Posts

Linux Foundation & Harvard Announce Free/Libre and Open Source Software (FOSS) Contributor Survey

“Open source software is everywhere. Now, more than ever, we need to get a better understanding of it to help make it even more secure.” – David A. Wheeler, Director of Open Source Supply Chain Security, Linux Foundation

In 2020, given the wide proliferation of Free/Libre and Open Source Software (FOSS), we aim to identify how to improve security, including the sustainability of the FOSS ecosystem, especially the FOSS systems heavily relied upon by organizations worldwide.

To do this, the Linux Foundation’s Core Infrastructure Initiative (CII) and the Laboratory for Innovation Science at Harvard (LISH) have developed a survey for contributors to FOSS. If you contribute to FOSS, we would love for you to participate in our study. This voluntary survey takes around 15-20 minutes to complete and allows you to advocate for the FOSS projects you care about. 

Please participate now; we intend to close the survey in early August. In appreciation of your participation, we would like to offer our participants the option to have your name included in the overall results. If you opt to be attributed in the final report, you will still have the opportunity to keep your detailed survey responses confidential.

The CII takes a collaborative, pre-emptive approach for strengthening cybersecurity by improving open-source software security. We aim to support, protect, and fortify open software, especially software, critical to the global information infrastructure. We take a holistic view of security; we include security risks in critical projects that are inadequately sustained or vulnerable to supply chain attacks. We intend to use this survey information to help guide this approach.

To take the FOSS Contributor Survey, click the button below:

 

Why CII best practices gold badges are important

“A CII Best Practices badge, especially a gold badge, shows that an OSS project has implemented a large number of good practices to keep the project sustainable, counter vulnerabilities from entering their software, and address vulnerabilities when found.” – David A. Wheeler, Director of Open Source Supply Chain Security

Open source software (OSS) is now widely used by many organizations. But with that popularity, that means the security of OSS is now more important than ever. The CII Best Practices badge project — including its top-ranked “gold” badge — helps improve that security.

In June 2020, two different projects managed to earn a gold badge: the Linux kernel and curl. Both are widely depended on, and yet in many other ways, they are radically different. The Linux kernel has a large number of developers, and as a kernel, it must directly interact with a variety of hardware. Curl has a far smaller set of developers and is a user-level application. They join other projects with gold badges, including the Zephyr kernel and the CII Best Practices badge application itself. Such radically different projects managed to earn a gold badge and thus demonstrated their commitment to security. It also shows that these criteria can be applied even to such fundamentally different programs.

But what are these badges? A Linux Foundation (LF) Core Infrastructure Initiative (CII) Best Practices badge is a way for Open Source Software (OSS) projects to show that they follow best practices. The badges let others quickly assess which projects are following best practices and are more likely to produce higher-quality secure software. It also helps OSS projects find areas where they can improve. Over 3,000 projects participate in the badging project, a number that grows daily.

There are three badge levels: passing, silver, and gold. Each level requires that the OSS project meet a set of criteria; for silver and gold that includes meeting the previous level. Each level requires effort from an OSS project, but the result is reduced risks from vulnerabilities for both projects and the organizations that use that project’s software.

The “passing” level captures what well-run OSS projects typically already do, and has 66 criteria grouped into six categories. For example, the passing level requires that the project publicly state how to report vulnerabilities to the project, that tests are added as functionality is added, and that static analysis is used to analyze software for potential problems. Getting a “passing” badge is an achievement, because while any particular criterion is met by many projects, meeting all the requirements often requires some improvements to any specific project. As of June 14, 2020, there were 3195 participating projects, and 443 had earned a passing badge.

The silver and gold level badges are intentionally more demanding. The silver badge is designed to be harder but possible for one-person projects. Here are examples of silver badge requirements (in addition to the passing requirements):

  • The project MUST have FLOSS automated test suite(s) that provide at least 80% statement coverage if there is at least one FLOSS tool that can measure this criterion in the selected language.
  • The project results MUST check all inputs from potentially untrusted sources to ensure they are valid (a whitelist) and reject invalid inputs if there are any restrictions on the data.

The gold badge adds additional requirements. Here are examples of gold badge requirements (in addition to the silver requirements):

  • The project MUST have a “bus factor” of 2 or more (a “bus factor” is the minimum number of project members that have to suddenly disappear from a project before the project stalls due to lack of knowledgeable or competent personnel).
  • The project MUST have at least 50% of all proposed modifications reviewed before release by a person other than the author.
  • The project MUST have a reproducible build. 
  • The project website, repository (if accessible via the web), and download site (if separate) MUST include key hardening headers with nonpermissive values.

