Speak at ONE Summit

The top reasons to share your expertise at ONE Summit, the Industry’s leading Open Networking & Edge Event

To submit a presentation proposal, please visit our Call For Proposals-but hurry! Submissions are due July 29. 

ONE Summit 2022

ONE Summit is the ONE networking technology event connecting Access, Edge, Core and Cloud. It brings together technical and business decision makers for in-depth, interactive conversations around cutting-edge innovations and the operational support necessary to leverage them.

Newly revamped post-pandemic, ONE Summit’s focus is to enable interactive, real-world conversations on the evolution of technology in the distributed networking space. From Communications Service Providers to Government and civil infrastructure, from Retail to the leaders of Industry 4.0, you will be able to collaborate on innovations to truly support your digital transformation.

Inspired by the impact of integration efforts like 5G Super Blueprint, ONE Summit fosters collaborative discussion required to truly scale software for 5G, IoT, the enterprise, and beyond. 

Top 5 reasons to speak at ONE Summit:

1) Collaborate with thought leaders from across a growing global ecosystem. 

ONE Summit enables the technical and business collaboration necessary to shape the future of open networking and edge computing. The free exchange and presentation of ideas is crucial for the growth of all open source projects and their continued ability to innovate.

2) Immerse yourself in innovative technologies such as 5G, Open RAN, IoT, Enterprise, Cloud Native and more.

Learn about and build on on the successes of Linux Foundation networking & edge project communities, with collaboration across LF Networking, LF Edge, O-RAN- SC, Magma, CNCF, LF AI & Data, and more, to enable attendees to visualize and build their new networking stacks.

3) Learn from your peers across industry verticals solving common challenges. 

Networking decision makers gather to address architectural and technical issues, and business use case needs. ONE Summit provides a forum where solutions, best practices, use cases and more – based on open source projects under the Linux Foundation Networking and across the industry– can be shared with the global ecosystem.

4) Unleash the power of open. In a market now built on open source, this is critical.

Virtually all industries have embraced open source in their operations. Collaboration among industry peers is what makes the use of open source in business and the related business models possible.

5) Demonstrate your leadership.

ONE Summit attendees come from all across a growing ecosystem of enterprises, governments, global service providers (including telcos, enterprises, government, global service providers and cloud). With a targeted focus on architects and technical decision makers, ONE Summit is a great place to get your message out

Meet the Program Committee

ONE Summit would not be possible without the involvement and support of our community. The Program Committee is composed of business and open source leaders who are actively involved in the work of developing the next generation of networking and edge technologies for all market verticals. This year’s ONE Summit Program Committee is composed of:

  • Rabi Abdel, Principal Consultant, Global Telecom Practice, Amazon Web Services
  • Lisa Caywood, Senior Principal Community Architect, RedHat
  • Wenjing Chu, Senior Director of Technology Strategy – Trust for the Internet of the Future, Futurewei Technologies
  • Roy Chua, Founder and Principal, AvidThink
  • Beth Cohen, Cloud Product Technologist, Verizon
  • Marc Fiedler, Architect for Real-time Network Service Management, Deutsche Telekom
  • Daniel Havey, Program Manager, Microsoft
  • Kandan Kathirvel, Product Lead, Telco Cloud & Orchestration, Google Cloud
  • Trishan de Lanerolle, Principal Technical Program Manager, Office of the CTO, Equinix
  • Catherine Lefevre, AVP, Technology Services – Network Systems Common Platform & Services, AT&T
  • Tom Nadeau, Fellow, Vice President & Chief Cloud Architect, Spirent Communications
  • Joe Pearson, Edge Computing and Technology Strategist, IBM Networking & Edge Computing CTO Group, IBM
  • Jim St. Leger, Director, Open Strategy, Intel
  • Tracy Van Brakle, Principal Member of Technical Staff, AT&T
  • Olivier Smith, Office of the CTO, Director, Matrixx Software
  • Cedric Thienot, Co-Founder and CTO, Firecell
  • Qihui Zhao, NFV Researcher & Network Engineer, CMCC
  • Amy Zwarico, Director, CyberSecurity, Chief Security Office, AT&T

Who attends

chart of who attends the one summit

Past ONE Summit attendee demographics. Source: ONE Summit 2022 prospectus

Join with attendees from all market verticals and all organizational levels from all over the world. Attendees don’t have to be part of a project to contribute to the discussion and to participate in open collaboration sessions with other attendees. In fact, joining planned sessions and open discussions and collaboration sessions is the best way to get involved with open source projects under the LFNetworking Umbrella.

To learn more about ONE Summit 2022 in Seattle, please visit the ONE Summit site

About LF Networking

Now in its fifth year as an umbrella organization, LF Networking (LFN) and its projects enable organizations across the globe to more quickly and effectively achieve digital transformation via the community’s shared development efforts. This includes companies of all sizes and types that rely on LFN’s breadth of commercially-ready ecosystem offerings, all based on open source innovation spearheaded within the LF Networking community. To learn more about LFN, please visit https://www.lfnetworking.org. To learn more about the Linux Foundation, please visit https://linuxfoundation.org

The author, Heather Kirksey, VP, Community & Ecosystem, LF Networking.

SAN FRANCISCO—June 21, 2022—  Project Nephio, an open source initiative of partners across the telecommunications industry working towards true cloud-native automation , today announced rapid community growth and momentum.  

Since launching in April 2022 in partnership with Google Cloud, support has grown with 28 new organizations now part of the project (with over 50 contributing organizations), progress towards Technical Steering Committee (TSC) formation, and an upcoming Nephio Technical Summit, June 22-23, in Sunnyvale, Calif. New supporters include: A5G Networks, Alicon Sweden, Amdocs, ARGELA, CapGemini Technology, CIMI Corporation, Cohere Technologies, Coredge.io, CPQD, Deutsche Telekom, HPE, Keysight Technologies, KT, Kubermatic, Kydea, MantisNet, Matrixx, Minsait, Nabstract, Prodapt, Sandvine, SigScale, Spirent Communications, Telefónica, Tata Elxsi, TechMahidra, Verizon, Vodafone, Wind River, and Wipro. 

