Open source fuels the world’s innovation, yet building impactful, innovative, high-quality, and secure software at scale can be challenging when meeting the growing requirements of open source communities. Over the past two decades, we have learned that ecosystem building is complex. A solution was needed to help communities manage themselves with the proper toolsets in key functional domains.

From infrastructure to legal and compliance, from code security to marketing, our experience in project governance among communities within the Linux Foundation has accumulated years of expertise and proven best practices. As a result, we have spent the year productizing the LFX Platform, a suite of tools engineered to grow and sustain and grow the communities of today and build the communities of tomorrow. 

LFX: The Open Source Community Management Toolsuite for Continued Growth

The LFX Platform tools provide our members and projects with tools to support every stage of an open source project, from funding to community management to application security. LFX is built to support the needs of all community participants; maintainers, contributors, community managers, security professionals, marketers, and more.

Open source communities need access to better tools to scale. Developers need to be able to make effective code contributions, scan for security vulnerabilities, and deploy. Community managers need to facilitate meetings, host meet-ups online or in-person, support governing boards, and decide on proper governance structures. Project leadership needs to be responsive, provide support, engage in training, and promote their latest developments. 

We aim to help reduce the complexity of building and managing open source ecosystems by delivering a new platform that brings people, information, tools, and supporting programs together.

We want to invite you to explore LFX. First, create your LFID needed to login. Then jump into experiencing LFX elements such as your Individual Dashboard, Mentorship, EasyCLA, Insights, or Security. The LFX platform provides open source communities the following areas of key functionality:

LFX Platform: New Features and Capabilities

Global Trends and Compare Projects capabilities extend LFX insights with new reports and enable community members to easily answer common questions about their open source ecosystem or quickly compare open source communities to identify and drive best practices.

Security Vulnerabilities and Code Secrets Scanning, with Remediation powered by Snyk and BluBracket, is now available in LFX Security. Enabling communities to automatically scan code and detect potential vulnerabilities or exposed code secrets then recommend fixes to remediate the identified issues.

Non-Inclusive Language Detection is now a part of LFX Security through integration with BluBracket, enabling the identification and elimination of non-inclusive language to attract and retain more participants and deliver on the power and promise of more diverse and inclusive open source communities.

Tool Highlight: LFX Security

The world’s most critical infrastructure is built on open source, and therefore the security of open source software is essential. LFX Security builds on the Core Infrastructure Initiative and the Open Source Security Foundation and years of learned security best practices to provide communities with the capabilities required to secure their code continuously. LFX Security is powered by integrations with leading security vendors and supports existing tools and languages.

Automatic vulnerability scanning, with recommended fixes and inline remediationRisk analysis with intuitive and informative scoring Automatic detection of potential code secretsIdentification of non-inclusive language in code 

Learn more about LFX Security at lfx.dev/tools/security

Tool Highlight: LFX Insights

Successful open source communities require effective management of everything from code quality and build to collaboration and marketing. But to manage them effectively, data has to be gathered across disparate repositories, tools, and activities. LFX Insights integrates data from source code repositories to issue trackers, social media platforms to mailing lists and contextualizes projects, project groups, or the entire Linux Foundation ecosystem.

Learn more about LFX Insights at lfx.dev/tools/insights

The LFX platform is designed to address these issues and more. LFX aggregates dozens of data sources and commonly used management. It provides visualization tools with an added layer of intelligence to reveal best practices for numerous open source stakeholders, including developers, project leaders, open source program offices, legal, operations, and even marketing. 

LFX is a suite of elements engineered to grow and sustain and grow the communities of today and build the communities of tomorrow. By automating and consolidating many of the most critical activities needed by open source projects and stakeholders, we hope to reduce complexities that sometimes hinder innovation and progress. 

The LFX platform provides our members and project with tools to support every stage of an open source project. As we head into 2022, we plan to release even more functionality to support our growing community.

Create your LFID and Explore LFX at lfx.linuxfoundation.org

The post LFX Platform: An Update on Growing and Sustaining Open Source appeared first on Linux Foundation.

In 2021 the Linux Foundation (“LF”) emerged from the worst pandemic in a century and embraced new horizons. The collaborative activities in our project communities weathered the COVID-19 crisis exceptionally well, and many communities are now pushing forward with a renewed sense of purpose. 

