Open source software tools and services are often created quickly and out of necessity. Linus Torvalds, for example, created the first version of git in a weekend when the Linux kernel team could no longer use BitKeeper for Source Control Management. 

sigstore was created earlier this year to address the massive gap for an easy, trustable and efficient digital signing tool to confirm the provenance (origin) of software. Since March 2021 sigstore has been growing rapidly and is being used for various projects. This includes Kubernetes, one of the world’s largest open source projects.

But like Let’s Encrypt and the Linux Kernel, sigstore requires resources. Building the first version of the tool is different from bringing together resources to enable widespread adoption and support it for the long term. That’s why we’re excited to announce today that the project has received generous contributions from Chainguard, Cisco, HPE, Google, Red Hat and VMware to conduct an extensive security audit and hire a full-time developer relations engineer. 

The reality is that today the majority of software isn’t digitally signed. Without signatures, there’s little evidence of the software’s provenance,  so most software consumed is cryptographically untrusted. With sigstore, developers can digitally sign containers, artifacts, config-as-code, policy, and any given computer file. sigstore has the potential of becoming to digital signing what Let’s Encrypt is to HTTPS. 

“By working to eliminate the requirements for specialized skills in cryptography, sigstore is committed to establishing trust and transparency in the open source supply chain. Removing this exclusivity is key to increasing developers’ access to cryptographic signing and creating an open log for accountability. Red Hat is proud to support sigstore’s constant commitment to open source in the supply chain security space,” said Luke Hinds, Senior Principal Software Engineer, Red Hat.

For more information about sigstore, please visit: https://blog.sigstore.dev/

The post sigstore, the free digital signing service for open source supply chain security, gets additional support appeared first on Linux Foundation.

More than 40 companies commit to build open source ecosystem to enable next-generation architectures for microservices use cases

Napa Valley, Calif., Linux Foundation Membership Summit, November 2, 2021 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the NextArch Foundation. The new Foundation is a neutral home for open source developers and contributors to build next-generation architecture that can support compatibility between an increasing array of microservices.

Cloud-native computing, Artificial Intelligence (AI), the Internet of Things (IoT), Edge computing and much more have led businesses down a path of massive opportunity and transformation. According to market research, the global digital transformation market size was valued at USD 336.14 billion in 2020 and is expected to grow at a compound annual growth rate (CAGR) of 23.6 percent from 2021 to 2028. But a lack of intelligent, centralized architecture is preventing enterprises and the developers who are creating innovation based on these technologies to fully realize their potential.

“Developers today have to make what feel like impossible decisions among different technical infrastructures and the proper tool for a variety of problems,” said Jim Zemlin, Executive Director of the Linux Foundation. “Every tool brings learning costs and complexities that developers don’t have the time to navigate yet there’s the expectation that they keep up with accelerated development and innovation. NextArch Foundation will improve ease of use and reduce the cost for developers to drive the evolution of next-generation technology architectures.”

Next-generation architecture describes a variety of innovations in architecture, from data storage and heterogeneous hardware to engineering productivity, telecommunications and much more. Until now, there has been no ecosystem to address this massive challenge. NextArch will leverage infrastructure abstraction solutions through architecture and design and automate development, operations and project processes to increase the autonomy of development teams. Enterprises will gain easy to use and cost-effective tools to solve the problems of productization and commercialization in their digital transformation journey.

“NextArch Foundation understands that solving the biggest technology challenges of our time requires building an open source ecosystem and fostering collaboration,” said Mike Dolan, senior vice president and general manager of projects at Linux Foundation. “This is an important effort with a big mission and it can only be done in the open source community. We are happy to support this community and help build open governance practices that benefit developers throughout its ecosystem.”

“I am really excited to be involved with the NextArch Foundation in an advisory role. In the past five years, we’ve witnessed major advances in various technology domains such as cloud, artificial intelligence, IoT, AR/VR, quantum computing, serverless computing, and many more. These advances have produced enormous amounts of open source software assets. A core challenge is bridging all these technologies and software assets under a single next generation architecture that supports diverse computing environments and enables enterprise digital transformation. NextArch Foundation will be at the heart of this effort, building a community and enabling an ecosystem that brings together organizations and communities to address this challenge in an open environment,” said Dr. Ibrahim Haddad, Executive Director of LF AI & Data.

