7 MIN READ
The Linux Foundation | 07 December 2021
In 2021 the Linux Foundation (“LF”) emerged from the worst pandemic in a century and embraced new horizons. The collaborative activities in our project communities weathered the COVID-19 crisis exceptionally well, and many communities are now pushing forward with a renewed sense of purpose.
Our organization’s namesake project, the Linux kernel, has celebrated an amazing milestone: its 30th birthday. Over the years, more than 55,000 people have contributed code to improve Linux, and today, Linux can be found everywhere. Over 5.4 billion people rely on Linux as it powers the vast majority of smartphones, the world’s largest cloud environments, and the world’s fastest computers. It’s also assisting in scientific discovery on Mars. After three decades of development, the project continues to ship new code, features, and performance enhancements.
While our community continues to accelerate innovation in software development, the rising tide of cybersecurity threats has planted itself firmly on our shores. We all rely on software supply chains that are constantly under attack by an increasingly sophisticated adversary, causing us to reflect on our role and responsibility in securing the world’s critical technology infrastructure.
In 2021 we saw much progress in our quest to “harden” the software supply chain. The Software Package Data Exchange® (SPDX®) community received formal recognition as an international ISO/IEC standard (5962:2021), making it easier for organizations to require a Software Bill of Materials (SBOM) with suppliers and customers. This came on the heels of OpenChain receiving ISO/IEC approval as an international standard (5230:2020) for open source licensing compliance. We also saw new collaborations emerge this year, like sigstore, which is on its way to becoming a de facto standard for signing packages and digital artifacts used throughout a supply chain.
The Open Source Security Foundation (OpenSSF), launched in August 2020, brought together a community of experts focused on software supply chain security challenges. This community had an amazing start publishing guidance for best practices (e.g., badges and scorecards), creating new tools and frameworks (e.g., SLSA), establishing and collecting metrics, developing free, globally accessible training materials, and publishing research, such as the findings of its FOSS Contributor Survey in collaboration with Harvard’s Laboratory for Innovation Science.
Our members responded to the progress by doubling down and making significant additional investments in OpenSSF as a vehicle for solving the world’s supply chain security challenges. In October, we announced that the Linux Foundation and OpenSSF raised over $10 million to invest in leadership and initiatives, boldly aspiring to impact supply chain security dramatically. The LF could not have done this without significant support from our members, including OpenSSF’s premier members 1Password, AWS, Cisco, Citi, Dell Technologies, Ericsson, Meta, Fidelity, GitHub, Google, Huawei, Intel, IBM, JP Morgan Chase, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk, and VMWare.
The importance of open source in the world’s cybersecurity efforts highlights its importance to our modern society. As new organizations, new industries, and policymakers have approached the LF for guidance on open source, we recognize there is a need for modern insights into why and how open collaboration works. There is a need to understand the dynamics of communities, where and how value is derived, and the intersection of supply chains and open source collaboration. To that end, this year, we launched Linux Foundation Research to explore the role of open source software, standards, and communities as a framework for mass innovation, collaboration, and problem-solving.
Research into important topics such as cybersecurity and SBOM readiness is already underway, along with project-specific insights sought by our project communities. We think this investment will provide actionable data and insights supporting more informed decision-making across technology and industry ecosystems. Finally, while most research organizations hoard data privately, our research approach has an open flair — we’re making all non-personally identifiable data available under the Community Data License Agreement — Permissive, Version 2.0, a revised data-sharing framework our legal community worked to release this year.
Having a research capability also provides new opportunities to more deeply explore challenges and opportunities in community collaboration. For example, this year LF Research partnered with AWS, CHAOSS, Comcast, Fujitsu, GitHub, GitLab, Hitachi, Huawei, Intel, NEC, Panasonic, Renesas, Panasonic, Red Hat, and VMware to examine the state of diversity, equity, and inclusion (DEI) in open source communities. To nurture and grow open source, we need to understand better how DEI is practiced and encouraged in open source communities. We hope this research will also support other collaborative efforts supporting DEI goals, such as the Inclusive Naming Initiative, the Software Developer Diversity and Inclusion Project (SDDI), Fair Change, and Open Sentencing.