Nephio’s goal is to deliver carrier-grade, simple, open, Kubernetes-based cloud-native intent automation and common automation templates that materially simplify the deployment and management of multi-vendor cloud infrastructure and network functions across large scale edge deployments. Nephio enables faster onboarding of network functions to production including provisioning of underlying cloud infrastructure with a true cloud native approach, and reduces costs of adoption of cloud and network infrastructure.

“We are pleased to see Nephio experience such rapid growth in such a short time,” said Arpit Joshipura, general manager, Networking, Edge, and IoT, the Linux Foundation. “This is testament to the market need for open, collaborative initiatives that simplify network functions and cloud infrastructure across edge deployments.”

“We are heartened by the robust engagement from our growing Nephio community, and look forward to continuing to work together to set a new open standard for cloud-native networks to advance automation, network function deployment, and the management of user journeys,” said Gabriele Di Piazza, Senior Director, Telecom Product Management, Google Cloud.

Developer collaboration is underway with the Technical Steering Committee formation in progress. And the Nephio technical community will gather in-person and virtually for the first Nephio Technical Summit, June 22-23 in Sunnyvale, Calif. The goal is to discuss strategy, technology enhancements, roadmap, and operational aspects of cloud native automation in the Telecommunication world. More details, including how to register, are available here: https://nephio.org/events/

More information about Nephio is available at www.nephio.org

Support from contributing organizations

A5G Networks

“A5G Networks is a leader and innovator in autonomous and distributed mobile core network software over hybrid and multi-cloud. Our unique IP helps realize significant savings in capital and operating expenditures, reduces energy requirements, improves quality of user experience and catalyze adoption of new business models. A5G Networks is excited to join the Nephio initiative for intent based automation and unlock the true potential of 5G networks,” said Kaitki Agarwal, founder, president and CTO of A5G Networks, Inc.

Amdocs

“Amdocs is excited to join the Nephio community and accelerate the Telecom industry’s journey towards a cloud-native, Kubernetes-based, automation and orchestration solutions. As a leader in telco automation and a founding member of Linux  Foundation’s ONAP and EMCO projects, Amdocs is thrilled to join this new community that will address the challenges coming with the era of 5G, edge and ORAN,” said  Eyal Shaked, General Manager, Open Network PBU, Amdocs. 

Capgemini

“Capgemini is excited to join the Nephio community and join the Nephio working groups to facilitate the deployments of telecom operators by moving the Telecom industries towards a cloud-native platform and provide the automation and orchestration solutions with the help of Nephio. Capgemini is an expert in O-RAN standards and has FAPI compliant O-CU and O-DU implementations. Capgemini is thrilled to join this new community that will address the challenges coming with the era of 5G, edge and ORAN,” said Sandip Sarkar, senior director, CTO Organization, Capgemini.

CIMI Corporation

“The Nephio project promises to provide an open-source implementation of network operator service lifecycle automation based on the cloud-standard Kubernetes orchestration platform.  That’s absolutely critical for the convergence of network and cloud software,” said Tom Nolle, president, CIMI Corporation. 

Coredge.io

Arif Khan, CEO, Coredge.io said, “Bringing agility is delivering services and centrally managing the geographically distributed cloud, keeping cost in control is the key focus right now for operators. Nephio project is meant to achieve this with Kubernetes-based cloud-native intent automation and automation templates. We are glad to contribute to Nephio with our learnings in management of multi-cloud and distributed edge using intent driven automation inside the Coredge.”

Deutsche Telekom

“Large-scale automation is pivotal on our Software Telco journey. It is important that we work together as an industry on standards that will enable and simplify the cloud native automation of network functions. And we believe the Nephio project can play a fundamental role to speed up this process,” said Jochen Appel, VP Network Automation, Deutsche Telekom.

KT

“Cloud native is a next step on the journey of telcos’ path to successful digital transformation. Also the automated management to enable multi-vendor support and reduce cost by efficiency and agility is a key factor for operation of the cloud based network systems. The project Nephio will help open, wide, and easy adoption of such infrastructure. By co-working with partners in the project, we look forward to solving the interworking issues among multi-vendors and building up the efficient and agile orchestrated management system easily,” said Jongsik Lee, senior vice president, head of Infrastructure DX R&D Center, KT.

MantisNet

“MantisNet supports the Nephio initiative, specifically realizing the vision of autonomous networks. The Nephio project is complementary with the kinds of full-stack, end-to-end, programmable visibility, powered by an open, standards-based, event-driven, composable architecture that we are developing for a broad range of new and emerging use-cases to help ensure the secure and reliable operation of cloud-native 5G applications,”said  Peter Dougherty, CEO MantisNet. 

Matrixx Software

“Continued advancements in the automation of distributed Cloud Native Network Functions will be critical to delivering on the promises of new differentiated 5G services, and key to new industry revenue models,” said Marc Price, CTO, Matrixx Software. 

Minsait

“As a company helping Telcos to onboard their 5G network functions, we are aware of the current challenges they are facing. Nephio is a key initiative to fulfill the promises of truly cloud native deployment and operation that specifically addresses the unique pain points  of the Telco industry,” said Francisco Rodríguez, head of network virtualization at Minsait. 

Nabstract.io

“Harmonization and availability of common practices that facilitate intent driven automation for deployment and management of infrastructure and cloud native Network Functions will boost the consumption of 5G connectivity capabilities across market verticals through abstracted open APIs,” said Vaibhav Mehta, Founder, Nabstract.io.

Proadapt

“Prodapt is the leading SI for connectedness industry with a laser focus on software intensive networks. Together as a key contributor to the Project Nephios, we will jointly accelerate TelCo’s journey towards becoming a TechCo by co-innovating, -building, -deploying, and -operating distributed multi-cloud network functions. We believe our collaboration would set the foundation of a fully automated intent driven cloud-native networks supporting differentiated 5G & distributed edge experience,” said Rajiv Papneja, SVP & global head, Cloud & Network Services, Prodapt.

Sandvine

“Sandvine Application and Network Intelligence solutions provide machine learning-based 5G analytics over hybrid cloud, multicloud, and edge deployments, empowering service-providers and enterprise customers to analyze, optimize, and monetize application experiences. Sandvine is proud to be a part of the Nephio initiative for intent-based automation, a prelude to Network-as-a-Service offerings that will scale autonomously, even when comprised of different vendors’ Infrastructure/Platform/Software-aaS components,” said Samir Marwaha, Chief Strategy Officer, Sandvine.

