LINUX FOUNDATION RESEARCH
We’re investigating the impact of open source collaboration to solve the world’s most pressing challenges.
About LF Research
Open Source Software Developer Report
Intel partnered with LF Research once again this year, this time to study what developers need to advance their careers. Our new report reveals that learning new skills and connecting with other developers, especially at in-person events, is a top priority.
Participate in Our Research
Interested in conducting research?
Review our prospectus for more information, and email us at research@linuxfoundation.org
Addressing Cybersecurity Challenges in Open Source Software
Download ReportAbstract
While open source software is ubiquitous and generally regarded as being secure, software development practices vary widely across projects regarding application development practices, protocols to respond to defects, or lack of standardized selection criteria to determine which software components are more likely to be secure. Consequently, software supply chains are vulnerable to attack, with implications and challenges for open source project communities.
To help improve the state of software supply chain security, new research was conducted in partnership with the Open Source Security Foundation (OpenSSF), Snyk, the Eclipse Foundation, CNCF, and CI/CD Foundation as a means to help focus efforts in programming, incentives, and other resourcing to support the creation of more secure software.
In April of 2022, LF Research and its partners fielded a survey comprising 539 open source software maintainers and core contributors and qualitative interviews from a subset of those individuals. This report identifies the most acute software security development gaps and challenges, including at the organizational level, where policies requiring security protocols are in short supply, and dependencies are not effectively managed.
Authors
- Linux Foundation Research Team
- Foreword by Brian Behlendorf, General Manager, Open Source Security Foundation
Additional Resources
Our Team
Filter by:
Hilary Carter
SVP Research and Communications
Hilary Carter leads teams dedicated to the development of decision-useful research projects and digital communications that describe open source as a paradigm for mass collaboration at scale. Together, the Research and Communications department broadens the understanding of the impact of open source software, open hardware, open standards, and open data on business, government, and society.
Hilary’s career began in financial services with experiences in corporate finance, research and analysis, and global private banking. Her career pivoted to digital technology, where she focused on mobile communications and digital media consulting. Before joining the Linux Foundation, Hilary led a global, syndicated research institute focused on blockchain technology.
She earned an MSc in Management from the London School of Economics.
Stephen Hendrick
VP of Research
Steve Hendrick is VP of Linux Foundation Research. He has expertise in developing content and services to support product development, product positioning, marketing, business strategy, and messaging. Steve is a subject matter expert in application development and deployment topics, including DevOps, application management, application platforms, and middleware. He has authored comprehensive primary research publications and provided advice and support for some of the world’s most prominent software vendors and Fortune 100 enterprises.
Before joining The Linux Foundation, Steve was a Research Director and Principal Investigator at Enterprise Management Associates (EMA). Steve acquired his experience in application development at Chase Manhattan Bank, Interactive Data Corp, Dynamics Associates, and Charles River Associates.
Steve received a B.A. in economics from Hartwick College and an M.B.A. from Boston University.
Adrienn Lawson
Data Analyst
Adrienn is a data analyst at the Linux Foundation. She obtained a Master’s degree from the University of Oxford in Social Data Science. She supports LF Research with survey development, analysis, and report writing. Adrienn has previously conducted research at the University of Oxford, the Budapest Institute for Policy Analysis, and the U.K.’s Office for National Statistics.
Anna Hermansen
Research & Ecosystem Manager
Anna is the Ecosystem Manager for LF Research where she supports end-to-end management of the Linux Foundation's research projects. She has conducted qualitative and systematic review research in health data infrastructure and the integration of new technologies to better support data sharing in healthcare. She is a generalist with experience in client services, program delivery, project management, and writing for academic, corporate, and web user audiences. Prior to the Linux Foundation, she worked for two different research programs, the Blockchain Research Institute and BC Cancer's Research Institute.
Lucian Balea
RTE
Lucian is Open Source Program Director at RTE, the French power transmission system operator. He is leading the open source strategy of RTE which aims at moving the digitalization of the power grid into a new era. Early 2018, he started a collaboration with The Linux Foundation to launch LF Energy, an open source coalition to speed technological innovation and support the energy transition across the world. Today, Lucian is deeply involved in LF Energy and serves as Chair of the Governing Board.
Lucian has been with RTE since 2003 where he held several management positions in the fields of R&D, markets and finance.
