Community debuts Developer Badge Program to recognize, reward  developer contributions as it begins plans for Spring 2022 release, codenamed ‘Kamakura’

SAN FRANCISCO – December 1, 2021 – EdgeX Foundry, a Linux Foundation project under the  LF Edge project umbrella, today announced the release of version 2.1 of EdgeX, codenamed ‘Jakarta.’  The project’s ninth release, it follows the recent Ireland release, which was the project’s second major release (version 2.0). Jakarta is significant in that it is EdgeX’s first release to offer long term support (LTS). 

Long Term Support

“Only a few open-source projects offer long term support; the rapid change of open source projects and the effort needed to LTS is significant,” said Arpit Joshipura, general manager, Networking, Edge and IoT, at the Linux Foundation. “By including LTS, EdgeX demonstrates it understands the needs of the operational technology (OT) user base, and how products in this space must work and operate over longer periods of time than traditional IT solutions,” said Arpit Joshipura. “This is a big milestone for any open source community, and we are incredibly proud of EdgeX Foundry for this achievement.”

“Our Jakarta release is a stabilization release,” said Jim White, the EdgeX Foundry Technical Steering Committee  (TSC) Chairman and co-founder of the project.  “As such, it is our project community’s pledge to adopters that EdgeX offers you a stable version of the platform that you can expect the community to stand behind and support for a period of two years.  We stand with you in support of EdgeX in real world, commercial deployments of the platform.”

 The EdgeX long term support policy states that the community will work as quickly as possible and give “best effort and development priority to fix major flaws as soon as possible.”  Major flaws by the project are defined as 

bugs causing the system or service to crash and where there is no work around for the functionbugs for a feature/function that does not work and there is no work around for the functiona security issue deemed a critical or high-level CVE (per CVSS)

The project has further stipulated in its LTS policy that “no new major functionality (at the discretion of the TSC) will be added” to the LTS version after the release happens.

More information about the Jakarta release, including a list of new features, can be found here: https://wiki.edgexfoundry.org/display/FA/Jakarta. 

EdgeX Developer Badge Program

As a part of this release cycle, EdgeX  also announced a new EdgeX Developer Badge program.  EdgeX has created the Developer Badge program to thank those making initial impacts to the project by providing  something that they can use to highlight their efforts and volunteerism on social media platforms.   Contributors have started receiving an official digital badge (award through Credly) when 

they make their first contribution (their first GitHub Pull Request is accepted by the project and merged into one of the project’s code repositories)they fix two documented bugs of the project

Additional badges for other work may be awarded by the community in the future.

Kamakura Release – Spring 2022

The next EdgeX release, codenamed “Kamakura,” is set for Spring 2022.  The community has held its semi-annual planning session to lay out the goals and objectives of this release.  Kamakura is likely to be another dot-release that will again be backward compatible with all EdgeX 2.x releases (Ireland and Jakarta).  Major additions currently under consideration and being developed by the community include:

Initial north to south message bus.  Improved security secrets seeding and allowing for delayed service starts.Metrics collection. .Dynamic device profiles.  Better (native) Windows supportImprove testing – including real hardware testingA second version release of the EdgeX Command Line Interface (CLI) which,  compatible with EdgeX v2.x.

 Learn more about this release on the project’s Wiki site.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open-source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

 ###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds. 

The post EdgeX Foundry Announces Jakarta, the Project’s First Long Term Support Release appeared first on Linux Foundation.

Attackers are increasingly targeting software supply chains (the processes, repositories, and toolchains used for developing and delivering software). The European Union Agency for Cybersecurity, ENISA, estimated in “Threat Landscape for Supply Chain Attacks” that there would be four times as many software supply chain attacks in 2021 as compared to 2020. The report states due to “…more robust security protection that [many] organizations have put in place [today], attackers successfully shifted towards suppliers.”

Governments around the world have noted and responded to this growing risk to the software supply chain. In May 2021, the US released an Executive Order on Improving the Nation’s Cybersecurity to enhance software supply chain security, including providing software purchasers with a Software Bill of Materials (SBOM). Similar efforts are underway around the world.

In 2021, our communities rose to the challenge of providing tools and best practices for the security hardening of the global software supply chains. Our efforts included launching Open Source Security Foundation (OpenSSF) as a funded project, expanding Let’s Encrypt — the world’s largest certificate authority, ensuring the ISO standardization of SPDX as the SBOM standard, directing funds to identify and fix vulnerabilities in critical open source software, and building new training curriculum to improve secure coding practices.

