Schedule for the ELISA Fall Workshop on November 8-10 is now live

SAN FRANCISCO – October 20, 2021 –  Today, the ELISA (Enabling Linux in Safety Applications) Project, an open source initiative that aims to create a shared set of tools and processes to help companies build and certify Linux-based safety-critical applications and systems, announced that it Red Hat has upgraded its membership to premier member and welcomes Banma, Lotus Cars and SUSE as the newest members.

Linux is used in all major industries because it can enable faster time to market for new features and take advantage of the quality of the code development processes.   Launched in February 2019 by the Linux Foundation, ELISA works with Linux kernel and safety communities to agree on what should be considered when Linux is to  be used in safety-critical systems.

“Linux underpins many applications today that have safety-critical and cybersecurity implications,” said Kate Stewart, Vice President of Dependable Embedded Systems at The Linux Foundation. “By collaborating together, the ELISA members are defining the best practices for use of Linux in these systems. We look forward to continuing to build consensus and welcoming expertise and collaboration from these new members.”

Attend the Fall Workshop

Since its inception, ELISA has hosted quarterly workshops that bring together project members and community contributors to discuss working group updates, trends in functional safety, use cases and more. The next workshop will be held virtually on November 8-10 and is free to attend. Speakers include thought leaders from Arm, Codethink, Elektrobit Automotive GmbH, Evidence Srl, Google, Intel, Mobileye, The Linux Foundation, Red Hat and UL LLC. Register and check out the schedule: https://events.linuxfoundation.org/elisa-workshop/

Join the New Working Groups

Since launch, the project has worked to establish a governance model that creates processes and guidance to the focused working groups that aim to provide resources for System integrators to apply and use to analyze qualitatively and quantitatively on their systems. Today, ELISA announces two new working groups:

  • Open Source Engineering Process Working Group: This working group aims to examine safety-related claims that we might like to make about Linux as part of a system, and to explore how we can gather and present evidence to support such claims.
  • Linux Features for Safety-Critical Systems Working Group: This working group will work to bring together kernel developers and producers of safety critical systems to demonstrate use of such features in real systems, and to learn from these experiences together as a community. Learn more about this new working group in this November Workshop session

Learn more about the Global Ecosystem

Red Hat, which is known for its leadership in linux and open source, joined ELISA earlier this year and has been very active in the technical community. With their upgraded membership to Premier, Red Hat welcomes Gabriele Paoloni, Open Source Community Technical Leader at Red Hat, as the ELISA Project Governing Board Chair.

“Red Hat announced our intent to expand our expertise in Linux to safety-critical automotive use cases earlier this year as we work to develop a Linux in-vehicle operating system,” said Francis Chow, vice president, In-Vehicle Operating System, Red Hat. “As such, we’re pleased to extend our participation in ELISA as a Premier member and collaborate with other industry leaders in building up open source software for applications that require extremely high levels of trust and functional safety. We believe a standardized common set of tools and processes can drive innovation toward the software-defined vehicle. ”

Additionally, ELISA welcomes Banma, a Chinese startup specializing in automotive software;  Lotus Cars, a leader in automotive manufacturing in China; and SUSE, a global leader in open source software specializing in enterprise Linux, Kubernetes management, and edge solutions.  These new members join ADIT, AISIN AW CO., arm, Automotive Grade Linux, BMW Car IT GmbH, Codethink, Elektrobit, Horizon Robotics, Huawei Technologies, Intel, Toyota, Kuka, Linuxtronix. Mentor, NVIDIA, Suzuki, Wind River, OTH Regensburg and Toyota.

“Compared with other open software, safety is the key differentiation of automotive OS”, said Sean Xiao, Chief Architect at Banma. “The mission of Banma is to help automotive makers deliver intelligent cars by offering advanced vehicle open software. The ELISA Project combines safety and linux, which offers flexibility and openness, and closely aligns with our goals.”

“For nearly 30 years, SUSE has been a trusted partner supporting systems and essential workloads in some of the most challenging and critical industries in terms of safety requirements, such as automotive and transportation, government, aerospace and defense, industrial and manufacturing, and healthcare,” said Ivo Totev, SUSE COO. “We already collaborate with current ELISA members on important initiatives and are pleased to join ELISA as a formal member to continue to provide innovation in safety-critical domains.”

For more information about ELISA, visit https://elisa.tech/.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

Linux Foundation Logo

The Linux Foundation responds to increasing demand for SBOMs that can improve supply chain security

SAN FRANCISCO, June 17, 2021 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced new industry research, training, and tools – backed by the SPDX industry standard – to accelerate the use of a Software Bill of Materials (SBOM) in secure software development.

The Linux Foundation is accelerating the adoption of SBOM practices to secure software supply chains with:

  • SBOM standard: stewarding SPDX, the de-facto standard for requirements and data sharing
  • SBOM survey: highlighting the current state of industry practices to establish benchmarks and best practices
  • SBOM training: delivering a new course on Generating a Software Bill of Materials to accelerate adoption
  • SBOM tools:  enabling development teams to create SBOMs for their applications

“As the architects of today’s digital infrastructure, the open source community is in a position to advance the understanding and adoption of SBOMs across the public and private sectors,” said Mike Dolan, Senior Vice President and General Manager Linux Foundation Projects. “The rise in cybersecurity threats is driving a necessity that the open source community anticipated many years ago to standardize on how we share what is in our software. The time has never been more pressing to surface new data and offer additional resources that help increase understanding about how to adopt and generate SBOMs, and then act on the information.” 

Ninety percent (90%) of a modern application is assembled from open source software components. An SBOM accounts for the open source software components contained in an application that details their quality, license, and security attributes. SBOMs are used to ensure developers understand what components are flowing throughout their software supply chains, proactively identify issues and risks, and establish a starting point for their remediation.

The recent presidential Executive Order on Improving the Nation’s Cybersecurity referenced the importance of SBOMs in protecting and securing the software supply chain. The National Telecommunications and Information Administration (NTIA) followed the issuance of this order by asking for wide-ranging feedback to define a minimum SBOM. The Linux Foundation has responded to the NTIA’s SBOM inquiry here, and the presidential Executive Order here

SPDX: The De-Facto SBOM Open Industry Standard

SPDX – a Linux Foundation Project, is the de-facto open standard for communicating SBOM information, including open source software components, licenses, and known security vulnerabilities. SPDX evolved organically over the last ten years by collaborating with hundreds of companies, including the leading Software Composition Analysis (SCA) vendors – making it the most robust, mature, and adopted SBOM standard in the market. 

SBOM Readiness Survey

Linux Foundation Research is conducting the SBOM Readiness Survey. It will examine obstacles to adoption for SBOMs and future actions required to overcome them related to the security of software supply chains. The recent US Executive Order on Cybersecurity emphasizes SBOMs, and this survey will help identify industry gaps in SBOM applications. Survey questions address tooling, security measures, and industries leading in producing and consuming SBOMs, among other topics.

