Open-source News

Lilbits: ARM computers, Linux phones, and the Pixel 2 rides off into the sunset  Liliputing

The open-source Intel Graphics Compiler (IGC) that is currently used by their oneAPI Level Zero and OpenCL implementations but likely to see Intel driver Mesa usage in 2021 has a new feature dubbed "IMF LA" that aims to help with the performance and close the gap with Windows...

CentOS Project Shifts Focus to CentOS Stream  HPCwire

Elkhart Lake ultra-compact features triple 2.5GbE with PoE+  LinuxGizmos.com

Four years after Google began developing the "Fuchsia" operating system complete with its own kernel, Google is now becoming more open with Fuchsia development and also accepting community code contributions...

Case Study: Success of Pardus GNU/Linux Migration  Linux Journal

Back in October RISC-V minded startup SiFive announced the HiFive Unmatched development board as the best RISC-V development board we've seen to date. But only having 8GB of RAM was one of the few critiques which the company is now addressing...

SiFive's RISC-V HiFive Unmatched Upgraded To Ship With 16GB Of RAM  Phoronix

New survey reveals why contributors work on open source projects and how much time they spend on security

SAN FRANCISCO, Calif., December 8, 2020 – The Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) today announced the release of a new report, “Report on the 2020 FOSS Contributor Survey,” which details the findings of a contributor survey administered by the organizations and focused on how contributors engage with open source software. The research is part of an ongoing effort to study and identify ways to improve the security and sustainability of open source software.

The FOSS (Free and Open Source Software) contributor survey and report follow the Census II analysis released earlier this year. This combined pair of works represents important steps towards understanding and addressing structural and security complexities in the modern-day supply chain where open source is pervasive but not always understood. Census II identified the most commonly used free and open source software (FOSS) components in production applications, while the FOSS Contributor Survey and report shares findings directly from nearly 1,200 respondents working on them and other FOSS software.

“The modern economy – both digital and physical – is increasingly reliant on free and open source software,” said Frank Nagle, assistant professor at Harvard Business School. “Understanding FOSS contributor motivations and behavior is a key piece of ensuring the future security and sustainability of this critical infrastructure.”

Key findings from the FOSS Contributor Survey include:

• The top three motivations for contributors are non-monetary. While the overwhelming majority of respondents (74.87 percent) are already employed full-time and more than half (51.65 percent) are specifically paid to develop FOSS, motivations to contribute focused on adding a needed feature or fix, enjoyment of learning and fulfilling a need for creative or enjoyable work.
• There is a clear need to dedicate more effort to the security of FOSS, but the burden should not fall solely on contributors. Respondents report spending, on average, just 2.27 percent of their total contribution time on security and express little desire to increase that time. The report authors suggest alternative methods to incentivizing security-related efforts.
• As more contributors are paid by their employer to contribute, stakeholders need to balance corporate and project interests. The survey revealed that nearly half (48.7 percent) of respondents are paid by their employer to contribute to FOSS, suggesting strong support for the stability and sustainability of open source projects but drawing into question what happens if corporate interest in a project diminishes or ceases.
• Companies should continue the positive trend of corporate support for employees’ contribution to FOSS. More than 45.45 percent of respondents stated they are free to contribute to FOSS without asking permission, compared to 35.84 percent ten years ago. However, 17.48 percent of respondents say their companies have unclear policies on whether they can contribute and 5.59 percent were unaware of what  policies – if any – their employer had.

“Understanding open source contributor behaviors, especially as they relate to security, can help us better apply resources and attention to the world’s most-used software,” said David A. Wheeler, director of open source supply chain security at the Linux Foundation. “It is clear from the 2020 findings that we need to take steps to improve security without overburdening contributors and the findings suggest several ways to do that.”

For an in-depth analysis of these findings, suggested actions and more, please access the full report here: https://www.linuxfoundation.org/blog/2020/12/download-the-report-on-the-2020-foss-contributor-survey

The report authors are Frank Nagle, Harvard Business School; David A. Wheeler, the Linux Foundation; Hila Lifshitz-Assaf, New York University; and Haylee Ham and Jennifer L. Hoffman, Laboratory for Innovation Science at Harvard. They will host a webinar tomorrow, December 9, at 10 am ET. Please register here: https://events.linuxfoundation.org/webinar-why-wont-developers-write-secure-os-software/

The FOSS Contributor Report & Survey is expected to take place again in 2021. For contributors who would like to participate, please sign up here: https://hbs.qualtrics.com/jfe/form/SV_erjkjzXJ2Eo0TDD

About the OpenSSF

Hosted by the Linux Foundation, the OpenSSF is a cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. It combines the Linux Foundation’s Core Infrastructure Initiative (CII), founded in response to the 2014 Heartbleed bug, and the Open Source Security Coalition, founded by the GitHub Security Lab, to build a community to support the open source security for decades to come. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

About LISH

As a university-wide initiative, the Laboratory for Innovation Science at Harvard (LISH) is spurring the development of a science of innovation through a systematic program of solving real-world innovation challenges while simultaneously conducting rigorous scientific research. To date, LISH has worked with key partners in aerospace and healthcare, such as NASA, the Harvard Medical School, the Broad Institute, and the Scripps Research Institute to solve complex problems and develop impactful solutions. More information can be found at https://lish.harvard.edu/

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

Media Contact
Jennifer Cloer
Story Changes Culture
503-867-2304
jennifer@storychangesculture.com

The post New Open Source Contributor Report from Linux Foundation and Harvard Identifies Motivations and Opportunities for Improving Software Security appeared first on The Linux Foundation.