Community Highlight: OpenSSF

The Open Source Security Foundation (OpenSSF) was elevated to a funded project at the LF in October 2021. The OpenSSF is a cross-industry collaboration that brings together leaders to improve the security of open source software (OSS) by building a broader community, targeted initiatives, and best practices. The OpenSSF premier members include: 1Password, AWS, Cisco, Citi, Dell Technologies, Ericsson, Facebook, Fidelity, GitHub, Google, Huawei, Intel, IBM, JP Morgan Chase, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk, and VMWare.

The OpenSSF began many initiatives in 2021, including:

Security Scorecard: automatically assesses many security-related heuristics to help estimate project securityAllstar: an automated tool to enforce some security policiesSecurity Reviews: collects security reviews of OSSSecurity Metrics Dashboard: provides easy access to security metrics/info about OSS projectsOSS Vulnerability Guide: a guide to coordinated vulnerability disclosure for open source software projectsOpen Source Vulnerability (OSV) SchemaSupply-Chain Levels for Software Artifacts (SLSA): security framework for software security and supply chain integrityPackage Feeds / Package Analysis: analyzes uploaded packages to identify potentially malicious ones

The OpenSSF also continued to refine its existing work, including its free courses on how to develop secure software (over 4,000 registrants combined) and the CII Best Practices Badge Program (over 4,000 participating projects and over 600 passing projects). 

Shepherding Software Standards

The Linux Foundation strongly supports efforts to build and drive the adoption of open source standards and infrastructure. These efforts include:

SPDX — an international standard for representing the metadata for SBOMs (ISO/IEC 5962)OpenChain — a standardized process management approach to identify inbound, internal, and outbound open software. It is primarily designed for compliance and has clear secondary use cases in security ( ISO 5230) Compliance tooling from Automating Compliance Tooling (ACT) projects (including OSS Review Toolkit, FOSSology, Tern), and the OpenChain reference workflow, being extended to add new use cases. Training on software transparency topics, including “Generating an SBOM“

Establishing Projects and Conferences to Improve Security

In addition to the projects listed earlier, the LF funds various projects to improve open source security. Some notables among them include:

sigstore — development work on this technology suite to enable developers to sign software artifacts securely. Signing materials are stored in a tamper-resistant public log. (The project is managed by Google, Red Hat, and Purdue University)Alpine Linux — vulnerability processing for this security-oriented, lightweight Linux distribution.Alpine Linux, Arch Linux — reproducible builds for these two Linux distributions.OpenSSH, RPKI — development of infrastructure “plumbing” Clang, Linux kernel — compiling Linux kernel with clang and fix warnings found during the compiling processLinux kernel — security audits for signing/key management policies and vulnerability reporting modules, respectively)

The LF also fostered approaches to discuss and address supply chain attacks online and in virtual venues, including Building Cybersecurity into the Software Supply Chain Town Hall and SupplyChainSecurityCon.

Community Highlight: Internet Security Research Group ‬

Let’s Encrypt provides the digital infrastructure for a more secure and privacy-respecting Internet. It operates the world’s largest certificate authority, securing traffic for more than 250 million websites.

In late 2020, ISRG launched Prossimo, a project whose goal is to move the Internet’s security-sensitive software infrastructure to memory-safe code. Many of the most critical software vulnerabilities are memory safety issues in C and C++ code. While deploying fuzzing, static analysis, and code reviews can catch vulnerabilities, such mitigations do not eliminate all risks. Moreover, these security mitigation tactics consume considerable resources on an ongoing basis. In contrast, using memory-safe languages eliminates the entire class of issues. This year, Prossimo worked with Linux kernel, cURL, and Apache maintainers to introduce new memory-safe code to these critical, widely-used pieces of software.

ISRG’s latest project effort, Prio, is to operate a privacy-preserving metrics service. Prio uses a system that enables the collection of aggregate statistics such as application metrics. Apple and Google’s Covid-19 Exposure Notification Express app uses this service. ISRG Prio has processed over two billion metrics and is helping operators optimize the user experience based on aggregate, privacy-respecting telemetry metrics.

These standardization efforts are made possible by the OpenSSF, the SPDX and OpenChain projects, and the ISRG.

