Home Blog Page 59

SBOM – SB Doesn’t Stand for Silver Bullet

Software Bill of Materials (SBOMs) are like ingredient labels on food. They are critical to keep consumers safe and healthy, they are somewhat standardized, but it is a lot more exciting to grow or make the food rather than the label. 

What is an SBOM?

What is an SBOM? In short, it is a way to tell another party all of the software that is used in the stack that makes up an application. One benefit of having a SBOM is you know what is in there when a vulnerability comes up. You can easily determine if you are vulnerable and where. 

As modern software is built utilizing a base of software already written (no sense in recreating the wheel), it is important that all of the components don’t get lost in the shuffle. It isn’t readily apparent what a particular piece of software utilizes. So, if a vulnerability for Software A arises, you need to know, do I have that piece of software somewhere in my ecosystem, and, if so, where. Then you can remediate if you need to.

I can’t take credit for the food label analogy used in my introduction. I heard it from Allan Friedman, a Senior Advisor and Strategist at the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and a key SBOM advocate, when he presented about SBOMs at the RSA Conference 2022 with Kate Stewart, the VP of Dependable Embedded Systems here at the Linux Foundation. Allan made the point that food labels only provide information. The consumer needs to read and understand them and take appropriate action. For instance, if they are allergic to peanuts, they can look at an ingredient label and determine if they can safely eat the food. 

SBOMs are similar – they tell a person what software is used as an “ingredient” so someone can determine if they need to take action if a vulnerability arises. It isn’t a silver bullet, but it is a vital tool. Without SBOMs no one can track what component “ingredients” are in their software applications.

SBOMs and the Software Supply Chain

Supply chains are impacting our lives more than just restricting availability of consumer goods. Software supply chains are immensely more complicated now as software is built with pre-existing components. This makes software better, more effective, more powerful, etc. But it also introduces risk as more and more parties touch a particular piece of software. Much like our world has become so interdependent, so has our software. 

Understanding what is in the supply chain for our software helps us effectively secure it. When a new risk emerges, we know what we need to do. 

SBOMs and Software Security

SBOMs are increasingly being recognized as an important pillar in any comprehensive software security plan. A global survey conducted in 2021 Q3 by the Linux Foundation found that 78% of organizations responding plan to use SBOMs in 2022. Additionally, the recently published Open Source Software Security Mobilization Plan recommends SBOMs be universal and the U.S. Executive Order on Improving the Nation’s Cybersecurity requires SBOMs be provided for software purchased by the U.S. government. And, as Allan points out in his talk, “We buy everything.” The E.O. actually lays out a nice summary of SBOMs and their benefits: 

The term “Software Bill of Materials” or “SBOM” means a formal record containing the details and supply chain relationships of various components used in building software.  Software developers and vendors often create products by assembling existing open source and commercial software components.  The SBOM enumerates these components in a product.  It is analogous to a list of ingredients on food packaging.  An SBOM is useful to those who develop or manufacture software, those who select or purchase software, and those who operate software.  Developers often use available open source and third-party software components to create a product; an SBOM allows the builder to make sure those components are up to date and to respond quickly to new vulnerabilities.  Buyers can use an SBOM to perform vulnerability or license analysis, both of which can be used to evaluate risk in a product.  Those who operate software can use SBOMs to quickly and easily determine whether they are at potential risk of a newly discovered vulnerability.   A widely used, machine-readable SBOM format allows for greater benefits through automation and tool integration.  The SBOMs gain greater value when collectively stored in a repository that can be easily queried by other applications and systems.  Understanding the supply chain of software, obtaining an SBOM, and using it to analyze known vulnerabilities are crucial in managing risk.

Allan and Kate spent time in their talk going into the current state of SBOMs, challenges, benefits, tools available for creating and sharing SBOMs, what is a minimum SBOM, standards being developed, making them fully automated, and more. Look for some future LF Blog posts digging into these. 

But there are things you can do now. 

What can you and your organization do now?

Allan and Kate laid out several things you and your organization can do, starting now. Starting within your organization: 

Next week: Understand origins of software your organization is using

Commercial: can you ask for an SBOM?
Open source: do you have an SBOM for the binary or sources you’re importing? 