New Janssen Project seeks to build the world’s fastest and most comprehensive cloud native identity and access management software platform

SAN FRANCISCO, Calif., December 8, 2020 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the Janssen Project, a cloud native identity and access management software platform that prioritizes security and performance for our digital society. Janssen is based on the Gluu Server and benefits from a rich set of signing and encryption functionalities. Engineers from IDEMIA, F5, BioID, Couchbase and Gluu will make up the Technical Steering Committee.

Online trust is a fundamental challenge to our digital society. The Internet has connected us. But at the same time, it has undermined trust. Digital identity starts with a connection between a person and a digital device. Identity software conveys the integrity of that connection from the user’s device to a complex web of backend services. Solving the challenge of digital identity is foundational to achieving trustworthy online security.

While other identity and access management platforms exist, the Janssen Project seeks to tackle the most challenging security and performance requirements. Based on the latest code that powers the Gluu Server–which has passed more OpenID self-certification tests than any other platform–Janssen starts with a rich set of signing and encryption functionality that can be used for high assurance transactions. Having shown throughput of more than one billion authentications per day, the software can also handle the most demanding requirements for concurrency thanks to Kubernetes auto-scaling and advances in persistence.

“Trust and security are not competitive advantages–no one wins in an insecure society with low trust,” said Mike Schwartz, Chair of the Janssen Project Technical Steering Committee. “In the world of software, nothing builds trust like the open source development methodology. For organizations who cannot outsource trust, the Janssen Project strives to bring transparency, best practices and collective governance to the long-term maintenance of this important effort. The Linux Foundation provides the neutral and proven forum for organizations to collaborate on this work.”

The Gluu engineering teams chose the Linux Foundation to host this community because of the Foundation’s priority of transparency in the development process and its formal framework for governance to facilitate collaboration among commercial partners.

New digital identity challenges arise constantly, and new standards are developed to address them. Open source ecosystems are an engine for innovation to filter and adapt to changing requirements. The Janssen Project Technical Steering Committee (“TSC”) will help govern priorities according to the charter.  The initial TSC includes:

• Michael Schwartz, TSC Chair, CEO Gluu
• Rajesh Bavanantham, Domain Architect at F5 Networks/NGiNX
• Rod Boothby, Head of Digital Trust at Santander
• Will Cayo, Director of Software Engineering at IDEMIA Digital Labs
• Ian McCloy, Principal Product Manager at Couchbase
• Alexander Werner, Software Engineer at BioID

For more information, see the project Github site: https://github.com/JanssenProject

Supporting Comments

BioID

“BioID’s biometric authentication service provides GDPR compliant, device independent, 3D liveness detection and facial recognition APIs, supported out-of-the-box by the Janssen project. Exposing BioID’s capabilities via OpenID Connect makes sense in many cases, especially as part of the rollout for a large organization.  The availability of a high-quality open source implementation of OpenID Connect gives us more options to build products and to expand the options for our customers to deploy our technology,” said Alexander Werner, Software Engineer at BioID.

Couchbase

“The Couchbase database is supported today in the Janssen project for both caching and persistence. This makes sense given the distributed, elastic, in-memory requirements for a multi-cloud, hyper-scale identity service. Contributing to this project aligns with our goal to advance open source infrastructure software that results in more options for the Couchbase community,” said Ian McCloy, Principal Product Manager at Couchbase.

F5

“It’s an immense pleasure to join the Janssen Project, as it’s aimed to improve the performance, reliability and security on OAuth2 Components that are similar to NGINX Principles. Being part of Linux Foundation, the Janssen Project will be well governed and evolve with the open source community to achieve its goals,” said Rajesh Bavanantham, F5.

IDEMIA

“I have been a part of the Gluu community for many years. I’m excited to see the project moving to the Linux Foundation where we can collaborate with an even larger ecosystem of individuals and companies,” said Will Cayo, IDEMIA.

 

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,500 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

 

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

 

Media Contact
Jennifer Cloer
Story Changes Culture
503-867-2304
jennifer@storychangesculture.com

The post The Janssen Project Takes on World’s Most Demanding Digital Trust Challenges at Linux Foundation appeared first on The Linux Foundation.

Linux Foundation debuts new, secure, open source cloud native access management software platform  TechRepublic

The Janssen Project Takes on World's Most Demanding Digital Trust Challenges at Linux Foundation  PRNewswire

9 Best Arch Based Distros with GUI for 2021 - Linux Shout  H2S Media

Well here is a surprise for those that have long used CentOS as the community-supported rebuild of Red Hat Enterprise Linux... CentOS 8 will end in 2021 and moving forward CentOS 7 will remain supported until the end of its lifecycle but CentOS Stream will be the focus as the future upstream of RHEL...

