, CTO of AfterShip.

Agora

“It is a great honor to be part of the NextArch Foundation and celebrate its launch! In recent years, we have continuously explored and practiced next-generation architecture technologies in the audio and video field, and have paid more attention to open source contributions. I am very pleased to see that NextArch Foundation has allowed open source architecture projects to have a platform for comprehensive development. I hope more developers can participate and jointly build a better and more open next-generation architecture open source ecosystem,” said Yue Feng, Co-founder & Technical VP of Agora.

Alauda

“The rise of cloud native technologies is shaping the future of enterprise IT. The plethora of technological innovations and architectural advancements are forming the basis of digitization strategies for modern organizations. We are delighted to see the formation of the NextArch Foundation. We believe it will foster a vibrant ecosystem of technologies, systems and processes that will help define the next generation of enterprise architecture. We look forward to contributing to this mission,” said Kai Chen, Co-founder & CTO of Alauda.

Ampere

 “Ampere is excited to participate in the launch of the NextArch Foundation, building upon the momentum started by the TARS Foundation, by collaborating and developing both technology and standards for the next generation of microservices,” said Mauri Whalen, Senior Vice President of Software Engineering at Ampere.

API7

“Congratulations on the launch of NextArch Foundation! I hope that with the support of the NextArch Foundation, more open source projects will continue to develop, build an active open source community, and create a prosperous open source ecosystem. At the same time, NextArch Foundation will help enterprises find architectural solutions faster, which will make great progress to the underlying infrastructure,” said Ming Wen, CEO of API7.

Arm

“As member of the Linux Foundation and the TARS Foundation, Arm is pleased to see the establishment of a neutral and non-profit NextArch Foundation that will help integrate upstream and downstream open-source technology resources, supporting the growth of heterogeneous SoCs for computing infrastructure,” said Frank Zou, VP of China GTM, Infrastructure Line of Business, Arm.

Baidu

“Congratulations on the launch of NextArch Foundation! Together with the NextArch Foundation, we hope to realize the technological revolution of the future-oriented next-generation microservices architecture and accelerate the cloud-native transformation of enterprise architecture,” said Ran Zheng, Outstanding R&D Architect of Baidu.

CAICT

“Congratulations to the establishment of NextArch Foundation! As an inevitable trend of enterprise, digital transformation has spawned numerous tools and tech, which impose challenges on developers when they need to utilize new tech. Under the current environment, we are glad to see NextArch Foundation working on the evolution of next-generation architect or to mitigate pressure on developers,” said Yili Chen, director of cloud computing research dept. CAICT.

CESI

“The next-generation architecture is the future development trend. The China Electronics Engineering Design Institute has always actively participated in and promoted the exploration of cutting-edge technologies. As early as 2019, it led the writing of the “Next Generation Cloud Computing White Paper” in conjunction with China’s leading cloud computing companies. Personally, I am glad to be able to launch the NextArch Foundation together with the Linux Foundation this time. In the future, we will jointly explore technology research, standards, evaluation, and industrialization services,” said Liyun Yang, Director of the Cloud Computing Research Office.

Coredge.io

“We are extremely delighted to be part of the NextArch Foundation initiative. This is a great initiative to take the software services delivery to next level and we assure our active contribution to growth of each and every aspect of NextArch Foundation and future innovations,” said Sagar Nangare, Coredge.io Director of Product Marketing and Growth.

DataCanvas

“It’s a great pleasure to be part of the effort to launch the NextArch Foundation. With fast rising demand from data science and real-time applications, it’s a defining moment of software architectural change in the coming decade. Millions of businesses are making decisions every day to upgrade their IT architecture to handle the sheer size workload during digital transformation, it’s still an uncertain process lacking a clear paradigm and guidance. We are very happy to see NextArch can stand up and unite leading organizations to face this challenge. NextArch will surely be an innovation center to help across the world and we are looking forward to engaging as an initial member,” said Lei Fang, Board Chairman of DataCanvas.

DCloud

“Congratulations on the creation of NextArch Foundation! I hope that NextArch Foundation can incubate more outstanding, open source cloud-native projects and help more companies accelerate their digital transformation,” said Hongbao Cui, CTO of DCloud.

DiDi

“Congratulations on the creation of the NextArch Foundation! We hope that the NextArch Foundation can help more users find solutions to the development of architecture in the current open source software and hardware more quickly, which will contribute enormous value to the open source community,” said Yi Yang, Open Source Committee Chair of DiDi.

Digital China

“Congratulations on the launch of NextArch Foundation and look forward to the cooperation with NextArch Foundation. We believe that can provide better services and solutions for the open-source ecological construction of customer introduction, channel expansion, technology and product innovation, technology accumulation, etc., and to accelerate the realization of the value of open-source technology in the client,” said Yang Shen, Vice President & CIO of Digital China Group.

Eolink

“Congratulations on the launch of NextArch Foundation! As a firm supporter of the API economy, Eolink sees the great value that API can provide for various technical architectures in the past and the foreseeable future. I hope that NextArch Foundation can help us quickly find the current best practices for open source software development. Together, we hope to help implement open source software and hardware in different fields by integrating with API economy,” said Haozhen Liu, CEO of Eolink.

GrowingIO

“Congratulations to the NextArch Foundation! We hope to contribute to the development of the open source ecosystem and open source trends with NextArch Foundation and other partners in the future. We believe participating in NextArch will cultivate open cooperation and empower decision-making processes,” said Dingding Ye, CTO of GrowingIO.

HarmonyCloud

“On behalf of HarmonyCloud, I would like to congratulate the launch of NextArch Foundation. In the future, we will jointly explore the best solution for the development of open source software and hardware architecture, and I look forward to creating more possibilities with the help of NextArch Foundation,” said Aoyu Wang, CEO of HarmonyCloud.

Huayou Tech

“In recent years, despite the COVID-19 pandemic, the support from cloud native, container, DevOps, microservices and other technologies has pushed forward digital transformation. In the face of a digital age, architecture technology will inevitably be upgraded, and the next generation of architecture technology will also emerge. The establishment of NextArch Foundation is in line with the trend and will surely lead the trend. Congratulations on the launch of NextArch Foundation!” said Tianguo Xiao, Co-founder & CEO of Huayou Tech.