Henry Chesbrough
UC Berkeley
Henry Chesbrough is best known as “the father of Open Innovation”. He teaches at the Haas School of Business at the University of California-Berkeley, where he is the Faculty Director of the Garwood Center for Corporate Innovation. He is also Maire Tecnimont Professor of Open Innovation and Sustainability at Luiss University in Rome. Previously he was an Assistant Professor at Harvard Business School. He holds a PhD from UC Berkeley, and MBA from Stanford, and a BA from Yale University. He has written books such as Open Innovation (Harvard Business School Press, 2003), Open Business Models (Harvard Business School Press, 2006), Open Services Innovation (Jossey-Bass, 2011) and Open Innovation Results (Oxford, 2020). His research has been cited more than 90,000 times, according to Google Scholar. He has been recognized as one of the leading business thinkers by Thinkers50. He received an Innovation Luminary award from the European Commission in 2014. He received the Industrial Research Institute Medal of Achievement in 2017, and has two honorary doctorates.
Melissa Evers
Intel
Melissa E. Evers is Vice President in the Software and Advanced Technology Group and General Manager of the Strategy to Execution organization at Intel Corporation where she is responsible for a portfolio of transformative software capabilities including Intel’s open source strategy.
Melissa holds a bachelor’s degree in engineering from the University of Texas at Austin and an MBA degree from the university’s McCombs School of Business. An active champion of diversity and inclusion, as well as a certified coach, Melissa frequently coaches leaders across the industry.
Margot Gerritsen
WiDS Worldwide
Stanford Prof [Emerita] Margot Gerritsen is the Executive Director of Women in Data Science Worldwide, a nonprofit she co-founded in 2015. Margot received her MSc from Delft University of Technology in 1990, and her PhD from Stanford University in 1996, both in computational mathematics. After five years as a Lecturer at the University in Auckland, New Zealand, Margot returned to Stanford in 2001 as a faculty member in Energy Science & Engineering. She was the Director of Stanford’s Institute for Mathematical & Computational Engineering from 2010-2018, and Senior Associate Dean in the School of Earth Sciences from 2015-2020. Margot is a Fellow of the Society of Industrial & Applied Mathematics and holds honorary doctorates from Uppsala University and the University of Eindhoven.
Peixin Hou
Huawei
Peixin Hou is currently serving as the Chief Architect of Open Software and Systems in the Central Software Institute, Huawei. He has been working in the software industry for over 20 years and has experience in operating systems, mobile software, media processing, and cloud computing.
Peixin started his open source journey in 2000 and is now an active strategist and evangelist in the field. He is involved in defining various key strategies on open source for Huawei and leads the company’s FOSS development in areas such as Linux and containers. He also serves as a board or steering committee member in several open source projects, such as Cloud Native Computing Foundation and Core Infrastructure Initiative. Peixin has also represented Huawei on the board of Linaro.
Peixin received his Ph.D. from the University of Surrey, UK in electronic and electrical engineering.
Jessica Murillo
IBM
Jessica Murillo is Vice President, Open Systems Development at IBM. She leads a broad set of software development teams, including the IBM Linux Technology Center, collaborative software development, virtualization, containers, cloud computing, and next generation workload solutions across IBM’s POWER and IBM Z servers. The Open Systems Development organization is a worldwide team that is distributed across Australia, Brazil, China, France, Germany, India, and the United States.
Sachiko Muto
OFE/RISE
Sachiko Muto is the Chair of OpenForum Europe and a senior researcher at RISE Research Institutes of Sweden. She originally joined OFE in 2007 and served for several years as Director with responsibility for government relations and then as CEO. She has degrees in Political Science from the University of Toronto and the London School of Economics and has been a guest researcher at UC Berkeley and TU Delft.
Daniel Park
Samsung
Dr. Daniel Park is a head of open source group in Samsung where he is responsible for open source strategy, corporate governance and compliance operation, project development and developer relationship and all kinds of open source stuffs. He has many experiences in terms of global standard and collaboration including W3C advisory board and working group chair, IETF working group chair, OCF vice president and open source work group chair, and currently his experience is being expanded to open source communities. He received his Ph.D from Kyung Hee University in Computer Engineering.
Phil Robb
Ericsson
Phil is the Head of Ericsson Software Technology (EST), where he leads a passionate group of engineers developing open source software across a wide range of projects including Linux, OpenStack, Kubernetes, and ONAP among many others.