Three months: Understand what SBOMs your customers will require

Expectations: which standards, dependency depth, licensing info?

Six months: Prototype and deploy

Implement SBOM through using an OSS tool and/or starting a conversation with vendor

And participate in ongoing discussions to determine best practices for the ecosystem and contribute to open source project any code developed to support SBOMs. 

But there are also steps you can take as an individual: 

Next week: Start playing with an open source SBOM tool and apply it to a repo

Three months: Have an SBOM strategy that explicitly identifies tooling needs

Six months

Begin SBOM implementation through using an OSS tool or starting a conversation with vendor
Participate in a plugfest and try to consume another’s SBOM

And make sure to share any open source and commercial tools you find helpful and work with the tools to help harden them, test and report bugs, and push them to scale.

How can you shape the future of SBOMs?

First, I want to highlight some upcoming opportunities they shared to help shape the future of SBOMs. CISA is running public Tooling & Implementation work stream discussions in July 2022. They are the same, but occur at different times to help accommodate more time zones: 

July 13, 2022 – 3:00-4:30 PM ET
July 21, 2022 – 9:30-11:00 AM ET 

If you want to participate, please email SBOM@cisa.dhs.gov

Additionally, there will be “plugfests” to be announced soon, and they suggested organizations already adopting SBOMs publish case studies and reference tooling workflows to help others. 

Conclusion

SBOMs are here to stay. If you aren’t already, get on the train now. It is pulling out of the station, but you still have an opportunity to help shape where it is going and how well the journey goes. 

Allan’s and Kate’s slides are available here. If you registered to attend the RSA Conference, you can now watch their full presentation on demand here.

The Software Package Data ExchangeⓇ (SPDXⓇ)

The Linux Foundation hosts SPDX, which is an open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. SPDX reduces redundant work by providing a common format for companies and communities to share important data, thereby streamlining and improving compliance. The SPDX specification is an international open standard (ISO/IEC 5962:2021). Learn more at spdx.dev

The post SBOM – SB Doesn’t Stand for Silver Bullet appeared first on Linux Foundation.

LightSpeed Studios Joins the Open 3D Foundation as a Premier Member to Further the Vast Potential of the 3D Ecosystem

O3D community building a first-class, open-source 3D engine to advance development across gaming, the metaverse, and a variety of other applications

SAN FRANCISCO – June 15, 2022 – The Open 3D Foundation (O3DF), the home of a vibrant community focused on advancing the future of open 3D development, announces its growing ecosystem with the addition of LightSpeed Studios as a Premier member alongside Adobe, AWS, Huawei, Intel, Microsoft and Niantic.

Today’s top-quality 3D engines are as complex as operating systems, requiring significant time, cost, and human capital investments to keep pace with advancements. Open source has repeatedly proven to be the path to quickest innovation. The Open 3D Engine (O3DE) offers a high-fidelity, fully-featured, open source alternative poised to revolutionize real-time 3D development across a variety of industries—from game development, the metaverse, AI and digital twin, to automotive, healthcare, robotics and more.

As a Premier member, LightSpeed Studios will bring its leadership and wealth of experience in global research and development of high-quality games to help drive the development of O3DE’s specifications and initiatives. Tencent Senior Project Manager, Lanye Wang, will join the Open 3D Foundation’s Governing Board, helping shape the Foundation’s strategic direction and its stewardship of 3D visualization and simulation projects. 

“We are very excited to join the Open 3D Foundation, especially for the opportunity to leverage the connection with all of the other members to dive deep into the graphic technologies and build a top-level open source 3D engine community,” said Lanye Wang, representing LightSpeed Studios. “We look forward to working with you.”

LightSpeed Studios is one of the world’s most innovative and successful game developers, with teams around the world. Founded in 2008, LightSpeed Studios has created over 50 games across multiple platforms and genres for over 4 billion registered users. Comprised of passionate players who advance the art and science of game development through great stories, great gameplay and advanced technology, LightSpeed Studios is focused on bringing next-generation experiences to gamers who want to enjoy them anywhere, anytime across multiple genres and devices.

