A Software Bill of Materials (SBOM) is a complete, formally structured list of components, libraries, and modules required to build (i.e., compile and link) a given piece of software and the supply chain relationships between them. These components can be open source or proprietary, free or paid, and widely available or restricted access. SBOMs that can be shared without friction between teams and companies are a core part of software management for critical industries and digital infrastructure in the coming decades.
SBOMs are especially critical for a national digital infrastructure used within government agencies and in critical industries that present national security risks if penetrated. SBOMs would improve understanding of those software components’ operational and cyber risks from their originating supply chain.
This SBOM readiness survey is the Linux Foundation’s first project addressing how to secure the software supply chain. The foundation of this project is a worldwide survey of IT professionals who understand their organization’s approach to software development, procurement, compliance, or security. Organizations surveyed will include both software producers and consumers. An important driver for this survey is the recent Executive Order on Cybersecurity, which focuses on producing and consuming SBOMs.
The objectives of the survey are as follows:
- How concerned are organizations about software security?
- How familiar are organizations with SBOMs?
- How ready are organizations to consume and produce SBOMs?
- What is your commitment to the timeline for addressing SBOMs?
- What benefits do you expect to derive from SBOMs?
- What concerns you about SBOMs?
- What capabilities are needed in SBOMs?
- What do organizations need to improve their SBOM operability?
- How important are SBOMS relative to other ways to secure the software supply chain?
Data from this survey will enable the development of a maturity model that will focus on how the increasing value provided by SBOMs as organizations build out their SBOM capabilities.
The survey is available in seven languages:
To take the 2021 State of SBOM Readiness Survey, click the button for your desired language/region below:
As a thank-you for your participation, you will receive a 20% registration discount to attend the Open Source Summit/Embedded Linux Conference event upon completion of the survey. Please note this discount is not transferable, and may not be combined with other offers.
We will summarize the survey data and share the findings at the Open Source Summit/Embedded Linux Conference in September.
If you have questions regarding this survey, please email us at firstname.lastname@example.org.
The TODO Group, together with Linux Foundation Research and The New Stack, is conducting a survey as part of a research project on the prevalence and outcomes of open source programs among different organizations across the globe.
Open source program offices (OSPOs) help set open source strategies and improve an organization’s software development practices. Since 2018, the TODO Group has conducted surveys to assess the state of open source programs across the industry. Today, we are pleased to announce the launch of the 2021 edition featuring additional questions to add value to the community.
The survey will generate insights into the following areas, including:
- The extent of adoption of open source programs and initiatives
- Concerns around the hiring of open source developers
- Perceived benefits and challenges of open source programs
- The impact of open source on organizational strategy
We hope to expand the pool of respondents by translating the survey into Chinese and Japanese. Please participate now; we intend to close the survey in early July. Privacy and confidentiality are important to us. Neither participant names, nor their company names, will be published in the final results.
To take the 2021 OSPO Survey, click the button below:
As a thank you for completing this survey, you will receive a 75% discount code on enrollment in The Linux Foundation’s Open Source Management & Strategy training program, a $375 savings. This seven-course online training series is designed to help executives, managers, and software developers understand and articulate the basic concepts for building effective open source practices within their organization.
We will summarize the survey data and share the findings during OSPOCon 2021. The summary report will be published on the TODO Group and Linux Foundation websites.
If you have questions regarding this survey, please email us at email@example.com.
FINOS, the fintech open source foundation, and its research partners, Linux Foundation Research, Scott Logic, WIPRO, and GitHub, are conducting a survey as part of a research project on the state of open source adoption, contribution, and readiness in the financial services industry.
The increased prevalence, importance, and value of open source is well understood and widely reported by many industry surveys and studies. However, the rate at which different industries are acknowledging this shift and adapting their own working practices to capitalize on the new world of open source-first differs considerably.
The financial services industry has been a long-time consumer of open source software, however many are struggling in contributing to, and publishing, open source software and standards, and adopting open source methodologies. A lack of understanding of how to build and deploy efficient tooling and governance models are often seen as a limiting factor.