Historically the LF has focused on getting projects to the passing level because projects not even at the passing level have a higher risk. But many projects are widely depended on or are especially important for security, and we love to see them earning higher-level badges.

Of course, a gold badge doesn’t mean that there are no vulnerabilities in the existing code, or that it’s impossible to improve their development processes. Perfection is rare in this life. But a CII Best Practices badge, especially a gold badge, shows that an OSS project has  implemented a large number of good practices to keep the project sustainable, counter vulnerabilities from entering their software, and address vulnerabilities when found. Projects take many such steps to earn a gold badge, and it’s a good thing to see.

We hope other projects will be inspired to pursue — and earn — a gold badge. Of course, the real goal isn’t a badge — the real goal is to make our software much more secure. But good practices can help make our software more secure, and we want to praise and encourage projects to have good practices.

For more background information on the best practices badge, see the presentation “Core Infrastructure Initiative (CII) Best Practices Badge in 2019”.

OSS projects can go to the CII Best Practices badge website to begin the process of earning a badge. If you’re considering the use of some OSS, we encourage you to check that website to see which projects have earned a badge.

Those who wish to learn more are welcome to contact David A. Wheeler, Director of Open Source Supply Chain Security at The Linux Foundation, at dwheeler AT linuxfoundation DOT org.

Building a successful open source community

Why do you need program management as part of your open source project? We asked a few of the Linux Foundation’s program managers to tell us how they each approach the task.

How does coordination and facilitation help improve my project? 

We tend to think of the primary goals of the Linux Foundation’s projects as producing open software, open hardware, open standards, or open data artifacts — the domain of participating programmers & engineers, system architects, and other technical contributors. 

However, successful projects engaging a broader ecosystem of commercial organizations, particularly when raising funds, benefit from active leadership besides pure technical contributions. Contributors often have work outside the project that often puts demands on their time. It takes real time to build and coordinate a commercial ecosystem, ensure stakeholders are engaged, recruiting and onboarding members, create a neutral governance culture (often amid competitors competing), and to keep various aspects of the ecosystem aligned such as when end users begin to participate.

Many Linux Foundation projects fundraise to provide resources for their community. This is an excellent benefit for the technical community when the business ecosystem comes together to invest and help the community obtain resources to build a thriving community and ecosystem. A typical fundraising model in our community is to offer an annual membership structure that provides a yearly fund for the project. 

The Linux Foundation’s approach to governance separates decisions about funds and business affairs from the technical project’s governance. The companies contributing money to a project’s fund can decide how those funds are spent and any related business decisions. The technical community can operate independently with open source best practices and continue to make decisions about what code to accept, how to build releases, etc. based on the technical merit of decisions in front of them and not based on what companies contributed funding.

We will always have representation from the technical community involved in the budget and business decisions to ensure funding decisions are well informed. This is how the Linux Foundation model preserves the development best practices of open source while enabling a community to benefit from the commercial ecosystem dependent on their work.

Guidance for your community

Within a technical project, there are roles for organizing how releases are built. Often some committers decide which code is accepted, and maintainers decide what to put into a release.  When scaling the project to create an ecosystem around it, there are other key roles and responsibilities that a project needs to stay on track and to continue to scale. These functions include:

    • Planning and Building.  Building a cohesive strategy is critical to the success of a project and requires investments in outcomes the core stakeholders want to see happen, and prioritize
    • Measuring KPIs. Tracking a project’s mission, goals, and objectives while moving those through the swim lanes is key to iterating on things that work and addressing things that don’t.
    • Facilitating. To be successful at facilitating, a coordinator must understand the landscape, and remain neutral. This can be difficult and is often the most challenging part of the job, NOT weighing in unless asked. 
    • Advising. Coordinators are a sounding board for these things with some expertise. To mature an organization, you must craft mechanisms for self-governance and sustainability.
    • Iterating and Reflecting. What happens along the way is that stakeholders in the community want to get things done — but when that happens without reflection, you lose sight of what and where you’re going. It’s essential to see the forest AND the trees, especially from an above-the-canopy view.

In the past, we have had a few communities with respected, neutral leaders who have provided these roles. The Xen Project is one example of a member of the community who has offered to perform this role for many years. There is a significant time investment from the community’s leadership to make it work, which is an excellent benefit for the community to have someone able and willing to spend their work time on this function. 