“It has been amazing to see the rapid growth of the O3D ecosystem, and we’re elated to welcome LightSpeed Studios to our community,” said Royal O’Brien, Executive Director of Open 3D Foundation and General Manager of Games and Digital Media at the Linux Foundation. “LightSpeed Studios has achieved a strong reputation as a leading global game developer, offering high-quality gaming experiences to hundreds of millions of users worldwide, and we are excited to collaborate with them as we enhance O3DE’s capabilities for global 3D developers.”

A Growing Community

LightSpeed Studios is one of 25 member companies since the public announcement of the Open 3D Foundation in July 2021. Other premier members include Adobe, AWS, Huawei, Intel, Microsoft and Niantic.

In May, O3DE announced its latest release, focused on performance, stability and usability enhancements. With over 1,460 code merges, this new release offers several improvements aimed to make it easier to build 3D simulations for AAA games and a range of other applications. Significant enhancements include core stability, installer validation, motion matching, user-defined property (UDP) support for the asset pipeline, and automated testing advancements. The O3D Engine community is very active, averaging up to 2 million line changes and 350-450 commits monthly from 60-100 authors across 41 repos.

Where to See the O3D Engine Next

On October 17-19, the Open 3D Foundation will host O3Dcon, its flagship conference, bringing together technology leaders, indie and independent 3D developers, and the academic community to share ideas, discuss hot topics and foster the future of 3D development across a variety of industries and disciplines. For those interested in sponsoring this event, please contact sponsorships@linuxfoundation.org

Anyone interested in the O3D Engine is invited to get involved and connect with the community on Discord.com/invite/o3de and GitHub.com/o3de

About the Open 3D Engine (O3DE) project

O3D Engine is the flagship project managed by the Open 3D (O3D) Foundation. The open-source project is a modular, cross-platform 3D engine built to power anything from AAA games to cinema-quality 3D worlds to high-fidelity simulations. The code is hosted on GitHub under the Apache 2.0 license. To learn more, please visit o3de.org.

About the Open 3D Foundation

Established in July 2021, the mission of the Open 3D Foundation (O3DF) is to make an open-source, fully-featured, high-fidelity, real-time 3D engine for building games and simulations, available to every industry. The Open 3D Foundation is home to the O3D Engine project. To learn more, please visit o3d.foundation.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Media Inquiries:

pr@o3d.foundation

# # #

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

The post LightSpeed Studios Joins the Open 3D Foundation as a Premier Member to Further the Vast Potential of the 3D Ecosystem appeared first on Linux Foundation.

Tune it Up: Improving Redis Performance for Ampere A1 on Oracle Linux in OCI

The outcome with recommendations of an i

Click to Read More at Oracle Linux Kernel Development

How to configure Network File System on Linux

NFS is one of the easiest and most transparent ways to handle shared storage within an organization. Learn how to configure it on Red Hat Enterprise Linux.

Read More at Enable Sysadmin

LFX Mentorship for Me

A brief about my experience with the Linux Foundation Mentorship.

The post originally appeared on deprov477’s blog. The author, Anubhav Choudhary, particpated in the Linux Foundation’s Mentorship Program in 2022. The program is designed to help developers — many of whom are first-time open source contributors — with necessary skills and resources to learn, experiment, and contribute effectively to open source communities. By participating in a mentorship program, mentees have the opportunity to learn from experienced open source contributors as a segue to get internship and job opportunities upon graduation. If you are interested, we invite you to learn more and apply today here.

Hi everyone, I recently completed my LFX Mentorship project. I was a mentee for the LFXM summer term of 2022 at Pixie, a CNCF sandbox project donated by The New Relic.

In this blog, I will be sharing my experience of mentorship. (TLDR; just awesome, one-of-a-kind experience drop me a message. I’d be more than happy to help.

What is LFX Mentorship?

Let’s start this by knowing about The Linux Foundation. The Linux Foundation (LF) is a non-profit organization, that standardizes the development of the Linux kernel and also promotes open source projects such as Kubernetes, GraphQL, Hyperledger, RISC-V, Xen project, etc.

The Linux Foundation Mentorship is a program run by LF, which helps developers with the necessary skills and resources to learn and contribute to open source projects, through 3 or 6 months of internship. During this period, the mentee is guided through the development workflow and methodologies used by open source organizations, through a project.