To learn more about and get involved with OpenSSF, click here

To learn more about and get involved with the ISRG, click here

To learn more about the SPDX SBOM standard, click here

To learn more about the OpenChain standard, click here

The post Linux Foundation: Defending the Global Software Supply Chain from Cyberattacks in 2021 appeared first on Linux Foundation.

Formerly Singularity, the newly named Apptainer project delivers a feature set that supports both application and microservice use cases

SAN FRANCISCO, Calif.,  — November 30, 2021— The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it will host the Apptainer project. Formerly the Singularity project, Apptainer is the most widely used container system for High-Performance (HPC) computing and is one of the container systems uniquely suited for both enterprise and HPC use cases. It is designed to execute applications at bare-metal performance while being secure, portable and completely reproducible.

“The Apptainer project has had massive growth and needs a neutral home with proven open source governance to support its next development and adoption phase,” said Gregory Kurtzer, CEO of CIQ and Founder and Project Lead of Singularity/Apptainer. “The Linux Foundation is the natural host for Apptainer, where it can also collaborate with the Cloud Native Computing Foundation, Open Container Initiative, OpenHPC and other projects to expand its ecosystem.”

The HPC community for many years has been isolated from the enterprise and cloud sectors of

the ecosystem, but those barriers are starting to come down. HPC consumers are looking to

modernize and take advantage of enterprise tech and enterprises are looking to make use of

decades of optimizations in performance and parallelization through use-cases like Artificial

Intelligence (AI), Machine Learning (ML) and compute- and data-driven analytics.

“The Apptainer project is at a pivotal moment in its growth and evolution,” said Mike Dolan,

senior vice president and general manager of projects at the Linux Foundation. “We look

forward to supporting this community and enabling cross collaboration with even more open

source developers and technologists to expand its ecosystem of contributors.”

Apptainer features include: public/private key signing of containers; Docker- and

OCI-compatible; container encryption and integration with Vault and other management

platforms; single-file SIF executable container format; runs “rootless” and prohibits privilege

escalation within the container; and supports GPU, FPGA, high-speed networks and

filesystems, among others.

For more information about Apptainer, please visit: http://www.apptainer.org

Supporting Comments

“For an open source project to be healthy, there needs to be a clear separation between the project and commercial support options.  Both are critical, and I see this move as a step in the right direction to ensure commercial viability and a healthy community,” said Brent Gorda, HPC veteran.

AMD

“The Apptainer project has been an important step for containerization in high performance computing, driving an open-source platform that allows users to run complex applications on HPC clusters in a simple, portable, and reproducible way. We’re excited to see the Singularity project rebranded as the Apptainer project under The Linux Foundation and continue to provide the HPC community access to open-source container software that’s critical for HPC,” said Brock Taylor, Global HPC Solutions Director, AMD.

Berkeley Lab

“As the founding organization, we are thrilled that Singularity[1] has experienced such broad adoption in HPC, and we are really looking forward to seeing its maturing to the next level now,” said Gary Jung, Scientific Computing Group Lead at LBNL. “The time has never been better to move this technology to the Linux Foundation, where both the HPC and Enterprise communities can collaborate and build this container system for the future.”

Fermilab

“The health of Apptainer as an open source project is of vital importance to the High Energy Physics community and the OSG consortium which both use Apptainer in their High Throughput Computing and High Performance Computing every day to advance their science missions. The CIO of Fermilab and the OSG executive team endorse this move of the Apptainer open source project to Linux Foundation hosting and expect it to help ensure the long term health of the project,” said Dave Dykstra, Fermilab.

HPCNow!

“For a global HPC consulting company like HPCNow!, moving Apptainer to a Linux Foundation project not only represents another massive step in maturity level but also ensures the future of this extraordinary technology. The evolution of Apptainer is extremely important for our clients, who widely adopted this strategic software to guarantee portability, long-term reproducibility, and performance,” said Jordi Blasco, CTO at HPCNow.

Intel

“Intel is a long supporter of the power of open source to unite and accelerate ecosystems.  As a user of Apptainer, we strongly support the contribution of Apptainer to the Linux Foundation and look forward to seeing the communities’ engagement in driving this project forward,” said Sanjiv Shah, Vice President – Software and Advanced Technology Group, General Manager of Developer Software Engineering.

Sandia National Laboratories

“Apptainer can support scalable containers on HPC and Cloud infrastructure, so its move to the Linux Foundation is both exciting and a natural evolution of this important technology,” said Andrew Younge from Sandia National Laboratories. “We’re looking forward to continuing to work with the project and participating in the growing community at the Linux Foundation.”