Many other projects are not able to find someone in the community to help. This is often where the Linux Foundation builds a support program to assist the projects we host that need help to obtain neutral coordination and facilitation professionals. We call the people who provide this support Program Manager (PM). PMs are often the first point of contact for community participants and potential members, and are usually involved in the following activities:

    • Program Managers help the governing and technical boards shape the project’s directions and goals. 
    • Program Managers will work with a project’s technical leadership to understand their technical goals. 
    • They work with the members to fill positions such as Chair and Treasurer and are involved with the voting process.
    • They ensure that both the governing and technical boards act within the agreed-upon guidelines of the project’s charter. 
    • They help onboard new members into the project community. 
    • They will engage resources from the Foundation’s Marketing, PR, Events, and Training teams to coordinate the support programs delivered for a project.  
    • Program Managers also oversee the delivery of other support programs provided by the Foundation and any services provided by vendors or contractors.
    • Program managers will pull in the Foundation’s IT service team members for a consultative discussion on the right development infrastructure, tools, and managed IT support programs based on the project community’s needs and roadmap. 
    • Program managers actively engage in community management and help the project’s leaders coordinate meetups, developer hackfests, and participation at events.

Setting strategic goals for your community

Identifying and articulating a project’s mission is essential with an open source project as it is with any business activity. Setting concrete goals enables the participants in a project to discuss and align around a single narrative that can guide their activities and inform decisions. 

Program Managers work with the project’s membership and technical leadership to define a strategy with goals, milestones, and metrics for the project. They coordinate discussions to assist the governing board in coming to a consensus on a budget that supports the technical community’s needs and aligns with the project strategy. 

For open source, very often, the goals include maximizing a project’s footprint in order to help the most people. Goals are often articulated to a fine granular level — enabling contributors to engage more easily, growing the membership from a particular sector of the ecosystem, or increase contributions from end users. 

The CHAOSS project is a community focused on defining community metrics around engagement, risks, etc. that are often helpful to project leaders in setting and establishing goals for measurably improving their ecosystem. 

Implementing a project lifecycle for your community

Open source projects often have subprojects and various efforts to innovate on new ideas that may not be ready to be included in an official release or as their independent release. We often refer to these communities as using an “umbrella” model with several coordinated sub-projects within the community. Within an umbrella community, the projects will typically follow a lifecycle. The lifecycle generally follows a path from imagination to planning to initial execution, expansion, and eventually maintenance and eventual retirement. 

Program managers often work with the technical leadership to codify this lifecycle according to milestones so that participants in the project can immediately understand where a project stands in terms of maturity and resources. CNCF, for example, has project phases that include Sandbox, Incubation, and Graduation. OpenJS Foundation has project phases that include Incubation, At-Large, Growth, Impact, and Emeritus, which map to the needs of their community.

A project lifecycle is an essential tool for a foundation to signal the maturity of multiple projects and identify for the community what the path towards a fully mature project requires. It is both a pathway and a signal, noting that projects grow and change, and what the community thinks a project should rely on to guide itself. 

In most projects, there is an entry-level, a mid-level, and a graduate level. The entry-level projects indicate a promising start for an emerging project and something to be considered. Mid Level projects show growth and development for an audience that might consider using this project, and graduated projects indicate full maturity and a project that many in the ecosystem rely upon.

“Within the Cloud Native Computing Foundation, the various project stages have been beneficial for encouraging projects to grow, not only from a development standpoint but from a community standpoint. A project looking to graduate has to demonstrate both a strong codebase and a strong community.”

Amye Scavarda Perrin, CNCF Program Manager

Linux Foundation Networking (LFN) Program Manager Trishan De Lanerolle notes how the Technical Advisory Council plays an active role in a project’s lifecycle management:

“Linux Foundation Networking project (LFN) technical leadership (Technical Advisory Council) developed and published a model that lays out criteria and checkpoints for projects in various stages of maturity, including an LFN Entry review and evaluation for new candidate projects to the LFN umbrella. The entry process provides a mechanism to amicably and fairly assess upcoming projects. In LFN, that entails asking whether a proposed project: falls within the LFN scope, provides a snapshot into the status or health of the community, and ensures the project’s documented governance is clear, complete, and easily accessible.”