JD

“We are honored to witness the birth of a legend. Congratulations on the launch of NextArch Foundation! As a company with a technological belief, we are in an unprecedented wave of technological change. We always believe that in the continuous evolution of the next-generation technology architecture, developer productivity engineering (DPE) and developer experience engineering (DXE) will become the mainstream consensus of the industry. Together with the open-source spirit, it will act as the source of power to develop future technical efficiency. I am delighted that this coincides with the vision of NextArch Foundation. We hope to work with NextArch Foundation to uphold the original intention of technology to change the world and jointly promote the implementation of enterprise digital transformation and the arrival of the data-driven intelligent era,” said Xuefeng Shi, Engineering Efficiency Expert of JD.

JiHu (GitLab)

“Congratulations on the establishment of the NextArch Foundation. JiHu (GitLab) is committed to promoting DevOps and the development of open source ecology based on the principle of core openness, which coincides with the philosophy of the NextArch Foundation. We hope that NextArch Foundation can flourish and JiHu (GitLab) will contribute its own strength,” said Sam Chen, CEO of JiHu (GitLab).

Kong

“Kong is proud to be part of this momentous launch of the NextArch Foundation. Multi-cloud is the future, and it’s exciting to see such a great set of collaborators coming together to make heterogeneous infrastructure more accessible to development teams,” said Michael Heap, Director of Developer Relations at Kong.

Mulan Community

“With the advent of the distributed cloud era, computing, storage, and data technologies must go through innovations. It is critical to have a forward-looking perspective of the next-generation technology architecture. Open source is the best way to promote technological development and the industrial ecosystem. Mulan Community is excited to work with the Linux Foundation to advance technological and industrial transformation and development,” said Hang Geng, Community Manager of Mulan Community.

Nanjing University

“Architecture determines value, and decentralization is the future. Overcoming the limitations of the next-generation software architecture and adapting to the architectural needs of the cloud era will help the development of the digital economy. As the first Chinese academic institution dedicated to comprehensive research, teaching and industrial cooperation between DevOps and cloud native, DevOps+ Research Laboratory of Nanjing University is willing to work with the Linux Foundation to explore the next generation of cloud native architecture and promote technological change,” said Zhang He, Director of DevOps+ Research Laboratory of Nanjing University.

OneFlow

“Congratulations on the launch of the NextArch Foundation! It is my great honor to witness the birth of such profound an effort. In the particular field of deep learning, we believe that only next generation architecture can address the unprecedented challenges of big data, and big computing. Furthermore, only through collaboration with the open source community can such next generation technology be developed. Looking forward to working together with NextArch foundation in the future,” said Jinhui Yuan, Founder of OneFlow Inc.

Ramanujan College, University of Delhi

“It is a great opportunity for Ramanujan College, University of Delhi to join as a member of the NextArch Foundation and participate in the open-source projects and the technical community. We are happy to be a part of this ecosystem,” said Vipin Rathi, Asst. Professor, Chairperson Hyperledger Telecom SIG.

SphereEx

“We are excited to see how many open source projects for enterprise digital transformation will develop with the help of the NextArch Foundation. SphereEx will continue to maintain a cooperative relationship with NextArch Foundation, realize the open source and open management concepts, and strive to build a new generation of technology architecture ecosystem with global collaboration,” said Liang Zhang, Co-founder and CEO of SphereEx.

SRS

“Congratulations! Tech changes the world, open source changes the tech. As one of video and live streaming open source projects, SRS makes it easy to build video platforms. There are lots of open source projects like FFmpeg, WebRTC, x264, libopus, gstreamer, SRS, etc, enabling the video developer to build large scale video products, for entertainment, online meeting, education, communication and cloud games,” said Winlin, Maintainer of SRS.

Stream Native

“Nowadays, the open source ecosystem is becoming more comprehensive, and the digital transformation of enterprises is the current trend. To meet the needs of today and the future, we should face the heterogeneous infrastructure and multi-cloud scenarios to jointly discuss the next-generation technical architecture. StreamNative is honored to participate in the NextArch Foundation and hopes that the Foundation will help more companies find solutions that meet the development of new open source software, hardware and software architectures, and help the industry’s digital transformation,” said Jia Zhai, Co-founder of StreamNative.

Swoole

“Congratulations on the creation of the NextArch Foundation! We look forward to the open source software solutions provided by the NextArch Foundation to help Chinese companies build a stable and reliable software service architecture, effectively improving R&D efficiency and reducing costs for companies,” said Tianfeng Han, CEO of Swoole.

TAL

“Congratulations on the launch of the NextArch Foundation. We hope that NextArch Foundation will connect different technology companies, like TAL, to create and build open source software and hardware technology and promote open source business development. The collaboration from NextArch will encourage the development of IT technology through open source and technological innovation!” said Mi Tian, CTO of TAL.

Tapdata

“NextArch Foundation is a very creative foundation. Today, open source software has become the mainstream, effectively combining excellent open source software to form an organic collaboration architecture that can provide more direct technical value for the overall solution of the enterprise. As a technical product focusing on the real-time data service track (Real Time DaaS), Tapdata will also actively embrace open source and contribute to the NextArch Foundation,” said Chairman of Tapdata Founder & CEO, MongoDB Chinese Community, Tang Jianfa.

Tencent

“Tencent is excited to join the NextArch Foundation, which focuses on next-generation technology architecture and future open source innovation under the Linux Foundation. It is clear that technological innovation worldwide has accelerated, thus requiring better heterogeneous and multi-cloud infrastructure. We hope to actively participate in the development of next generation architecture. Through the NextArch Foundation, we are confident to help more enterprises and industries to build the next-generation architecture optimal for business growth and a more comprehensive open source ecosystem,” said Mark Shan, Chairman of Tencent Open Source Alliance.

Tongcheng-Elong

“Congratulations on the launch of NextArch Foundation. I am honored to be a member of NextArch Foundation. With the continuous progress of technological innovation, it is an inevitable trend to develop the next-generation architectures. I hope that, with the support of NextArch Foundation, more and more developers will participate and work together to build a better next-generation open source ecosystem,” said Xiaobo Wang, CTO of LY.com.

VMware

“Congratulations on launching the NextArch Foundation! The mission and goals of NextArch Foundation are well aligned with our effort in OSS projects in areas such as cloud native for modern apps, blockchain, distributed edge/IoT, heterogeneous compute/storage/network and AI/ML accelerators. Look forward to more collaboration with the NextArch Foundation,” said Alan Ren, General Manager of VMware R&D China.

Unicom Digital Tech

“Unicom Digital Tech is fortunate to witness the establishment of NextArch Foundation, and hope that this organization can effectively promote the healthy and robust development of the national software industry, increase the company’s technical strength, and feedback the transformation of basic software and hardware and benefit everyone, said” Qiang Feng, Unicom Digital Tech.