About the Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 1,800 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, Hyperledger, RISC-V, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contacts

Jennifer Cloer

503-867-2304

jennifer@storychangesculture.com

[1] Singularity is the former name of the Apptainer project.

The post New Linux Foundation Project Accelerates Collaboration on Container Systems Between Enterprise and High-Performance Computing Environments appeared first on Linux Foundation.

QIR Alliance is part of the Linux Foundation’s Joint Development Foundation work on open standards

SAN FRANCISCO, November 30, 2021 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the new QIR Alliance, a joint effort to establish an intermediate representation with the goal to facilitate interoperability within the quantum ecosystem and provide a representation suitable for current and future heterogenous quantum processors. Founding members include Honeywell, Microsoft, Oak Ridge National Laboratory, Quantum Circuits Inc. and Rigetti Computing. 

QIR, or Quantum Intermediate Representation, is based on the popular open source LLVM compiler toolchain. QIR specifies a set of rules for representing quantum programs within the LLVM IR. Examples of QIR applications include using the standard LLVM infrastructure to write quantum optimizers that operate on QIR and target it to specific hardware backends or linking it with classical high performance libraries for quantum simulation.

“We expect there to be exciting advances in how classical and quantum computations can interact at the hardware level. The QIR Alliance will provide a single representation that can be used for both today’s restricted capabilities and the more powerful systems of the future,” said Bettina Heim, principal software engineering manager, Microsoft. “This will allow the community to experiment with and develop optimizations and code transformations that work in a variety of use cases.”

Quantum development SDKs and languages appear and evolve at a fast pace, along with new quantum processors with unique and distinct capabilities from each other. To provide interoperability between new languages and new hardware capabilities and reduce development effort from all parties, it is imperative for the ecosystem to develop and share a forward-looking intermediate representation that works with present and future quantum hardware.

“Quantum technology is still quite nascent but the promise grows every day,” said Seth Newberry, general manager of standards at Joint Development Foundation. “The QIR Alliance is poised to enable the open and technical development necessary to realize these promises. We’re very happy to provide a forum for this work.”

For more information, please visit: https://qir-alliance.org 

Member Quotes

Honeywell

“The Quantum-Intermediate Representation Alliance, also known as QIRA, is a key piece of the quantum computing ecosystem that enables quantum hardware suppliers and quantum software suppliers to reduce redundant efforts involved in implementing programming languages across quantum computer architectures,” said Alex Chernoguzov, Honeywell Quantum Chief Engineer, Honeywell.

Oak Ridge National Laboratory

“ORNL is thrilled to be a part of the Quantum Intermediate Representation Alliance, which aims to develop a unified LLVM-based intermediate representation for quantum computing. A consistent IR of quantum programs will enable interoperability between quantum applications and hardware devices, making quantum computing more usable to researchers and developers. We look forward to contributing to the QIR specification and the associated compiler toolchain under this partnership,” said Thien Nguyen, Quantum Computer Science Researcher, Oak Ridge National Laboratory.

Quantum Circuits Inc.

At QCI, we are very pleased to be participating in the QIR Alliance. The QIR approach represents a revolutionary advance in the representation of quantum circuits, enabling users to take full advantage of the unique capabilities of quantum computing systems across a variety of different hardware platforms,” said Tom Lubinski, Chief Software Architect of Quantum Circuits Inc.

Rigetti

“Rigetti has pioneered hybrid system architectures that are quickly becoming the predominant approach for cloud-based quantum computing” said David Rivas, SVP Systems & Services at Rigetti Computing. “The QIR Alliance is focusing on precisely the interface between quantum and classical compute, enabling rapid advances in quantum programming language design and execution systems. We’re thrilled to be working closely with this community to design the necessary compiler technology and develop implementations for Rigetti hardware.”

About Joint Development Foundation

Launched in 2015, the Joint Development Foundation (the Joint Development Foundation) is an independent non-profit organization that provides the corporate and legal infrastructure to enable groups to quickly establish and operate standards and source code development collaborations. More information about the Joint Development Foundation is available at http://www.jointdevelopment.org/.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page:  https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact

Jennifer Cloer

Story Changes Culture

503-867-2304

jennifer@storychangesculture.com

The post New Quantum Intermediate Representation Alliance Serves as Common Interface for Quantum Computing Development appeared first on Linux Foundation.