Through facilitating the work of the Strategy Subcommittee, whose primary goal is to assist the Governing Board with developing and implementing Continuous Delivery Foundation (CDF) strategic planning, Program Manager Dan Lopez was able to guide CDF toward sustainable, long-lasting strategic goals. 

“The immense value of a Program Manager lies in their ability to foster a space for progress to happen. It’s not their role to necessarily make the tough decisions, but rather be the ‘glue’ of a program, ask the tough questions, and spark inspiration and critical thinking within their stakeholder group to create, in this case, sustainable goals that will create long term value for the CDF,”

Dan was able to approach strategic planning, as a neutral party who understood the landscape of the CDF, and assist the Governing Board in creating well-aligned goals that mapped to key performance indicators that can be measured and managed over time. 

The importance of open governance in your community

The Program Manager is also a vital member of the leadership team, working collaboratively to facilitate and operationalize the wants, needs, and priorities of the governing bodies. Each Linux Foundation Program Manager works with each project community to establish a transparent, open governance model for the technical community.

In open governance, a project is managed by a group of people representing the stakeholders in a project — generally project members and leaders of the project’s technical efforts. The concept of conducting a major technical effort using an open form of governance, in which all stakeholders’ needs must be addressed, and people are required to cooperate to get work done, is founded on the basic concept of democracy. It differs from closed or proprietary governance due to the transparency and coordination required to reach consensus.

Open governance provides a balance that can never be found in a proprietary, restrictive environment — the dynamics of that activity drive creativity and innovation, and significantly increase the speed of development. Program managers and community managers often guide these processes and help keep governance bodies on track with each other.

DPDK’s Program Manager Trishan de Lanerolle discusses how his project is divided into two bodies of equal responsibility:

“DPDK is one model of open governance, with co-equal governing bodies; the Governing Board has ownership and oversight, over budget, marketing, lab resources, administrative, legal, and licensing issues, and a Technical Board with ownership and oversight on technical issues including approval of new sub-projects, deprecating old sub-projects, the project’s technical roadmap, recruiting maintainers, defining the processes for contributing, testing, and managing security. The Technical Board comprises individuals from various organizations, that are not necessarily corporate members of the project, recognized for their technical contributions. The governing board comprises representatives from member organizations, who financially support the project, working hand in hand to make the project mission a reality.” 

Other projects, such as LF Energy, take a somewhat different path towards how their governance is structured. 

LF Energy represents an example of open, representative governance within a rapidly growing open source foundation. LF Energy has a board of directors, like most foundations, made up of Premier members, and includes a representative from the General members and a representative from the Technical Advisory Council (TAC), which is made up of technical project leaders. No single company has more than one representative on the board, which provides corporate as well as cultural diversity and voices from all over the industry, not just focused on one niche. 

The Linux Foundation’s neutral program management support program can help

Active program management and program management support is one of the main reasons why open source projects join an organization like the Linux Foundation. Our program management professionals provide a unique set of operational skills and capabilities that nearly all of our projects take advantage of — which is to offload operational and facilitation work from the community. 

In summary, a successful project should have community coordination and program managers that can plan and build, that can measure a project’s performance, that can act as prime facilitators and advise, and can help project stakeholders iterate and reflect to learn from their experiences in order to move a project forward.

“Managing Open source projects can be compared to nurturing a young sapling as it grows into a mature, healthy tree — or in this case, a community. Our job is to supply it with the right balance of nutrients and conditions for successful growth. Following proven governance models with strategic program management, helps increase the odds of nurturing a healthy community. Program Managers help clear the path, allowing communities to focus on the code and achieving technical goals. We are horticulturalists, toiling away in the background, and if we are doing our job correctly, you shouldn’t notice us.” 

Trishan de Lanerolle, Technical Program Manager & Community Architect, LF Networking

In 2020, we want to learn from best practices in how companies create effective open source strategies, how their open source programs are structured, and how they measure success.

The TODO Group is a set of companies that collaborate on practices, tools, and other ways to run successful and productive open source projects and programs.

Open source program offices help set open source strategy and improve an organization’s software development practices. Every year, the TODO Group performs a survey to assess the state of open source programs across the industry, and today we are happy to launch the 2020 edition.

Last year, over 2,700 people participated in the survey. As a result, we were able to learn: 

  • Adoption of open source programs and initiatives is widespread and goes beyond early adopters and; 
  • Hiring of open source developers is a prominent concern, and; 
  • Companies value their open source foundations

In 2020, we want to learn from best practices in how companies create effective open source strategies, how their open source programs are structured, and how they measure success.