Selection procedure

I’ve been involved in open source for some time and have been applying for the mentorship, but got rejected every time.

This time also I was going through the projects and found a particularly interesting project. It was about parsing a protocol. This took my eye as at that time I was learning networking and experimenting a lot with communications. So naturally, I got interested. After reading the project details, I went to the project’s slack channel to find a mentor. Omid, one of Pixie’s founding engineers, was kind enough to reply to my message and asked for a quick call.

I talked to him and told him about my interest and how I made a preliminary Mongo wire protocol parser using Node.js as preparation. He seemed satisfied with this and told me about further steps and time commitment.

Other formalities included submitting a cover letter, and my resume.

A few days later got this:

Finally, after applying so many times, got selected !!!

Month 1

Started, and was introduced to my mentor Yaxiong Zhao, another founding engineer at Pixie. He told me about what we were going to do in the next 3 months. He demoed me the Pixie UI and explained to me the working of it, and how pixie catches packets (hint: eBPF). And then sent me the AMQP spec sheet, and how it needs to be implemented using C++.

Yes, the protocol changed from Mongo to AMQP, and the language from Node.js to C++. But I guess a very important survival quality of industry is being flexible.

So, in the first month, I got a theoretical knowledge about AMQP wire spec and experimented with it by deploying a local RabbitMQ server, and monitoring packets using Wireshark. My mentor also tried helping me build Pixie on my local machine, but we failed, even after switching distros. At last, we were able to set up my dev environment inside a container.

…quite a month

Month 2

In the first half of this month, I continued my research on AMQP (apparently implementing a protocol required a lot of extensive reading) and found analogies of it with protocols I was already familiar with, and kept on manually experimenting with packet translation.

3rd week of the month, It was finally time for me to start writing some code. Okay, so this was the difficult part. Having very limited knowledge of C++, continued forward. But my mentor was being an angel at this point, very patiently explaining to me, and pointing me in the right direction, making me understand every lex required. I started with implementing a data structure for storing and creating relations between packets. After some effort, finally got my PR merged.

Month 3

Continuing my code work, I started building a parser code. Yaxiong was very patient and helpful during this time, sending me blogs, and guides and explaining to me every little doubt I had. Thanks to him I was able to finally submit my preliminary code for parsing the code.

And a final thing for this was to write tests. Learned google’s C++ testing library. Wrote code, pushed.

Concluding the program

Like every good thing, this also came to an end. 12 weeks just fly by — faster than you can think — The program opened up a new world of open source and got me introduced to a lot of professional tools and etiquette. I appreciate the time and efforts my mentor put into this program.

Completing this internship was a dream come true, dodging tonnes of problems: internet, college, placement preparation, exams, everything. At many points in the internship, I was very certain I won’t be able to complete the project. but:

At some point, everything’s gonna go south on you… everything’s going to go south and you’re going to say, this is it. This is how I end. Now you can either accept that, or you can get to work. That’s all it is. You just begin. You do the math. You solve one problem… and you solve the next one… and then the next. And If you solve enough problems, you get to come home.

— Tail ender, The Martian.

The post LFX Mentorship for Me appeared first on Linux Foundation.

How to interrupt the Linux boot process

Interrupting the boot process is useful for troubleshooting and maintenance, but make sure you enable full disk encryption first.

Read More at Enable Sysadmin

Juju and Charmed Operators Accelerating FINOS Open Source Projects Adoption

The article by Srikrishna ‘Kris’ Sharma with Canonical originally appeared in the FINOS Project’s Community Blog. It is another example of enterprises open sourcing their code so that they can “collectively solve common problems so they can separately innovate and differentiate on top of the common baseline.” Read more about Why Do Enterprises Use and Contribute to Open Source Software.

Orchestrating Legend with Juju

Goldman Sachs open sourced the code and contributed its internally developed Legend data management platform into FINOS in October 2020.  Legend provides an end-to-end data platform experience covering the full data lifecycle. It encompasses a suite of data management and governance components known as the Legend Platform. Legend enables breaking down silos and building a critical bridge over the historical divide between business and engineering, allowing companies to build data-driven applications and insightful business intelligence dashboards.