This survey and report seeks to explore open source within the context of financial services organizations; including banks, asset managers, and hedge funds but will be designed as a resource to be used by all financial services organizations, with the goal to make this an annual survey with a year-on-year tracing of metrics.
Please participate now; we intend to close the survey in early July. Privacy and confidentiality are important to us. Neither participant names, nor their company names, will be published in the final results.
To take the 2021 FINOS Survey, click the button below:
As a thank-you for completing this survey, you will receive a 75% discount code on enrollment in the Linux Foundation’s Open Source Management & Strategy training program, a $375 savings. This seven-course online training series is designed to help executives, managers, and software developers understand and articulate the basic concepts for building effective open source practices within their organization.
We will summarize the survey data and share the findings during Open Source Strategy Forum, 2021. The summary report will be published on the FINOS and Linux Foundation websites.
If you have questions regarding this survey, please email us at firstname.lastname@example.org.
Hyperledger, a Linux Foundation project that was established in 2015, is an open source collaborative effort created to advance cross-industry blockchain technologies. It is a global collaboration including participation from leaders in finance, banking, healthcare, supply chains, manufacturing, and technology.
Together with Linux Foundation Research, Hyperledger is conducting a survey to measure the market awareness and perceptions of Hyperledger and its projects relative to other blockchain platforms used in the technology industry, specifically identifying myths and misperceptions. Additionally, the survey seeks to help Hyperledger articulate the perceived time to production readiness for products and understand motivations for developers that both use and contribute to Hyperledger technologies.
- Participants who complete the survey will receive a 50 percent discount on attendance to Hyperledger Global Forum, June 8-10, 2021
- Please participate now; we intend to close the survey in early June.
- Privacy and confidentiality are important to us. Neither participant names, nor their company names, will be displayed in the final results.
- This survey should take no more than 20 minutes of your time.
To take the 2021 Hyperledger Market Survey, click the button below:
Thanks to our survey partner Linux Foundation Japan.
Thank you for taking the time to participate in this survey conducted by Hyperledger, an open source project at the Linux Foundation focused on developing a suite of stable frameworks, tools, and libraries for enterprise-grade blockchain deployments.
Hyperledger and its affiliated projects are hosted by the Linux Foundation.
This survey will provide insights into the challenges, familiarity, and misconceptions about Hyperledger and its suite of technologies. We hope these insights will help guide us in the growth and expansion of marketing and recruitment efforts to help grow projects and our community.
This survey will provide insights into:
- What is the awareness, familiarity, and understanding of Hyperledger overall and by project?
- What are the myths and misperceptions of Hyperledger (e.g., around what it seeks to achieve (e.g., the number of projects, who is involved and who the competitors are)?
- How likely are respondents to purchase or adopt blockchain technology?
- What is the appeal of joining the Hyperledger community?
- What are the perceptions of business blockchain technology?
- What is the perceived time to production readiness?
- What are developers’ motivations for contributing to /using Hyperledger?
We will summarize the survey data and share the findings during the Hyperledger Member Summit later in the year. The summary report will be published on the Hyperledger and Linux Foundation websites. In addition, we will be producing an in-depth report of the survey which will be shared with Hyperledger membership.
If you have questions regarding this survey, please email us at email@example.com.
Sign up for the Hyperledger Newsletter at https://hyperledger.org
Data and storage technologies are evolving. The SODA Foundation is conducting a survey to identify the current challenges, gaps, and trends for data and storage in the era of cloud-native, edge, AI, and 5G. Through new insights generated from the data and storage community at large, end-users will be better equipped to make decisions, vendors can improve their products, and the SODA Foundation can establish new technical directions — and beyond!
The SODA Foundation is an open source project under Linux Foundation that aims to foster an ecosystem of open source data management and storage software for data autonomy. SODA Foundation offers a neutral forum for cross-project collaboration and integration and provides end-users quality end-to-end solutions. We intend to use this survey data to help guide the SODA Foundation and its surrounding ecosystem on important issues.
