New Linux Foundation | Harvard Study Reveals Hard Truths, Actionable Steps for Open Source Security
The Linux Foundation | 20 February 2020
Open source has made its way into almost every server farm, consumer device and service we use, and it’s done so without most people even realizing it. Almost no one knows what is in their phones, apps or business data centers. This is wreaking havoc on the global supply chain, so much so that the U.S. House of Representatives Energy and Commerce Committee sent a letter to the Linux Foundation inquiring about it. The Linux Foundation did its best to summarize a very complex situation in its response.
So with the help of Harvard researchers and companies like Snyk and Synopsys, we set out to produce our second Census of open source software but this time, with a focus on what open source software projects show up in production applications. At the heart of this is a desire to understand how we take a preventative care approach to security, rather than a reactionary one.
VULNERABILITIES IN THE CORE: A Preliminary Report & Census II of Open Source Software shares the earliest results of a multi-year, data-intensive research project that identifies the most used open source software packages in production applications across the world. This is the first phase of research in our partnership with Harvard, after which we will begin to look into who wrote these popular packages and what are the software security practices for dealing with vulnerabilities.
Open source is the underpinning of the world’s technical infrastructure and has undoubtedly resulted in massive innovation and disruption. It demands a better understanding, from its creation to distribution. Organizations need to start thinking about their software supply chain and open source can be a guide. Cybersecurity concerns often focus on a zero-sum game or good vs. evil, but what is increasingly more important is how we can increase transparency and trust in software by improving the systems by which it is created, distributed and consumed. We must start there. Learn how you can contribute to this massive, industry-wide transformation:
Similar Articles
Browse Categories
Cloud Computing Compliance and Security Open Source Projects 2024 Linux How-To LF Research Open Source Ecosystem and Governance Blog Diversity & Inclusion Research Newsletter Data, AI, and Analytics linux blog Training and Certification Linux Cross Technology Cloud Native Computing Foundation cybersecurity software development Announcements Decentralized Technology Legal OpenSearch Sustainability and Green Initiatives cloud native generative AI lf events Finance and Business Technology Networking and Edge cncf industries Emerging Technology Health and Public Sector Interoperability Kubernetes Topic: Security Web Application & Development amazon web services aws community tools confidential computing challenges decentralized AI decentralized computing eBPF funding japan spotlight kernel license compliance openssf ospo research survey skills development state of open source tech talent