Accelerate FINOS Open Source Project Adoption

Ease and speed of deployment enables innovation and lowers the barrier of entry to open source consumption and contribution. Engineering experience is about leveraging software ops automation to demonstrate impact of an open source project to the community. An awesome engineering experience is more often required to enable wider adoption and contribution to an open source project.

Over the last few months, Canonical has been working closely with FINOS and its community members to offer a consistent way to deploy and manage enterprise applications using Juju and Charmed Operators with a focus on Day 2 operations. The idea is to provide a software ops automation framework and toolkit that enables the DevOps teams at financial institutions to realise the benefits of rapid deployment/ testing and application management using a platform that is 100% open source, vendor-agnostic and hybrid-multi-cloud ready.

What is Juju and Charmed Operator?

Charmed Operator:

A charmed operator (also known, more simply, as a “charm”) encapsulates a single application and all the code and know-how it takes to operate it, such as how to combine and work with other related applications or how to upgrade it. Charms are programmed to understand a single application, its operations, and its potential to integrate with other applications. A charm defines and enables the channels by which applications connect. Hundreds of charms are available at charmhub.io.

Juju Operator Lifecycle Manager (OLM) is a hybrid-cloud application management and orchestration system for installation and day 2 operations. It helps deploy, configure, scale, integrate, maintain, and manage Kubernetes native, container-native and VM-native applications—and the relations between them.

Juju allows anyone to deploy and operate charmed operators (charms) in any cloud–including Kubernetes, VMs and Metal. Charms encapsulate the application plus deployment and operations knowledge into one single reusable artefact. Juju manages the lifecycle of applications and infrastructure stacks from cloud to the edge. Juju is cloud-vendor agnostic and hybrid-multi-cloud by nature: it can manage the lifecycle of applications in public clouds, private clouds, or on bare metal. Once bootstrapped, Juju will offer the same deployment and operations experience regardless of the cloud vendor.

The Legend Charm Bundle

In the spirit of providing an enterprise-grade automated deployment and maintenance experience to FINOS members, Canonical created a charmed bundle for Legend and contributed it to FINOS.

The Legend Charm Bundle provides a simple, efficient and enterprise-ready way to deploy and orchestrate a Legend instance in various environments across the CI/CD pipeline, from developer’s workstation to production environment. The bundle includes several Charmed Operators, one for each Legend component.

Why a Legend Charm Bundle?

A simple way to evaluate Legend
One can spin up a Legend environment from scratch using one single command juju deploy finos-legend-bundle
An intuitive approach (for banks and other financial institutions) to spin up production environments
Provides orchestration capabilities, not only deployment scripting
Easily plugs into Legend release lifecycle and simplifies Legend FINOS instance maintenance

The Legend charm documentation resides on finos/legend-integration-juju github repository and here is the link to related repositories.multiple components.

Detailed instructions are available for local and cloud installations if you would like to spin up your own Legend instance within a few mins and start using Legend either locally or on AWS EKS.

Local installation 
AWS EKS installation 

The post Juju and Charmed Operators Accelerating FINOS Open Source Projects Adoption appeared first on Linux Foundation.

How we use eBPF to observe OpenShift network metrics

The eBPF Agent is a portable network-flow exporter designed to be ubiquitous and optimized for Kubernetes observability use cases.

Read More at Enable Sysadmin

Untold Stories of Open Source: Priyanka Sharma

In open source communities, we meet people every day.  We probably know their current role and responsibilities, but we don’t always have perspective on the history, education, and career path that made them who they are.  These are some of the untold stories of open source.  

At the Linux Foundation, we’re a couple of weeks away from launching a new podcast series, The Untold Stories of Open Source.  For our blog readers, you’re getting a sneak peek into a few of the stories that will kick off our series.  Today, we’ll share perspectives from episode 1, Priyanka Sharma.

After Graduating

Priyanka Sharma is an evangelist for the power of community in open source. Okay, she is much more than that, and we will get to that in a bit, but her passion and what drives all of her other successes in open source is the power of an inclusive, supportive community. 

