The Linux Foundation announces collective to enhance open source software security

the-linux-foundation-announces-collective-to-enhance-open-source-software-security

The newly formed Open Source Security Foundation includes titans in technology such as Google, Intel, Microsoft, IBM, and more.

open source handwritten with related word cloud

Image: Getty Images/iStockphoto

Open-source code has become  integral for global organizations across. In 2019, Red Hat’s initial State of Enterprise Open Source survey found that 69% of IT professionals surveyed believed open-source software to be very important or extremely important. In the 2020 Red Hat survey, more than three-quarters (77%) of IT leaders believed the use of open source solutions in the enterprise will continue to see growth.

Today, the creation of the Open Source Security Foundation (OpenSSF). The newly formed organization is intended to unite leaders across industries to enhance open-source software (OSS) security. To do so, this multi-industry collaborative will focus on creating “targeted initiatives,” streamlining recommended best practices, and more. Overall, the partnership involves efforts from major players in the tech industry including IBM, Google, GitHub, Microsoft, Okta, Intel, and others.

SEE: Linux file and directory management commands (TechRepublic Premium)

“We believe open source is a public good and across every industry we have a responsibility to come together to improve and support the security of open source software we all depend on,” said Jim Zemlin, executive director at The Linux Foundation in a press release. “Ensuring open source security is one of the most important things we can do, and it requires all of us around the world to assist in the effort. The OpenSSF will provide that forum for a truly collaborative, cross-industry effort.”

According to The Linux Foundation, an array of contributors are involved in the open-source software development process and, as a result, “it is important that those responsible for their user or organization’s security are able to understand and verify the security of this dependency chain.” The creation of the OpenSSF is designed to unite leading open-source security projects with the individuals and organizations that support these initiatives.

The Linux Foundation’s Core Infrastructure Initiative (CII), which was created following the Heartbleed bug, is one such open-source security program brought into the fold with the creation of OpenSSF. Others include GitHub Security Lab’s Open Source Security Coalition.

SEE: macOS Big Sur: A cheat sheet (free PDF) (TechRepublic)

As part of the announcement, The Linux Foundation also disclosed additional details related to OpenSFF’s governance structure such as the formation of a Technical Advisory Council (TAC), Governing Board (GB) as well as separate oversight bodies “for each working group and project.”

“Every industry is using open source software, and it is our collective responsibility to help maintain a healthy and secure ecosystem,” said vice president of product security at GitHub, Jamie Cool, in a press release.

Open Source Weekly Newsletter

You don’t want to miss our tips, tutorials, and commentary on the Linux OS and open source applications.
Delivered Tuesdays



Sign up today

Also see

Linux file and directory management commands

linux-file-and-directory-management-commands
  • Provided by
    TechRepublic Premium
  • Published
    July 30, 2020
  • Topic
    TechRepublic Premium
  • Format
    PDF

If you’re new to the world of Linux server administration, you might be overwhelmed with the idea of having to deal with the command line. However, it’s almost inevitable that you will have to face those fears. And even though you can install a GUI on those servers, the added overhead and security risks might have you second-guess that decision. When you combine that with the reality that the most popular form of working remotely on Linux is via SSH and the Command Line Interface (CLI), chances are pretty good you’ll need to know a command or two.

Without a solid understanding of these basic commands, you’ll have a hard time pulling off simple tasks on headless or remote Linux servers.

But fret not, TechRepublic Premium has you covered. Within this document you’ll find all of the commands you need to manage directories and files from the command line on a Linux machine. With these commands in your toolkit, you won’t have any problem managing files and directories from the CLI on a Linux machine. You can move about the directory structure, list contents and permissions of files, change permissions and ownership of files and directories, create files and directories, and more.

People Also Downloaded

Linux Foundation offering Kubernetes certifications courses and exams as demand spikes

linux-foundation-offering-kubernetes-certifications-courses-and-exams-as-demand-spikes

Since October 2015, the share of Kubernetes jobs per million grew by 2,141%, while the share of Kubernetes job searches increased 2,125%.

kubernetes-emblem-white-helm-on-blue-background-in-sketch-style-vector-id1189299051.jpg

Image: Oleg Mishutin, Getty Images/iStpckPhoto

With more than 40 million Americans filing for unemployment benefits since the coronavirus pandemic cratered the economy, dozens of states and organizations are looking for ways to reskill people as they look for new lines of work.

The Cloud Native Computing Foundation has now partnered with the Linux Foundation to offer certifications courses and exams that allow people to become Certified Kubernetes Administrators and Certified Kubernetes Application Developers.

As businesses move to the cloud, enabler technologies like Kubernetes are seeing a quantum leap in terms of innovation and adoption. While enterprise adoption is still in the early stages,  Kubernetes is expected to replace antiquated container orchestration tools in the coming years, as it is increasingly adopted throughout organizations. 

Demand for candidates with knowledge of Kubernetes has spiked in recent years as more organizations turn to the technology. According to Indeed, between October 2015 and October 2019, the share of Kubernetes jobs per million grew by 2,141% while the share of Kubernetes job searches increased 2,125%. 