Xiaomi

“Congratulations on the establishment of NextArch Foundation! I hope NextArch Foundation can help us find solutions to the development of hybrid cloud architecture more quickly, and help us develop the open source ecosystem suitable for the digital transformation of Xiaomi,” said Zuoyan Qin, Chairman of Xiaomi Open Source Committee.

XILE

“Congratulations on the launch of the NextArch Foundation! We hope that NextArch Foundation can lead us to release greater computing power, establish more efficient connections, and provide more secure services. Let’s build the next-generation internet together!” said Yu Cao, co-founder of XILE.

XSKY

“With the establishment of NextArch Foundation, next generation architecture is opening a new era in global development. Together with other members, XSKY will spare no effort to push forward the construction of a broader ecosystem. We aim to achieve a landing storage approach of high-availability and high-reliability for users with emerging architecture,” said Haomai Wang, CTO of XSKY.

Yashi

“Congratulations on the creation of NextArch Foundation! The open source movement requires more companies and individuals to participate extensively. Yashi looks forward to working with NextArch Foundation and contributing to the open source software architecture solutions,” said Qiangning Hong, CTO of Yashi.

YeePay

“Congratulations to the NextArch foundation! We hope to help YeePay build a strong digital trading service platform to serve global merchants through Inclusive and advanced technology,” said Wanlong Lu, Director of YeePay.

YunJi Tech

“The establishment of NextArch Foundation is a landmark event, which means that the industry unites and considers the future of converged infrastructure and digital transformation. Fortunately to be a TOC member, congratulations to NextArch,” said Wei Lou (Jet), Tech VP of Yunji Tech.

Zenlayer

“Companies increasingly require services that support their heterogeneous, resource-intensive edge deployments. Zenlayer is fully aligned with the NextArch Foundation’s vision of improving heterogeneous infrastructure design. The company enables the dynamic deployment of microservices between public and edge clouds, and among edge locations. This groundbreaking approach makes it easy to access critical resources on-demand, and from any location. Zenlayer is proud to be a founding member of the NextArch Foundation, and is committed to building the next generation of edge cloud,” said Joe Zhu, Zenlayer CEO and Founder.

360

“It is a great honor for 360 to join the NextArch Foundation, which focuses on next-generation architecture and future open source innovation within the Linux Foundation. With the further acceleration of global technological development and transformation, enterprise level hybrid cloud and multi-cloud heterogeneity will become the trend of infrastructure technology development. We see joining the NextArch Foundation as an opportunity to actively participate in the technological transformation of the next-generation architecture, jointly promote the evolution of the next-generation architecture technology. We look forward to promoting the sustainable development of the open source ecosystem along with other members,” said Wang Feng, Head of Basic Cloud Architecture, 360.

4Paradigm

“Congratulations! Glad to see the creation of NextArch Foundation. NextArch provides great initiative to inspire developers and contributors building outstanding architecture solutions. 4Paradigm looks forward to sharing architecture ideas based on Enterprise AI transformation experience, and contributing open source solutions to the NextArch community!”  said Zhao Zheng, VP of Engineering, 4Paradigm.

About the Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 1,800 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, Hyperledger, RISC-V and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contacts

Jennifer Cloer

503-867-2304

jennifer@storychangesculture.com

The post Linux Foundation Announces NextArch Foundation to Build Next-Generation Architecture that Supports Diverse Computing Environments appeared first on Linux Foundation.

Graviti leads community of developers and data scientists to create data standards and formats that enable contributions by anyone

Napa Valley, Calif., Linux Foundation Membership Summit, November 2, 2021 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the new Project OpenBytes spearheaded by Graviti. Project OpenBytes is dedicated to making open data more available and accessible through the creation of data standards and formats.

Edward Cui is the founder of Graviti and a former machine learning expert within Uber’s Advanced Technologies Group. “For a long time, scores of AI projects were held up by a general lack of high-quality data from real use cases,” Cui said. “Acquiring higher quality data is paramount if AI development is to progress. To accomplish that, an open data community built on collaboration and innovation is urgently needed. Graviti believes it’s our social responsibility to play our part.”

By creating an open data standard and format, Project OpenBytes can reduce data contributors’ liability risks. Dataset holders are often reluctant to share their datasets publicly due to their lack of knowledge on various data licenses. If data contributors understand their ownership of data is well protected and their data will not be misused, more open data becomes accessible.

Project OpenBytes will also create a standard format of data published, shared, and exchanged on its open platform. A unified format will help data contributors and consumers easily find the relevant data they need and make collaboration easier. These OpenBytes functions will make high-quality data more available and accessible, which is significantly valuable to the whole AI community and will save a large amount of monetary and labor resources on repetitive data collecting.

“Project OpenBytes and community will benefit all AI developers, both academic and professional and at both large and small enterprises, by enabling access to more high-quality open datasets and making AI deployment faster and easier,” said Mike Dolan, general manager and senior vice president of Projects at the Linux Foundation.

The largest tech companies have already realized the potential of open data and how it can lead to novel academic machine learning breakthroughs and generate significant business value. However, there isn’t a well-established open data community with neutral and transparent governance across various organizations in a collaborative effort. Under the governance of the Linux Foundation, OpenBytes aims to create data standards and formats, enable contributions of good-quality data and, more importantly, be governed in a collaborative and transparent way.

For more information, please visit ​​https://www.openbytes.io

Supporting Quotes

ElectrifAi

“As one of the earliest AI/ML companies in the U.S., ElectrifAi is happy to support the OpenBytes project. We believe OpenBytes will help in the sharing of trusted datasets and accelerate practical AI/ML to solve real business problems,” said Luming Wang, CTO, ElectrifAi.

Jina AI

“The future of software is being eaten by open source, as well as data-sharing. OpenByte’s announcement is a great signal for all developers on the accessibility of datasets. We are very excited to see standardized datasets available to a broader community, which will massively benefit AI engineers,” said Bing He, Co-founder & COO at Jina AI.

Motional

“Project OpenBytes will be essential to establish a vibrant open source dataset community. At Motional we are happy to contribute our freely available nuScenes and nuPlan datasets to this community. By standardizing datasets and licenses, we are making an important step towards interoperable machine learning systems and in particular safer autonomous vehicles,” said Holger Caesar, Data-Algorithms Team Lead at Motional.