SigScale

“SigScale believes Nephio could be instrumental in achieving a management continuum across multi-cloud, multi-vendor networks,” said Vance Shipley, CEO, SigScale.

Vodafone

“Building, deploying, and operating Telco workloads across distributed cloud environments is complex, so it is important to adopt cloud native best practices as we evolve, to enable us to achieve our goals for agility, automation, and optimisation,” said Tom Kivlin, principal Cloud Architect, Vodafone. “Project Nephio presents a great opportunity to drive the cloud native orchestration of our networks.  We look forward to working with our partners and the Nephio community to further develop and accelerate the simplification of network function orchestration.” 

Wind River

“As active supporters and contributors of key telco cloud-native open source projects such as StarlingX and the O-RAN Alliance, Wind River is excited to join Nephio. Nephio’s mission of simplifying the deployment and management of multi-vendor cloud infrastructure across large scale deployments is directly aligned with our strategy,” said Gil Hellmann, vice president, Telecom Solutions Engineering, Wind River. 

About Nephio

More information can be found at www.nephio.org.

About the Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

#####

city scape at night with network lines visualized between points

This post originally appeared in LF Networking’s blog

Now in its fifth year as an umbrella organization, LF Networking (LFN) and its projects enable organizations across the globe to more quickly and effectively achieve digital transformation via the community’s shared development efforts. This includes companies of all sizes and types that rely on LFN’s breadth of commercially-ready ecosystem offerings, all based on open source innovation spearheaded within the LF Networking community.

As mature LFN projects, ONAP (Open Network Automation Platform) and OpenDaylight are currently deployed as critical components in networks around the globe. Below is a sampling of specific case studies currently implemented in the real-world that are allowing organizations to transform their networks. 

  • Spark automates disaggregated network in just 6 months using ONAP. As Spark New Zealand Limited (Spark) approached 5G deployment, they started analyzing the status of automation across network and infrastructure and realized they needed an automation suite that would support future use cases that 5G could enable, such as network slicing, and closed loop automation.  In partnership with Infosys, Spark took a relatively short six months to go from kickoff to implementation of ONAP. More details are available here.
  • Verizon leverages OpenDaylight as its directional SDN controller. After initial work exploring OpenDaylight (ODL), Verizon decided to pull the testing, packaging, support in-house and create their own optimized ODL distribution. ODL now serves as Verizon’s foundational and directional SDN controller with two use cases in production across the network. Verizon brings a strong developer team to the project with several employees directly participating in ODL on eleven projects. Currently, Verizon is using Yang model driven platform solutions and wants to integrate different types of data modeling technology, Open APIs, rest platforms, and more. More details are available here.
  • Deutsche Telekom deploys ONAP in O-RAN Town. In its O-RAN Town project, DT deployed in the city of Neubrandenburg a multi-vendor Open RAN trial network for 4G and 5G services with massive MIMO integrated into the live network — the first in Europe. To automate services on all network domains, DT introduced a vendor-independent Service Management and Orchestration (SMO) component based on ONAP open source. The SMO is to be at the heart of complete lifecycle management of all O-RAN components in this deployment. More details are available here.
  •  Orange deploys automation framework powered by ONAP. Realizing a long-pursued goal of using ONAP, Orange has deployed and trialed an automation framework powered by ONAP. The current use case, in production in Orange Egypt, includes automating network services, network connectivity and resource management inside IP/MPLS, and configuration changes such as provisioning virtual private networks. Through this initiative, Orange has demonstrated that ONAP has reached the maturity and modularity for network operators to take combinations of ONAP projects and components from proof of concept to production. More details are available here.
  • Bell automates a significant amount of manual configuration, recovery, and provision work by using ONAP in production across multiple use cases. Since 2017, the use of ONAP at Bell Canada has expanded to automating numerous key network services across all business units. Moving forward, ONAP is playing a major role in 5G and multi-access edge computing (MEC) rollouts. The key metric Bell uses to measure the success of ONAP is the number of recurring manual task hours saved per month. Each project that adopts ONAP for a specific service tracks this metric. In 2019 alone, Bell saved a significant amount of recurring manual work per month as a result of using ONAP. In 2020, the team will also measure the acceleration of new services on-boarded to the platform. Currently, the on-boarding process can range from a few weeks to six months. Learn more in this detailed case study.

These are just a few examples of what is possible with open networking. Stay tuned to LF Networking channels for more industry proof points across the ecosystem and follow the LFN community journey (visit our website and follow us on Twitter)  to witness the power of open collaboration on the future of networking.

Community debuts Developer Badge Program to recognize, reward  developer contributions as it begins plans for Spring 2022 release, codenamed ‘Kamakura’

SAN FRANCISCODecember 1, 2021 EdgeX Foundry, a Linux Foundation project under the  LF Edge project umbrella, today announced the release of version 2.1 of EdgeX, codenamed ‘Jakarta.’  The project’s ninth release, it follows the recent Ireland release, which was the project’s second major release (version 2.0). Jakarta is significant in that it is EdgeX’s first release to offer long term support (LTS). 

Long Term Support

“Only a few open-source projects offer long term support; the rapid change of open source projects and the effort needed to LTS is significant,” said Arpit Joshipura, general manager, Networking, Edge and IoT, at the Linux Foundation. “By including LTS, EdgeX demonstrates it understands the needs of the operational technology (OT) user base, and how products in this space must work and operate over longer periods of time than traditional IT solutions,” said Arpit Joshipura. “This is a big milestone for any open source community, and we are incredibly proud of EdgeX Foundry for this achievement.”

“Our Jakarta release is a stabilization release,” said Jim White, the EdgeX Foundry Technical Steering Committee  (TSC) Chairman and co-founder of the project.  “As such, it is our project community’s pledge to adopters that EdgeX offers you a stable version of the platform that you can expect the community to stand behind and support for a period of two years.  We stand with you in support of EdgeX in real world, commercial deployments of the platform.”