New Course: Generating a Software Bill of Materials

The Linux Foundation is also announcing a free, online training course, Generating a Software Bill of Materials (LFC192). This course provides foundational knowledge about the options and the tools available for generating SBOMs and how to use them to improve the ability to respond to cybersecurity needs. It is designed for directors, product managers, open source program office staff, security professionals, and developers in organizations building software. Participants will walk away with the ability to identify the minimum elements for an SBOM, how they can be assembled, and an understanding of some of the open source tooling available to support the generation and consumption of an SBOM. 

New Tools: SBOM Generator

Also announced today is the availability of the SPDX SBOM generator, which uses a command-line interface (CLI) to generate SBOM information, including components, licenses, copyrights, and security references of your application using SPDX v2.2 specification and aligning with the current known minimum elements from NTIA. Currently, the CLI supports GoMod (go), Cargo (Rust), Composer (PHP), DotNet (.NET), Maven (Java), NPM (Node.js), Yarn (Node.js), PIP (Python), Pipenv (Python), and Gems (Ruby). It is easily embeddable in automated processes such as continuous integration (CI) pipelines and is available for Windows, macOS, and Linux. 

Additional Resources

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

Media Contacts

Jennifer Cloer

for Linux Foundation

jennifer@storychangesculture.com

503-867-2304

The National Telecommunications and Information Administration (NTIA) recently asked for wide-ranging feedback to define a minimum Software Bill of Materials (SBOM). It was framed with a single, simple question (“What is an SBOM?”), and constituted an incredibly important step towards software security and a significant moment for open standards.

From NTIA’s SBOM FAQ  “A Software Bill of Materials (SBOM) is a complete, formally structured list of components, libraries, and modules that are required to build (i.e. compile and link) a given piece of software and the supply chain relationships between them. These components can be open source or proprietary, free or paid, and widely available or restricted access.”  SBOMs that can be shared without friction between teams and companies are a core part of software management for critical industries and digital infrastructure in the coming decades.

The ISO International Standard for open source license compliance (ISO/IEC 5230:2020 – Information technology — OpenChain Specification) requires a process for managing a bill of materials for supplied software. This aligns with the NTIA goals for increased software transparency and illustrates how the global industry is addressing challenges in this space. For example, it has become a best practice to include an SBOM for all components in supplied software, rather than isolating these materials to open source.

The open source community identified the need for and began to address the challenge of SBOM “list of ingredients” over a decade ago. The de-facto industry standard, and most widely used approach today, is called Software Package Data Exchange (SPDX). All of the elements in the NTIA proposed minimum SBOM definition can be addressed by SPDX today, as well as broader use-cases.

SPDX evolved organically over the last decade to suit the software industry, covering issues like license compliance, security, and more. The community consists of hundreds of people from hundreds of companies, and the standard itself is the most robust, mature, and adopted SBOM in the market today. 

The full SPDX specification is only one part of the picture. Optional components such as SPDX Lite, developed by Pioneer, Sony, Hitachi, Renesas, and Fujitsu, among others, provide a focused SBOM subset for smaller supplier use. The nature of the community approach behind SPDX allows practical use-cases to be addressed as they arose.

In 2020, SPDX was submitted to ISO via the PAS Transposition process of Joint Technical Committee 1 (JTC1) in collaboration with the Joint Development Foundation. It is currently in the approval phase of the transposition process and can be reviewed on the ISO website as ISO/IEC PRF 5962.

The Linux Foundation has prepared a submission for NTIA highlighting knowledge and experience gained from practical deployment and usage of SBOM in the SPDX and OpenChain communities. These include isolating the utility of specific actions such as tracking timestamps and including data licenses in metadata. With the backing of many parties across the worldwide technology industry, the SPDX and OpenChain specifications are constantly evolving to support all stakeholders.

Industry Comments

The Sony team uses various approaches to managing open source compliance and governance… An example is using an OSS management template sheet based on SPDX Lite, a compact subset of the SPDX standard. Teams need to be able to review the type, version, and requirements of software quickly, and using a clear standard is a key part of this process.

Hisashi Tamai, SVP, Sony Group Corporation, Representative of the Software Strategy Committee

“Intel has been an early participant in the development of the SPDX specification and utilizes SPDX, as well as other approaches, both internally and externally for a number of open source software use-cases.”

Melissa Evers, Vice President – Intel Architecture, Graphics, Software / General Manager – Software Business Strategy

Scania corporate standard 4589 (STD 4589) was just made available to our suppliers and defines the expectations we have when Open Source is part of a delivery to Scania. So what is it we ask for in a relationship with our suppliers when it comes to Open Source? 

1) That suppliers conform to ISO/IEC 5230:2020 (OpenChain). If a supplier conforms to this specification, we feel confident that they have a professional management program for Open Source.  

2) If in the process of developing a solution for Scania, a supplier makes modifications to Open Source components, we would like to see those modifications contributed to the Open Source project. 

3) Supply a Bill of materials in ISO/IEC DIS 5962 (SPDX) format, plus the source code where there’s an obligation to offer the source code directly, so we don’t need to ask for it.

Jonas Öberg, Open Source Officer – Scania (Volkswagen Group)

The SPDX format greatly facilitates the sharing of software component data across the supply chain. Wind River has provided a Software Bill of Materials (SBOM) to its customers using the SPDX format for the past eight years. Often customers will request SBOM data in a custom format. Standardizing on SPDX has enabled us to deliver a higher quality SBOM at a lower cost.

Mark Gisi, Wind River Open Source Program Office Director and OpenChain Specification Chair

The Black Duck team from Synopsys has been involved with SPDX since its inception, and I had the pleasure of coordinating the activities of the project’s leadership for more than a decade. In addition, representatives from scores of companies have contributed to the important work of developing a standard way of describing and communicating the content of a software package.

Phil Odence, General Manager, Black Duck Audits, Synopsys

With the rapidly increasing interest in the types of supply chain risk that a Software Bill of Materials helps address, SPDX is gaining broader attention and urgency. FossID (now part of Snyk) has been using SPDX from the start as part of both software component analysis and for open source license audits. Snyk is stepping up its involvement too, already contributing to efforts to expand the use cases for SPDX by building tools to test out the draft work on vulnerability profiles in SPDX v3.0.

Gareth Rushgrove, Vice President of Products, Snyk

For more information on OpenChain: https://www.openchainproject.org/

For more information on SPDX: https://spdx.dev/

References:

Author: Kate Stewart, VP of Dependable Systems, The Linux Foundation

In a previous Linux Foundation blog, David A. Wheeler, director of LF Supply Chain Security, discussed how capabilities built by Linux Foundation communities can be used to address the software supply chain security requirements set by the US Executive Order on Cybersecurity. 

One of those capabilities, SPDX, completely addresses the Executive Order 4(e) and 4(f) and 10(j) requirements for a Software Bill of Materials (SBOM). The SPDX specification is implemented as a file format that identifies the software components within a larger piece of computer software and metadata such as the licenses of those components. 

SPDX is an open standard for communicating software bill of material (SBOM) information, including components, licenses, copyrights, and security references. It has a rich ecosystem of existing tools that provides a common format for companies and communities to share important data to streamline and improve the identification and monitoring of software.