For more information about the NextArch Foundation or to contribute, please visit: nextarch.io

Supporting Comments

Aftership

“Congratulations on launching the NextArch Foundation! By being part of the NextArch Foundation, AfterShip hopes to build a next-generation technical architecture to better serve customers around the world,” said Xiaojun Hong, CTO of AfterShip.

Agora

“It is a great honor to be part of the NextArch Foundation and celebrate its launch! In recent years, we have continuously explored and practiced next-generation architecture technologies in the audio and video field, and have paid more attention to open source contributions. I am very pleased to see that NextArch Foundation has allowed open source architecture projects to have a platform for comprehensive development. I hope more developers can participate and jointly build a better and more open next-generation architecture open source ecosystem,” said Yue Feng, Co-founder & Technical VP of Agora.

Alauda

“The rise of cloud native technologies is shaping the future of enterprise IT. The plethora of technological innovations and architectural advancements are forming the basis of digitization strategies for modern organizations. We are delighted to see the formation of the NextArch Foundation. We believe it will foster a vibrant ecosystem of technologies, systems and processes that will help define the next generation of enterprise architecture. We look forward to contributing to this mission,” said Kai Chen, Co-founder & CTO of Alauda.

Ampere

 “Ampere is excited to participate in the launch of the NextArch Foundation, building upon the momentum started by the TARS Foundation, by collaborating and developing both technology and standards for the next generation of microservices,” said Mauri Whalen, Senior Vice President of Software Engineering at Ampere.

API7

“Congratulations on the launch of NextArch Foundation! I hope that with the support of the NextArch Foundation, more open source projects will continue to develop, build an active open source community, and create a prosperous open source ecosystem. At the same time, NextArch Foundation will help enterprises find architectural solutions faster, which will make great progress to the underlying infrastructure,” said Ming Wen, CEO of API7.

Arm

“As member of the Linux Foundation and the TARS Foundation, Arm is pleased to see the establishment of a neutral and non-profit NextArch Foundation that will help integrate upstream and downstream open-source technology resources, supporting the growth of heterogeneous SoCs for computing infrastructure,” said Frank Zou, VP of China GTM, Infrastructure Line of Business, Arm.

Baidu

“Congratulations on the launch of NextArch Foundation! Together with the NextArch Foundation, we hope to realize the technological revolution of the future-oriented next-generation microservices architecture and accelerate the cloud-native transformation of enterprise architecture,” said Ran Zheng, Outstanding R&D Architect of Baidu.

CAICT

“Congratulations to the establishment of NextArch Foundation! As an inevitable trend of enterprise, digital transformation has spawned numerous tools and tech, which impose challenges on developers when they need to utilize new tech. Under the current environment, we are glad to see NextArch Foundation working on the evolution of next-generation architect or to mitigate pressure on developers,” said Yili Chen, director of cloud computing research dept. CAICT.

CESI

“The next-generation architecture is the future development trend. The China Electronics Engineering Design Institute has always actively participated in and promoted the exploration of cutting-edge technologies. As early as 2019, it led the writing of the “Next Generation Cloud Computing White Paper” in conjunction with China’s leading cloud computing companies. Personally, I am glad to be able to launch the NextArch Foundation together with the Linux Foundation this time. In the future, we will jointly explore technology research, standards, evaluation, and industrialization services,” said Liyun Yang, Director of the Cloud Computing Research Office.

Coredge.io

“We are extremely delighted to be part of the NextArch Foundation initiative. This is a great initiative to take the software services delivery to next level and we assure our active contribution to growth of each and every aspect of NextArch Foundation and future innovations,” said Sagar Nangare, Coredge.io Director of Product Marketing and Growth.

DataCanvas

“It’s a great pleasure to be part of the effort to launch the NextArch Foundation. With fast rising demand from data science and real-time applications, it’s a defining moment of software architectural change in the coming decade. Millions of businesses are making decisions every day to upgrade their IT architecture to handle the sheer size workload during digital transformation, it’s still an uncertain process lacking a clear paradigm and guidance. We are very happy to see NextArch can stand up and unite leading organizations to face this challenge. NextArch will surely be an innovation center to help across the world and we are looking forward to engaging as an initial member,” said Lei Fang, Board Chairman of DataCanvas.