 The EdgeX long term support policy states that the community will work as quickly as possible and give “best effort and development priority to fix major flaws as soon as possible.”  Major flaws by the project are defined as 

  • bugs causing the system or service to crash and where there is no work around for the function
  • bugs for a feature/function that does not work and there is no work around for the function
  • a security issue deemed a critical or high-level CVE (per CVSS)

The project has further stipulated in its LTS policy that “no new major functionality (at the discretion of the TSC) will be added” to the LTS version after the release happens.

More information about the Jakarta release, including a list of new features, can be found here: https://wiki.edgexfoundry.org/display/FA/Jakarta

EdgeX Developer Badge Program

As a part of this release cycle, EdgeX  also announced a new EdgeX Developer Badge program.  EdgeX has created the Developer Badge program to thank those making initial impacts to the project by providing  something that they can use to highlight their efforts and volunteerism on social media platforms.   Contributors have started receiving an official digital badge (award through Credly) when 

  • they make their first contribution (their first GitHub Pull Request is accepted by the project and merged into one of the project’s code repositories)
  • they fix two documented bugs of the project

Additional badges for other work may be awarded by the community in the future.

Kamakura Release – Spring 2022

The next EdgeX release, codenamed “Kamakura,” is set for Spring 2022.  The community has held its semi-annual planning session to lay out the goals and objectives of this release.  Kamakura is likely to be another dot-release that will again be backward compatible with all EdgeX 2.x releases (Ireland and Jakarta).  Major additions currently under consideration and being developed by the community include:

  • Initial north to south message bus.  Improved security secrets seeding and allowing for delayed service starts.
  • Metrics collection. .
  • Dynamic device profiles.  Better (native) Windows support
  • Improve testing – including real hardware testing
  • A second version release of the EdgeX Command Line Interface (CLI) which,  compatible with EdgeX v2.x.

 Learn more about this release on the project’s Wiki site.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open-source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

 ###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds. 

LF Edge Logo
  • Industry leaders F5, VMware, Eclipse Foundation, mimik, Platform 9, Teal Communications, and Veea, Inc. join open source edge project umbrella to collaborate on furthering edge computing
  • LF Edge’s portfolio of projects continue to diversify with addition of eKuiper and Project Alvarium to address IoT data analytics and trust fabrics; additionally, Linux Foundation welcomes Edge Gallery for open MEC edge computing
  • Akraino and EdgeX Foundry project releases enhance commercially-adopted, deployable solutions for IoT and edge use cases including 25+ blueprints

SAN FRANCISCO, October 11, 2021LF Edge, an umbrella organization within the Linux Foundation that creates an open, interoperable framework for edge computing independent of hardware, silicon, cloud, or operating system, today announced the project’s maturity as a deployable framework with expanded open source solutions to meet real-world demands. Industry leaders F5 and VMware have joined the community as Premier members as LF Edge maturation includes new projects, general members, project releases and blueprints that enable deployable solutions.  

“Growth within the LF Edge community continues to accelerate, and we are thrilled to welcome even more industry-leading organizations to the community,” said Arpit Joshipura, General Manager, Networking, Edge, and IoT, the Linux Foundation. “This is in line with industry trends as more and more organizations across verticals realize the power of open source at the edge. Our diverse set of new projects and new members works in tandem with the broader LF Edge community to enable real-world edge, IoT, IIoT, and telco solutions. ”

New Members

Two new Premier members have joined LF Edge (F5 and VMWare), along with four General members (mimik, Platform 9, Teal Communications, Veea, Inc.), and one Associate Member (Eclipse Foundation). 

F5 is a multi-cloud application security and delivery company that enables its customers—which include the world’s largest enterprises, financial institutions, service providers, and governments—to bring extraordinary digital experiences to life. 

“F5 is excited to join the Linux Foundation Edge Board and we look forward to collaborating on an open, interoperable framework that enables industries and individuals to innovate at the edge,” said Geng Lin, executive vice president and CTO at F5. “Our participation will help accelerate the delivery of an Edge 2.0 platform, a security-first, app-driven approach with unlimited scale that will empower every business to unlock the full potential of the emerging edge.” 

VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. As a trusted foundation to accelerate innovation, VMware software gives businesses the flexibility and choice they need to build the future. Kaniz Mahdi, vice president of distributed edge, VMware, said, “VMware is helping leading service providers around the world modernize their networks to deliver and monetize next-generation applications. We are working side-by-side with customers and partners to unravel the complexities that come with delivering these apps across a distributed edge. As such, we are excited to join the LF Edge, an organization focused on building an open framework to support edge-native workloads. With virtualization in our DNA and a deep-rooted footprint in the cloud, VMware is uniquely positioned to contribute to this important ambition.”

Bringing an even more diverse perspective to the LF Edge community, new general and Associate members include:

  • mimik provides a hybrid edge cloud computing application development platform and business enablers for digital transformation, 
  • Platform 9 enables operations teams to run Kubernetes as a Managed Service on multi-cloud, on-premise or edge at scale.
  • Teal Communications is the first cloud-native, Credentialing-as-a-Service platform that provides intelligent connectivity and networking solutions to IoT device and network operators.
  • Veea is redefining and simplifying secure edge computing that improves application responsiveness, reduces bandwidth costs and eliminates central cloud dependency.
  • Eclipse Foundation provides its global community of individuals and organizations with a mature, scalable, and business-friendly environment for open source software collaboration and innovation.

New Projects

eKuiper and Project Alvarium have joined the growing LF Edge project portfolio while Edge Gallery joins the Linux Foundation. Covering IoT analytics and trust fabrics respectively, eKuiper and Project Alvarium join the nine existing LF Edge projects: (Stage 3) Akraino and EdgeX Foundry; (Stage 2)  Project EVE, Fledge, Home Edge, Open Horizon, and State of the Edge; and (Stage 1) Beatyl and Secure Device Onboard (SDO). 