We are also asking how macroeconomic conditions and COVID-19 are affecting open source. Survey closed.

SAP has established an open source program office to further its open source activities and expand its engagement with the open source communities.

SAP has been working with open source for decades and has now established an open source program office (OSPO) to further formalize the coordination of its open source activities and expand its engagement with the open source communities. “SAP was one of the first industry players to formally define processes for open source consumption and contribution,” says Peter Giese, director of the Open Source Program Office.

Even so, many people do not yet consider SAP to be a company that embraces open source engagement and contributions.

“In the past, we may not have been active enough in sharing our open source activities,” says Giese.

Now, SAP is shining a spotlight on its work in open source. Transparency is an essential part of the new open source mandate, beginning with an explanation of what the company has been up to and where it is headed with open source.

How SAP came to adopt open source

“In 1998, SAP started to port the R/3 system, our market-leading ERP system, to Linux,” says Giese. “That was an important milestone for establishing Linux in the enterprise software market.”

Porting a system to Linux was just a first step, and a successful one. The action spurred an internal discussion and exploration of how and where to adopt Linux going forward.

“We came to the conclusion that Linux would become a major force,” Giese says. “Today that’s obvious, but at the time it was not as obvious to everybody. That’s when we started our endeavors into open source.”

In 2001, SAP formally defined and internally documented its process for open source consumption, and the company committed to using inbound open source projects to build SAP products. There were lots of details to attend to, such as open source licensing, security, and export control restrictions.

By 2004, SAP already had information on the specifications exchange with other companies and was one of the founding members of the Eclipse Foundation. From then onwards, SAP developers actively contributed to several Eclipse projects, including JGit, EGit, Mat, Tycho and Che.

However, it wasn’t until 2008 that SAP started to actively promote open source contributions from SAP employees on a company-wide basis. That was also the year when the company rolled out its outbound open source process. “We had a set of guidelines and rules for what SAP teams had to do in order to share their work with the open source community,” explains Giese.

In 2010, SAP integrated open source tools further into its development processes. “We moved to a higher level of compliance by introducing systematic open source code scanning as part of our standard development processes,” says Giese. “That means we started to systematically scan open source code for license compliance and security issues.”

In 2014, SAP shared with the open source community a tool called CLA assistant which was developed for managing open source contributor license agreements.

Even though these activities and projects were very successful, there was a growing need for more central coordination of SAP’s open source activities.

“We had several teams that took care of specific aspects of open source, such as security scanning, license scanning, and building our own open source tooling. But there was no dedicated function or role with the overall responsibility for everything open source at SAP,” says Giese. “That has changed now, and SAP’s chief technology officer is responsible for open source at SAP.”

SAP and open source today

The new central Open Source Program Office was established in early 2018.

“We wanted to be more active and visible in our interactions with our outside customers and partners, and with open source foundations and other open source communities,” says Giese. “That’s why we also joined the TODO Group last year to share experiences, jointly develop best practices, and work on common tooling.”

Giese points out that the company’s investments and contributions to open source are substantial, yet they still come as a surprise to many people.

“For example, in February 2018, Fil Maj from Adobe published a worldwide ranking of companies, with their total number of their employees actively contributing to open source projects on GitHub, and SAP ranked at number seven”, says Giese. “There are, of course, different ways to create such statistics, but it gives you an idea of SAP’s role as a contributor. Maybe we’re one of open source’s best kept secrets.”

SAP prefers not to be a secret any longer and is stepping up its open source game in more visible ways. “We’re going to participate in more of the open source community conferences, such as Open Source Summit, OSCON, FOSDEM, EclipseCon, KubeCon, and so on” says Giese. SAP’s climb to higher visibility is a sign of its continued commitment to excellence in open source, and the company aims to form more partnerships and spur accelerated innovations.

One recent example of SAP’s innovative open source projects is Gardener, a solution for Kubernetes clusters as a service, as listed in the CNCF Cloud Native Landscape. It enables the management of a large number of Kubernetes clusters and the reuse of Kubernetes primitives in its core architecture.

Another newly open-sourced SAP project is Kyma, a flexible and easy way to connect and extend enterprise applications in a cloud native world.

SAP is actively encouraging companies and other developers to codevelop and cooperate on projects such as Gardener and Kyma.