DCloud

“Congratulations on the creation of NextArch Foundation! I hope that NextArch Foundation can incubate more outstanding, open source cloud-native projects and help more companies accelerate their digital transformation,” said Hongbao Cui, CTO of DCloud.

DiDi

“Congratulations on the creation of the NextArch Foundation! We hope that the NextArch Foundation can help more users find solutions to the development of architecture in the current open source software and hardware more quickly, which will contribute enormous value to the open source community,” said Yi Yang, Open Source Committee Chair of DiDi.

Digital China

“Congratulations on the launch of NextArch Foundation and look forward to the cooperation with NextArch Foundation. We believe that can provide better services and solutions for the open-source ecological construction of customer introduction, channel expansion, technology and product innovation, technology accumulation, etc., and to accelerate the realization of the value of open-source technology in the client,” said Yang Shen, Vice President & CIO of Digital China Group.

Eolink

“Congratulations on the launch of NextArch Foundation! As a firm supporter of the API economy, Eolink sees the great value that API can provide for various technical architectures in the past and the foreseeable future. I hope that NextArch Foundation can help us quickly find the current best practices for open source software development. Together, we hope to help implement open source software and hardware in different fields by integrating with API economy,” said Haozhen Liu, CEO of Eolink.

GrowingIO

“Congratulations to the NextArch Foundation! We hope to contribute to the development of the open source ecosystem and open source trends with NextArch Foundation and other partners in the future. We believe participating in NextArch will cultivate open cooperation and empower decision-making processes,” said Dingding Ye, CTO of GrowingIO.

HarmonyCloud

“On behalf of HarmonyCloud, I would like to congratulate the launch of NextArch Foundation. In the future, we will jointly explore the best solution for the development of open source software and hardware architecture, and I look forward to creating more possibilities with the help of NextArch Foundation,” said Aoyu Wang, CEO of HarmonyCloud.

Huayou Tech

“In recent years, despite the COVID-19 pandemic, the support from cloud native, container, DevOps, microservices and other technologies has pushed forward digital transformation. In the face of a digital age, architecture technology will inevitably be upgraded, and the next generation of architecture technology will also emerge. The establishment of NextArch Foundation is in line with the trend and will surely lead the trend. Congratulations on the launch of NextArch Foundation!” said Tianguo Xiao, Co-founder & CEO of Huayou Tech.

JD

“We are honored to witness the birth of a legend. Congratulations on the launch of NextArch Foundation! As a company with a technological belief, we are in an unprecedented wave of technological change. We always believe that in the continuous evolution of the next-generation technology architecture, developer productivity engineering (DPE) and developer experience engineering (DXE) will become the mainstream consensus of the industry. Together with the open-source spirit, it will act as the source of power to develop future technical efficiency. I am delighted that this coincides with the vision of NextArch Foundation. We hope to work with NextArch Foundation to uphold the original intention of technology to change the world and jointly promote the implementation of enterprise digital transformation and the arrival of the data-driven intelligent era,” said Xuefeng Shi, Engineering Efficiency Expert of JD.

JiHu (GitLab)

“Congratulations on the establishment of the NextArch Foundation. JiHu (GitLab) is committed to promoting DevOps and the development of open source ecology based on the principle of core openness, which coincides with the philosophy of the NextArch Foundation. We hope that NextArch Foundation can flourish and JiHu (GitLab) will contribute its own strength,” said Sam Chen, CEO of JiHu (GitLab).

Kong

“Kong is proud to be part of this momentous launch of the NextArch Foundation. Multi-cloud is the future, and it’s exciting to see such a great set of collaborators coming together to make heterogeneous infrastructure more accessible to development teams,” said Michael Heap, Director of Developer Relations at Kong.

Mulan Community

“With the advent of the distributed cloud era, computing, storage, and data technologies must go through innovations. It is critical to have a forward-looking perspective of the next-generation technology architecture. Open source is the best way to promote technological development and the industrial ecosystem. Mulan Community is excited to work with the Linux Foundation to advance technological and industrial transformation and development,” said Hang Geng, Community Manager of Mulan Community.

Nanjing University

“Architecture determines value, and decentralization is the future. Overcoming the limitations of the next-generation software architecture and adapting to the architectural needs of the cloud era will help the development of the digital economy. As the first Chinese academic institution dedicated to comprehensive research, teaching and industrial cooperation between DevOps and cloud native, DevOps+ Research Laboratory of Nanjing University is willing to work with the Linux Foundation to explore the next generation of cloud native architecture and promote technological change,” said Zhang He, Director of DevOps+ Research Laboratory of Nanjing University.