Please participate now; we intend to close the survey in late May.
Privacy and confidentiality are important to us. Neither participant names, nor their company names, will be displayed in the final results.
The first 50 survey respondents will each receive a $25 (USD) Amazon gift card. Some conditions apply.
This survey should take no more than 15 minutes of your time.
To take the 2021 SODA Foundation Data & Storage Trends Survey, click the button below:
Thanks to our survey partners Cloud Native Computing Foundation (CNCF), Storage Networking Industry Association (SNIA), Japan Data Storage Forum (JDSF), China Open Source Cloud League (COSCL), Open Infrastructure Foundation (OIF), Mulan Open Source Community
Thank you for taking the time to participate in this survey conducted by SODA Foundation, an open source project at the Linux Foundation focusing on data management and storage.
This survey will provide insights into the challenges, gaps, and trends for data and storage in the era of cloud-native, edge, AI, and 5G. We hope these insights will help end-users make better decisions, enable vendors to improve their products and serve as a guide to the technical direction of SODA and the surrounding ecosystem.
This survey will provide insights into:
- What are the data & storage challenges faced by end-users?
- Which features and capabilities do end users look for in data and storage solutions?
- What are the key trends shaping the data & storage industry?
- Which open source data & storage projects are users interested in?
- What cloud strategies are businesses adopting?
We will summarize the survey data and share the learnings during SODACON Global 2021 – Virtual on Jul 13-14. The summary report will be published on the SODA website. In addition, we will be producing an in-depth report of the survey which will be shared with all survey participants.
SODACON GLOBAL 2021
Interested in attending or speaking at SODACON Global? Details for the event can be found at https://sodafoundation.io/events/sodacon-2021-global-virtual/
Sign up for the SODA Newsletter at https://sodafoundation.io/
Jason Perlow, Director of Project Insights and Editorial Content at the Linux Foundation, spoke with Hilary Carter about Linux Foundation Research and how it will create better awareness of the work being done by open source projects and their communities.
JP: It’s great to have you here today, and also, welcome to the Linux Foundation. First, can you tell me a bit about yourself, where do you live, what your interests are outside work?
HC: Thank you! I’m a Toronto native, but I now live in a little suburban town called Aurora, just north of the city. Mike Meyers — a fellow Canadian — chose “Aurora, IL” for his setting of Wayne’s World, but he really named the town after Aurora, ON. I also spend a lot of time about 3 hours north of Aurora in the Haliburton Highlands, a region noted for its beautiful landscape of rocks, trees, and lakes — and it’s here where my husband and I have a log cabin. We ski, hike and paddle, with our kids, depending on the season. It’s an interesting location because we’re just a few kilometers north of the 45th parallel — and at the spring and fall equinox, the sun sets precisely in the west right off of our dock. At the winter and summer solstice, it’s 45 degrees to the south and north, respectively. It’s neat. As much as I have always been a bit obsessed with geolocation, I had never realized we were smack in the middle of the northern hemisphere until our kids’ use of Snapchat location filters brought it to our attention. Thank you, mobile apps!
JP: And what organization are you joining us from?
HC: My previous role was Managing Director at the Blockchain Research Institute, where I helped launch and administer their research program in 2017. Over nearly four years, we produced more than 100 research projects that explored how blockchain technology — as the so-called Internet of value — was transforming all facets of society — at the government and enterprise-level as well as at the peer-to-peer level. We also explored how blockchain converged with other technologies like IoT, AI, additive manufacturing and how these developments would change traditional business models. It’s a program that is as broad as it is deep into a particular subject matter without being overly technical, and it was an absolutely fascinating and rewarding experience to be part of building that.
JP: Tell me a bit more about your academic background; what disciplines do you feel most influence your research approach?