SBOMs have numerous use cases. They have frequently been used in areas such as license compliance but are equally useful in security, export control, and broader processes such as mergers and acquisitions (M&A) processes or venture capital investments. SDPX maintains an active community to support various uses, modeling its governance and activity on the same format that has successfully supported open source software projects over the past three decades.

The LF has been developing and refining SPDX for over ten years and has seen extensive uptake by companies and projects in the software industry.  Notable recent examples are the contributions by companies such as Hitachi, Fujitsu, and Toshiba in furthering the standard via optional profiles like “SPDX Lite” in the SPDX 2.2 specification release and in support of the SPDX SBOMs in proprietary and open source automation solutions. 

This de facto standard has been submitted to ISO via the Joint Development Foundation using the PAS Transposition process of Joint Technical Committee 1 (JTC1). It is currently in the enquiry phase of the process and can be reviewed on the ISO website as ISO/IEC DIS 5962.

There is a wide range of open source tooling, as well as commercial tool options emerging as well as options available today.  Companies such as FOSSID and Synopsys have been working with the SPDX format for several years. Open Source tools like FOSSology (source code Analysis),  OSS Review Toolkit (Generation from CI & Build infrastructure), Tern (container content analysis), Quartermaster (build extensions), ScanCode (source code analysis) in addition to the SPDX-tools project have also standardized on using SPDX for the interchange are also participating in Automated Compliance Tooling (ACT) Project Umbrella.  ACT has been discussed as community-driven solutions for software supply chain security remediation as part of our synopsis of the findings in the Vulnerabilities in the Core study, which was published by the Linux Foundation and Harvard University LISH in February of 2020.   

One thing is clear: A software bill of materials that can be shared without friction between different teams and companies will be a core part of software development and deployment in this coming decade. The sharing of software metadata will take different forms, including manual and automated reviews, but the core structures will remain the same. 

Standardization in this field, as in others, is the key to success. This domain has an advantage in that we are benefiting from an entire decade of prior work in SPDX. Therefore the process becomes the implementation of this standard to the various domains rather than the creation, expansion, or additional refinement of new or budding approaches to the matter.

Start using the SPDX specification here:https://spdx.github.io/spdx-spec/. Development of the next revision is underway, so If there’s a use case you can’t represent with the current specification, open an issue, this is the right window for input.   

To learn more about the many facets of the SPDX project see: https://spdx.dev/

SAN FRANCISCO – April 19, 2020 –  Today, the ELISA (Enabling Linux in Safety Applications) Project, an open source initiative that aims to create a shared set of tools and processes to help companies build and certify Linux-based safety-critical applications and systems, announced that Codethink, Horizon Robotics, Huawei Technologies, NVIDIA and Red Hat has joined its global ecosystem.

Linux is used in safety-critical applications with all major industries because it can enable faster time to market for new features and take advantage of the quality of the code development processes which decreases the issues that could result in loss of human life, significant property damage, or environmental damage. Launched in February 2019 by the Linux Foundation, ELISA will work with certification authorities and standardization bodies across industries to document how Linux can be used in safety-critical systems.

“Open source software has become a significant part of the technology strategy to accelerate innovation for companies worldwide,” said Kate Stewart, Vice President of Dependable Embedded Systems at The Linux Foundation. “We want to reduce the barriers to be able to use Linux in safety-critical applications and welcome the collaboration of new members to help build specific use cases for automotive, medical and industrial sectors.”

Milestones

After a little more than two years, ELISA has continued to see momentum in project and technical milestones. Examples include:

  • Successful Workshops: In February, ELISA hosted its 6th workshop with more than 120 registered participants. During the workshop, members and external speakers discussed cybersecurity expectations in the automotive world, code coverage of glibc and Intel’s Linux test robot. Learn more in this blog. The next workshop is scheduled for May 18-20 and is free to attend. Register here.
  • New Ambassador Program: In October 2020, ELISA launched a program with thought leaders with expertise in functional safety and Linux kernel development. These ambassadors are willing to speak at events, write articles and work directly with the community on mentorships or onboarding new contributors. Meet the ambassadors here
  • Mentorship Opportunities: The Linux Foundation offers a Mentorship Program with projects that are designed to help developers with the necessary skills to contribute effectively to open source communities. A recent program, ELISA participated in the Fall 2020 session with Code coverage metrics for GLibC and a Linux Kernel mentorship focused on CodeChecker. This project supports ELISA’s goals to gain experience in using various status analysis methods and tools available in the Linux kernel. Learn more here.
  • Working Groups: Since launch, the project has created several working groups that collaborate and work towards providing resources for System integrators to apply and use to analyze qualitatively and quantitatively on their systems. Current groups include an Automotive Working Group, Medical Devices Working Group, Safety Architecture Working Group,  Kernel Development Process Working Group and Tool Investigation and Code Improvement Sub-Working Group to focus on specific activities and goals. Learn more or join a working group here

“The primary challenge is selecting Linux components and features that can be evaluated for safety and identifying gaps where more work is needed to evaluate safety sufficiently,” said Shuah Khan, Chair of the ELISA Project Technical Steering Committee and Linux Fellow at the Linux Foundation. “We’ve taken on this challenge to make it easier for companies to build and certify Linux-based safety-critical applications by exploring potential methods to enable engineers to answer that question for their specific system.”

Learn more about the goals and technical strategy in this white paper

Growing Ecosystem

After a little more than two years, the ELISA Project has grown by 300%. With new members Codethink, Horizon Robotics, Huawei Technologies, NVIDIA and Red Hat, the project currently has 20 members that collaborate to define and maintain a standardized set of processes and tools that can be integrated into Linux-based, safety-critical systems seeking safety certification. These new members join BMW Car IT GmbH, Intel, Toyota, ADIT, AISIN AW CO., arm, Elektrobit, Kuka, Linuxtronix. Mentor, Suzuki, Wind River, Automotive Grade Linux and OTH Regensburg.

“Codethink has been working with ELISA for a few years and we are excited to continue our engagement as a member,” said Shaun Mooney, Division Manager at Codethink. “Open Source Software, particularly Linux, is being used more and more in safety applications and Codethink has been looking at how we can make software trustable for a long time. We’ve been working to understand how we can use complex software and guarantee it will function as we want it to. This problem needs to be tackled collectively and ELISA is a great place to collaborate with experts in both safety and software. We’ve been working with most of the working groups since the start of ELISA and will continue to be active participants, using our expert knowledge of Linux and Open Source to help advance the state of the art for safety.”

“Safety is the most important feature of a self-driving car,” said Huang Chang, co-founder and CTO of Horizon Robotics. “Horizon’s investment into functional safety is one of the most important ones we’ve ever made, and it provides a critical ingredient for automakers to bring self-driving cars to market. The creative safety construction the ELISA project is undertaking complements Horizon’s functional safety endeavor and continued commitment to certifying Linux-based safety-critical systems.”