OneFlow

“Congratulations on the launch of the NextArch Foundation! It is my great honor to witness the birth of such profound an effort. In the particular field of deep learning, we believe that only next generation architecture can address the unprecedented challenges of big data, and big computing. Furthermore, only through collaboration with the open source community can such next generation technology be developed. Looking forward to working together with NextArch foundation in the future,” said Jinhui Yuan, Founder of OneFlow Inc.

Ramanujan College, University of Delhi

“It is a great opportunity for Ramanujan College, University of Delhi to join as a member of the NextArch Foundation and participate in the open-source projects and the technical community. We are happy to be a part of this ecosystem,” said Vipin Rathi, Asst. Professor, Chairperson Hyperledger Telecom SIG.

SphereEx

“We are excited to see how many open source projects for enterprise digital transformation will develop with the help of the NextArch Foundation. SphereEx will continue to maintain a cooperative relationship with NextArch Foundation, realize the open source and open management concepts, and strive to build a new generation of technology architecture ecosystem with global collaboration,” said Liang Zhang, Co-founder and CEO of SphereEx.

SRS

“Congratulations! Tech changes the world, open source changes the tech. As one of video and live streaming open source projects, SRS makes it easy to build video platforms. There are lots of open source projects like FFmpeg, WebRTC, x264, libopus, gstreamer, SRS, etc, enabling the video developer to build large scale video products, for entertainment, online meeting, education, communication and cloud games,” said Winlin, Maintainer of SRS.

Stream Native

“Nowadays, the open source ecosystem is becoming more comprehensive, and the digital transformation of enterprises is the current trend. To meet the needs of today and the future, we should face the heterogeneous infrastructure and multi-cloud scenarios to jointly discuss the next-generation technical architecture. StreamNative is honored to participate in the NextArch Foundation and hopes that the Foundation will help more companies find solutions that meet the development of new open source software, hardware and software architectures, and help the industry’s digital transformation,” said Jia Zhai, Co-founder of StreamNative.

Swoole

“Congratulations on the creation of the NextArch Foundation! We look forward to the open source software solutions provided by the NextArch Foundation to help Chinese companies build a stable and reliable software service architecture, effectively improving R&D efficiency and reducing costs for companies,” said Tianfeng Han, CEO of Swoole.

TAL

“Congratulations on the launch of the NextArch Foundation. We hope that NextArch Foundation will connect different technology companies, like TAL, to create and build open source software and hardware technology and promote open source business development. The collaboration from NextArch will encourage the development of IT technology through open source and technological innovation!” said Mi Tian, CTO of TAL.

Tapdata

“NextArch Foundation is a very creative foundation. Today, open source software has become the mainstream, effectively combining excellent open source software to form an organic collaboration architecture that can provide more direct technical value for the overall solution of the enterprise. As a technical product focusing on the real-time data service track (Real Time DaaS), Tapdata will also actively embrace open source and contribute to the NextArch Foundation,” said Chairman of Tapdata Founder & CEO, MongoDB Chinese Community, Tang Jianfa.

Tencent

“Tencent is excited to join the NextArch Foundation, which focuses on next-generation technology architecture and future open source innovation under the Linux Foundation. It is clear that technological innovation worldwide has accelerated, thus requiring better heterogeneous and multi-cloud infrastructure. We hope to actively participate in the development of next generation architecture. Through the NextArch Foundation, we are confident to help more enterprises and industries to build the next-generation architecture optimal for business growth and a more comprehensive open source ecosystem,” said Mark Shan, Chairman of Tencent Open Source Alliance.

Tongcheng-Elong

“Congratulations on the launch of NextArch Foundation. I am honored to be a member of NextArch Foundation. With the continuous progress of technological innovation, it is an inevitable trend to develop the next-generation architectures. I hope that, with the support of NextArch Foundation, more and more developers will participate and work together to build a better next-generation open source ecosystem,” said Xiaobo Wang, CTO of LY.com.

VMware

“Congratulations on launching the NextArch Foundation! The mission and goals of NextArch Foundation are well aligned with our effort in OSS projects in areas such as cloud native for modern apps, blockchain, distributed edge/IoT, heterogeneous compute/storage/network and AI/ML accelerators. Look forward to more collaboration with the NextArch Foundation,” said Alan Ren, General Manager of VMware R&D China.