Predibase

“At Predibase, we’re building the open source Ludwig AI project to make state-of-the-art deep learning accessible to everyone, but the biggest barrier to tackling more tasks has always been the lack of standards for training datasets over unstructured data like text and images. Project OpenBytes provides a common structure to unstructured data that makes it possible for low-code deep learning tools like Ludwig to automate a host of advanced computer vision, NLP, and other machine learning tasks that previously required bespoke solutions. I’m excited to see how the combination of OpenBytes and Ludwig can enable data scientists and ML engineers to spend less time figuring out how to stitch data and models together, and more time solving their business problems.”

Zilliz

“Data is crucial to the success of any Artificial Intelligence project. By sharing open datasets, Project OpenBytes will help more developers to understand, develop, and adopt AI/ML technologies. Project OpenBytes will be a fundamental component of the open-source AI ecosystem. At Zilliz, we are glad to participate and make contributions to this significant initiative,” said Jun Gu, Partner of Zilliz.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page:  https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact

Jennifer Cloer

Story Changes Culture

503-867-2304

jennifer@storychangesculture.com

The post Linux Foundation and Graviti Announce Project OpenBytes to Make Open Data More Accessible to All appeared first on Linux Foundation.

More than 720,000 technical contributors and 1,700 member companies have access to security metrics on the LFX platform; tens of millions of developers rely on projects hosted across the platform

Napa Valley, Calif., Linux Foundation Membership Summit, November 2, 2021 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it has enhanced its free LFX Security offering so open source projects can secure their code and reduce non-inclusive language.

The LFX platform hosts community tools for security, fundraising, community growth, project health, mentorship and more. It supports projects and empowers open source teams to write better, more secure code, drive engagement and grow sustainable ecosystems.

The LFX Security module now includes automatic scanning for secrets-in-code and non-inclusive language, adding to its existing comprehensive automated vulnerability detection capabilities. Software security firm BluBracket has contributed this functionality to open source software projects under LFX as part of its mission of making software safer and more secure. This functionality builds on contributions from leader in developer security, Snyk, now making LFX the leading vulnerability detection platform for the open source community.

The need for a community-supported and freely available code scanning is clear, especially in light of recent attacks on core software projects and recent the White House Executive Order calling for improved software supply chain security. LFX is the first and only community tool designed to make software projects of all kinds more secure and inclusive.

LFX Security now includes:

• Vulnerabilities Detection: Detect vulnerabilities in open source components and dependencies and provide fixes and recommendations to those vulnerabilities. LFX tracks how many known vulnerabilities have been found in open source Projects, identifies if those vulnerabilities have been fixed in code commits and then reports on the number of fixes per project through an intuitive dashboard. Fixing known open source vulnerabilities in open source projects helps cleanse software supply chains at their source and greatly enhances the quality and security of code further downstream in development pipelines. Snykhas provided this functionality for the community and helped open source software projects remediate nearly 12,000 known security vulnerabilities in their code.

• Code Secrets: Detect secrets-in-code such as passwords, credentials, keys and access tokens both pre- and post-commit. These secrets are used by hackers to gain entry into repositories and other important code infrastructure. BluBracket is the leading provider of secrets detection technology in the industry and has contributed these features to the Linux Foundation LFX community.

• Non-Inclusive Language: Detect non-inclusive language used in project code, which is a barrier in creating a welcoming and inclusive community. BluBracket worked with the Inclusive Naming Initiative on this functionality.

“The enhancement of LFX Security builds on its extensive functionality in vulnerability detection to add critical support for secrets-in-code and non-inclusive language,” said Jim Zemlin, executive director of the Linux Foundation. “It’s up to all of us to secure our software supply chain, and we are grateful to Snyk and BluBracket for their significant contributions to the open source community.”

“Securing our software supply chain has become the most critical task facing the software industry. We believe the Linux Foundation’s LFX security project is the absolute best way for critical software projects to secure their code. BluBracket is thrilled to provide key functionality to LFX Security, including offensive language detection and secrets scanning. These features are crucial for projects to be both safe and inclusive. We know that LFX Security will greatly enhance our software supply chain’s security, and we look forward to working with the community to keep code safe,” said Prakash Linga, Founder and CEO of BluBracket.

“With fortifying our global software supply chain more crucial than ever, we’re happy to contribute our developer security expertise and continue our support of the crucial work of the Linux Foundation,” said Jill Wilkins, Senior Director, Global Technical Alliances, Snyk. “By leveraging the LFX Community Platform, we’re proud to be part of an important effort that will help millions of developers worldwide to innovate securely.”

LFX Security will be further scaled out in 2022 to help solve challenges for hundreds of thousands of critical open source projects under the Open Source Security Foundation at Linux Foundation. LFX Security is free and available for use today at https://lfx.linuxfoundation.org/tools/security/

About BluBracket

By empowering developers to prevent security vulnerabilities early in the software development process and giving security professionals an automated and developer-friendly way to ensure code is secure, BluBracket is the first comprehensive solution for code security. More information can be found at www.blubracket.com

About Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world. Our developer-first approach ensures organizations can secure all of the critical components of their applications from code to cloud, leading to increased developer productivity, revenue growth, customer satisfaction, cost savings and an overall improved security posture. Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and is purpose-built for security teams to collaborate with their development teams. Snyk is used by 1,200 customers worldwide today, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce.

Snyk is recognized on the Forbes Cloud 100 2021, the 2021 CNBC Disruptor 50 and was named a Visionary in the 2021 Gartner Magic Quadrant for AST.

About the Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 1,800 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, Hyperledger, RISC-V and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contacts

Jennifer Cloer

for the Linux Foundation

503-867-2304

jennifer@storychangesculture.com

The post Linux Foundation Announces Security Enhancements to its LFX Community Platform to Protect Software Supply Chain appeared first on Linux Foundation.

More than 720,000 technical contributors and 1,700 member companies have access to security metrics on the LFX platform; tens of millions of developers rely on projects hosted across the platform

Napa Valley, Calif., Linux Foundation Membership Summit, November 2, 2021 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it has enhanced its free LFX Security offering so open source projects can secure their code and reduce non-inclusive language.

The LFX platform hosts community tools for security, fundraising, community growth, project health, mentorship and more. It supports projects and empowers open source teams to write better, more secure code, drive engagement and grow sustainable ecosystems.

The LFX Security module now includes automatic scanning for secrets-in-code and non-inclusive language, adding to its existing comprehensive automated vulnerability detection capabilities. Software security firm BluBracket has contributed this functionality to open source software projects under LFX as part of its mission of making software safer and more secure. This functionality builds on contributions from leader in developer security, Snyk, now making LFX the leading vulnerability detection platform for the open source community.