“This type of co-innovation, for me, is the most compelling aspect about the whole open source movement,” says Giese.

Learn more about prominent SAP projects on their open source page.

How SAP’s open source office works

SAP formed its Open Source Program Office as a virtual team consisting of several teams from different board areas.

“We are working in scrum mode, which is a software development methodology. It has advantages in driving an open source program office,” says Michael Picht, chief development architect in OSPO. “You work in sprints in scrum, and this means you’re forced to break down your tasks into smaller pieces.”

“The scrum methodology propagates cross-functional teams, and that’s what our OSPO is. We have colleagues from across the company in there. Scrum facilitates the work in such a setup. It sounds strange to some people when they hear we work in scrum mode, but in our case, it is working quite well.”

Picht says that “breaking large jobs down into smaller chunks and working in four-week sprints makes challenging and long-running tasks easier to master. It does require some training, however, to make sure all team members are comfortable with the method.”

The office’s mission is to nurture and support the open source approach to software development – inside and outside SAP. Consequently, for employees who want to contribute to open source projects in their spare time outside of the company context, SAP has simplified the clearance process dramatically. “We have provided a few simple rules and as long as you adhere to these you can directly start to work on open source projects in your spare time,” says Giese.

The company is also redesigning its corporate open source contribution process to make it even more efficient. The goal is to shift from policing developers to enabling them through simpler forms, automation of process steps, and support team services.

For the open source community, to advance open source best practices and tooling, SAP recently contributed it’s open source vulnerability assessment tool, which supports any software development organization in assessing security vulnerabilities of open-source components in their application development.

SAP’s open source program office will continue to look for ways to speed up and improve processes, and to support developers, partners, and open source communities.

“This will never end, this will always go on, so we always want to find new ways to improve open source processes and tools further,” says Picht.

Acknowledgements

We would like to thank Peter Giese, director of SAP’s Open Source Program Office and Michael Picht, chief development architect, for their time in contributions to this case study. We would also like to thank Pam Baker for taking the time to conduct interviews at the Open Source Program Office.

SAP is an active member of the Linux Foundation and LF projects including Cloud Foundry Foundation, Cloud Native Computing Foundation (CNCF), Hyperledger, ODPi, OpenAPI Initiative, and TODO Group.

The Linux Foundation offers an abundance of resources to help you achieve success with open source.

At organizations everywhere, managing the use of open source software well requires the participation of business executives, the legal team, software architecture, software development and maintenance staff and product managers. One of the most significant challenges is integrating all of these functions with their very different points of view into a coherent and efficient set of practices.

More than ever, it makes sense to investigate the many free and inexpensive resources for open source management that are available, and observe the practices of professional open source offices that have been launched within companies ranging from Microsoft to Oath to Red Hat.

Fundamentals

The Linux Foundation’s Fundamentals of Professional Open Source Management (LFC210) course is a good place to start. The course is explicitly designed to help individuals in disparate organizational roles understand the best practices for success.

The course is organized around the key phases of developing a professional open source management program:

  • Open Source Software and Open Source Management Basics
  • Open Source Management Strategy
  • Open Source Policy
  • Open Source Processes
  • Open Source Management Program Implementation

Best Practices

The Linux Foundation also offers a free ebook on open source management: Enterprise Open Source: A Practical Introduction. The 45-page ebook can teach you how to accelerate your company’s open source efforts, based on the experience of hundreds of companies spanning more than two decades of professional enterprise open source management. The ebook covers:

  • Why use open source
  • Various open source business models
  • How to develop your own open source strategy
  • Important open source workflow practices
  • Tools and integration

Official open source programs play an increasingly significant role in how DevOps and open source best practices are adopted by organizations, according to a survey conducted by The New Stack and The Linux Foundation (via the TODO Group). More than half of respondents to the survey (53 percent) across many industries said their organization has an open source software program or has plans to establish one.

More than anything, open source programs are responsible for fostering open source culture,” the survey’s authors have reported. “By creating an open source culture, companies with open source programs see the benefits we’ve previously reported, including increased speed and agility in the development cycle, better license compliance and more awareness of which open source projects a company’s products depend on.”

Free Guides

How can your organization professionally create and manage a successful open source program, with proper policies and a strong organizational structure? The Linux Foundation offers a complete guide to the process, available here for free. The guide covers an array of topics for open source offices including: roles and responsibilities, corporate structures, elements of an open source management program, how to choose and hire an open source program manager, and more.