Our organization’s namesake project, the Linux kernel, has celebrated an amazing milestone: its 30th birthday. Over the years, more than 55,000 people have contributed code to improve Linux, and today, Linux can be found everywhere. Over 5.4 billion people rely on Linux as it powers the vast majority of smartphones, the world’s largest cloud environments, and the world’s fastest computers. It’s also assisting in scientific discovery on Mars. After three decades of development, the project continues to ship new code, features, and performance enhancements. 

While our community continues to accelerate innovation in software development, the rising tide of cybersecurity threats has planted itself firmly on our shores. We all rely on software supply chains that are constantly under attack by an increasingly sophisticated adversary, causing us to reflect on our role and responsibility in securing the world’s critical technology infrastructure. 

In 2021 we saw much progress in our quest to “harden” the software supply chain. The Software Package Data Exchange® (SPDX®) community received formal recognition as an international ISO/IEC standard (5962:2021), making it easier for organizations to require a Software Bill of Materials (SBOM) with suppliers and customers. This came on the heels of OpenChain receiving ISO/IEC approval as an international standard (5230:2020) for open source licensing compliance. We also saw new collaborations emerge this year, like sigstore, which is on its way to becoming a de facto standard for signing packages and digital artifacts used throughout a supply chain.

The Open Source Security Foundation (OpenSSF), launched in August 2020, brought together a community of experts focused on software supply chain security challenges. This community had an amazing start publishing guidance for best practices (e.g., badges and scorecards), creating new tools and frameworks (e.g., SLSA), establishing and collecting metrics, developing free, globally accessible training materials, and publishing research, such as the findings of its FOSS Contributor Survey in collaboration with Harvard’s Laboratory for Innovation Science. 

Our members responded to the progress by doubling down and making significant additional investments in OpenSSF as a vehicle for solving the world’s supply chain security challenges. In October, we announced that the Linux Foundation and OpenSSF raised over $10 million to invest in leadership and initiatives, boldly aspiring to impact supply chain security dramatically. The LF could not have done this without significant support from our members, including OpenSSF’s premier members 1Password, AWS, Cisco, Citi, Dell Technologies, Ericsson, Meta, Fidelity, GitHub, Google, Huawei, Intel, IBM, JP Morgan Chase, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk, and VMWare.

The importance of open source in the world’s cybersecurity efforts highlights its importance to our modern society. As new organizations, new industries, and policymakers have approached the LF for guidance on open source, we recognize there is a need for modern insights into why and how open collaboration works. There is a need to understand the dynamics of communities, where and how value is derived, and the intersection of supply chains and open source collaboration. To that end, this year, we launched Linux Foundation Research to explore the role of open source software, standards, and communities as a framework for mass innovation, collaboration, and problem-solving. 

Research into important topics such as cybersecurity and SBOM readiness is already underway, along with project-specific insights sought by our project communities. We think this investment will provide actionable data and insights supporting more informed decision-making across technology and industry ecosystems. Finally, while most research organizations hoard data privately, our research approach has an open flair — we’re making all non-personally identifiable data available under the Community Data License Agreement — Permissive, Version 2.0, a revised data-sharing framework our legal community worked to release this year.

Having a research capability also provides new opportunities to more deeply explore challenges and opportunities in community collaboration. For example, this year LF Research partnered with AWS, CHAOSS, Comcast, Fujitsu, GitHub, GitLab, Hitachi, Huawei, Intel, NEC, Panasonic, Renesas, Panasonic, Red Hat, and VMware to examine the state of diversity, equity, and inclusion (DEI) in open source communities. To nurture and grow open source, we need to understand better how DEI is practiced and encouraged in open source communities. We hope this research will also support other collaborative efforts supporting DEI goals, such as the Inclusive Naming Initiative, the Software Developer Diversity and Inclusion Project (SDDI), Fair Change, and Open Sentencing.

And with our industry partners, such as Microsoft and Accenture, we’ve launched several new projects and foundations that are meaningful to humanity. The Green Software Foundation seeks to add sustainability to software engineering efforts. The AgStack Foundation, launched in May 2021, is building an open source digital infrastructure for agriculture to accelerate that industry’s digital transformation and address climate change.