Almost 45,000 people have registered for the courses so far, and the Linux Foundation recently announced the availability of a bootcamp program designed so that those with very little to no experience can become certified cloud engineers in six months. This bootcamp includes a Kubernetes fundamentals course.

Priyanka Sharma, general manager of the Cloud Native Computing Foundation, told TechRepublic that Kubernetes has been described as the “future of computing,” and people are getting certified to increase their career prospects. 

“Kubernetes and containers have become virtually synonymous with cloud-native development, which allows companies to move fast, deploy software efficiently and operate at an unprecedented scale. From Gmail to YouTube to Search, everything at Google, for instance, runs in containers,” Sharma said. “But companies are finding it difficult to fill these positions. A StackRox survey of 540 IT and security professionals cited both an internal skills shortage and a steep learning curve as the two most significant Kubernetes challenges impacting their companies.”

SEE: Kubernetes security guide (free PDF) (TechRepublic)

According to a release from the foundation, the bootcamps can be finished in six months if people spend about 20 hours studying each week. The bootcamp costs $999.

Demand for Kubernetes skills is increasing amid COVID-19 as cloud providers confront surging demand and are forced to scale services. With containerized services, built in a cloud-native way, workloads can more easily move to where capacity exists, Sharma explained. With nearly everyone relying on technology more than ever, traffic to websites or applications have had to scale 10 times or more nearly overnight. 

Retailers, in particular, are seeing rapid scaling, and Kubernetes has been used in such things as inventory search functions, Sharma said, adding that Kubernetes skills are now so in demand that it can have a direct impact on a candidate’s pay rate. 

ZipRecruiter found that as of Jun 29, 2020, the average annual pay for the Kubernetes jobs category in the United States is $147,732 a year

Abubakar Siddiq Ango, Technical Evangelism program manager at GitLab, said that having the Certified Kubernetes Administrator exam under his belt gave him a huge advantage.

“It helped me move up in my company into my current role as a program manager on the Technical Evangelism team where I am able to lend more to my teams and my company. Passing the exam helped me at my job in almost every task,” Ango said. 

“It also gave me the opportunity to train other members on the team and grow our team’s expertise. Having passed the exam hugely validates your knowledge, and also teaches you where there may be important gaps in your knowledge.”

SEE: 10 high-paying tech jobs that don’t require a degree (TechRepublic)

In addition to the courses and exams at Cloud Native Computing Foundation, there are free Kubernetes courses on Katakoda as well as official tutorials on Kubernetes Docs. There are books on it and a comprehensive list of resources on GitHub called “Awesome Kubernetes.”

Even when Kubernetes is not explicitly mentioned in job ads, some knowledge of it is now a tacit requirement for positions like software engineer, DevOps engineer, DevOps platform engineer, cloud engineer, systems engineer, and site reliability engineer.

Before diving headfirst into Kubernetes courses, some knowledge of Linux and plain Kubernetes is helpful in addition to a basic understanding of concepts like virtualization and containers. 

Ango said he spent months studying Kubernetes on his own before taking the courses and used the exams to validate everything he learned on his own. 

The Cloud Native Computing Foundation published 38 case studies in 2019 detailing the learnings of a diverse group of end users committed to accelerating the adoption of cloud native technologies, including Kubernetes, and improving the deployment experience. 

Sharma said more than 126,600 people have registered through CNCF for free Kubernetes Edx courses. 

“Kubernetes wouldn’t be anywhere close to where it is today without the incredible community of thousands of developers and engineers spanning hundreds of companies. Today, Kubernetes is used by more than 50% of the Fortune 500 to run mission-critical applications,” Sharma noted.

 

“The support, neutrality, and community that foundations provide play a large role in helping these projects reach velocity by making sure they are free of partisan influence, fostering the growth and evolution of the ecosystem through common technical standards across the various pieces, and serving the community by making the technology accessible and reliable to everyone.”

Cloud and Everything as a Service Newsletter

This is your go-to resource for XaaS, AWS, Microsoft Azure, Google Cloud Platform, cloud engineering jobs, and cloud security news and tips.
Delivered Mondays



Sign up today

Also see

Linux Foundation announces open source exposure notification apps initiative to combat COVID-19

linux-foundation-announces-open-source-exposure-notification-apps-initiative-to-combat-covid-19

The project will use the Google Apple Exposure Notification system to support public health authority’s testing, tracing, and isolation practices.

Image: iStockphoto/Elenabs

The Linux Foundation introduced its latest project that uses open source technologies to help public health authorities (PHAs) fight against the COVID-19 pandemic. The Linux Foundation Public Health (LFPH) initiative, announced on Monday, focuses on the use of open source exposure notification applications. 

SEE: COVID-19 workplace policy (TechRepublic Premium)

With applications based on the Google Apple Exposure Notification (GAEN) system, LFPH aims to support every step of the PHA’s testing, tracing, and isolation journey, according to a press release.