The free guide also features contributions from open source leaders. “The open source program office is an essential part of any modern company with a reasonably ambitious plan to influence various sectors of software ecosystems,” notes John Mark Walker, Founder of the Open Source Entrepreneur Network (OSEN) in the guide. “If a company wants to increase its influence, clarify its open source messaging, maximize the clout of its projects, or increase the efficiency of its product development, a multifaceted approach to open source programs is essential.”  

Interested in even more on professional open source management? Don’t miss The Linux Foundation’s other free guides, which delve into tools for open source management, how to measure the success of an open source program, and much more.

Cloud Foundry

Multi-platform means enterprises would want a variety of platforms for a variety of application workloads, says Cloud Foundry’s Abby Kearns.

2018 has been an amazing year for Cloud Foundry, with Alibaba joining as a Gold member, and Pivotal going public with its IPO, among some of the highlights. I recently talked with Abby Kearns, Executive Director of Cloud Foundry Foundation, to reflect on these milestones and more.

Kearns has been part of the Cloud Foundry ecosystem for the past five years and, under her leadership, Cloud Foundry has grown and evolved and found its way into half of the Fortune 500 companies, with those numbers increasing daily.

All of the major public cloud vendors want to be part of the ecosystem. “This year, we saw Alibaba join as a Gold member, and Cloud Foundry is now natively available on Alibaba Cloud,” said Kearns.

In 2017, Cloud Foundry embraced Kubernetes, the hottest open source project, and created CFCR (Cloud Foundry Container Runtime). “Kubernetes is a great technology that brings tons of capabilities to containers, which are the fundamental building blocks for a lot of portability for cloud native apps,” Kearns said.

“CFCR, which is Kubernetes on BOSH, allows enterprises to start running containerized workloads alongside Cloud Foundry deployments. … They now have a single plane of operations, which allows them to have a variety of applications,” she explained.

However, Kearns sees that the market is evolving beyond just multi-cloud. “We are entering into a multi-platform world where enterprises are going to be running a variety of technologies and solutions to address the variety of workload needs with their applications,” said Kearns.

When asked what she meant by multi-platform in the context of cloud, Kearns explained, “Multi-platform means that enterprises would want a variety of platforms for a variety of application workloads. There’s never going to be one technology that solves everything. It’s not going to be Cloud Foundry or Kubernetes; it’s going to be a mix. At the end of the day, enterprises are broad and complex. They have evolving needs. They want a mix of technologies that complement each other.”

However, multi-platform brings its own set of challenges. “Technology is the easy part, my big worry is people getting caught up in the hype of something new and then they want to have it. Then they want to have the next shiny thing,” she said.

When you get caught up in that hype cycle, you lose focus on what you need to do. Enterprises need to be aware of this and must ask themselves what do their business need to do? What are the outcomes they expect? How do they leverage technology to achieve that?

“I think taking a step back and asking ourselves what are we really trying to solve,” she said. “I think just for me, sometimes it is — take a breath, pause and think, okay, where, where are we going and why?”

Hear more from Abby Kearns in the video below:

Watch the keynotes LIVE next week at Open Source Summit & ELC + OpenIoT Summit Europe.

Open Source Summit & ELC + OpenIoT Summit Europe is taking place in Edinburgh, UK next week, October 22-24, 2018. Can’t make it? You’ll be missed, but you don’t have to miss out on the action. Tune into the free livestream to catch all of the keynotes live from your desktop, tablet or phone! Sign up now >>

Hear from the leading technologists in open source! Get an inside scoop on:

  • An update on the Linux Kernel
  • Diversity & inclusion to fuel open source growth
  • How open source is changing banking
  • How to build an open source culture within organizations
  • Human rights & scientific collaboration
  • The future of AI and Deep Learning
  • The future of energy with open source
  • The parallels between open source & video games

Live video streaming of the keynote sessions from Open Source Summit & ELC + OpenIoT Summit Europe will take place during the following times:

Monday, October 22

9:00 – 10:20 (BST)

Watch keynotes from Open Invention Network, LF Energy, Intel, LWN.net, and The Linux Foundation.

Tuesday, October 23

9:00 – 10:20 (BST)

Watch keynotes from Vibrant Data, Microsoft, IBM, and Human Rights Data Analysis Group.

Wednesday, October 24

9:00 – 10:00 (BST)

Watch keynotes from Max Planck Institute for Gravitational Physics, IBM, and Mifos Initiative.