While open source drove innovation across the technology landscape, it also saw acceleration within industry verticals. The LF helped launch several new collaborations focused on driving 5G and telecommunications, including the 5G Super Blueprint, a partnership with Next Generation Mobile Network Alliance (NGMN), Magma Foundation, and the new Mobile Native Foundation. Our members also expanded open source innovation in the media and entertainment industry with the launch of Open 3D Engine (O3DE), a new open source AAA 3D engine for gaming, simulation, and storytelling. The O3DE ecosystem complements our existing Academy Software Foundation (ASWF). ASWF’s community added a new project for shading materials in graphics this year called MarterialX. Moviegoers may have experienced the effects of this project in Star Wars: The Force Awakens.

Our project communities’ ambitions often lead to a focus on building communities. We’ve seen many experts continue to collaborate on community engagement in the highly active TODO Group. However, there comes a time when our communities need tools to help scale and support their growth. In 2020, the LF embarked on a journey with key community leaders to build tools that enable those leaders and others to better understand and more effectively engage with a project community. The results of these investments are now starting to roll out as the LFX platform. I’d like to thank all those in our community who provided feedback, guidance, suggestions, and sometimes the raw critiques we needed to build something better. 

We started with tools we knew would make maintainers more efficient on tasks they really did not want to spend time on, such as processing Contributor License Agreements (CLAs) electronically in EasyCLA. Many maintainers were also interested in understanding their community dynamics leading to the creation of LFX Insights, which aggregates, analyzes, and contextualizes data across all of a community’s repositories, communication channels, and contributors. Conversations about community health led to requests for tools to recruit and engage new project participants, particularly from diverse sources, and LFX Mentorship was born. Once engineers on our projects saw what LFX could do, they requested additional capabilities to configure and manage their projects. LFX Project Control Center now promises to enable engineers to provision and configure resources online in minutes with API-driven automation for common open source project tasks such as provisioning new cloud resources, managing DNS, and more. 

The LF also heard the needs of our corporate members to have better visibility into how their organization is engaged in our communities. We’ve developed the LFX MyOrg tool to help corporate managers get a better view across their organization’s participation, find paths to collaborating in projects, exercise the benefits available to them as members, and more — all from a single system. All of these tools are now available to our communities and members through lfx.linuxfoundation.org.

Many of our members have been faced with a skills shortage. The LF’s 2021 Jobs Report, released in October with edX, shows trained and certified open source professionals, particularly with cloud and container expertise, are in high demand and are in short supply. Such data points highlight the need to train people and enable new opportunities to grow their careers in open source. Our training and certification efforts continued to gain steam this year. Over 68,00 individuals registered for new certifications in the past year, a 50% increase over 2020, while 2 million people enrolled in the LF’s free training courses. 

And finally, I’ll wrap up by saying we sincerely missed seeing our communities in person. The last two years have been difficult — to harrowing — for many suffering from the lingering pandemic. However, this year we have seen hope on the horizon. We produced dozens of successful virtual conferences throughout 2021, but the feedback was clear: people wanted to meet in person again. Our events team did a thorough job researching and soliciting advice from experts and public health authorities. That preparation enabled us to welcome our communities back together, in-person, this fall at events like Open Source Summit in Seattle, Open Source Strategy Forum and OSPOCon Europe in London, and KubeCon+CloudNativeCon North America in Los Angeles, the latter of which gathered over 3,000 community members in person. These events would not have been possible without our commitment to attendee safety by requiring vaccinations and using vaccine verification technologies, diligent on-site health checks, and strict enforcement of the use of masks and social distancing protocols. With borders opening up shortly, we are ecstatic to see even more of our community, live and in-person, again in 2022.

On behalf of the entire Linux Foundation team, I congratulate our communities for their exceptional outcomes under another extraordinarily challenging year and wish all of you a happy and prosperous 2022, when I hope we get to see you in person once again.

Jim Zemlin
Executive Director,
The Linux Foundation

These efforts are made possible by our members. To learn how your organization can get involved with the Linux Foundation, click here.

The post A 2021 Linux Foundation Update from the‭ ‬Executive Director appeared first on Linux Foundation.