The need for a community-supported and freely available code scanning is clear, especially in light of recent attacks on core software projects and recent the White House Executive Order calling for improved software supply chain security. LFX is the first and only community tool designed to make software projects of all kinds more secure and inclusive.

LFX Security now includes:

• Vulnerabilities Detection: Detect vulnerabilities in open source components and dependencies and provide fixes and recommendations to those vulnerabilities. LFX tracks how many known vulnerabilities have been found in open source Projects, identifies if those vulnerabilities have been fixed in code commits and then reports on the number of fixes per project through an intuitive dashboard. Fixing known open source vulnerabilities in open source projects helps cleanse software supply chains at their source and greatly enhances the quality and security of code further downstream in development pipelines. Snykhas provided this functionality for the community and helped open source software projects remediate nearly 12,000 known security vulnerabilities in their code.

• Code Secrets: Detect secrets-in-code such as passwords, credentials, keys and access tokens both pre- and post-commit. These secrets are used by hackers to gain entry into repositories and other important code infrastructure. BluBracket is the leading provider of secrets detection technology in the industry and has contributed these features to the Linux Foundation LFX community.

• Non-Inclusive Language: Detect non-inclusive language used in project code, which is a barrier in creating a welcoming and inclusive community. BluBracket worked with the Inclusive Naming Initiative on this functionality.

“The enhancement of LFX Security builds on its extensive functionality in vulnerability detection to add critical support for secrets-in-code and non-inclusive language,” said Jim Zemlin, executive director of the Linux Foundation. “It’s up to all of us to secure our software supply chain, and we are grateful to Snyk and BluBracket for their significant contributions to the open source community.”

“Securing our software supply chain has become the most critical task facing the software industry. We believe the Linux Foundation’s LFX security project is the absolute best way for critical software projects to secure their code. BluBracket is thrilled to provide key functionality to LFX Security, including offensive language detection and secrets scanning. These features are crucial for projects to be both safe and inclusive. We know that LFX Security will greatly enhance our software supply chain’s security, and we look forward to working with the community to keep code safe,” said Prakash Linga, Founder and CEO of BluBracket.

“Since fortifying our global software supply chain is more crucial than ever, we’re happy to contribute our developer security expertise and continue our support of the crucial work of the Linux Foundation,” said Jill Wilkins, Senior Director, Global Technical Alliances, Snyk. “By contributing to the LFX Community Platform, we’re proud to be part of an important effort that will help millions of developers worldwide to innovate securely.”

LFX Security will be further scaled out in 2022 to help solve challenges for hundreds of thousands of critical open source projects under the Open Source Security Foundation at Linux Foundation. LFX Security is free and available for use today at https://lfx.linuxfoundation.org/tools/security/

About BluBracket

By empowering developers to prevent security vulnerabilities early in the software development process and giving security professionals an automated and developer-friendly way to ensure code is secure, BluBracket is the first comprehensive solution for code security. More information can be found at www.blubracket.com

About Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world. Our developer-first approach ensures organizations can secure all of the critical components of their applications from code to cloud, leading to increased developer productivity, revenue growth, customer satisfaction, cost savings and an overall improved security posture. Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and is purpose-built for security teams to collaborate with their development teams. Snyk is used by 1,200 customers worldwide today, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce.

Snyk is recognized on the Forbes Cloud 100 2021, the 2021 CNBC Disruptor 50 and was named a Visionary in the 2021 Gartner Magic Quadrant for AST.

About the Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 1,800 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, Hyperledger, RISC-V and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contacts

Jennifer Cloer

for the Linux Foundation

503-867-2304

jennifer@storychangesculture.com

The post Linux Foundation Announces Security Enhancements to its LFX Community Platform to Protect Software Supply Chain appeared first on Linux Foundation.

Schedule for the ELISA Fall Workshop on November 8-10 is now live

SAN FRANCISCO – October 20, 2021 –  Today, the ELISA (Enabling Linux in Safety Applications) Project, an open source initiative that aims to create a shared set of tools and processes to help companies build and certify Linux-based safety-critical applications and systems, announced that it Red Hat has upgraded its membership to premier member and welcomes Banma, Lotus Cars and SUSE as the newest members.

Linux is used in all major industries because it can enable faster time to market for new features and take advantage of the quality of the code development processes.   Launched in February 2019 by the Linux Foundation, ELISA works with Linux kernel and safety communities to agree on what should be considered when Linux is to  be used in safety-critical systems.

“Linux underpins many applications today that have safety-critical and cybersecurity implications,” said Kate Stewart, Vice President of Dependable Embedded Systems at The Linux Foundation. “By collaborating together, the ELISA members are defining the best practices for use of Linux in these systems. We look forward to continuing to build consensus and welcoming expertise and collaboration from these new members.”

Attend the Fall Workshop

Since its inception, ELISA has hosted quarterly workshops that bring together project members and community contributors to discuss working group updates, trends in functional safety, use cases and more. The next workshop will be held virtually on November 8-10 and is free to attend. Speakers include thought leaders from Arm, Codethink, Elektrobit Automotive GmbH, Evidence Srl, Google, Intel, Mobileye, The Linux Foundation, Red Hat and UL LLC. Register and check out the schedule: https://events.linuxfoundation.org/elisa-workshop/. 

Join the New Working Groups

Since launch, the project has worked to establish a governance model that creates processes and guidance to the focused working groups that aim to provide resources for System integrators to apply and use to analyze qualitatively and quantitatively on their systems. Today, ELISA announces two new working groups:

• Open Source Engineering Process Working Group: This working group aims to examine safety-related claims that we might like to make about Linux as part of a system, and to explore how we can gather and present evidence to support such claims.

• Linux Features for Safety-Critical Systems Working Group: This working group will work to bring together kernel developers and producers of safety critical systems to demonstrate use of such features in real systems, and to learn from these experiences together as a community. Learn more about this new working group in this November Workshop session. 

Learn more about the Global Ecosystem

Red Hat, which is known for its leadership in linux and open source, joined ELISA earlier this year and has been very active in the technical community. With their upgraded membership to Premier, Red Hat welcomes Gabriele Paoloni, Open Source Community Technical Leader at Red Hat, as the ELISA Project Governing Board Chair.