“Huawei is one of the most important Linux kernel contributors and recently joined the automotive industry as strategic partner in Asia and Europe,” said Alessandro Biasci, Technical Expert at Huawei.“ We are pleased to further advance our mission and participate in ELISA, which will allow us to combine our experience in the Linux kernel development and knowledge in safety and security to bring Linux to safety-critical applications.”

“Edge computing extends enterprise software from the datacenter and cloud to a myriad of operational and embedded technology footprints that interact with the physical world, such as connected vehicles and manufacturing equipment,” said Chris Wright, Chief Technical Officer at Red Hat. “A common open source software platform across these locations simplifies and accelerates solution development, while supporting functional safety’s end goal of reducing the risk of physical injury. Red Hat recognizes the importance of establishing functional safety evidence and certifications for Linux, backed by a rich platform and vibrant ecosystem for safety-related applications. We are excited to bring our twenty-seven years of Linux expertise to the ELISA community’s work.”

For more information about ELISA, visit https://elisa.tech/.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

Linux Foundation Blog Post Abstract Graphic

Every month there seems to be a new software vulnerability showing up on social media, which causes open source program offices and security teams to start querying their inventories to see how FOSS components they use may impact their organizations. 

Frequently this information is not available in a consistent format within an organization for automatic querying and may result in a significant amount of email and manual effort. By exchanging software metadata in a standardized software bill of materials (SBOM) format between organizations, automation within an organization becomes simpler, accelerating the discovery process and uncovering risk so that mitigations can be considered quickly. 

In the last year, we’ve also seen standards like OpenChain (ISO/IEC 5320:2020) gain adoption in the supply chain. Customers have started asking for a bill of materials from their suppliers as part of negotiation and contract discussions to conform to the standard. OpenChain has a focus on ensuring that there is sufficient information for license compliance, and as a result, expects metadata for the distributed components as well. A software bill of materials can be used to support the systematic review and approval of each component’s license terms to clarify the obligations and restrictions as it applies to the distribution of the supplied software and reduces risk. 

Kate Stewart, VP, Dependable Embedded Systems, The Linux Foundation, will host a complimentary mentorship webinar entitled Generating Software Bill Of Materials on Thursday, March 25 at 7:30 am PST. This session will work through the minimum elements included in a software bill of materials and detail the reasoning behind why those elements are included. To register, please click here

There are many ways this software metadata can be shared. The common SBOM document format options (SPDX, SWID, and CycloneDX) will be reviewed so that the participants can better understand what is available for those just starting. 

This mentorship session will work through some simple examples and then guide where to find the next level of details and further references. 

At the end of this session, participants will be on a secure footing and a path towards the automated generation of SBOMs as part of their build and release processes in the future. 

Jason Perlow, Director of Project Insights and Editorial Content at the Linux Foundation, had an opportunity to speak with Shuah Khan about her experiences as a woman in the technology industry. She discusses how mentorship can improve the overall diversity and makeup of open source projects, why software maintainers are important for the health of open source projects such as the Linux kernel, and how language inclusivity and codes of conduct can improve relationships and communication between software maintainers and individual contributors.

JP: So, Shuah, I know you wear many different hats at the Linux Foundation. What do you call yourself around here these days?

SK: <laughs> Well, I primarily call myself a Kernel Maintainer & Linux Fellow. In addition to that, I focus on two areas that are important to the continued health and sustainability of the open source projects in the Linux ecosystem. The first one is bringing more women into the Kernel community, and additionally, I am leading the mentorship program efforts overall at the Linux Foundation. And in that role, in addition to the Linux Kernel Mentorship, we are looking at how the Linux Foundation mentorship program is working overall, how it is scaling. I make sure the LFX Mentorship platform scales and serves diverse mentees and mentors’ needs in this role. 

The LF mentorships program includes several projects in the Linux kernel, LFN, HyperLedger, Open MainFrame, OpenHPC, and other technologies. The Linux Foundation’s Mentorship Programs are designed to help developers with the necessary skills–many of whom are first-time open source contributors–experiment, learn, and contribute effectively to open source communities. 

The mentorship program has been successful in its mission to train new developers and make these talented pools of prospective employees trained by experts to employers. Several graduated mentees have found jobs. New developers have improved the quality and security of various open source projects, including the Linux kernel. Several Linux kernel bugs were fixed, a new subsystem mentor was added, and a new driver maintainer is now part of the Linux kernel community. My sincere thanks to all our mentors for volunteering to share their expertise.

JP: How long have you been working on the Kernel?

SK: Since 2010, or 2011, I got involved in the Android Mainlining project. My first patch removed the Android pmem driver.

JP: Wow! Is there any particular subsystem that you specialize in?

SK: I am a self described generalist. I maintain the kernel self-test subsystem, the USB over IP driver, usbip tool, and the cpupower tool. I contributed to the media subsystem working on Media Controller Device Allocator API to resolve shared device resource management problems across device drivers from different subsystems.

JP: Hey, I’ve actually used the USB over IP driver when I worked at Microsoft on Azure. And also, when I’ve used AWS and Google Compute. 

SK: It’s a small niche driver used in cloud computing. Docker and other containers use that driver heavily. That’s how they provide remote access to USB devices on the server to export devices to be imported by other systems for use.

JP: I initially used it for IoT kinds of stuff in the embedded systems space. Were you the original lead developer on it, or was it one of those things you fell into because nobody else was maintaining it?

SK: Well, twofold. I was looking at USB over IP because I like that technology. it just so happened the driver was brought from the staging tree into the Mainline kernel, I volunteered at the time to maintain it. Over the last few years, we discovered some security issues with it, because it handles a lot of userspace data, so I had a lot of fun fixing all of those. <laugh>.

JP: What drew you into the Linux operating system, and what drew you into the kernel development community in the first place?

SK: Well, I have been doing kernel development for a very long time. I worked on the LynxOS RTOS, a while back, and then HP/UX, when I was working at HP, after which I transitioned into  doing open source development — the OpenHPI project, to support HP’s rack server hardware, and that allowed me to work much more closely with Linux on the back end. And at some point, I decided I wanted to work with the kernel and become part of the Linux kernel community. I started as an independent contributor.

JP: Maybe it just displays my own ignorance, but you are the first female, hardcore Linux kernel developer I have ever met. I mean, I had met female core OS developers before — such as when I was at Microsoft and IBM — but not for Linux. Why do you suppose we lack women and diversity in general when participating in open source and the technology industry overall?

SK: So I’ll answer this question from my perspective, from what I have seen and experienced, over the years. You are right; you probably don’t come across that many hardcore women Kernel developers. I’ve been working professionally in this industry since the early 1990s, and on every project I have been involved with, I am usually the only woman sitting at the table. Some of it, I think, is culture and society. There are some roles that we are told are acceptable to women — even me, when I was thinking about going into engineering as a profession. Some of it has to do with where we are guided, as a natural path. 