Unicom Digital Tech

“Unicom Digital Tech is fortunate to witness the establishment of NextArch Foundation, and hope that this organization can effectively promote the healthy and robust development of the national software industry, increase the company’s technical strength, and feedback the transformation of basic software and hardware and benefit everyone, said” Qiang Feng, Unicom Digital Tech.

Xiaomi

“Congratulations on the establishment of NextArch Foundation! I hope NextArch Foundation can help us find solutions to the development of hybrid cloud architecture more quickly, and help us develop the open source ecosystem suitable for the digital transformation of Xiaomi,” said Zuoyan Qin, Chairman of Xiaomi Open Source Committee.

XILE

“Congratulations on the launch of the NextArch Foundation! We hope that NextArch Foundation can lead us to release greater computing power, establish more efficient connections, and provide more secure services. Let’s build the next-generation internet together!” said Yu Cao, co-founder of XILE.

XSKY

“With the establishment of NextArch Foundation, next generation architecture is opening a new era in global development. Together with other members, XSKY will spare no effort to push forward the construction of a broader ecosystem. We aim to achieve a landing storage approach of high-availability and high-reliability for users with emerging architecture,” said Haomai Wang, CTO of XSKY.

Yashi

“Congratulations on the creation of NextArch Foundation! The open source movement requires more companies and individuals to participate extensively. Yashi looks forward to working with NextArch Foundation and contributing to the open source software architecture solutions,” said Qiangning Hong, CTO of Yashi.

YeePay

“Congratulations to the NextArch foundation! We hope to help YeePay build a strong digital trading service platform to serve global merchants through Inclusive and advanced technology,” said Wanlong Lu, Director of YeePay.

YunJi Tech

“The establishment of NextArch Foundation is a landmark event, which means that the industry unites and considers the future of converged infrastructure and digital transformation. Fortunately to be a TOC member, congratulations to NextArch,” said Wei Lou (Jet), Tech VP of Yunji Tech.

Zenlayer

“Companies increasingly require services that support their heterogeneous, resource-intensive edge deployments. Zenlayer is fully aligned with the NextArch Foundation’s vision of improving heterogeneous infrastructure design. The company enables the dynamic deployment of microservices between public and edge clouds, and among edge locations. This groundbreaking approach makes it easy to access critical resources on-demand, and from any location. Zenlayer is proud to be a founding member of the NextArch Foundation, and is committed to building the next generation of edge cloud,” said Joe Zhu, Zenlayer CEO and Founder.

360

“It is a great honor for 360 to join the NextArch Foundation, which focuses on next-generation architecture and future open source innovation within the Linux Foundation. With the further acceleration of global technological development and transformation, enterprise level hybrid cloud and multi-cloud heterogeneity will become the trend of infrastructure technology development. We see joining the NextArch Foundation as an opportunity to actively participate in the technological transformation of the next-generation architecture, jointly promote the evolution of the next-generation architecture technology. We look forward to promoting the sustainable development of the open source ecosystem along with other members,” said Wang Feng, Head of Basic Cloud Architecture, 360.

4Paradigm

“Congratulations! Glad to see the creation of NextArch Foundation. NextArch provides great initiative to inspire developers and contributors building outstanding architecture solutions. 4Paradigm looks forward to sharing architecture ideas based on Enterprise AI transformation experience, and contributing open source solutions to the NextArch community!”  said Zhao Zheng, VP of Engineering, 4Paradigm.

About the Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 1,800 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, Hyperledger, RISC-V and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contacts

Jennifer Cloer

503-867-2304

jennifer@storychangesculture.com

The post Linux Foundation Announces NextArch Foundation to Build Next-Generation Architecture that Supports Diverse Computing Environments appeared first on Linux Foundation.

Graviti leads community of developers and data scientists to create data standards and formats that enable contributions by anyone

Napa Valley, Calif., Linux Foundation Membership Summit, November 2, 2021 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the new Project OpenBytes spearheaded by Graviti. Project OpenBytes is dedicated to making open data more available and accessible through the creation of data standards and formats.