Priyanka didn’t begin in open source. After graduating from Stanford University in 2009 with a degree in computer science, she started her career at Google in the online partnership group, where she was a technical consultant onboarding new Doubleclick clients and acted as an interim project manager for internal insights tools. Following Google, she held roles at Outright and GoDaddy, including integrating the Outright product into the GoDaddy sales catalog.  However, she was bitten by the build-a-business bug years earlier. In 2014, she gathered up some ideas and funding, experimenting with consumer products, but nothing was sticking. 

A Road to TechCrunch Disrupt

She realized that her business partner had built a time-tracking app for himself that was geared towards software developers. It was plugin based, so you could put it into your IDE and have time tracking at your fingertips. After all, who wants to track time, so the easier you make it, the better. 

All of the plugins were open source – introducing her to the world that she was about to live in. She noticed how people were drawn to the plugins, customizing them to work better for what they needed. She thought, “Maybe this is what we should focus on.” So, with a path she couldn’t have seen coming, she ended up getting into developer tools. The plugins were eventually used by 100,000 developers, featured by TechCruch Disrupt, and chosen by Y-Combinator

Setting Out on Her Own

But, as she says, “All that glitters isn’t gold.” There were challenges every day as with any startup, from fundraising to public visibility. Getting into Y-Combinator was a pivotal moment, forcing the team to come to terms with what it would take to work together to make a real commitment to the project together, as a team. 

Priyanka thought back to that time, “I think you can overcome anything when you are part of a team when you jive with each other, where everyone is aligned on the final outcome. When that is not the case, it is very tricky because everyone is going towards different goals. That is the meta issue that led us to go our different ways.” 

Now out on her own, she realized that there were not many people who understood marketing developer tools or a go-to-market strategy for developer tools. So, she began working with Heavybit, an accelerator and incubator for developer products. “They really took me in and gave me opportunities to help their portfolio companies.” Her work helped Rainforest QA, Lightstep, LaunchDarkly, and Postman API

Reflecting on Ben’s Approach

She ended up joining the Lightstep team because she saw not only the value of their reputation, but was drawn to the top-notch team and what they could teach her. Part of the draw was Dapper, a tool built at Google to provide developers with a distributed tracing system exploring the behavior of complex distributed systems. Dapper sparked many tools that weren’t anticipated by its initial developers. Ben Sigelman, co-creator of Dapper and the OpenTracing and OpenTelemetry projects, now part of the Cloud Native Computing Foundation (CNCF). “Ben’s approach was very much as an educator. There are lots of experts out there, but if they aren’t interested in teaching, I don’t get any value in it.” 

As the second hire at Lightstep, she had a variety of roles, including developer relations, marketing, documentation, and more. 

The initial focus of the company was on OpenTracing. They initially were an independent open source project, but they eventually decided to join the Cloud Native Computing Foundation to give them more firepower than “us by ourselves.” 

Now, between her startup and Lightstep, she heard more and more about open source. She was drawn to the value placed on creation and collaboration. 

Evolving to Cloud Native

Priyanka attributes the growth of cloud native to the fact that the core group welcomed everyone. You can see that in person at KubeCon + CloudNativeCon, the largest open source events in the world. She recalls how nervous she was going to her first Kube Con, feeling out of her element, but as soon as she walked through the doors, everyone was so welcoming and inclusive. 

Dan Kohn built CNCF into one of the most successful open source foundations in the world in large part because it was built on being an open and welcoming community. Priyanka recalls, “Dan baked DEI into everything at CNCF from day one. . . He set the example and put it into the structure.” 

Priyanka felt welcomed into the community and began asking for opportunities to participate. Sometimes the answer was yes, sometimes it was no thank you. But she still felt she had the support of the community. She had a sense of belonging for the first time in her career. 

In 2018, she joined GitLab as director of technical evangelism, where she formed the technical thought leadership team. She was also in charge of cloud native alliances. At the urging of her boss at GitLab, she put her name forward to be elected to the CNCF Board of Directors. 

While on the CNCF Board, she was energized by several other women on the Board. She said they set the bar high with a focus on the project’s good at all times. 

Fast forward. Now, Priyanka is the general manager of the CNCF, leading one of open source’s largest and most effective foundations. 

Seeking More Insight

You can listen to the full episode with her story on the Untold Stories of Open Source podcast and hear about the power of the CNCF community and its impact. 