“Red Hat announced our intent to expand our expertise in Linux to safety-critical automotive use cases earlier this year as we work to develop a Linux in-vehicle operating system,” said Francis Chow, vice president, In-Vehicle Operating System, Red Hat. “As such, we’re pleased to extend our participation in ELISA as a Premier member and collaborate with other industry leaders in building up open source software for applications that require extremely high levels of trust and functional safety. We believe a standardized common set of tools and processes can drive innovation toward the software-defined vehicle. ”

Additionally, ELISA welcomes Banma, a Chinese startup specializing in automotive software;  Lotus Cars, a leader in automotive manufacturing in China; and SUSE, a global leader in open source software specializing in enterprise Linux, Kubernetes management, and edge solutions.  These new members join ADIT, AISIN AW CO., arm, Automotive Grade Linux, BMW Car IT GmbH, Codethink, Elektrobit, Horizon Robotics, Huawei Technologies, Intel, Toyota, Kuka, Linuxtronix. Mentor, NVIDIA, Suzuki, Wind River, OTH Regensburg and Toyota.

“Compared with other open software, safety is the key differentiation of automotive OS”, said Sean Xiao, Chief Architect at Banma. “The mission of Banma is to help automotive makers deliver intelligent cars by offering advanced vehicle open software. The ELISA Project combines safety and linux, which offers flexibility and openness, and closely aligns with our goals.”

“For nearly 30 years, SUSE has been a trusted partner supporting systems and essential workloads in some of the most challenging and critical industries in terms of safety requirements, such as automotive and transportation, government, aerospace and defense, industrial and manufacturing, and healthcare,” said Ivo Totev, SUSE COO. “We already collaborate with current ELISA members on important initiatives and are pleased to join ELISA as a formal member to continue to provide innovation in safety-critical domains.”

For more information about ELISA, visit https://elisa.tech/.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

The post The ELISA Project Continues to Grow its Global Ecosystem by Welcoming Red Hat as a Premier Member and Banma, Lotus Cars and SUSE appeared first on Linux Foundation.

Industry leaders from technology, financial services, telecom, and cybersecurity sectors respond to Biden’s Executive Order, commit to a more secure future for software; open source luminary Brian Behlendorf becomes general manager

LOS ANGELES, Calif – KubeCon – October 13, 2021 –  The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it has raised $10 million in new investments to expand and support the Open Source Security Foundation (OpenSSF), a cross-industry collaboration that brings together multiple open source software initiatives under one umbrella to identify and fix cybersecurity vulnerabilities in open source software and develop improved tooling, training, research, best practices, and vulnerability disclosure practices. Open source luminary Brian Behlendorf will serve the OpenSSF community as General Manager. 

Financial commitments from Premier members include Amazon, Cisco, Dell Technologies, Ericsson, Facebook, Fidelity, GitHub, Google, IBM, Intel, JPMorgan Chase, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk, and VMware. Additional commitments come from General members Aiven, Anchore, Apiiro, AuriStor, Codethink, Cybertrust Japan, Deepfence, Devgistics, DTCC, GitLab, Goldman Sachs, JFrog, Nutanix, StackHawk, Tencent, TideLift, and Wind River.

“This pan-industry commitment is answering the call from the White House to raise the baseline for our collective cybersecurity wellbeing, as well as ‘paying it forward’ to open source communities to help them create secure software from which we all benefit,” said Jim Zemlin, executive director at the Linux Foundation. “We’re pleased to have Brian Behlendorf’s leadership and extensive expertise on building and sustaining large communities and technical projects applied to this work. With the tremendous growth and pervasiveness of open source software, building cybersecurity practices and programs that scale is our biggest task at hand.”

According to industry reports (“2021 State of the Software Supply Chain,” by Sonatype), software supply chain attacks have increased 650 percent and are having a severe impact on business operations. In the wake of increasing security breaches, ransomware attacks, and other cybercrimes tied to open source software, government leaders worldwide are calling for private and public collaboration. Because open source software makes up at least 70 percent of all software (“2020 Open Source Security and Risk Analysis Report” by Synopsys), the OpenSSF offers the natural, neutral, and pan-industry forum to accelerate the security of the software supply chain. 

“There has never been a more exciting time to work in the open source community, and software supply chain security has never needed more of our attention,” said Brian Behlendorf, general manager, Open Source Security Foundation. “There is no single silver bullet for securing software supply chains.  Research, training, best practices, tooling and collaboration require the collective power of thousands of critical minds across our community. Funding for OpenSSF gives us the forum and resources to do this work.”

The OpenSSF is home to a variety of open source software, open standards, and other open content work for improving security. Examples include:

• Security Scorecard – a fully automated tool that assesses a number of important heuristics (“checks”) associated with software security
• Best Practices Badge – a set of Core Infrastructure Initiative best practices for producing higher-quality secure software providing a way for OSS projects to demonstrate through badges that they are following them
• Security Policies – Allstar provides a set and enforce security policies on repositories or organizations
• Framework – supply-chain levels for software artifacts (SLSA) delivers a security framework for increasing levels of software supply chain integrity
• Training – free secure software development fundamentals courses educating community members on how to develop secure software
• Vulnerability Disclosures – a guide to coordinated vulnerability disclosure for OSS projects
• Package Analysis – look for malicious software in OSS packages
• Security Reviews – public collection of security reviews of OSS
• Research – studies on open source software and critical security vulnerabilities conducted in association with the Laboratory for Innovation Science at Harvard (LISH) (e.g., a preliminary census and FOSS Contributor Survey)

For more information about OpenSSF, please visit: https://openssf.org/

Premier Member Quotes

AWS

“Open source software plays an increasingly crucial role across the whole landscape of information security. Convening industry leaders to invest in developing policies, practices, tooling, and education around open source security benefits us all. AWS was a founding member of the Core Infrastructure Initiative in 2014, and we will now build on the relationships and investments that continue the mission by joining OpenSSF as a Premier Member. With our partners in this initiative, and as active participants in many open source communities, we will help raise the bar in the security of open source software,” said Mark Ryland, Director of the Office of the CISO at AWS.

Cisco

“OpenSSF will enable the community, across industries, to build tools and practices to secure the software supply chain for open source and beyond. This is crucial to the future of API and application security, which are fast becoming a primary attack vector for all business going forward,” says Vijoy Pandey, VP of Emerging Technologies & Incubation at Cisco. “At Cisco, we believe the application experience is the new brand, which demands better app velocity, trust, security, and availability. This belief drives our deep investment in application security and full-stack observability, which is why joining forces with this prestigious foundation and group as a trusted advisor and partner was a no-brainer for us.”