Prior to Ericsson, Phil was the V.P. of Operations for the Networking Projects at the Linux Foundation including ORAN, ONAP, OpenDaylight, and Anuket. In that role, Phil led a team of technical staff who oversaw community software development based on DevOps and open source best practices. Prior to the Linux Foundation, Phil spent 12 years with Hewlett Packard working on Linux and Open Source starting in 2001. There, Phil formed and led HP’s Open Source Program Office responsible for open source strategy, tools, processes, and investments as HP transitioned from Unix to Linux in the Enterprise Server market.
Maria Roche
Harvard Business School
Maria Roche is an Assistant Professor of Business Administration in the Strategy Unit at Harvard Business School. She teaches Strategy in the MBA required curriculum. Her research focuses on the sourcing, production and diffusion of knowledge, which she examines in various contexts including cities, co-working spaces, universities, and open source platforms. Her work, published at The Review of Economics and Statistics, Organization Science and Research Policy, has been featured, a.o., in The Atlantic, Handelsblatt and the WSJ.
Professor Roche earned her PhD in Management (Strategy and Innovation) at the Scheller College of Business, Georgia Institute of Technology, where she was a recipient of a NSF Science of Science and Innovation Policy Doctoral Dissertation Research Improvement Grant. She earned an MS in Business Administration and a BA in International Cultural and Business Studies at the University of Passau, Germany.
Nithya Ruff
LF Board Chair
Nithya A. Ruff is the Head of the Amazon Open Source Program Office. She drives open source culture and coordination inside of Amazon and engagement with external communities. Open Source has proven to be one of the world’s most prolific enabler of innovation and collaboration, and Amazon’s customers increasingly value open source innovation and the cloud’s role in helping them adopt and run important open source services. Prior to Amazon, she started and grew Comcast and Western Digital’s Open Source Program Offices. Open Source Program Offices are a critical part of a company’s digital transformation and innovation journey and enable the intentional and systematic engagement with open source for companies.
Nithya has been director-at-large on the Linux Foundation Board for the last 5 years and in 2019 was elected to be Chair of the influential Linux Foundation Board. She works actively to advance the mission of the Linux Foundation around building sustainable ecosystems that are built on open collaboration.
Keiichi Seki
NEC
Keiichi Seki is a leading member of the open source program office in NEC Corporation, and is responsible for NEC’s open source strategy. He leads NEC’s developer teams who are actively contributing to open source communities, such as Kubernetes and OpenStack. He also helps encourage people in the NEC group of companies to join and contribute to open source communities. He handles intellectual property issues regarding open source software patents, and has been a technical committee member of the Open Invention Network since 2019.
Mark Shan
Tencent
Mark Shan has a long career and practical experience in cloud-native, microservices, big data, edge computing, and open-source ecosystem. As the chairperson of Tencent Open Source Alliance, he works full of passion to build the ecosystem for Tencent Open Source and makes great efforts to accelerate innovation in technology and product with the open-source way.
At Tencent Cloud, Mark leads the open-source team and works with organizations and communities including Apache Software Foundation, Linux Foundation, Open Atom Foundation, CAICT, COPU and others to build open-source ecosystem. He is also the observer of Linux Foundation Board, chairperson of TARS Foundation, TOC member of Open Atom Foundation and Magnolia Open Source Community, TSC member of Akraino Edge Stack, fellow of China Cloud Native Industry Alliance, advisor of Open Source Community, member of CCF Open Source Committee.
Rick Stevens
Argonne National Laboratory
Rick Stevens is a Professor of Computer Science at the University of Chicago and the Associate Laboratory Director of the Computing, Environment and Life Sciences (CELS) Directorate and Argonne Distinguished Fellow at Argonne National Laboratory. His research spans the computational and computer sciences from high-performance computing architecture to the development of tools and methods for bioinformatics, cancer, infectious disease, and other challenges in science and engineering. Recently, he has focused on developing AI methods for a variety of scientific and biomedical problems, and also has significant responsibility in delivering on the U.S. national initiative for Exascale computing and developing the DOE’s Frontiers in Artificial Intelligence for Science, Security, and Technology (FASST) national initiative.