The Untold Stories of Open Source is a new podcast from the Linux Foundation to share the stories behind those in open source. Take time to listen to all of the episodes and let us know what you think (or if you have suggestions of stories to be told). Look for the formal launch at Open Source Summit North America and OpenSSF Day on June 20, 2022. 

There are thousands of incredible open source stories to share and we’re looking forward to bringing more of them your way.  If you like what you hear, we encourage you to add the series to your playlist.  

For those seeking even more open source stories from across the Linux Foundation and the communities we serve, you might start with some of the other storytelling pioneers including: Open Source Stories, , FinOpsPod, I am a Mainframer, and The Changelog.  As we grow deeper roots in the podcasting arena, we’ll introduce more news about a network of open source podcasts.

Have even more time? Feedspot recently covered an additional 40 Open Source Podcasts worth listening to on your morning walk or commute home from the office.

The post Untold Stories of Open Source: Priyanka Sharma appeared first on Linux Foundation.

A Guide to Enterprise Open Source: Why Your Organization Needs It Now

There are some universal truths about open source software (OSS). It has revolutionized our world and become the foundation of our digital society, the backbone of our digital economy, and the basis of our digital existence. Every household and enterprise brand name in technology is built upon it, whether that name is Alexa or Android, Azure, or AWS. 

Open source software has played a significant part in everything from the internet and mobile apps we use every day to operating systems and programming languages used to construct the future. Even the systems we traditionally think of as being closed, such as Microsoft Windows and Apple’s Mac and iPhone, are developed using open source software.

Just as a powerful current drives the arteries of a river, open source software is the force that propels our digital economy and allows for scientific and technological advancements that benefit our lives. 

But only a few decades ago, few people had even heard of open source software, and it was limited to a small group of enthusiastic devotees. Yet the concept of free and open source software (FOSS) has been around a long time, going back to the early days of the user communities for IBM mainframes and academic institutions. FOSS is software that anyone can use, study, modify, and distribute without restriction. The term “open source” was coined to describe this type of software, and the concept was formalized with the launch of the Open Source Initiative (OSI) in 1998.

Organizations involved in building products or services involving software, regardless of their specific industry or sector, are likely to adopt OSS and contribute to open source projects deemed critical to their products and services. Organizations are creating open source program offices (OSPOs) to manage their open source activities, from adopting OSS and compliance with applicable licenses to participating in open standards and foundations. 

Many new industries and thousands of businesses have joined the open source revolution. Those organizations that chose a deliberate OSS strategy, incorporating best practices,  methods, and engineering processes, emerged as leaders in their industries or verticals for open source initiatives.

And yet, many organizations have not embraced open source at all. Some see it as a risky undertaking, lacking a strategy to move forward, needing pathways to see the value proposition of free and open source software, and requiring migration from a risk point of view to a value point of view. In addition to challenges with open source consumption, many organizations prohibit their employees from open source contributions either on their behalf or personally in the employee’s spare time.

To help guide organizations through their own open source journeys, Ibrahim Haddad, Ph.D., Executive Director of LF AI & Data, has written a report that offers a practical and systematic approach to establishing an OSS strategy, which includes developing an implementation plan and accelerating an organization’s open source efforts. 

The past two decades have been critical for open source software in enterprise engagement and adoption. The challenge for organizations is their transition from ad hoc and incidental adoption to open source value delivered back to the business using a strategic and planned methodology. This report delivers on the promise of helping enterprises establish an open source strategy, develop and execute an implementation plan, and accelerate their open source efforts to support their business goals. 

Ibrahim Haddad, Ph.D.

This research is a collection of learnings and best practices that Dr. Haddad has developed, collaborating with the LF AI & Data community members who have pursued their own open source journeys for years.

Effective organizations have guided their open source usage through strategy, honed over time with communities such as LF AI & Data and the TODO Group to guide their ongoing use of OSS and their engagement with the open source ecosystem.

This report helps to address the fears of transitioning to open source and explore the many opportunities it offers by covering the following topics:

The business case for open source softwareHow to develop an open source strategyCreating an open source program officeImplementing an open source strategyMeasuring success with open sourceBest practices for organizational involvement in open source projects

The post A Guide to Enterprise Open Source: Why Your Organization Needs It Now appeared first on Linux Foundation.