Open-source News

QEMU 5.2 was released on Tuesday as the latest feature release for this open-source processor emulator that plays an important role in the open-source Linux virtualization stack...

There’s XEDIT, jEdit, NEdit, gedit, and, as it turns out, medit. 

read more

To you learn a new programming language, it's good to focus on the things most programming languages have in common:

• Variables
• Expressions
• Statements

These concepts are the basis of most programming languages. Because of these similarities, once you know one programming language, you can start figuring another one out by recognizing its differences.

read more

No. 1 Visual Studio IDE Feature Request: Linux  Visual Studio Magazine

No. 1 Visual Studio IDE Feature Request: Linux  Visual Studio Magazine

Most of us have gotten a lot more familiar with working from home this year. In my role as a developer advocate, this has meant a lot less travel and a lot more video work, including streaming on Twitch.

As I transitioned to working and streaming video from home in spring 2020, I decided to get a Stream Deck, but I wasn't exactly sure what I'd use it for.

read more

How Kali Linux creators plan to handle the future of penetration testing  Help Net Security

PHP is arguably one of the most widely used server-side programming languages. It’s the language of choice when developing dynamic and responsive websites. In fact, popular CM platforms such as WordPress, Drupal, and Magento

The post How to Install PHP 8.0 on Ubuntu 20.04 / 18.04 first appeared on Tecmint: Linux Howtos, Tutorials & Guides.

Intel's Deep Neural Network Library currently known as oneDNN as part of the oneAPI suite (and formerly known as MKL-DNN and DNNL) has reached version 2.0 as an open-source project...

Patch Tuesday, Good Riddance 2020 Edition — Krebs on Security  Krebs on Security

Automotive Grade Linux Releases 10th Version Of Unified Code Base  CleanTechnica

Lilbits: ARM computers, Linux phones, and the Pixel 2 rides off into the sunset  Liliputing

The open-source Intel Graphics Compiler (IGC) that is currently used by their oneAPI Level Zero and OpenCL implementations but likely to see Intel driver Mesa usage in 2021 has a new feature dubbed "IMF LA" that aims to help with the performance and close the gap with Windows...

CentOS Project Shifts Focus to CentOS Stream  HPCwire

Elkhart Lake ultra-compact features triple 2.5GbE with PoE+  LinuxGizmos.com

Four years after Google began developing the "Fuchsia" operating system complete with its own kernel, Google is now becoming more open with Fuchsia development and also accepting community code contributions...

Case Study: Success of Pardus GNU/Linux Migration  Linux Journal

Back in October RISC-V minded startup SiFive announced the HiFive Unmatched development board as the best RISC-V development board we've seen to date. But only having 8GB of RAM was one of the few critiques which the company is now addressing...

SiFive's RISC-V HiFive Unmatched Upgraded To Ship With 16GB Of RAM  Phoronix

New survey reveals why contributors work on open source projects and how much time they spend on security

SAN FRANCISCO, Calif., December 8, 2020 – The Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) today announced the release of a new report, “Report on the 2020 FOSS Contributor Survey,” which details the findings of a contributor survey administered by the organizations and focused on how contributors engage with open source software. The research is part of an ongoing effort to study and identify ways to improve the security and sustainability of open source software.

The FOSS (Free and Open Source Software) contributor survey and report follow the Census II analysis released earlier this year. This combined pair of works represents important steps towards understanding and addressing structural and security complexities in the modern-day supply chain where open source is pervasive but not always understood. Census II identified the most commonly used free and open source software (FOSS) components in production applications, while the FOSS Contributor Survey and report shares findings directly from nearly 1,200 respondents working on them and other FOSS software.

“The modern economy – both digital and physical – is increasingly reliant on free and open source software,” said Frank Nagle, assistant professor at Harvard Business School. “Understanding FOSS contributor motivations and behavior is a key piece of ensuring the future security and sustainability of this critical infrastructure.”

Key findings from the FOSS Contributor Survey include:

• The top three motivations for contributors are non-monetary. While the overwhelming majority of respondents (74.87 percent) are already employed full-time and more than half (51.65 percent) are specifically paid to develop FOSS, motivations to contribute focused on adding a needed feature or fix, enjoyment of learning and fulfilling a need for creative or enjoyable work.
• There is a clear need to dedicate more effort to the security of FOSS, but the burden should not fall solely on contributors. Respondents report spending, on average, just 2.27 percent of their total contribution time on security and express little desire to increase that time. The report authors suggest alternative methods to incentivizing security-related efforts.
• As more contributors are paid by their employer to contribute, stakeholders need to balance corporate and project interests. The survey revealed that nearly half (48.7 percent) of respondents are paid by their employer to contribute to FOSS, suggesting strong support for the stability and sustainability of open source projects but drawing into question what happens if corporate interest in a project diminishes or ceases.
• Companies should continue the positive trend of corporate support for employees’ contribution to FOSS. More than 45.45 percent of respondents stated they are free to contribute to FOSS without asking permission, compared to 35.84 percent ten years ago. However, 17.48 percent of respondents say their companies have unclear policies on whether they can contribute and 5.59 percent were unaware of what  policies – if any – their employer had.

“Understanding open source contributor behaviors, especially as they relate to security, can help us better apply resources and attention to the world’s most-used software,” said David A. Wheeler, director of open source supply chain security at the Linux Foundation. “It is clear from the 2020 findings that we need to take steps to improve security without overburdening contributors and the findings suggest several ways to do that.”

For an in-depth analysis of these findings, suggested actions and more, please access the full report here: https://www.linuxfoundation.org/blog/2020/12/download-the-report-on-the-2020-foss-contributor-survey

The report authors are Frank Nagle, Harvard Business School; David A. Wheeler, the Linux Foundation; Hila Lifshitz-Assaf, New York University; and Haylee Ham and Jennifer L. Hoffman, Laboratory for Innovation Science at Harvard. They will host a webinar tomorrow, December 9, at 10 am ET. Please register here: https://events.linuxfoundation.org/webinar-why-wont-developers-write-secure-os-software/

The FOSS Contributor Report & Survey is expected to take place again in 2021. For contributors who would like to participate, please sign up here: https://hbs.qualtrics.com/jfe/form/SV_erjkjzXJ2Eo0TDD

About the OpenSSF

Hosted by the Linux Foundation, the OpenSSF is a cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. It combines the Linux Foundation’s Core Infrastructure Initiative (CII), founded in response to the 2014 Heartbleed bug, and the Open Source Security Coalition, founded by the GitHub Security Lab, to build a community to support the open source security for decades to come. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

About LISH

As a university-wide initiative, the Laboratory for Innovation Science at Harvard (LISH) is spurring the development of a science of innovation through a systematic program of solving real-world innovation challenges while simultaneously conducting rigorous scientific research. To date, LISH has worked with key partners in aerospace and healthcare, such as NASA, the Harvard Medical School, the Broad Institute, and the Scripps Research Institute to solve complex problems and develop impactful solutions. More information can be found at https://lish.harvard.edu/

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

Media Contact
Jennifer Cloer
Story Changes Culture
503-867-2304
jennifer@storychangesculture.com

The post New Open Source Contributor Report from Linux Foundation and Harvard Identifies Motivations and Opportunities for Improving Software Security appeared first on The Linux Foundation.