There’s a natural resistance to choosing certain professions that you have to overcome first within yourself and externally. This process is different for everybody based on their personality and their origin story. And once you go through the hurdle of getting your engineering degree and figuring out which industry you want to work in, there is a level of establishing credibility in those work environments you have to endure and persevere. Sometimes when I would walk into a room, I felt like people were looking at me and thinking, “why is she here?” You aren’t accepted right away, and you have to overcome that as well. You have to go in there and say, “I am here because I want to be here, and therefore, I belong here.” You have to have that mindset. Society sends you signals that “this profession is not for me” — and you have to be aware of that and resist it. I consider myself an engineer that happens to be a woman as opposed to a woman engineer.

JP: Are you from India, originally?

SK: Yes.

JP: It’s funny; my wife really likes this Netflix show about matchmaking in India. Are you familiar with it?

SK: <laughs> Yes I enjoyed the series, and A Suitable Girl documentary film that follows three women as they navigate making decisions about their careers and family obligations.

JP: For many Americans, this is our first introduction to what home life is like for Indian people. But many of the women featured on this show are professionals, such as doctors, lawyers, and engineers. And they are very ambitious, but of course, the family tries to set them up in a marriage to find a husband for them that is compatible. As a result, you get to learn about the traditional values and roles they still want women to play there — while at the same time, many women are coming out of higher learning institutions in that country that are seeking technical careers. 

SK: India is a very fascinatingly complex place. But generally speaking, in a global sense, having an environment at home where your parents tell you that you may choose any profession you want to choose is very encouraging. I was extremely fortunate to have parents like that. They never said to me that there was a role or a mold that I needed to fit into. They have always told me, “do what you want to do.” Which is different; I don’t find that even here, in the US. Having that support system, beginning in the home to tell you, “you are open to whatever profession you want to choose,” is essential. That’s where a lot of the change has to come from. 

JP: Women in technical and STEM professions are becoming much more prominent in other countries, such as China, Japan, and Korea. For some reason, in the US, I tend to see more women enter the medical profession than hard technology — and it might be a level of effort and perceived reward thing. You can spend eight years becoming a medical doctor or eight years becoming a scientist or an engineer, and it can be equally difficult, but the compensation at the end may not be the same. It’s expensive to get an education, and it takes a long time and hard work, regardless of the professional discipline.

SK: I have also heard that women also like to enter professions where they can make a difference in the world — a human touch, if you will. So that may translate to them choosing careers where they can make a larger impact on people — and they may view careers in technology as not having those same attributes. Maybe when we think about attracting women to technology fields, we might have to promote technology aspects that make a difference. That may be changing now, such as the LF Public Health (LFPH) project we kicked off last year. And with LF AI & Data Foundation, we are also making a difference in people’s lives, such as detecting earthquakes or analyzing climate change. If we were to promote projects such as these, we might draw more women in.

JP: So clearly, one of the areas of technology where you can make a difference is in open source, as the LF is hosting some very high-concept and existential types of projects such as LF Energy, for example — I had no idea what was involved in it and what its goals were until I spoke to Shuli Goodman in-depth about it. With the mentorship program, I assume we need this to attract fresh talent — because as folks like us get older and retire, and they exit the field, we need new people to replace them. So I assume mentorship, for the Linux Foundation, is an investment in our own technologies, correct?

SK: Correct. Bringing in new developers into the fold is the primary purpose, of course — and at the same time, I view the LF as taking on mentorship provides that neutral, level playing field across the industry for all open source projects. Secondly, we offer a self-service platform, LFX Mentorship, where anyone can come in and start their project. So when the COVID-19 pandemic began, we expanded this program to help displaced people — students, et cetera, and less visible projects. Not all projects typically get as much funding or attention as others do — such as a Kubernetes or  Linux kernel — among the COVID mentorship program projects we are funding. I am particularly proud of supporting a climate change-related project, Using Machine Learning to Predict Deforestation.

The self-service approach allows us to fund and add new developers to projects where they are needed. The LF mentorships are remote work opportunities that are accessible to developers around the globe. We see people sign up for mentorship projects from places we haven’t seen before, such as Africa, and so on, thus creating a level playing field. 

The other thing that we are trying to increase focus on is how do you get maintainers? Getting new developers is a starting point, but how do we get them to continue working on the projects they are mentored on? As you said, someday, you and I and others working on these things are going to retire, maybe five or ten years from now. This is a harder problem to solve than training and adding new developers to the project itself.

JP: And that is core to our software supply chain security mission. It’s one thing to have this new, flashy project, and then all these developers say, “oh wow, this is cool, I want to join that,” but then, you have to have a certain number of people maintaining it for it to have long-term viability. As we learned in our FOSS study with Harvard, there are components in the Linux operating system that are like this. Perhaps even modules within the kernel itself, I assume that maybe you might have only one or two people actively maintaining it for many years. And what happens if that person dies or can no longer work? What happens to that code? And if someone isn’t familiar with that code, it might become abandoned. That’s a serious problem in open source right now, isn’t it?

SK: Right. We have seen that with SSH and other security-critical areas. What if you don’t have the bandwidth to fix it? Or the money to fix it? I ended up volunteering to maintain a tool for a similar reason when the maintainer could no longer contribute regularly. It is true; we have many drivers where maintainer bandwidth is an issue in the kernel. So the question is, how do we grow that talent pool?

JP: Do we need a job board or something? We need X number of maintainers. So should we say, “Hey, we know you want to join the kernel project as a contributor, and we have other people working on this thing, but we really need your help working on something else, and if you do a good job, we know tons of companies willing to hire developers just like you?” 

SK: With the kernel, we are talking about organic growth; it is just like any other open source project. It’s not a traditional hire and talent placement scenario. Organically they have to have credibility, and they have to acquire it through experience and relationships with people on those projects. We just talked about it at the previous Linux Plumbers Conference, we do have areas where we really need maintainers, and the MAINTAINERS file does show areas where they need help. 

To answer your question, it’s not one of those things where we can seek people to fill that role, like LinkedIn or one of the other job sites. It has to be an organic fulfillment of that role, so the mentorship program is essential in creating those relationships. It is the double-edged sword of open source; it is both the strength and weakness. People need to have an interest in becoming a maintainer and also a commitment to being one, long term.

JP: So, what do you see as the future of your mentorship and diversity efforts at the Linux Foundation? What are you particularly excited about that is forthcoming that you are working on?

SK: I view the Linux Foundation mentoring as a three-pronged approach to provide unstructured webinars, training courses, and structured mentoring programs. All of these efforts combine to advance a diverse, healthy, and vibrant open source community. So over the past several months, we have been morphing our speed mentorship style format into an expanded webinar format — the LF Live Mentorship series. This will have the function of growing our next level of expertise. As a complement to our traditional mentorship programs, these are webinars and courses that are an hour and a half long that we hold a few times a month that tackle specific technical areas in software development. So it might cover how to write great commit logs, for example, for your patches to be accepted, or how to find bugs in C code. Commit logs are one of those things that are important to code maintenance, so promoting good documentation is a beneficial thing. Webinars provide a way for experts short on time to share their knowledge with a few hours of time commitment and offer a self-paced learning opportunity to new developers.