And with our industry partners, such as Microsoft and Accenture, we’ve launched several new projects and foundations that are meaningful to humanity. The Green Software Foundation seeks to add sustainability to software engineering efforts. The AgStack Foundation, launched in May 2021, is building an open source digital infrastructure for agriculture to accelerate that industry’s digital transformation and address climate change.
While open source drove innovation across the technology landscape, it also saw acceleration within industry verticals. The LF helped launch several new collaborations focused on driving 5G and telecommunications, including the 5G Super Blueprint, a partnership with Next Generation Mobile Network Alliance (NGMN), Magma Foundation, and the new Mobile Native Foundation. Our members also expanded open source innovation in the media and entertainment industry with the launch of Open 3D Engine (O3DE), a new open source AAA 3D engine for gaming, simulation, and storytelling. The O3DE ecosystem complements our existing Academy Software Foundation (ASWF). ASWF’s community added a new project for shading materials in graphics this year called MarterialX. Moviegoers may have experienced the effects of this project in Star Wars: The Force Awakens.
Our project communities’ ambitions often lead to a focus on building communities. We’ve seen many experts continue to collaborate on community engagement in the highly active TODO Group. However, there comes a time when our communities need tools to help scale and support their growth. In 2020, the LF embarked on a journey with key community leaders to build tools that enable those leaders and others to better understand and more effectively engage with a project community. The results of these investments are now starting to roll out as the LFX platform. I’d like to thank all those in our community who provided feedback, guidance, suggestions, and sometimes the raw critiques we needed to build something better.
We started with tools we knew would make maintainers more efficient on tasks they really did not want to spend time on, such as processing Contributor License Agreements (CLAs) electronically in EasyCLA. Many maintainers were also interested in understanding their community dynamics leading to the creation of LFX Insights, which aggregates, analyzes, and contextualizes data across all of a community’s repositories, communication channels, and contributors. Conversations about community health led to requests for tools to recruit and engage new project participants, particularly from diverse sources, and LFX Mentorship was born. Once engineers on our projects saw what LFX could do, they requested additional capabilities to configure and manage their projects. LFX Project Control Center now promises to enable engineers to provision and configure resources online in minutes with API-driven automation for common open source project tasks such as provisioning new cloud resources, managing DNS, and more.
The LF also heard the needs of our corporate members to have better visibility into how their organization is engaged in our communities. We’ve developed the LFX MyOrg tool to help corporate managers get a better view across their organization’s participation, find paths to collaborating in projects, exercise the benefits available to them as members, and more — all from a single system. All of these tools are now available to our communities and members through lfx.linuxfoundation.org.
Many of our members have been faced with a skills shortage. The LF’s 2021 Jobs Report, released in October with edX, shows trained and certified open source professionals, particularly with cloud and container expertise, are in high demand and are in short supply. Such data points highlight the need to train people and enable new opportunities to grow their careers in open source. Our training and certification efforts continued to gain steam this year. Over 68,00 individuals registered for new certifications in the past year, a 50% increase over 2020, while 2 million people enrolled in the LF’s free training courses.
And finally, I’ll wrap up by saying we sincerely missed seeing our communities in person. The last two years have been difficult — to harrowing — for many suffering from the lingering pandemic. However, this year we have seen hope on the horizon. We produced dozens of successful virtual conferences throughout 2021, but the feedback was clear: people wanted to meet in person again. Our events team did a thorough job researching and soliciting advice from experts and public health authorities. That preparation enabled us to welcome our communities back together, in-person, this fall at events like Open Source Summit in Seattle, Open Source Strategy Forum and OSPOCon Europe in London, and KubeCon+CloudNativeCon North America in Los Angeles, the latter of which gathered over 3,000 community members in person. These events would not have been possible without our commitment to attendee safety by requiring vaccinations and using vaccine verification technologies, diligent on-site health checks, and strict enforcement of the use of masks and social distancing protocols. With borders opening up shortly, we are ecstatic to see even more of our community, live and in-person, again in 2022.
On behalf of the entire Linux Foundation team, I congratulate our communities for their exceptional outcomes under another extraordinarily challenging year and wish all of you a happy and prosperous 2022, when I hope we get to see you in person once again.
Jim Zemlin
Executive Director,
The Linux Foundation
These efforts are made possible by our members. To learn how your organization can get involved with the Linux Foundation, click here.