Edward Cui is the founder of Graviti and a former machine learning expert within Uber’s Advanced Technologies Group. “For a long time, scores of AI projects were held up by a general lack of high-quality data from real use cases,” Cui said. “Acquiring higher quality data is paramount if AI development is to progress. To accomplish that, an open data community built on collaboration and innovation is urgently needed. Graviti believes it’s our social responsibility to play our part.”

By creating an open data standard and format, Project OpenBytes can reduce data contributors’ liability risks. Dataset holders are often reluctant to share their datasets publicly due to their lack of knowledge on various data licenses. If data contributors understand their ownership of data is well protected and their data will not be misused, more open data becomes accessible.

Project OpenBytes will also create a standard format of data published, shared, and exchanged on its open platform. A unified format will help data contributors and consumers easily find the relevant data they need and make collaboration easier. These OpenBytes functions will make high-quality data more available and accessible, which is significantly valuable to the whole AI community and will save a large amount of monetary and labor resources on repetitive data collecting.

“Project OpenBytes and community will benefit all AI developers, both academic and professional and at both large and small enterprises, by enabling access to more high-quality open datasets and making AI deployment faster and easier,” said Mike Dolan, general manager and senior vice president of Projects at the Linux Foundation.

The largest tech companies have already realized the potential of open data and how it can lead to novel academic machine learning breakthroughs and generate significant business value. However, there isn’t a well-established open data community with neutral and transparent governance across various organizations in a collaborative effort. Under the governance of the Linux Foundation, OpenBytes aims to create data standards and formats, enable contributions of good-quality data and, more importantly, be governed in a collaborative and transparent way.

For more information, please visit ​​https://www.openbytes.io

Supporting Quotes

ElectrifAi

“As one of the earliest AI/ML companies in the U.S., ElectrifAi is happy to support the OpenBytes project. We believe OpenBytes will help in the sharing of trusted datasets and accelerate practical AI/ML to solve real business problems,” said Luming Wang, CTO, ElectrifAi.

Jina AI

“The future of software is being eaten by open source, as well as data-sharing. OpenByte’s announcement is a great signal for all developers on the accessibility of datasets. We are very excited to see standardized datasets available to a broader community, which will massively benefit AI engineers,” said Bing He, Co-founder & COO at Jina AI.

Motional

“Project OpenBytes will be essential to establish a vibrant open source dataset community. At Motional we are happy to contribute our freely available nuScenes and nuPlan datasets to this community. By standardizing datasets and licenses, we are making an important step towards interoperable machine learning systems and in particular safer autonomous vehicles,” said Holger Caesar, Data-Algorithms Team Lead at Motional.

Predibase

“At Predibase, we’re building the open source Ludwig AI project to make state-of-the-art deep learning accessible to everyone, but the biggest barrier to tackling more tasks has always been the lack of standards for training datasets over unstructured data like text and images. Project OpenBytes provides a common structure to unstructured data that makes it possible for low-code deep learning tools like Ludwig to automate a host of advanced computer vision, NLP, and other machine learning tasks that previously required bespoke solutions. I’m excited to see how the combination of OpenBytes and Ludwig can enable data scientists and ML engineers to spend less time figuring out how to stitch data and models together, and more time solving their business problems.”

Zilliz

“Data is crucial to the success of any Artificial Intelligence project. By sharing open datasets, Project OpenBytes will help more developers to understand, develop, and adopt AI/ML technologies. Project OpenBytes will be a fundamental component of the open-source AI ecosystem. At Zilliz, we are glad to participate and make contributions to this significant initiative,” said Jun Gu, Partner of Zilliz.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page:  https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact

Jennifer Cloer

Story Changes Culture

503-867-2304

jennifer@storychangesculture.com

The post Linux Foundation and Graviti Announce Project OpenBytes to Make Open Data More Accessible to All appeared first on Linux Foundation.

More than 720,000 technical contributors and 1,700 member companies have access to security metrics on the LFX platform; tens of millions of developers rely on projects hosted across the platform

Napa Valley, Calif., Linux Foundation Membership Summit, November 2, 2021 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it has enhanced its free LFX Security offering so open source projects can secure their code and reduce non-inclusive language.

The LFX platform hosts community tools for security, fundraising, community growth, project health, mentorship and more. It supports projects and empowers open source teams to write better, more secure code, drive engagement and grow sustainable ecosystems.