Additionally, I have started the Linux Kernel Mentorship forum for developers and their mentors to connect and interact with others participating in the Linux Kernel Mentorship program and graduated mentees to mentor new developers. We kicked off Linux Kernel mentorship Spring 2021 and are planning for Summer and Fall.

A big challenge is we are short on mentors to be able to scale the structured program. Solving the problem requires help from LF member companies and others to encourage their employees to mentor, “it takes a village,” they say.

JP: So this webinar series and the expanded mentorship program will help developers cultivate both hard and soft skills, then.

SK: Correct. The thing about doing webinars is that if we are talking about this from a diversity perspective, they might not have time for a full-length mentorship, typically like a three-month or six-month commitment. This might help them expand their resources for self-study. When we ask for developers’ feedback about what else they need to learn new skill sets, we hear that they don’t have resources, don’t have time to do self-study, and learn to become open source developers and software maintainers. This webinar series covers general open source software topics such as the Linux kernel and legal issues. It could also cover topics specific to other LF projects such as CNCF, Hyperledger, LF Networking, etc.

JP: Anything else we should know about the mentorship program in 2021?

SK: In my view,  attracting diversity and new people is two-fold. One of the things we are working on is inclusive language. Now, we’re not talking about curbing harsh words, although that is a component of what we are looking at. The English you and I use in North America isn’t the same English used elsewhere. As an example, when we use North American-centric terms in our email communications, such as when a maintainer is communicating on a list with people from South Korea, something like “where the rubber meets the road” may not make sense to them at all. So we have to be aware of that.

JP: I know that you are serving on the Linux kernel Code of Conduct Committee and actively developing the handbook. When I first joined the Linux Foundation, I learned what the Community Managers do and our governance model. I didn’t realize that we even needed to have codes of conduct for open source projects. I have been covering open source for 25 years, but I come out of the corporate world, such as IBM and Microsoft. Codes of Conduct are typically things that the Human Resources officer shows you during your initial onboarding, as part of reviewing your employee manual. You are expected to follow those rules as a condition of employment. 

So why do we need Codes of Conduct in an open source project? Is it because these are people who are coming from all sorts of different backgrounds, companies, and ways of life, and may not have interacted in this form of organized and distributed project before? Or is it about personalities, people interacting with each other over long distance, and email, which creates situations that may arise due to that separation?

SK: Yes, I come out of the corporate world as well, and of course, we had to practice those codes of conduct in that setting. But conduct situations arise that you have to deal with in the corporate world. There are always interpersonal scenarios that can be difficult or challenging to work with — the corporate world isn’t better than the open source world in that respect. It is just that all of that happens behind a closed setting.

But there is no accountability in the open source world because everyone participates out of their own free will. So on a small, traditional closed project, inside the corporate world, where you might have 20 people involved, you might get one or two people that could be difficult to work with. The same thing happens and is multiplied many times in the open source community, where you have hundreds of thousands of developers working across many different open source projects. 

The biggest problem with these types of projects when you encounter situations such as this is dealing with participation in public forums. In the corporate world, this can be addressed in private. But on a public mailing list, if you are being put down or talked down to, it can be extremely humiliating. 

These interactions are not always extreme cases; they could be simple as a maintainer or a lead developer providing negative feedback — so how do you give it? It has to be done constructively. And that is true for all of us.

JP: Anything else?

SK: In addition to bringing our learnings and applying this to the kernel project, I am also doing this on the ELISA project, where I chair the Technical Steering Committee, where I am bridging communication between experts from the kernel and the safety communities. To make sure we can use the kernel the best ways in safety-critical applications, in the automotive and medical industry, and so on. Many lessons can be learned in terms of connecting the dots, defining clearly what is essential to make Linux run effectively in these environments, in terms of dependability. How can we think more proactively instead of being engaged in fire-fighting in terms of security or kernel bugs? As a result of this, I am also working on any necessary kernel changes needed to support these safety-critical usage scenarios.

JP: Before we go, what are you passionate about besides all this software stuff? If you have any free time left, what else do you enjoy doing?

SK: I read a lot. COVID quarantine has given me plenty of opportunities to read. I like to go hiking, snowshoeing, and other outdoor activities. Living in Colorado gives me ample opportunities to be in nature. I also like backpacking — while I wasn’t able to do it last year because of COVID — I like to take backpacking trips with my son. I also love to go to conferences and travel, so I am looking forward to doing that again as soon as we are able.

Talking about backpacking reminded me of the two-day, 22-mile backpacking trip during the summer of 2019 with my son. You can see me in the picture above at the end of the road, carrying a bearbox, sleeping bag, and hammock. It was worth injuring my foot and hurting in places I didn’t even know I had.

JP: Awesome. I enjoyed talking to you today. So happy I finally got to meet you virtually.

Grillo is open sourcing ‘OpenEEW,’ its IoT-based earthquake early-warning system that will accelerate the creation of low-cost, community-driven projects around the world, with support from IBM, USAID, the Clinton Foundation and Arrow Electronics

San Francisco, Calif., Aug. 11, 2020 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it will host Grillo’s OpenEEW project in collaboration with IBM to accelerate the standardization and deployment of earthquake early-warning systems (EEWs) for earthquake preparedness around the world. The project includes the core components of the Grillo EEW system comprised of integrated capabilities to sense, detect and analyze earthquakes as well as alert communities. OpenEEW was created by Grillo with support from IBM, USAID, the Clinton Foundation and Arrow Electronics.

Earthquakes often have the most severe consequences in developing countries, due in part to construction and infrastructure issues. Timely alerts have the potential to help save lives in the communities where earthquakes pose the greatest threat. EEW systems provide public alerts in countries including Mexico, Japan, South Korea and Taiwan, but nearly three billion people globally live with the threat of an earthquake and don’t have access to nation-wide systems, which can cost upwards of one billion U.S. dollars. OpenEEW wants to help reduce the costs of EEW systems, accelerate their deployments around the world and has the potential to save many lives.

“The OpenEEW Project represents the very best in technology and in open source,” said Mike Dolan, Senior Vice President and GM of Projects at the Linux Foundation. “We’re pleased to be able to host and support such an important project and community at the Linux Foundation. The open source community can enable rapid development and deployment of these critical systems across the world.”

The OpenEEW Project includes several core IoT components: sensor hardware and firmware that can rapidly detect and transmit ground motion; real-time detection systems that can be deployed on various platforms from a Kubernetes cluster to a Raspberry Pi; and applications that allow users to receive alerts on hardware devices, wearables, or mobile apps as quickly as possible. The open source community aims to help advance earthquake technology by contributing to OpenEEW’s three integrated technology capabilities: deploying sensors, detecting earthquakes and sending alerts.

“For years we have seen that EEWs have only been possible with very significant governmental financing, due to the cost of dedicated infrastructure and development of algorithms. We expect that OpenEEW will reduce these barriers and work towards a future where everyone who lives in seismically-active areas can feel safe,” said Andres Meira, Founder, Grillo.