Edge Gallery joins the Linux Foundation and will work closely with LF Edge projects. More information about the new projects:

  • Project Alvarium, with initial code seeded by Dell Technologies, is aimed at building a framework and SDK for trust fabrics that deliver data from devices to applications with measurable confidence. Trust fabrics take a system-level approach by layering trust insertion technologies spanning silicon to cloud and will usher in an entire new era of business models and customer experiences driven by interconnected ecosystems. Initial contributing companies include Dell, the IOTA Foundation, Intel, Arm, VMware and ZEDEDA.
  • eKuiper,  is an edge lightweight IoT data analytics / streaming software implemented by Golang,that can be run on all kinds of resource-constrained edge. It migrates cloud real-time cloud streaming analytics frameworks such as Apache Spark, Apache Storm and Apache Flink to the edge.
  • Edge Gallery is an open-source MEC edge computing project initiated by Huawei, carriers, and vertical industry partners. Its purpose is to build a common edge computing platform that meets the “connection + computing” characteristics of the telecom industry, standardize the openness of network capabilities (especially 5G network capabilities), and simplify lifecycle processes such as MEC application development, test, migration, and running.

“We’re excited to welcome Project Alvarium, eKuiper and Edge Gallery to the Linux Foundation project family,” said Jason Shepherd, Board Chair, LF Edge and VP Ecosystem, ZEDEDA. “We look forward to continuing to collaborate across our project portfolio to make edge solutions more accessible, scalable and secure, in addition to enabling entirely new business models.” 

Commercial-Ready Project Solutions

Bringing deployable edge blueprints that are globally adopted into commercial solutions and use cases, Akraino delivers fully functional edge solutions across industry sectors and disciplines. Akraino issued its fifth release (Akraino R5) with three new additional blueprints to address use cases such as smart cities, cloud native multi-tenant, and topology prediction for vehicular networks at the edge. R5 also includes updates to many of its existing 30+ blueprints. Learn  more about Akraino R5 here

EdgeX Foundry, which focuses on edge and IoT solutions, recently issued the most modern, secure, and production-ready open source IoT framework. It’s second major release, “EdgeX Ireland” or “EdgeX 2.0, it overhauls API sets, removes technical debt, provides more message-based communications, and simplifies and secures interface for adopters and developers, making the platform significantly easier to use and more reliable. The community is currently working on its next release, “EdgeX Jakarta” or “EdgeX 2.1”, expected to be the first EdgeX release to include ​​LTS (long-term support). More details on EdgeX Ireland are available here

Home Edge will soon issue its next release, “Dewberries.”  Dewberries continues to build a solid foundation  for Home Edge to grow, with updates to code stabilization, scripting, APIs, data synchronization, and security, among others. Stay tuned for more details on Home Edge Dewberries. 

Project EVE has recently launched a developer program that enables developers to explore EVE-OS as a highly flexible and secure foundation for their edge solutions. This enables them to build deep security and orchestration functionality into their solutions from the start. Learn more about the program through the project Wiki.

Community Support for LF Edge

Dell Technologies

“Data generated at the edge has the power to help businesses make game changing decisions that deliver immediate and essential value, but organizations have to be able to trust their data is accurate,” said Steve Todd, Dell Technologies Fellow. “As the edge expands everywhere – from retail stores and manufacturing floors to smart cities and homes – we believe edge solutions must include the ability to measure data confidence. That’s why we’re donating our Data Confidence Fabric code to Project Alvarium, so any business can trust and have confidence in their edge data.”

IOTA Foundation

“We welcome Project Alvarium’s extension and integration into the LF Edge portfolio,” said Dominik Schiener, Co-Founder and Chairman of the IOTA Foundation. “The great leaps forward in edge computing constantly push the boundaries of scalability, transaction speed, and security. We are excited to continue leveraging IOTA’s technology for the machine economy applications of tomorrow, together with the LF Edge family.”

Intel

“End to end data transparency is a critical need for enterprises operating at the Edge. Data assurance and confidence are needed to create systems of trust that allow all consumers of data to understand its terms of use. An open data confidence fabric, like Project Alvarium, can create this transparency and help enterprises drive toward environments that minimize data ambiguity,” said Renu Navale, VP & GM, Edge Computing & Ecosystem Enablement, Intel Corporation

Open  Horizon Project

“mimik provides a platform-neutral solution for serverless execution at the edge. Open Horizon provides a solution for application and machine learning deployment and lifecycle management. Together, Open Horizon and Mimik provide automated management of serverless applications at scale,” said Joe Pearson, Technical Steering Committee chair, LF Edge and Open Horizon.  “What makes mimik’s solution so special is that their micro-services are based on WASM+WASI, which creates language-agnostic, portable, secure, small, and fast serverless functions. Not only are they containerizable and Docker-compatible, they can run up to 10,000 times faster than micro-services based on interpreted languages like Python and NodeJS, at speeds approaching compiled C++.”

mimik

“mimik looks forward to collaborating with the innovative ecosystem that comprises the LF Edge. The LF Edge’s community-driven philosophy underpins mimik’s own core values in today’s increasingly hyperconnected world, which presents opportunities to a group of like-minded individuals and partners to collectively contribute to innovation at the edge. The result is a much larger proposition for the entire community to thrive together than one company winning it all. The opportunities afforded by LF Edge will naturally complement mimik’s eagerness to expand our varied groups of partners and customers that range from large brands to startups. Already, we have started to contribute our learnings and technology while learning from other community members in the ecosystem. mimik strives to edgeifi the world with the LF Edge community of partners,” said Fay Arjomandi, founder and CEO of mimik and 2020 winner of Edge Woman of the Year.

Open  Horizon Project

“mimik provides a platform-neutral solution for serverless execution at the edge. Open Horizon provides a solution for application and machine learning deployment and lifecycle management. Together, Open Horizon and Mimik provide automated management of serverless applications at scale,” said Joe Pearson, Technical Steering Committee chair, LF Edge and Open Horizon.  “What makes mimik’s solution so special is that their micro-services are based on WASM+WASI, which creates language-agnostic, portable, secure, small, and fast serverless functions. Not only are they containerizable and Docker-compatible, they can run up to 10,000 times faster than micro-services based on interpreted languages like Python and NodeJS, at speeds approaching compiled C++.”

Teal Communications

“Our mission to democratize IoT network access through a dynamic provisioning layer synergizes very well with the LF Edge mission to create an ecosystem built around open standards for edge applications. We couldn’t be more excited to join in and contribute to these projects!” – Robert Hamblet, CEO of Teal Communications

Veea, Inc. 