The LFX Security module now includes automatic scanning for secrets-in-code and non-inclusive language, adding to its existing comprehensive automated vulnerability detection capabilities. Software security firm BluBracket has contributed this functionality to open source software projects under LFX as part of its mission of making software safer and more secure. This functionality builds on contributions from leader in developer security, Snyk, now making LFX the leading vulnerability detection platform for the open source community.

The need for a community-supported and freely available code scanning is clear, especially in light of recent attacks on core software projects and recent the White House Executive Order calling for improved software supply chain security. LFX is the first and only community tool designed to make software projects of all kinds more secure and inclusive.

LFX Security now includes:

Vulnerabilities Detection: Detect vulnerabilities in open source components and dependencies and provide fixes and recommendations to those vulnerabilities. LFX tracks how many known vulnerabilities have been found in open source Projects, identifies if those vulnerabilities have been fixed in code commits and then reports on the number of fixes per project through an intuitive dashboard. Fixing known open source vulnerabilities in open source projects helps cleanse software supply chains at their source and greatly enhances the quality and security of code further downstream in development pipelines. Snykhas provided this functionality for the community and helped open source software projects remediate nearly 12,000 known security vulnerabilities in their code.

Code Secrets: Detect secrets-in-code such as passwords, credentials, keys and access tokens both pre- and post-commit. These secrets are used by hackers to gain entry into repositories and other important code infrastructure. BluBracket is the leading provider of secrets detection technology in the industry and has contributed these features to the Linux Foundation LFX community.

Non-Inclusive Language: Detect non-inclusive language used in project code, which is a barrier in creating a welcoming and inclusive community. BluBracket worked with the Inclusive Naming Initiative on this functionality.

“The enhancement of LFX Security builds on its extensive functionality in vulnerability detection to add critical support for secrets-in-code and non-inclusive language,” said Jim Zemlin, executive director of the Linux Foundation. “It’s up to all of us to secure our software supply chain, and we are grateful to Snyk and BluBracket for their significant contributions to the open source community.”

“Securing our software supply chain has become the most critical task facing the software industry. We believe the Linux Foundation’s LFX security project is the absolute best way for critical software projects to secure their code. BluBracket is thrilled to provide key functionality to LFX Security, including offensive language detection and secrets scanning. These features are crucial for projects to be both safe and inclusive. We know that LFX Security will greatly enhance our software supply chain’s security, and we look forward to working with the community to keep code safe,” said Prakash Linga, Founder and CEO of BluBracket.

“With fortifying our global software supply chain more crucial than ever, we’re happy to contribute our developer security expertise and continue our support of the crucial work of the Linux Foundation,” said Jill Wilkins, Senior Director, Global Technical Alliances, Snyk. “By leveraging the LFX Community Platform, we’re proud to be part of an important effort that will help millions of developers worldwide to innovate securely.”

LFX Security will be further scaled out in 2022 to help solve challenges for hundreds of thousands of critical open source projects under the Open Source Security Foundation at Linux Foundation. LFX Security is free and available for use today at https://lfx.linuxfoundation.org/tools/security/

About BluBracket

By empowering developers to prevent security vulnerabilities early in the software development process and giving security professionals an automated and developer-friendly way to ensure code is secure, BluBracket is the first comprehensive solution for code security. More information can be found at www.blubracket.com

About Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world. Our developer-first approach ensures organizations can secure all of the critical components of their applications from code to cloud, leading to increased developer productivity, revenue growth, customer satisfaction, cost savings and an overall improved security posture. Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and is purpose-built for security teams to collaborate with their development teams. Snyk is used by 1,200 customers worldwide today, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce.

Snyk is recognized on the Forbes Cloud 100 2021, the 2021 CNBC Disruptor 50 and was named a Visionary in the 2021 Gartner Magic Quadrant for AST.

About the Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 1,800 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, Hyperledger, RISC-V and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contacts

Jennifer Cloer

for the Linux Foundation

503-867-2304

jennifer@storychangesculture.com

The post Linux Foundation Announces Security Enhancements to its LFX Community Platform to Protect Software Supply Chain appeared first on Linux Foundation.

More than 720,000 technical contributors and 1,700 member companies have access to security metrics on the LFX platform; tens of millions of developers rely on projects hosted across the platform

Napa Valley, Calif., Linux Foundation Membership Summit, November 2, 2021 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it has enhanced its free LFX Security offering so open source projects can secure their code and reduce non-inclusive language.

