New Linux Foundation | Harvard Study Reveals Hard Truths, Actionable Steps for Open Source Security
The Linux Foundation | 20 February 2020
Open source has made its way into almost every server farm, consumer device and service we use, and it’s done so without most people even realizing it. Almost no one knows what is in their phones, apps or business data centers. This is wreaking havoc on the global supply chain, so much so that the U.S. House of Representatives Energy and Commerce Committee sent a letter to the Linux Foundation inquiring about it. The Linux Foundation did its best to summarize a very complex situation in its response.
So with the help of Harvard researchers and companies like Snyk and Synopsys, we set out to produce our second Census of open source software but this time, with a focus on what open source software projects show up in production applications. At the heart of this is a desire to understand how we take a preventative care approach to security, rather than a reactionary one.
VULNERABILITIES IN THE CORE: A Preliminary Report & Census II of Open Source Software shares the earliest results of a multi-year, data-intensive research project that identifies the most used open source software packages in production applications across the world. This is the first phase of research in our partnership with Harvard, after which we will begin to look into who wrote these popular packages and what are the software security practices for dealing with vulnerabilities.
Open source is the underpinning of the world’s technical infrastructure and has undoubtedly resulted in massive innovation and disruption. It demands a better understanding, from its creation to distribution. Organizations need to start thinking about their software supply chain and open source can be a guide. Cybersecurity concerns often focus on a zero-sum game or good vs. evil, but what is increasingly more important is how we can increase transparency and trust in software by improving the systems by which it is created, distributed and consumed. We must start there. Learn how you can contribute to this massive, industry-wide transformation:
Similar Articles
Browse Categories
2023 Compliance and Security Cloud Computing Open Source Projects Linux How-To Diversity & Inclusion 2024 LF Research Open Source Best Practices Blog Linux Foundation Newsletter 2022 Training and Certification Cross Technology Research Linux lf blog LFX cybersecurity research report software development AI Cloud Native Computing Foundation Legal Topic: Data project news Announcements In the news Networking and Edge OpenSearch linux blog Data Governance Energy Featured Events Financial Services Industry: Finance Industry: Fintech Interoperability LF Energy Open Mainframe Open Models OpenChain System Administration This week at FINOS Topic: Security Topic: Sustainability brand perception cloud native cncf confidential computing challenges eBPF generative AI human capital japan spotlight kernel lf events license compliance maintainer openssf sbom tech talent techtalentsurvey updates