“We are thrilled to join the LF Edge community and are eager to be a part of the future of open source at the edge,” said Allen Salmasi, CEO, Veea, Inc. “The combined capabilities of a properly designed hybrid edge-cloud solution integrated with disaggregated elements of 5G network can provide for a distributed Hyper-Converged Infrastructure (“HCI”) that will drive the next revolution in computing and connectivity. We look forward to collaborating with the broader LF Edge community to help make edge computing more secure, simpler to adopt, deploy, use and maintain.”

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 2,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit linuxfoundation.org.

  • 5G Super Blueprint comes to life at ONE Summit with live a keynote demonstration of network slicing in 5G, and 6 pavilion demonstrations of new blueprints, use cases, and ecosystem solutions      
  • ONE Summit to feature Mini Summit by the US Government, Enabling Secure, Open, and Programmable 5G Networks
  • Register today to join the community and see the demonstrations at the Open Networking & Edge Summit virtual experience, October 10-11 

SAN FRANCISCO, October 5, 2021LF Networking (LFN), which facilitates collaboration and operational excellence across open source networking projects, today announced its 5G Super Blueprint initiative will host use case demonstrations across 5G, edge, IoT, and cloud native during Open Networking & Edge (ONE) Summit + Kubernetes on Edge Day, October 11-12, 2021. 

The 5G Super Blueprint is a community-driven integration of multiple open source initiatives that, collaboratively, demonstrate end-to-end use cases of end user implementation architectures. LFN  creates a framework based on these integrated initiatives and projects to then develop blueprints, defined by a community-driven process that allows end-to-end solution use cases across vertical markets.  

“The open source networking ecosystem is bringing collaboration to life at ONE Summit,” said Heather Kirksey, vice president, Community & Ecosystem Development, the Linux Foundation. “What started as an integration demo for a basic residential broadband use case five short years ago has now evolved into a framework for creating collaborative, end-to-end solutions for the 5G ecosystem. I am incredibly proud of the community for all the progress it’s achieved to date, and I cannot wait to see what comes next.”

Building on the long-running 5G cloud native network demo workstream, the LF Networking community has fortified the 5G Super Blueprint foundation by adding network slicing. Based on the ONAP Honolulu release, this proof concept demonstrates an open source approach to improving QoS in 5G networks by optimizing resources and network topologies for 5G use cases, providing network operators improved performance and greater flexibility. The demo will also showcase a custom Network Slice Subnet Management Function (NSSMF) that was developed as part of this effort.

Linux Foundation Demo Pavilion

The open source networking and edge ecosystems will demonstrate ecosystem innovations around the 5G Super Blueprint and more during ONE Summit, via the Linux Foundation Demo Pavilion. Seven demos from multiple open source projects and communities will be on display, with the developers who created them available to answer questions throughout the event. Illustrating a breadth of technologies surrounding the 5G ecosystem and beyond, the demos will cover: 

  • 5G Super Blueprint: 5G Cloud Native Network Adds Network Slicing (LF Networking, LF Edge, ONAP, Anuket, DPDK, EMCO)
  • Akraino Blueprints: Integrated Cloud Native Private Wireless (LF Edge, Akraino)
  • Enabling future-proof and Open Edge App Management in Retail (LF Edge, EdgeX Foundry, Open Horizon, Secure Device Onboard)
  • LF Edge + Project Alvarium: Building Trust in Interconnected Ecosystems (LF Edge, Project Alvarium, EVE)
  • Introducing L3AF, a Platform to Launch and Manage eBPF Programs (L3AF)
  • O-RAN/OSC/ONAP-Based Multi-Operator/Multi-Vendor Resource Pooling & RAN Slicing in Disaster Scenarios (LF Networking, ONAP, ORAN-SC)
  •  Magma: Zero-touch Magma Automation With LFN EMCO (Magma, EMCO)

More details, including descriptions of each demo, are available here

US Government Mini Summit

The US GOV OPS mini summit, which takes place Oct. 11 from 2:00 – 4:50 PM PST, will examine requirements and progress of 5G, edge, and IoT technologies within enterprise and government entities. Hosted by NWIC Pacific division of the United States Navy and led by Doug Evans, Neil Hoff and Andrew Leidy from the Department of the Navy, the program will cover use cases and solutions that rely on the foundations of open source networking, edge, and cloud project communities (including LF Networking, LF Edge, CNCF, Kubernetes, Magma, and more). Specific discussion topics include:  

  • Introduction to United States Government Open Programmable Secure (US-GOV OPS) initiative within the Linux Foundation 
  • Overview of DARPA’s Open, Programmable, Secure 5G (OPS-5G) project 
  • The Linux Foundation’s 5G Super Blueprint
  • Discussion of the Office of the Under Secretary of Defense (OUSD) for Research & Engineering’s 5G initiative, and the Multi-site OPS-5G Joint Independent Test Option (MOJITO) project

Registration to this mini-summit is included in the overall conference registration. 

These are but a few of the informative workshops, keynotes, and sessions designed to propel the open networking industry further.

Register to Attend

Join the community virtually Oct. 11-12 for a broad look at the open source 5G ecosystem across networking and edge technologies, and learn about new innovations in networking and edge like enhanced security, 6G, and ONAP’s forthcoming Istanbul release. Register today to join the community for just $150 USD. Click here to access registration and view the conference agenda.  

Members of the media may receive a complimentary media pass to the event; please contact jlovato@linuxfoundation.org to register as press.

 About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 2,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit linuxfoundation.org.

Media Contact

Jill Lovato

jlovato@linuxfoundation.org

The Linux Foundation

There is an exciting convergence in the networking industry around open source, and the energy is palpable. At LF Networking, we have a unique perspective as the largest open source initiative in the networking space with the broadest set of projects that make up the diverse and evolving open source networking stack. LF Networking provides platforms and building blocks across the networking industry that enable rapid interoperability, deployment, and adoption and is the nexus for 5G innovation and integration. 

LF Networking has now tapped confluence on industry efforts to structure a new initiative to develop 5G Super Blueprints for the ecosystem. Major integrations between the building blocks are now underway–between ONAP and ORAN, Akraino and Magma, Anuket and Kubernetes, and more. 