IBM and The Linux Foundation have a rich history of deploying projects that fundamentally make change and progress in society through innovation – and remain committed during COVID-19. The winner of the 2018 Call for Code Global Challenge, Project Owl, contributed its IoT device firmware in March 2020 as the ClusterDuck Protocol, and now, Grillo’s OpenEEW is the most recent project to be open sourced for communities that need them most.

Originally connected to Grillo through the Clinton Foundation at a convening of the Clinton Global Initiative (CGI) Action Network, IBM is now playing a role supporting Grillo by adding the OpenEEW earthquake technology into the Call for Code deployment pipeline supported by The Linux Foundation.

IBM has deployed a set of six of Grillo’s earthquake sensor hardware and is conducting tests in Puerto Rico, complementing Grillo’s tools with a new Node-RED dashboard to visualize readings. IBM is also extending a Docker software version of the detection component that can be deployed to Kubernetes and Red Hat OpenShift on the IBM Cloud.

“IBM is thrilled to continue collaborating with Grillo and to contribute to the new open source OpenEEW project with The Linux Foundation,” said Daniel Krook, Chief Technology Officer, Call for Code. “Grillo technology has the potential to help save lives, which is just the type of innovation we look for in Call for Code projects. This is an exciting opportunity for the developer community to help us improve the software, hardware, and global network as an open source project.”

Grillo sensors have generated more than 1TB of data since 2017 in Mexico, Chile, Puerto Rico and Costa Rica, including information from large earthquakes of magnitudes 6 and 7. Researchers from Harvard University and the University of Oregon are already working with this data, which will enable new machine learning earthquake characterization and detection methods.

“Understanding the ground on which Mexico City is built is an important facet of earthquake hazards. With support from the David Rockefeller Center for Latin American Studies at Harvard University and the David and Lucile Packard Foundation, we are working with Grillo to deploy a dense network of sensors across Mexico City and analyze the seismic behavior and local seismicity beneath the ancient lake basin. Our collaboration also enables open source software development for the next generation of seismology on the cloud,” said Harvard Professor Maine Denolle.

The primary aim of the project is to encourage a variety of people – makers, data scientists, entrepreneurs, seismologists – to build EEWs in places like Nepal, New Zealand, Ecuador, and other seismic regions. This community may also contribute to OpenEEW by advancing the sensor hardware design, improving detection and characterization of earthquakes through machine learning, and creating new methods for delivering alerts to citizens.

For more information and to begin contributing, please visit:

 

About the Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 1,500 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Community growth and engagement, coupled with new member support, offers additional approaches for assessing safety in applications using Linux.

 

SAN FRANCISCO, June 18, 2020 – As ELISA (Enabling Linux in Safety Applications) nears its year and a half anniversary, the project continues to hit key milestones showing its value for delivering foundational support for safety-critical applications.   ELISA, formed in February 2019 and a hosted project of the Linux Foundation, aims to create a shared set of tools and processes to help companies build and certify Linux-based safety-critical applications and systems whose failure could result in loss of human life, significant property damage, or environmental damage. 

As Linux continues to be a key component in safety applications, autonomous vehicles, medical devices, and even rockets, ELISA will make it easier for companies to build and expand these safety-critical systems. As a show of support for this business-critical initiative, several new members have joined the ELISA project. New members include Premier Member Intel/Mobileye, General Members ADIT, Elektrobit, Mentor, SiFive, Suzuki, Wind River and Associate Members Automotive Grade Linux and Technical University of Applied Sciences Regensburg. 

“Since forming ELISA, we’ve had incredible support from members and the community. As we near 18 months as a project, we’ve agreed on a strategy for partitioning the problem into manageable pieces, and have working groups making progress towards approaches to bridge between the linux and safety standards communities and are looking forward to continuing the path we’ve been on,” said Kate Stewart, Senior Director of Strategic Programs, The Linux Foundation. “We are encouraged by broad participation, as demonstrated by our nine new members, including Intel, as well as very active working groups. These kinds of activities are indicators of achieving the critical mass needed to establish a widely discussed and accepted methodology.”

“Intel and Mobileye see the Linux Operating system as an important player in the functional safety software ecosystem,” said Simone Fabris, ELISA Governing Board member and senior director of system safety at Mobileye, an Intel Company.  “The impact and skills of the open source community will be harnessed through the ELISA project to increase the safety integrity of future embedded systems while, at the same time, contributing to a better quality, reduction of development costs and speed up the delivery of complex functional safety systems across multiple industry domains including autonomous driving and avionics.”

“Linux has evolved ever since its inception to run on devices small and large while serving the needs of a wide spectrum of technology, from an elevator to a supercomputer,” said Shuah Khan, ELISA Technical Steering Committee Member and Linux Foundation Fellow. “Each of these evolutions requires identifying what is needed and what is missing in the existing code base and enhancing existing features and adding new ones. ELISA project’s mission is to evolve Linux to serve an emerging and important safety-critical space that spans medical devices, civil infrastructure, caregiving robots, automotives, and others.”

In addition to incredible member growth, ELISA has established several work groups to further the crucial work of the cross-industry project and its work toward advancing open source in safety-critical systems. These groups include Kernel Development Process,  Safety Architecture, Medical Devices and is now forming an Automotive working group.

Community members will have the chance to learn more about this important work during the Linux Foundation’s Open Source Summit North America where Kate Stewart, Senior Director of Strategic Programs, The Linux Foundation, is set to give a keynote speech, “Keynote: Open Source in Safety Critical Applications: The End Game.” For the first time, this event will also include an Open Source Dependability track. See the full schedule for Open Source Summit North America taking place virtually from June 29, 2020 to July 2, 2020.

In addition, ELISA will continue to hold regular workshops to discuss approaches to solving the missing pieces and better tooling. Listen to previous workshops and get notified of upcoming events at https://elisa.tech/news/.

New Member Quotes

ADIT, a joint venture of Robert Bosch GmbH and DENSO Corporation

“Having followed ELISA since May 2019 and having participated in all workshops so far, I am excited to see the recent increase of interest in the field of Automotive and Linux; the core competence of ADIT. The enthusiastic collaboration between functional safety participants combined with the recent excellent contributions from Linux experts are adding the value and momentum needed to enable Linux in safety applications and to make ELISA a success story”, said Philipp Ahmann, manager at ADIT, a joint venture of Robert Bosch GmbH and DENSO Corporation.

Automotive Grade Linux 

“Functional safety is an increasingly important topic for Automotive Grade Linux as we expand into Instrument Cluster and eventually into Autonomous Vehicle solutions”, said Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation. “With the support of eleven car manufacturers and over 150 companies, we look forward to collaborating with ELISA Project and help drive the requirements from an automotive perspective.”

Elektrobit

“The research done in the ELISA project defines the future of enabling Linux for functional safety applications,” said Martin Schleicher, Executive Vice President Business Management, Elektrobit. “Vehicles are clearly products with special sensitivity.  EB is pleased to be part of this exciting project and looks forward to contributing its broad experience in automotive software and functional safety expertise to drive the development of mission critical automotive software.”