HC: I was a Political Studies major as an undergrad, which set the stage for my ongoing interest in geopolitical issues and how they influence the economy and society. I loved studying global political systems, international political economy, and supranational organizations and looking at the frameworks built for global collaboration to enable international peace and security under the Bretton Woods system. That program made me feel incredibly fortunate to have been born into a time of relative peace and prosperity, unlike generations before me.
I did my graduate studies in Management at the London School of Economics (LSE), and it was here that I came to learn about the role of technology in business. The technologies we were studying at the time were those that enabled real-time inventory. Advanced manufacturing was “the” hot technology of the mid-1990s, or so it seemed in class. I find it so interesting that the curriculum at the time did not quite reflect the technology that would profoundly and most immediately shape our world, and of course, that was the Web. In fairness, the digital economy was emerging slowly, then. Tasks like loading web pages still took a lot of time, so in a way, it’s understandable that the full extent of the web’s power did not make it into many of my academic lectures and texts. I believe academia is different today — and I’m thrilled to see the LSE at the forefront of new technology research, including blockchain, AI, robotics, big data, preparing students for a digital world.
JP: I did do some stalking of your LinkedIn profile; I see that you also have quite a bit of journalistic experience as well.
HC: I wish I could have had more! I was humbled when my first piece was published in Canada’s national newspaper. I had no formal training or portfolio of past writing to lend credibility to my authorship. Still, fortunately, after much persistence, the editor gave me a shot, and I’m forever grateful to her for that. I was inspired to write opinion pieces on the value of digital tools because I saw a gap that needed filling — and I was really determined to fill it. And the subject that inspired me was leadership around new technologies. I try to be a good storyteller and create something that educates and inspires all in one go. I suppose I come by a bit of that naturally. My father was an award-winning author in Canada, but his day job was Chief of Surgery at a hospital in downtown Toronto. He had a gift to take complex subject matter about diseases, such as cancer, and humanize the content by making it personal. I think that’s what makes writing about complex concepts “sticky.” When you believe that the author is, at some level, personally committed to their work and successful in setting the context for their subject matter to the world at large and do so in a way that creates action or additional thinking, then they’ve done a successful job.
JP: Let’s try a tough existential question. Why do you feel that the Linux Foundation now needs a dedicated research and publications division? Is it an organizational maturity issue? Has open source gotten so widespread and pervasive that we need better metrics to understand these projects’ overall impact?
HC: Well, let me start by saying that I’m delighted that the LF has prioritized research as a new business unit. In my past role at the Blockchain Research Institute, it was clear that there was and still is a huge demand for research — the program kept growing because technologies continued to evolve, and there was no shortage of issues to cover. So I think the LF is tapping into a deep need for knowledge in the market at large and specific insights on open source ecosystems, in particular, to create greater awareness of incredible open source projects and inspire greater participation in them. There are also threats that we as a society — as human beings — need to deal with urgently. So the timing couldn’t be better to broaden the understanding of what is happening in open source communities, new tools to share knowledge, and encourage greater collaboration levels in open source projects. If we accomplish one thing, it will be to illustrate the global context for open source software development and why getting involved in these activities can create positive global change on so many levels. We want more brains in the game.
JP: So let’s dive right into the research itself. You mentioned your blockchain background and your previous role — I take it that this will have some influence on upcoming surveys and analysis? What is coming down the pike on the front?
HC: Blockchain as a technology has undoubtedly influenced my thinking about systems architecture and how research is conducted — both technological frameworks and the human communities that organize around them. Decentralization. Coordination. Transparency. Immutability. Privacy. These are all issues that have been front and center for me these past many years. Part of what I have learned about what makes good blockchain systems work comes from the right combination of great dependability and security with leadership, governance, and high mass collaboration levels. I believe those values transfer over readily to the work of the Linux Foundation and its community. I’m very much looking forward to learning about the many technology ecosystems beyond blockchain currently under the LF umbrella. I’m excited to discover what I imagine will be a new suite of technologies that are not yet part of our consciousness.