“Super” means that we’re integrating multiple projects, umbrellas (such as LF Edge, Magma, CNCF, O-RAN Alliance, LF Energy, and more) with an end-to-end framework for the underlying infrastructure and application layers across edge, access, and core. This end-to-end integration enables top industry use cases, such as fixed wireless, mobile broadband, private 5G, multi-access, IoT, voice services, network slicing, and more. In short, 5G Super Blueprints are a vehicle to collaborate and create end-to-end 5G solutions.

Major industry verticals banking on this convergence and roadmap include the global telcos that you’d expect, but 5G knows no boundaries, and we’re seeing deep engagement from cloud service providers, enterprise IT, governments, and even energy.

5G is poised to modernize today’s energy grid with awareness monitoring across Distribution Systems and more.

This will roll out in 3 phases, the first encompassing 5G Core + Multi-access Edge Computing (MEC) using emulators. The second phase introduces commercial RANs to end-to-end 5G, and the third phase will integrate Open Radio Access Network (O-RAN). 

The 5G Super Blueprint is an open initiative, and participation is open to anyone. To learn more, please see the 5G Super Blueprint FAQ and watch the video, What is the 5G Super Blueprint? from Next Gen Infra

Participation in this group has tripled over the last few weeks! If you’re ready to join us, please indicate your interest in participation on the 5G Super Blueprint webpage, and follow the onboarding steps on the 5G Super Blueprint Wiki. Send any questions to superblueprint@lfnetworking.org

Our communities take security seriously and have been instrumental in creating the tools and standards that every organization needs to comply with the recent US Executive Order

Overview

The US White House recently released its Executive Order (EO) on Improving the Nation’s Cybersecurity (along with a press call) to counter “persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.”

In this post, we’ll show what the Linux Foundation’s communities have already built that support this EO and note some other ways to assist in the future. But first, let’s put things in context.

The Linux Foundation’s Open Source Security Initiatives In Context

We deeply care about security, including supply chain (SC) security. The Linux Foundation is home to some of the most important and widely-used OSS, including the Linux kernel and Kubernetes. The LF’s previous Core Infrastructure Initiative (CII) and its current Open Source Security Foundation (OpenSSF) have been working to secure OSS, both in general and in widely-used components. The OpenSSF, in particular, is a broad industry coalition “collaborating to secure the open source ecosystem.”

The Software Package Data Exchange (SPDX) project has been working for the last ten years to enable software transparency and the exchange of software bill of materials (SBOM) data necessary for security analysis. SPDX, recognized and implemented as ISO/IEC standard 5962:2021, is supported by global companies with massive supply chains, and has a large open and closed source tooling support ecosystem. SPDX already meets the requirements of the executive order for SBOMs.

Finally, several LF foundations have focused on the security of various verticals. For example,  LF Public Health and LF Energy have worked on security in their respective sectors. Our cloud computing industry collaborating within CNCF has also produced a guide for supporting software supply chain best practices for cloud systems and applications.

Given that context, let’s look at some of the EO statements (in the order they are written) and how our communities have invested years in open collaboration to address these challenges.

Best Practices

The EO 4(b) and 4(c) says that

The “Secretary of Commerce [acting through NIST] shall solicit input from the Federal Government, private sector, academia, and other appropriate actors to identify existing or develop new standards, tools, and best practices for complying with the standards, procedures, or criteria [including] criteria that can be used to evaluate software security, include criteria to evaluate the security practices of the developers and suppliers themselves, and identify innovative tools or methods to demonstrate conformance with secure practices [and guidelines] for enhancing software supply chain security.” Later in EO 4(e)(ix) it discusses “attesting to conformity with secure software development practices.”

The OpenSSF’s CII Best Practices badge project specifically identifies best practices for OSS, focusing on security and including criteria to evaluate the security practices of developers and suppliers (it has over 3,800 participating projects). LF is also working with SLSA (currently in development) as potential additional guidance focused on addressing supply chain issues further.

Best practices are only useful if developers understand them, yet most software developers have never received education or training in developing secure software. The LF has developed and released its Secure Software Development Fundamentals set of courses available on edX to anyone at no cost. The OpenSSF Best Practices Working Group (WG) actively works to identify and promulgate best practices. We also provide a number of specific standards, tools, and best practices, as discussed below.

Encryption and Data Confidentiality

The EO 3(d) requires agencies to adopt “encryption for data at rest and in transit.” Encryption in transit is implemented on the web using the TLS (“https://”) protocol, and Let’s Encrypt is the world’s largest certificate authority for TLS certificates.

In addition, the LF Confidential Computing Consortium is dedicated to defining and accelerating the adoption of confidential computing. Confidential computing protects data in use (not just at rest and in transit) by performing computation in a hardware-based Trusted Execution Environment. These secure and isolated environments prevent unauthorized access or modification of applications and data while in use.

Supply Chain Integrity

The EO 4(e)(iii) states a requirement for

 “employing automated tools, or comparable processes, to maintain trusted source code supply chains, thereby ensuring the integrity of the code.” 

The LF has many projects that support SC integrity, in particular:

  • in-toto is a framework specifically designed to secure the integrity of software supply chains.
  • The Update Framework (TUF) helps developers maintain the security of software update systems, and is used in production by various tech companies and open source organizations.  
  • Uptane is a variant of TUF; it’s an open and secure software update system design which protects software delivered over-the-air to the computerized units of automobiles.
  • sigstore is a project to provide a public good / non-profit service to improve the open source software supply chain by easing the adoption of cryptographic software signing (of artifacts such as release files and container images) backed by transparency log technologies (which provide a tamper-resistant public log). 
  • OpenChain (ISO 5230) is the International Standard for open source license compliance. Application of OpenChain requires identification of OSS components. While OpenChain by itself focuses more on licenses, that identification is easily reused to analyze other aspects of those components once they’re identified (for example, to look for known vulnerabilities).

Software Bill of Materials (SBOMs) support supply chain integrity; our SBOM work is so extensive that we’ll discuss that separately.