Dell Technologies 

“The Linux Foundation’s focus on security is fundamental to addressing the increasing risks associated with software,” said John Roese, Dell Technologies’ Global Chief Technology Officer. “The Open Source Security Foundation’s work will help us collectively make sure critical software programs and the end to end software delivery pipeline is secure and trustworthy.”

Ericsson

“As a leader in mobile communication, pioneering and driving 5G globally, security is at the core of the network infrastructure we build and deliver to our customers. In an industry increasingly built around open source and open standardization we are fully committed to address cybersecurity vulnerabilities in a collaborative effort. We are proud to join the Open Source Security Foundation as a founding member and we look forward to continue to work with the community and wider industry for a secure software supply chain, including the open source components,” says Erik Ekudden, Senior Vice President and Chief Technology Officer, Ericsson.

Fidelity

“Open Source Software plays a critical role in Fidelity’s technology strategy. We are proud to be part of the Open Source Security Foundation and to work with others to ensure that Open Source solutions and their supply chains are safe, secure, and reliable, enabling Fidelity to better serve our customers and clients,” said John Andrukonis, SVP, Fidelity Application Architecture.

GitHub

“The world runs on software, and most of that software includes and relies on open source,” said Mike Hanley, Chief Security Officer at GitHub. “As the home to more than 65 million developers around the world, we’re excited to continue partnering across the open source community and with other Open Source Security Foundation members to power a more secure, trustworthy future that will benefit everyone.”

Google

“We are doubling down on our OpenSSF commitment in the wake of rising open source software supply chain attacks and President Biden’s Executive Order,” said Eric Brewer, vice president of infrastructure and fellow at Google. “This decision is part of our White House pledge to spend $100 million to fund open source security foundations and follows a variety of investments we’ve made to support developers and security engineers across the public and private sectors. The OpenSSF is the best place for cross-industry leadership for these very challenging topics, and we look forward to working with the US and other governments to improve security worldwide.” 

IBM 

“IBM is deeply focused on developing and building highly secure hybrid cloud, AI and quantum-safe technologies that are designed to protect our clients’ most sensitive workloads both today and into the future,” said Jamie Thomas, General Manager, Strategy & Development and IBM Enterprise Security Executive. “As a long-time open source leader, IBM looks forward to working with the OSSF, our industry partners, and open source communities towards addressing the ever-increasing challenge of hardware and software open source supply chain security.”

Intel

“As a long-standing member of the open source software community, Intel contributes daily in the upstream projects we collaborate with,” said Greg Lavender, senior vice president, CTO, and general manager of Software and Advanced Technology at Intel Corporation. “Along with the Linux Foundation, we believe the Open Security Foundation (OpenSSF) is a unique opportunity to engage in projects and efforts focused on improving the quality and security for today and our future. Intel remains committed to providing contributions that benefit open source software supply chains and improving the security posture of critical projects on which our ecosystem depends.”

JPMorgan Chase

“JPMorgan Chase is deeply committed to working with the open source community to solve our most pressing security challenges. As a founding member of the Open Source Security Foundation, we have worked together to improve the security of open source and the integrity of all software. We commend the US Government’s recent initiative to raise awareness on this pressing topic and call to action the technology community to solve one of the most complex security challenges of our time.  We welcome the new members to OpenSSF and look forward to continuing the journey of innovation and bringing meaningful change to how we build, secure, and validate software,” said Pat Opet, Chief Information Security Officer, JPMorgan Chase & Co.

Microsoft

“As open source is now core to nearly every company’s technology strategy, securing open source software is an essential part of securing the supply chain for every company, including our own. All of us at Microsoft are excited to participate with others in contributing new investments to the Open Source Security Foundation and we look forward to building more secure software through community-driven efforts to create solutions that will help us all,” said Mark Russinovich, Azure CTO and Technical Fellow, Microsoft.

Morgan Stanley

“Whether we are leveraging open source in our own code, contribute to OSS projects, or consume OSS via technology we procure and utilize, the safety and security of OSS and the creation of a trustworthy supply chain is critical to all businesses. To that end, we are delighted to join the Linux Foundation’s Open Source Security Foundation project to collaborate with our cross-industry partners to improve the security, safety and trust in the OSS ecosystem,” said Neil Allen, Global Head of Cyber Security Engineering, Morgan Stanley.

Oracle

“As a contributing member of the open source software community and an inaugural Linux Foundation member, Oracle has a large number of developers that contribute to third-party open source projects daily,” said Wim Coekaerts, senior vice president of software development, Oracle. “Oracle looks forward to participating in the Open Source Security Foundation and working with other members to continue to strengthen the software supply chain, helping customer work more securely.”   

Red Hat

“Open source is pervasive in software solutions of all kinds, and cybersecurity attack rates are on the rise. Our customers look to Red Hat to provide trust and enhanced security in our open source based portfolio. Open source and community collaboration is the best way to solve big, industry-wide challenges, such as open source supply chain security. And that’s why we’re excited to join together with the Linux Foundation and other industry leaders so we can continue to improve the technologies and practices to build a more secure future from open source software,” said Chris Wright, senior vice president and CTO, Red Hat.

Snyk

“Open source is built by millions of empowered developers, who also need to secure this critical foundation of the digital world,” said Guy Podjarny, Founder & President, Snyk. “The vital work of the Linux Foundation and the OpenSSF ensures we collectively live up to this responsibility. The Snyk community is fully committed to this important, collaborative effort and we look forward to working closely with the other OpenSSF members to better secure OSS so it can continue to safely fuel innovation.”

VMware

“Every company that uses software should be concerned about their software supply chain,” said Kit Colbert, chief technology officer, VMware. “For two-plus years, VMware has engaged in contributions to open source projects in the broader software supply chain security space and invested in initiatives to help customers further strengthen their security policies and processes. As a member of the Open Source Security Foundation, we’re committed to collaborating across the industry to drive increased level of software supply chain security.”

General Member Quotes 

AuriStor

“AuriStor’s founders have contributed to the standardization of security protocols and open source development of security first software for more than 35 years. We view the OpenSSF, its working groups and projects, and those that participate in them as crucial to improving the security of every industry, service, and home.  The OpenSSF has the potential to make a significant difference in everyone’s future. We encourage all members of the software development community to contribute,” said AuriStor Founder and CEO Jeffrey Altman.

