Open-source News

SureMDM bug chain enabled wholesale compromise of managed devices  The Daily Swig

A change currently being evaluated for Intel's "i915" Linux kernel graphics driver would make it easier for building driver support for their forthcoming discrete graphics products for targeting other non-x86 CPU architectures like Arm..

While it was just yesterday NVIDIA released the 470.103.01 Linux driver, today they have made public the 510.47.03 Linux driver as their first stable version in the NVIDIA 510 Linux driver series...

Linux Foundation Survey Sees Rise in SBOM Use  DevOps.com

Demand for Rapid Risk Elimination for Linux at Scale Fueled TuxCare's Meteoric Growth in 2021  marketscreener.com

CIQ Provides Commercial Enterprise Services for Apptainer  PRNewswire

How to Use the Linux cut Command  How-To Geek

Demand for Rapid Risk Elimination for Linux at Scale Fueled TuxCare's Meteoric Growth in 2021  Business Wire

Intel Arc GPUs could give gamers a reason to drop Windows 11 for Linux  TechRadar

Xbox Game Pass February 2021 Games Leaked in Advance  Technclub

While Intel has not publicly announced their plans around Software Defined Silicon (SDSi), the Linux kernel patches allowing activation of licensed CPU features is continuing to move forward toward mainline integration...

Intel's "Software Defined Silicon" Linux Support Moving Along  Phoronix

Alpha-Omega Project takes a human-centered approach to open-source software security  CSO Online

The Linux Foundation Releases The State of Software Bill of Materials (SBOM) and Cybersecurity Readiness Research  PRNewswire

New data from Linux Foundation measures SBOM progress and adoption to address cybersecurity concerns 

SAN FRANCISCO, Calif., – February 1, 2022 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, in partnership with OpenSSF, SPDX, and OpenChain, today announced the availability of the first in a series of research projects to understand the challenges and opportunities for securing software supply chains. “The State of Software Bill of Materials and Cybersecurity Readiness” reports on the extent of organizational SBOM readiness and adoption tied to cybersecurity efforts. The study comes on the heels of both the U.S. Administration’s Executive Order on Improving the Nation’s Cybersecurity and the recent White House Open Source Security Summit. Its timing coincides with increasing recognition across the globe of the importance of identifying software components and helping accelerate response to newly discovered software vulnerabilities. 

“SBOMs are no longer optional. Our Linux Foundation Research team revealed 78% of organizations expect to produce or consume SBOMs in 2022,” said Jim Zemlin, executive director at the Linux Foundation. “Businesses accelerating SBOM adoption following the publication of the new ISO standard (5962) or the White House Executive Order, are not only improving the quality of their software, they are better preparing themselves to thwart adversarial attacks following new open source vulnerability disclosures like those tied to log4j.”

An SBOM is formal and machine-readable metadata that uniquely identifies a software component and its contents; it may also include copyright and license data. SBOMs are designed to be shared across organizations and are particularly helpful at providing transparency of components delivered by participants in a software supply chain. Many organizations concerned about application security are making SBOMs a cornerstone of their cybersecurity strategy.

Key findings from survey participants analyzed for the report include:

• 82% are familiar with the term Software Bill of Materials (SBOM)
• 76% are actively engaged in addressing SBOM needs
• 47% are producing or consuming SBOMs
• 78% of organizations expect to produce or consume SBOMs in 2022, up 66% from the prior year

Survey participants also revealed their top three benefits for producing SBOMs:

• 51% say it’s easier for developers to understand dependencies across components in an application
• 49% state it’s easier to monitor components for vulnerabilities
• 44% noted it’s easier to manage license compliance.

Linux Foundation researchers also revealed that additional industry consensus and government policy will help drive SBOM adoption and implementation. The researchers noted:

• 62% are looking for better industry consensus on how to integrate the production/consumption of SBOMs into their DevOps practices
• 58% want consensus on integration of SBOMs into their risk and compliance processes. 53% desire better industry consensus on how SBOMs will evolve and improve
• 80% of organizations worldwide are aware of the White House Executive Order on improving cybersecurity 
• 76% are considering changes as a direct consequence of the Executive Order

Finally, research participants revealed their top attributes used to prioritize which open source software components would be used by developers: security ranked highest, followed by license compliance.

Linux Foundation Research conducted this worldwide empirical research into organizational SBOM readiness and adoption in the third quarter of 2021. A total of 412 organizations from around the world participated in the 65-question survey. The Report is authored by Stephen Hendrick, vice president of Research at the Linux Foundation.  The Linux Foundation has also prioritized research to aid collective understanding of the scope of cybersecurity challenges with the first in a series of core research projects to explore important issues related to implementing cybersecurity best practices and standards adoption, beginning with this study of SBOM readiness. 

The Linux Foundation supports numerous open source SBOM and security-related programs, including Open Source Security Foundation (OpenSSF), SPDX (ISO/IEC 5962), sigstore, Let’s Encrypt, in-toto, The Update Framework (TUF), Uptane, and OpenChain (ISO 5230).

Additional Resources

• Download the The State of Software Bill of Materials and Cybersecurity Readiness report
• Attend our webinar Understanding The Role Of Software Bill Of Materials In Cybersecurity Readiness on Tuesday, February 1st
• Join one of six OpenSSF working groups to help improve open source security
• Read about SPDX as the ISO standard for SBOMs
• Access free training on generating a free software bill of materials
• Get certified as a secure software development professional

About the Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 1,800 members. The Linux Foundation is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, Hyperledger, RISC-V, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contacts

Jennifer Cloer

503-867-2304

jennifer@storychangesculture.com

The post The Linux Foundation Releases The State of Software Bill of Materials (SBOM) and Cybersecurity Readiness Research appeared first on Linux Foundation.

Last year Blender 3.0 added AMD HIP acceleration to its Cycles X render code with OpenCL having been removed. That AMD HIP support for Blender 3.0 was limited to Windows with plans to then enable Linux support for Blender 3.1. Sadly due to AMD driver delays, that HIP Linux support is postponed to Blender 3.2...

The Linux Vendor Firmware Service (LVFS) for delivering firmware updates with the fwupd client for system and component firmware updates from Linux continues experiencing massive growth. Q4'2021 by far saw the most usage ever and that has continued into 2022 with serving more than two million firmware downloads the past month...

The Qt Company continues to look for ways to diversify its product offering and improve its financial performance. In addition to the recent change making it easier to add ads into Qt apps, The Qt Company announced today a simplification of their commercial licensing...

Linux Firmware Updating Growth Continues Amid Security Updates  Phoronix

JetHome JetHub D1 is a Linux automation controller based on Amlogic A113X SoC  CNX Software