JP: What other LF projects and initiatives do you feel need to have deeper dives in understanding their impact besides blockchain? Last year, we published a contributor survey with Harvard. It reached many interesting conclusions about overall motivations for participation and potential areas for remediation or improvement in various organizations. Where do we go further in understanding supply chain security issues — are you working with the Harvard team on any of those things?
HC: The FOSS Contributor Survey was amazing, and there are more good things to come through our collaboration with the Laboratory of Innovation Science at Harvard. Security is a high-priority research issue, and yes, ongoing contributions to this effort from that team will be critical. You can definitely expect a project that dives deep into security issues in software supply chains in the wake of SolarWinds.
I’ve had excellent preliminary discussions with some executive team members about their wish-lists for projects that could become part of the LF Research program in terms of other content. We’ll hope to be as inclusive as we can, based on what our capacity allows. We look forward to exploring topics along industry verticals and technology horizontals, as well as looking at issues that don’t fall neatly into this framework, such as strategies to increase diversity in open source communities, or the role of governance and leadership as a factor in successful adoption of open source projects.
Ultimately, LF Research will have an agenda shaped not only from feedback from within the LF community but by the LF Research Advisory Board, a committee of LF members and other stakeholders who will help shape the agenda and provide support and feedback throughout the program. Through this collaborative effort, I’m confident that LF Research will add new value to our ecosystem and serve as a valuable resource for anyone wanting to learn more about open source software and the communities building it and help them make decisions accordingly. I’m looking forward to our first publications, which we expect out by mid-summer. And I’m most excited to lean on, learn from, and work with such an incredible team as I have found within the LF. Let’s do this!!!
JP: Awesome, Hilary. It was great having you for this talk, and I look forward to the first publications you have in store for us.
Linux Foundation Research will provide objective, decision-useful insights into the scope of open source collaboration
SAN FRANCISCO, Calif. – April 14, 2021 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced Linux Foundation Research, a new division that will broaden the understanding of open source projects, ecosystem dynamics, and impact, with never before seen insights on the efficacy of open source collaboration as a means to solve many of the world’s pressing problems. Through a series of research projects and related content, Linux Foundation Research will leverage the Linux Foundation’s vast repository of data, tools, and communities across industry verticals and technology horizontals. The methodology will apply quantitative and qualitative techniques to create an unprecedented knowledge network to benefit the global open source community, academia, and industry.
“As we continue in our mission to collectively build the world’s most critical open infrastructure, we can provide a first-of-its-kind research program that leverages the Linux Foundation’s experience, brings our communities together, and can help inform how open source evolves for decades to come,” said Jim Zemlin, executive director at the Linux Foundation. “As we have seen in our previous studies on supply chain security and FOSS contribution, research is an important way to measure the progress of both open source ecosystems and contributor trends. With a dedicated research organization, the Linux Foundation will be better equipped to draw out insights, trends, and context that will inform discussions and decisions around open collaboration.”
As part of the launch, the Linux Foundation is pleased to welcome Hilary Carter, VP Research, to lead this initiative. Hilary most recently led the development and publication of more than 100 enterprise-focused technology research projects for the Blockchain Research Institute. In addition to research project management, Hilary has authored, co-authored, and contributed to reports on blockchain in pandemics, government, enterprise, sustainability, and supply chains.
“The opportunity to measure, analyze, and describe the impact of open source collaborations in a more fulsome way through Linux Foundation Research is inspiring,” says Carter. “Whether we’re exploring the security of digital supply chains or new initiatives to better report on climate risk, the goal of LF Research is to enhance decision-making and encourage collaboration in a vast array of open source projects. It’s not enough to simply describe what’s taking place. It’s about getting to the heart of why open source community initiatives matter to all facets of our society, as a means to get more people — and more organizations — actively involved.”
Critical to the research initiative will be establishing the Linux Foundation Research Advisory Board, a rotating committee of community leaders and subject matter experts, who will collectively influence the program agenda and provide strategic input, oversight, and ongoing support on next-generation issues.
About the Linux Foundation
Founded in 2000, The Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.