Devgistics

“We seized the opportunity to join this foundation because OpenSSF offers a real industry-neutral forum to accelerate the hardening and security of the software supply chain. Devgistics (formerly InfoSiftr) provides critical enhancements to the world’s most popular open-source repository. Devgistics has been involved in many free and open-source initiatives for years, including being a Moby (Docker Engine) maintainer, providing support to the Docker/container ecosystem, and serving in the Open Container Initiative. Devgistics continues to contribute cutting-edge solutions for security-conscious clients like the US Air Force,” said Devgistics Founder and President Justin Steele. 

DTCC

“DTCC is committed to developing highly resilient and secure code to safeguard the financial marketplace. DTCC is proud to be part of the OpenSSF community and looks forward to partnering with our fellow members on safe, secure and reliable computing,” said Ajoy Kumar, Head of Tech/Cyber Risk at DTCC.

GitLab

“As organizations modernize software development and shift security left, GitLab believes that open source will play a key role in fostering this modernization and delivering secure software with speed to the market,” said Eric Johnson, CTO at GitLab. “Supporting the Open Source Security Foundation aligns with GitLab’s mission of enabling everyone to contribute, and we look forward to supporting, collaborating, and sharing our expertise in implementing security in GitLab’s DevOps Platform to the OpenSSF community.”

Goldman Sachs

“Continuing to secure the software supply chain, in particular the many critical open source projects foundational to any modern organization’s IT architecture, is a top strategic imperative for Goldman Sachs, our peers, partners, and clients in financial services, the technology ecosystem, and the wider economy,” said Atte Lahtiranta, chief technology officer at Goldman Sachs. “This work cannot be done in individual organizational silos. We instead need to work collaboratively, across both the private and public sector, together with open source maintainers and contributors, to answer the call to action that is the recent cybersecurity executive order. The OpenSSF will provide an essential forum and associated infrastructure to allow us to share leading practices, develop improved tooling, and work together to better protect our digital infrastructure.”

JFrog

“Open-source software is the backbone of hundreds of thousands of today’s applications, making it critical that we do our best to flag new vulnerabilities and insecure components fast—before they compromise businesses or critical infrastructure,” said Asaf Karas, JFrog Security CTO. “We’re happy to expand our membership with the Linux Foundation and support this cross-industry collaboration to identify and fix open source security vulnerabilities, strengthen tools, and promote best practices to ensure developers can easily shift left and bake-in security from the start of application planning and design — all the way to software deployment, distribution, and runtime.”

StackHawk

“Software development is moving faster than ever before. The industry needs tooling and processes to ensure that security can keep up with today’s pace of development. StackHawk is excited about the work that the Open Source Security Foundation is doing to improve security and we are proud to continue as a member,” said Joni Klippert, StackHawk Founder & CEO.

Tencent

“IT development to date, an increasing number of critical businesses and core competencies have been built on open source, and this trend will continue. As an important part of the software supply chain, open source security plays an important role in the entire software supply chain. Tencent Cloud has always been keen to contribute code and technology to open source projects, and also maintains a continuous huge investment in security. It is very gratifying to see that OpenSSF can be established, and we look forward to working closely with industry  partners to improve the security level of open source software and strengthen the software supply chain security,” said KK Dong, Chief Security Officer at Tencent Cloud.

Wind River

“As the dependency on open-source software becomes increasingly pervasive, the Open Source Security Foundation’s community-driven approach to developing and sharing security metrics, tools and best practices becomes an imperative. Our customers are actively interested in the health of the open source from which their solutions are constructed, and assuring secure development across open the supply chain is vital,” said Paul Miller, CTO, Wind River. “We are looking forward to collaborating more closely with the OpenSSF community. By working together, Wind River can provide customers with a level of open source security assurance that would otherwise be unobtainable.”

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,800 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, Hyperledger, RISC-V, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at https://www.linuxfoundation.org/

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contacts

Jennifer Cloer

503-867-2304

jennifer@storychangesculture.com

The post Open Source Security Foundation Raises $10 Million in New Commitments to Secure Software Supply Chains appeared first on Linux Foundation.

Imagine you have created an open source project that has become incredibly popular.  Thousands, if not millions, of developers worldwide, rely on the lines of code that you wrote. You have become an accidental hero of that community — people love your code, contribute to improving it, requesting new features, and encouraging others to use it. Life is amazing, but with great power and influence comes great responsibility.

When code is buggy, people complain. When performance issues crop up in large scale implementations, it needs to be addressed. When security vulnerabilities are discovered — because no code or its dependencies are always perfect — they need to be remediated quickly to keep your community safe.  

To help open source projects better address some of the responsibilities tied to security, many communities hosted by the Linux Foundation have invested countless hours, resources, and code into some important efforts. We’ve worked to improve the security of the Linux kernel, hosted Let’s Encrypt and sigstore, helped steward the ISO standardization for SPDX, and brought together a community building metrics for OSS health and risk through the CHAOSS project — among many others.

Today, we are taking steps with many leading organizations around the world to enhance the security of software supply chains. The Linux Foundation has raised $10 million in new investments to expand and support the Open Source Security Foundation (OpenSSF) and its initiatives. This cross-industry collaboration brings together an ecosystem to collectively identify and fix cybersecurity vulnerabilities in open source software and develop improved tooling, training, research, best practices, and vulnerability disclosure practices. We are also proud to announce that open source luminary, Brian Behlendorf, will serve the OpenSSF community as General Manager. 

Financial commitments for OpenSSF include Premier members such as Cisco, Dell Technologies, Ericsson, Facebook, Fidelity, GitHub, Google, IBM, Intel, JPMorgan Chase, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk, and VMware. Additional commitments come from General members, including Aiven, Anchore, Apiiro, AuriStar, Codethink, Cybertrust, Deepfence, Devgistics, DTCC, GitLab, Goldman Sachs, JFrog, Nutanix, StackHawk, Tencent, TideLift and Wind River.

To learn more about how to join the OpenSSF or to get involved in one of its six working groups, listen in to this brief introduction from Brian Behlendorf recorded this week at KubeCon:

In 2021, the Linux Foundation and its community will continue to support education and share resources critical to improving open source cybersecurity.  For example, this week, we also hosted SupplyChainSecurityCon, where the SLSA and sigstore projects were heavily featured.

If you are an open source software developer, user, or other community participant who just wants to help further protect the software that accelerates innovation around the world, please consider joining one of our six OpenSSF working groups, or suggest a new working group that addresses gaps in software supply chain security needs.

You can follow the latest news from OpenSSF here on our blog, Twitter (@TheOpenSSF), and LinkedIn.

The post The World’s Major Technology Providers and Converge to Improve the Security of Software Supply Chains appeared first on Linux Foundation.