CentOS 8 Ending Next Year To Focus Shift On CentOS Stream  Phoronix

Radeon RX 6900 XT Launches As Flagship Card With Open-Source Drivers But Very Limited Availability  Phoronix

After the Radeon RX 6800 series launched just under a month ago, the flagship AMD Radeon RX 6900 XT is launching today. This is currently the most powerful RDNA 2 graphics card and should work under Linux with the open-source driver stack but the card is likely to be scarcer than even the RX 6800 series...

The Qt Company has officially released Qt 6.0 as the latest major release to this open-source, cross-platform toolkit...

Free and Open Source Software (FOSS) has become a critical part of the modern economy. It has been estimated that FOSS constitutes 80-90% of any given piece of modern software, and software is an increasingly vital resource in nearly all industries. This heavy reliance on FOSS is common in both the public and private sectors, in both tech and non-tech organizations. Therefore, ensuring the health and security of FOSS is critical to the future of nearly all industries in the modern economy.

To better understand the state of security and sustainability in the FOSS ecosystem, and how organizations and companies can support it, the Linux Foundation‘s Core Infrastructure Initiative (CII) and the Laboratory for Innovation Science at Harvard (LISH) collaborated to conduct a widespread survey of FOSS contributors as part of larger efforts to take a pre-emptive approach to strengthen cybersecurity by improving open-source software security. 

These efforts — recently incorporated into the Open Source Security Foundation (OpenSSF) working group on securing critical projects — aim to support, protect, and fortify open software, especially software critical to the global information infrastructure.

This survey’s primary goal is to identify how best to improve FOSS’s security and sustainability — especially those projects that are widely relied upon by the modern economy. Specifically, the survey seeks to help answer the question,

“How can we better incentivize adequate maintenance and security of the most used FOSS projects?”

Importantly, in conducting this survey, the research team sought to take a holistic view of security. The methodology for recruiting survey participants emphasized contributors to FOSS projects that have been identified as widely used via previous research that culminated in the release of “CII Census II Preliminary Report – Vulnerabilities in the Core.”

This new report summarizes the results of a survey of free/open source software (FOSS) developers in 2020. The goal was to identify key issues in improving FOSS’s security and sustainability since the world now depends on it as a critical infrastructure that underlies the modern economy. 

To capture a cross-section of the FOSS community, the research team distributed the survey to contributors to the most widely used open source projects and invited the wider FOSS contributor community through an open invitation. It captured more technical aspects of security and also considered the more human side. 

The survey included questions about contributor motivations and level of involvement, corporate involvement in FOSS, the role of economic considerations in contribution behavior, and sought to answer the following:

1. Demographics: What are the demographics of FOSS contributors? In particular, what are their gender, employment, and geographic location?
2. Motivations: What are their reasons for starting, continuing, or stopping contributions to FOSS? How can projects keep contributors engaged, and do contributors feel that their employers or others value their work?
3. Pay: How many FOSS contributors are paid for their work on FOSS? If paid, by whom (e.g., by employers and/or corporate sponsorship)? If they are not, does the lack of payment lead to significantly poorer security or sustainability?
4. Time Spent: How much time do contributors spend contributing to FOSS, and how would they like to spend it? Is there an interest in increasing time spent on security issues?
5. Aid: What kinds of actions from external actors would help improve security (e.g., code contributions and/or money)?
6. Current activity: What kinds of security-related activities are already taking place in the FOSS projects represented by the respondents?
7. Education/training: How much education/training have FOSS contributors had in secure software development and operations? From which sources did they receive it?

The goals in running this survey were to understand the state of security and sustainability in FOSS and identify opportunities to improve them, and ensure FOSS’s viability in the future. In particular, this survey focused on the “human side” of FOSS, more than the technical side, although the two are certainly inter-related, and these findings relate to both. 

The results identified reasons for optimism about the future of FOSS (individuals are continuing to contribute to FOSS, companies are becoming friendlier to FOSS to the point of paying some employees to contribute, etc.), but also areas of concern (in particular, the lack of security-related efforts, and potential difficulties in motivating such efforts). 

In the end, free and open source software is, and always has been, a community-driven effort that has led to the development of some of the most critical building blocks of the modern economy. This survey highlights the importance of the security of this important dynamic asset. Likewise, it will take a community-driven effort, including individuals, companies, and institutions, to ensure FOSS is secure and sustainable for future generations.

Authors:

• Frank Nagle, Harvard Business School
• David A. Wheeler, The Linux Foundation
• Hila Lifshitz-Assaf, New York University 
• Haylee Ham, Laboratory for Innovation Science at Harvard
• Jennifer L. Hoffman, Laboratory for Innovation Science at Harvard 

Download Report

The post Download the Report on the 2020 FOSS Contributor Survey appeared first on The Linux Foundation.

New Open Source Contributor Report from Linux Foundation and Harvard Identifies Motivations and Opportunities for Improving Software Security  PRNewswire