The LFX platform hosts community tools for security, fundraising, community growth, project health, mentorship and more. It supports projects and empowers open source teams to write better, more secure code, drive engagement and grow sustainable ecosystems.

The LFX Security module now includes automatic scanning for secrets-in-code and non-inclusive language, adding to its existing comprehensive automated vulnerability detection capabilities. Software security firm BluBracket has contributed this functionality to open source software projects under LFX as part of its mission of making software safer and more secure. This functionality builds on contributions from leader in developer security, Snyk, now making LFX the leading vulnerability detection platform for the open source community.

The need for a community-supported and freely available code scanning is clear, especially in light of recent attacks on core software projects and recent the White House Executive Order calling for improved software supply chain security. LFX is the first and only community tool designed to make software projects of all kinds more secure and inclusive.

LFX Security now includes:

Vulnerabilities Detection: Detect vulnerabilities in open source components and dependencies and provide fixes and recommendations to those vulnerabilities. LFX tracks how many known vulnerabilities have been found in open source Projects, identifies if those vulnerabilities have been fixed in code commits and then reports on the number of fixes per project through an intuitive dashboard. Fixing known open source vulnerabilities in open source projects helps cleanse software supply chains at their source and greatly enhances the quality and security of code further downstream in development pipelines. Snykhas provided this functionality for the community and helped open source software projects remediate nearly 12,000 known security vulnerabilities in their code.

Code Secrets: Detect secrets-in-code such as passwords, credentials, keys and access tokens both pre- and post-commit. These secrets are used by hackers to gain entry into repositories and other important code infrastructure. BluBracket is the leading provider of secrets detection technology in the industry and has contributed these features to the Linux Foundation LFX community.

Non-Inclusive Language: Detect non-inclusive language used in project code, which is a barrier in creating a welcoming and inclusive community. BluBracket worked with the Inclusive Naming Initiative on this functionality.

“The enhancement of LFX Security builds on its extensive functionality in vulnerability detection to add critical support for secrets-in-code and non-inclusive language,” said Jim Zemlin, executive director of the Linux Foundation. “It’s up to all of us to secure our software supply chain, and we are grateful to Snyk and BluBracket for their significant contributions to the open source community.”

“Securing our software supply chain has become the most critical task facing the software industry. We believe the Linux Foundation’s LFX security project is the absolute best way for critical software projects to secure their code. BluBracket is thrilled to provide key functionality to LFX Security, including offensive language detection and secrets scanning. These features are crucial for projects to be both safe and inclusive. We know that LFX Security will greatly enhance our software supply chain’s security, and we look forward to working with the community to keep code safe,” said Prakash Linga, Founder and CEO of BluBracket.

“Since fortifying our global software supply chain is more crucial than ever, we’re happy to contribute our developer security expertise and continue our support of the crucial work of the Linux Foundation,” said Jill Wilkins, Senior Director, Global Technical Alliances, Snyk. “By contributing to the LFX Community Platform, we’re proud to be part of an important effort that will help millions of developers worldwide to innovate securely.”

LFX Security will be further scaled out in 2022 to help solve challenges for hundreds of thousands of critical open source projects under the Open Source Security Foundation at Linux Foundation. LFX Security is free and available for use today at https://lfx.linuxfoundation.org/tools/security/

About BluBracket

By empowering developers to prevent security vulnerabilities early in the software development process and giving security professionals an automated and developer-friendly way to ensure code is secure, BluBracket is the first comprehensive solution for code security. More information can be found at www.blubracket.com

About Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world. Our developer-first approach ensures organizations can secure all of the critical components of their applications from code to cloud, leading to increased developer productivity, revenue growth, customer satisfaction, cost savings and an overall improved security posture. Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and is purpose-built for security teams to collaborate with their development teams. Snyk is used by 1,200 customers worldwide today, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce.

Snyk is recognized on the Forbes Cloud 100 2021, the 2021 CNBC Disruptor 50 and was named a Visionary in the 2021 Gartner Magic Quadrant for AST.

About the Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 1,800 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, Hyperledger, RISC-V and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contacts

Jennifer Cloer

for the Linux Foundation

503-867-2304

jennifer@storychangesculture.com

The post Linux Foundation Announces Security Enhancements to its LFX Community Platform to Protect Software Supply Chain appeared first on Linux Foundation.