Mentor, a Siemens business

“The ELISA project enables Safety and Linux experts to work hand in hand on the future topics in using Linux in safety-related systems. Under the umbrella of the Linux Foundation the organizational frame allows constructive discussions about the main challenges for ‘making Linux safe,’” said Michael Ziganek, General Manager, Automotive Business Unit, Mentor, a Siemens business. “For us as Mentor, a Siemens business, being part of ELISA is an accelerator to have more customized technology offerings for our customers regarding our automotive software solutions, especially to integrate and maintain Linux in safety-critical systems.”

Technical University of Applied Sciences Regensburg

“After closely, but informally collaborating with the ELISA project via research, student and development projects, we are excited about joining ELISA as an associate member! Combining the industrial experience and insights of the world leaders in safety-critical Linux systems with the group’s research portfolio will bring marked benefits to both, industrial and academic communities, who are still too often at a distance from one another,” says Prof. Dr. Wolfgang Mauerer, head of the digitalization laboratory at OTH Regensburg.

Wind River

“Companies in all sectors will greatly benefit from the ELISA project’s goal of advancing open source to building and certifying Linux-based safety-critical applications and systems. When stakes are high and failure is not an option, it is vital for the ecosystem to work together to make safety a priority. Wind River has a long history in Linux and mission-critical systems and we look forward to contributing in order to help the ELISA project advance Linux for safety-critical applications,” said Gareth Noyes, senior vice president, Products, Wind River.

About ELISA

ELISA, Enabling Linux in Safety Applications, is an open source project hosted by the Linux Foundation. ELISA’s goal is to create a shared set of tools and processes to help companies build and certify Linux-based safety-critical applications and systems whose failure could result in loss of human life, significant property damage or environmental damage. Building off the work being done by SIL2LinuxMP project and Real-Time Linux project, ELISA will make it easier for companies to build safety-critical systems such as robotic devices, medical devices, smart factories, transportation systems and autonomous driving using Linux. Founding members of ELISA include Arm, BMW Car IT GmbH, KUKA, Linutronix, and Toyota.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

# # #

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Developers can help extend Project OWL’s reach by leveraging new open source technology to build mesh network nodes for emergency communications networks globally 

Lake Tahoe, Calif.,  March 10, 2020 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced Project OWL’s IoT device firmware effort will be hosted at the Foundation and is inviting developers worldwide to build mesh network nodes for global emergency communications networks. Project OWL, the winner of Call for Code 2018, is a cloud-based analytics tool that helps facilitate organization, whereabouts, and logistics for disaster response. The Linux Foundation’s open governance model will enable a global network of developers to accelerate the development of the mesh networks, which could help save lives following a natural disaster.

Project OWL (Organization, Whereabouts, and Logistics) has developed mesh network of Internet of Things (IoT) devices called “DuckLinks” that can be deployed or activated in disaster areas to quickly reestablish connectivity and improve communication between first responders and civilians in need. A central portal connects to solar- and battery-powered water resistant ‘DuckLinks’ that are placed in the field to generate a Local Area Network (LAN) using a Wi-Fi captive portal powered by low frequency Long-range Radio (LoRa) connectivity. These DuckLinks provide an emergency network to all mobile devices in their perimeter, instructing people how to connect to an emergency response portal. First responders can also use analytics and data sources to build a dashboard and formulate an action plan, such as coordinating resources, learning about weather patterns, and communicating with civilians who would otherwise be cut off.

Project OWL envisions the nodes creating large-scale communications networks in the wake of natural disasters. The open source release of OWL’s firmware can quickly turn a cheap wireless device into a DuckLink, a mesh network node capable of connecting to any other Ducks physically around it. This release marks a significant milestone putting the ClusterDuck Protocol into the hands of global developers. This is a starting point to even larger efforts in communities around the world to provide communications where infrastructure is degraded or nonexistent.

“Becoming part of The Linux Foundation community is a huge boost in accelerating our goal to better prepare communities and mitigate impact when hurricanes, floods or earthquakes strike. We want to challenge developers to build mesh network nodes for global emergency communications networks leveraging our newly open-sourced IoT firmware,” said Bryan Knouse, Co-Founder of Project OWL.

“When developing technologies that can have a direct impact on human life, it’s more important than ever to bring the largest possible global community of developers together working with an open governance model,” said Michael Dolan, VP of Strategic Programs at The Linux Foundation. “Project OWL’s technology solution is providing better information and analytics and enabling quicker distribution of resources and care where and when it’s needed most. We’re proud to support such a worthy cause.”

“As a developer, I am excited Project OWL’s firmware is open source and not just a hardware-software product. OWL has become a global movement that anyone from anywhere on the planet can join, contribute and address global issues,” said Vikas Singh, India-based open source developer.

In 2018, Project OWL emerged as the global winner in the inaugural Call for Code Global Challenge, competing with more than 100,000 participants from 156 nations. The Call for Code Global Challenge encourages and fosters the creation of practical applications built on open source software. The goal is to employ technology in new ways that can make an immediate and lasting humanitarian impact in communities around the world. Since winning in 2018, Project Owl has been fortified, tested, and deployed through IBM Code and Response, a $25 million, four-year deployment initiative to put open source technologies in the communities where they are needed most.

“Project OWL was our first Call for Code winner that went through the Code and Response incubation process, and we’re excited to see this solution grow closer to reality,” said Daniel Krook, IBM Chief Technology Officer for Call for Code and Code and Response. “We were impressed with their combination of a complete software and hardware open source solution, utilizing an AI-powered disaster coordination platform paired with a robust communication network to reach people when connections are down. IBM is committed to using the power of our network and technical know-how to alleviate suffering from climate change and natural disasters, and we’re thrilled to have the support of The Linux Foundation as we deploy the project globally.”

In March 2019, Project OWL and IBM took on a large-scale pilot trip to Puerto Rico, deploying over 63 ducks each covering two square miles. This was followed by two additional pilots in the west and southeast of the island, engaging with local students, businesses, government representatives, and first responders. OWL currently has 30 permanent, solar-powered devices deployed across Puerto Rico in areas that are vulnerable to earthquakes, flooding, fire or other weather conditions.

Resources:

Code and Response™ with The Linux Foundation: https://www.linuxfoundation.org/projects/code-and-response/

Contribute on GitHub: https://github.com/Code-and-Response/ClusterDuck-Protocol

Learn more about the ClusterDuck Protocol: http://clusterduckprotocol.org/

 

About Call for Code

Developers have revolutionized the way people live and interact with virtually everyone and everything. Where most people see challenges, developers see possibilities. That’s why David Clark Cause created and launched Call for Code in 2018 alongside Founding Partner IBM. This five-year, $30 million global initiative is a rallying cry to developers to use their skills and mastery of the latest technologies, and to create new ones, to drive positive and long-lasting change across the world with their code. Call for Code global winning solutions, among others, are further developed and deployed via the IBM Code and Response initiative.

About The Linux Foundation

Founded in 2000, The Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. The Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

 

Media Contacts

Beth Handoll

ReTHINKitMedia

beth@rethinkitmedia.com

+1 415 535 8658