Stevens is a member of the American Association for the Advancement of Science and has received many national honors for his research, including being named a Fellow of the Association of Computer Machinery (ACM) for his continuing contributions to high-performance computing.
Stephen Walli
Microsoft
Stephen Walli is a principal program manager at Microsoft in the Azure Office of the CTO. Stephen has been a Distinguished Technologist at Hewlett-Packard, technical director at the Outercurve Foundation, founded a start-up, and been a writer and consultant. He's been around open source software for 30+ years. He is governing board chair for the Confidential Computing Consortium, Microsoft board member to the Eclipse Foundation, and an IEEE standards working group chair. Stephen is adjunct faculty at Johns Hopkins University.
Irving Wladawsky-Berger
MIT
Dr. Irving Wladawsky-Berger is Visiting Lecturer at MIT’s Sloan School of Management, a Fellow of MIT’s Initiative on the Digital Economy and of MIT Connection Science.
He retired from IBM in May of 2007 after a 37 year career with the company, where his primary focus was on innovation and technical strategy. He’s been an Adviser on Digital Strategy at Citigroup, at HBO, and at MasterCard. He’s been writing a weekly blog,irvingwb.com, since 2005, and was a guest columnist at the Wall Street Journal CIOJournal.
Dr. Wladawsky-Berger received an M.S. and a Ph. D. in physics from the University of Chicago.
Chris Xie
Futurewei
Chris Xie serves as the Head of Open Source Strategy at Futurewei, where he leads various strategic open source initiatives. His involvement in diverse open source communities has established him as a knowledgeable and strategic thought leader. Chris plays an active role in several key projects and committees, contributing to organizations like LF Research, LF Energy, Green Software Foundation, OpenSSF, and the Todo Group (OSPO). Earlier in his career, Chris started a software startup company as a Silicon Valley entrepreneur , focusing on decentralized computing. Chris holds patents in network management and distributed systems, reflecting his strong technical expertise. Recognized for his cross-cultural leadership, he has been featured in the San Francisco Chronicle Business News.
Mike Dolan
Senior Vice President and GM of Projects
Mike Dolan’s career spans three of the largest technology trends to rise over the last decade: mobile computing, cloud computing, and open source software. Today, as executive director of The Linux Foundation, he uses this experience to accelerate innovation in technology through the use of open source and Linux.
At The Linux Foundation, Jim works with the world’s largest technology companies, including IBM, Intel, Google, Samsung, Qualcomm, and others to help define the future of computing on the server, in the cloud, and on a variety of mobile computing devices. His work at the vendor-neutral Linux Foundation gives him a unique and aggregate perspective on the global technology industry.
Jim has been recognized for his insights on the changing economics of the technology industry, and he is a regular keynote speaker at industry events. He advises a variety of startups, including Splashtop, and sits on the boards of the Global Economic Symposium, Open Source For America, and Chinese Open Source Promotion Union.
Jim Zemlin
Executive Director
Jim Zemlin’s career spans three of the largest technology trends to rise over the last decade: mobile computing, cloud computing, and open source software. Today, as executive director of The Linux Foundation, he uses this experience to accelerate innovation in technology through the use of open source and Linux.
At The Linux Foundation, Jim works with the world’s largest technology companies, including IBM, Intel, Google, Samsung, Qualcomm, and others to help define the future of computing on the server, in the cloud, and on a variety of mobile computing devices. His work at the vendor-neutral Linux Foundation gives him a unique and aggregate perspective on the global technology industry.
Jim has been recognized for his insights on the changing economics of the technology industry, and he is a regular keynote speaker at industry events. He advises a variety of startups, including Splashtop, and sits on the boards of the Global Economic Symposium, Open Source For America, and Chinese Open Source Promotion Union.
Latest Research from the Open Source Community
- The Evolving State of Supply Chain Security (DarkReading / Synopsys, July 2024)
- State of Open: The UK in 2024 Phase 2: "The Open Manifesto" (OpenUK)
- Open Source Software: The $9 Trillion Resource Companies Take for Granted (Harvard Business School)
- State of Open: The UK in 2024 (OpenUK)
- 2024 State of Open Source Report (OpenLogic, Open Source Initiative, and Eclipse Foundation)
- 2024 Open Source Security and Risk Analysis Report (Synopsis)
- State of Open Source Security 2023 (Snyk)
- State of the Software Supply Chain (Sonatype)