“To catalyze this open source development, Linux Foundation Public Health is building a global community of leading technology and consulting companies, public health authorities, epidemiologists, and other public health specialists, privacy and security experts, and individual developers,” said Dan Kohn, LFPH general manager, in the release. 

“While we’re excited to launch with two very important open source projects, we think our convening function to enable collaboration to battle this pandemic may be our biggest impact,” Kohn added.

LFPH is working alongside seven key partners: Cisco, doc.ai, Geometer, IBM, NearForm, Tencent, and VMware. The initiative focuses on two key applications—COVID Shield and COVID Green—which are being deployed in Canada, Ireland, and several US states.

COVID Shield and COVID Green 

COVID Shield was created by a volunteer team of more than 40 developers from Shopify and is working toward being deployed in Canada. The app is a free exposure notification solution with the mission of helping Canadians safely return to work, according to the COVID Shield homepage.

COVID Shield is not directly available for download, but is instead offered as a reference point for local  public health authorities to build their own app. 

The mobile app is intended to run in the background with no user interaction after onboarding. Via Bluetooth, the app collects and shares random IDs with nearby phones that have COVID Shield installed. If a user tests positive for the coronavirus, they  can anonymously share their data so others can be aware of exposure. 

COVID Green is another coronavirus tracker app developed by NearForm as a part of the Irish government’s response to the pandemic, according to the release.

Since its launch two weeks ago, the app has been adopted by more than one-third of the country’s adults. 

Both apps are available for other PHAs and IT partners to customize and use, and they will be joined by other open source projects hosted by LFPH, according to the release.

Last week, LFPH hosted representatives from nearly every country who are building a GAEN app during its online GAEN Symposium. During the symposium, attendees discussed some of  the difficult issues PHAs are facing and how GAEN apps could help.

As stated in a press release from Google and Apple, “Traditional methods of contact tracing are critical to containing the spread of infection. Technology can support and augment these efforts by allowing public health authorities to quickly notify people who may have been exposed to a person who has contracted COVID-19, including those the person might not know directly. This starts with Exposure Notifications on your smartphone, which enable contact tracing apps to send you a notification if you’ve likely been exposed to COVID-19.” 

LFPH has also created a landscape that allows for the tracking of open and closed source applications in the COVID-19 response ecosystem,  as well as the where applications are in their rollouts around the world.

For more, check out Digitizing coronavirus contact tracing is essential for reopening the country. Here are the details on TechRepublic.     

Tech News You Can Use Newsletter

We deliver the top business tech news stories about the companies, the people, and the products revolutionizing the planet.
Delivered Daily



Sign up today

Also see

How to install Linux

how-to-install-linux

How to install Linux

Length: 2: 19 |
Jul 20, 2020

If you think Linux is hard to install, Jack Wallen puts that concern to rest.

How to install Linux

how-to-install-linux

If you think Linux is hard to install, Jack Wallen puts that concern to rest.

Linux. For some it invokes a face full of smiles and a chest filled with relief. For others, it brings up a certain level of fear. Isn’t it all commands? Don’t you have to be an uber-level IT admin or developer to use it? Although I will admit, in the early days, having a bit of admin or developer skills certainly did help, but that’s not the case any more. 

This is perfectly illustrated by the installation process for Linux. What was once a challenge, is now a five- to 10-minute point-and-click affair that ends with operating system nirvana. 

But what is the installation of modern Linux like? 

Let me show you. 

I’ll demonstrate with Ubuntu Desktop 20.04. 

How to install Linux

  1. Click Install Ubuntu and then select your keyboard layout. 
  2. Click Continue and then click the checkbox for Install Third-Party Software. 
  3. Click Continue and (unless you need a non-default installation type) click Install Now. 
  4. When prompted, click Continue to OK the installation. 
  5. Next, select a locale and click Continue. You will then be prompted to create a new user, so type your name, a name for the computer (aka the hostname), a username, and a password. After filling out that information, click Continue. 
  6. At this point the downloading and installing of the required packages will begin, so either sit back and watch it happen, or go take care of another task. This should take around five to 10 minutes, depending on the speed of your network connection and the power of the machine. 
  7. When it completes, you’ll be prompted to restart to finish up the process. Reboot, log in, and start using Linux. 

And that’s all there is to installing Linux. Seriously, it’s that easy. In fact, you won’t find an easier operating system to install. So, if you have some spare hardware sitting around, and you’re looking for something to do this summer, install Linux and learn the ins and outs of the open source OS. Expand your knowledge and open new paths to success.

http://www.techrepublic.com/

Open Source Weekly Newsletter

You don’t want to miss our tips, tutorials, and commentary on the Linux OS and open source applications.
Delivered Tuesdays



Sign up today

Also see

Image: Jack Wallen

How Linux makes data recovery easy

how-linux-makes-data-recovery-easy

About

How Linux makes data recovery easy

Length: 2: 13 |
Jul 7, 2020

Recovering data isn’t something any IT pro wants to face. But when the occasion arises, you’ll be glad Linux is around to give you a hand.

Share



Contact