View the full keynote schedule >>

Sign up for free live stream now >>

ONS livestream

Watch the keynote sessions LIVE next week at ONS Europe!

Open Networking Summit Europe is taking place in Amsterdam next week,  September 25-27. Can’t make it? You’ll be missed, but you don’t have to miss out on the action. Tune into the free livestream to catch all of the keynotes live from your desktop, tablet or phone! Sign Up Now >>

Live video streaming of the keynote sessions from Open Networking Summit Europe 2018 will take place during the following times:

Tuesday, September 25

13:15 – 14:55 (CEST)

Watch keynotes from Cloud Native Computing Foundation, Red Hat, China Mobile, Intel, Orange Group Network and The Linux Foundation.

Wednesday, September 26

9:00 – 10:30 (CEST)

Watch keynotes from Türk Telekom, IBM, IHS/Infonetics Research, Huawei, China Mobile, and Vodafone Group.

Thursday, September 27

9:00 – 10:35 (CEST)

Watch keynotes from Deutsche Telekom AG, Imperial College London, China Mobile, AT&T, and Amdocs, Huawei, VMware and The Linux Foundation.

View the full Keynote Session Schedule

Sign up for free live stream now >>

open source event

Don’t miss Open Source Summit & ELC + OpenIoT Summit Europe, October 22 – 24 in Edinburgh.

See why you need to be at Open Source Summit Europe and Embedded Linux Conference + OpenIoT Summit Europe next month! Hurry — space is going quickly. Secure your spot and register by September 22 to save $150.

Here are the Top 10 Reasons you’ll want to be at this event:

  1. Timely Cutting-edge Content: 300+ sessions on Linux development, embedded Linux systems, IoT, cloud native development, cloud infrastructure, AI, blockchain and open source program management & community leadership.
  2. Deep Dive Labs & Tutorials: An Introduction to Linux Control Groups (cgroups),  Building Kubernetes Native Apps with the Operator Framework, Resilient and Fast Persistent Container Storage Leveraging Linux’s Storage Functionalities,  and 10 Years of Linux Containers, are just some of the labs and tutorials included in one low registration price.
  3. 12 Co-located Events*: Come for OSS & ELC + OpenIoT Summit and stay for LF Energy Summit, Linux Security Summit, Cloud & Container Embedded Apprentice Linux Engineer tutorials, IoT Apprentice Linux Engineer tutorials, Hyperledger Scotland Meetup, Linux in Safety-Critical Systems Summit, and many more co-located events.  (*Some co-located events may require an additional registration fee.)
  4. Discover New Projects & Technologies: Over 30 sponsors will be showcasing new projects and technologies in the Sponsor Showcase throughout the event, joined by our Technical Showcase at the Onsite Attendee reception showcasing Free and Open Source Software (FOSS) projects from system developers and hardware makers.
  5. Social Activities & Evening Events: Take a break and go on a sightseeing bus tour, join the 5K fun run or morning meditation, and meet with fellow attendees through the networking app. Collaborate with fellow attendees at the attendee reception at the National Museum of Scotland and at the Onsite Attendee Reception & Sponsor + Technical Showcase.
  6. Diversity Empowerment Summit: Explore ways to advance diversity and inclusion in the community and across the technology industry.
  7. Women in Open Source Lunch &  Better Together Diversity Social: Women and non-binary members of the open source community are invited to network with each other at the lunch sponsored by Adobe, while all underrepresented minorities are welcome to attend the at the Better Together Diversity Social.
  8. Developer & Hallway Track Lounge: The highlight for many at this event is the ability to collaborate with the open source community. This dedicated lounge offers a space for developers to hack and collaborate throughout the event as well as plenty of seating for hallway track discussions.
  9. Networking Opportunities: Attend the Speed Networking & Mentoring event, OS Career Mixer, or use the networking app to expand your open source community connections by finding and meeting with attendees with similar interests.
  10. Hear from the Leading Technologists in Open Source: Keynote talks include a Linux Kernel update, a fireside chat with Linus Torvalds & Dirk Hohndel, a look at the future of AI and Deep Learning, a panel discussion on the future of energy with open source, a discussion on diversity & inclusion, a talk on the parallels between open source & video games, and insightful talks on how open source is changing banking, human rights and scientific collaboration

Sign up to receive updates on Open Source Summit Europe: 

VIEW THE FULL SCHEDULE »

REGISTER NOW »