Software Bill of Materials (SBOMs)

Many cyber risks come from using components with known vulnerabilities. Known vulnerabilities are especially concerning in key infrastructure industries, such as the national fuel pipelines,  telecommunications networks, utilities, and energy grids. The exploitation of those vulnerabilities could lead to interruption of supply lines and service, and in some cases, loss of life due to a cyberattack.

One-time reviews don’t help since these vulnerabilities are typically found after the component has been developed and incorporated. Instead, what is needed is visibility into the components of the software environments that run these key infrastructure systems, similar to how food ingredients are made visible.

A Software Bill of Materials (SBOM) is a nested inventory or a list of ingredients that make up the software components used in creating a device or system. This is especially critical as it relates to a national digital infrastructure used within government agencies and in key industries that present national security risks if penetrated. The use of SBOMs would improve understanding of the operational and cyber risks of those software components from their originating supply chain.

The EO has extensive text about requiring a software bill of materials (SBOM) and tasks that depend on SBOMs:

  • EO 4(e) requires providing a purchaser an SBOM “for each product directly or by publishing it on a public website” and “ensuring and attesting… the integrity and provenance of open source software used within any portion of a product.” 
  • It also requires tasks that typically require SBOMs, e.g., “employing automated tools, or comparable processes, that check for known and potential vulnerabilities and remediate them, which shall operate regularly….” and “maintaining accurate and up-to-date data, provenance (i.e., origin) of software code or components, and controls on internal and third-party software components, tools, and services present in software development processes, and performing audits and enforcement of these controls on a recurring basis.” 
  • EO 4(f) requires publishing “minimum elements for an SBOM,” and EO 10(j) formally defines an SBOM as a “formal record containing the details and supply chain relationships of various components used in building software…  The SBOM enumerates [assembled] components in a product… analogous to a list of ingredients on food packaging.”

The LF has been developing and refining SPDX for over ten years; SPDX is used worldwide and is approved as ISO/IEC International Standard 5962:2021.  SPDX is a file format that identifies the software components within a larger piece of computer software and metadata such as the licenses of those components. SPDX 2.2 already supports the current guidance from the National Telecommunications and Information Administration (NTIA) for minimum SBOM elements. Some ecosystems have ecosystem-specific conventions for SBOM information, but SPDX can provide information across all arbitrary ecosystems.

SPDX is real and in use today, with increased adoption expected in the future. For example:

  • An NTIA “plugfest” demonstrated ten different producers generating SPDX. SPDX supports acquiring data from different sources (e.g., source code analysis, executables from producers, and analysis from third parties). 
  • A corpus of some LF projects with SPDX source SBOMs is available. 
  • Various LF projects are working to generate binary SBOMs as part of their builds, including yocto and Zephyr
  • To assist with further SPDX adoption, the LF is paying to write SPDX plugins for major package managers.

Vulnerability Disclosure

No matter what, some vulnerabilities will be found later and need to be fixed. EO 4(e)(viii) requires “participating in a vulnerability disclosure program that includes a reporting and disclosure process.” That way, vulnerabilities that are found can be reported to the organizations that can fix them. 

The CII Best Practices badge passing criteria requires that OSS projects specifically identify how to report vulnerabilities to them. More broadly, the OpenSSF Vulnerability Disclosures Working Group is working to help “mature and advocate well-managed vulnerability reporting and communication” for OSS. Most widely-used Linux distributions have a robust security response team, but the Alpine Linux distribution (widely used in container-based systems) did not. The Linux Foundation and Google funded various improvements to Alpine Linux, including a security response team.

We hope that the US will update its Vulnerabilities Equities Process (VEP) to work more cooperatively with commercial organizations, including OSS projects, to share more vulnerability information. Every vulnerability that the US fails to disclose is a vulnerability that can be found and exploited by attackers. We would welcome such discussions.

Critical Software

It’s especially important to focus on critical software — but what is critical software? EO 4(g) requires the executive branch to define “critical software,” and 4(h) requires the executive branch to “identify and make available to agencies a list of categories of software and software products… meeting the definition of critical software.”

Linux Foundation and the Laboratory for Innovation Science at Harvard (LISH) developed the report Vulnerabilities in the Core,’ a Preliminary Report and Census II of Open Source Software, which analyzed the use of OSS to help identify critical software. The LF and LISH are in the process of updating that report. The CII identified many important projects and assisted them, including OpenSSL (after Heartbleed), OpenSSH,  GnuPG, Frama-C, and the OWASP Zed Attack Proxy (ZAP). The OpenSSF Securing Critical Projects Working Group has been working to better identify critical OSS projects and to focus resources on critical OSS projects that need help. There is already a first-cut list of such projects, along with efforts to fund such aid.

Internet of Things (IoT)

Unfortunately, internet-of-things (IoT) devices often have notoriously bad security. It’s often been said that “the S in IoT stands for security.” 

EO 4(s) initiates a pilot program to “educate the public on the security capabilities of Internet-of-Things (IoT) devices and software development practices [based on existing consumer product labeling programs], and shall consider ways to incentivize manufacturers and developers to participate in these programs.” EO 4(t) states that such “IoT cybersecurity criteria” shall “reflect increasingly comprehensive levels of testing and assessment.”

The Linux Foundation develops and is home to many of the key components of IoT systems. These include:

  • The Linux kernel, used by many IoT devices. 
  • The yocto project, which creates custom Linux-based systems for IoT and embedded systems. Yocto supports full reproducible builds. 
  • EdgeX Foundry, which is a flexible OSS framework that facilitates interoperability between devices and applications at the IoT edge, and has been downloaded millions of times. 
  • The Zephyr project, which provides a real-time operating system (RTOS) used by many for resource-constrained IoT devices and is able to generate SBOM’s automatically during build. Zephyr is one of the few open source projects that is a CVE Numbering Authority.
  • The seL4 microkernel, which is the most assured operating system kernel in the world; it’s notable for its comprehensive formal verification.

Security Labeling

EO 4(u) focuses on identifying:

“secure software development practices or criteria for a consumer software labeling program [that reflects] a baseline level of secure practices, and if practicable, shall reflect increasingly comprehensive levels of testing and assessment that a product may have undergone [and] identify, modify, or develop a recommended label or, if practicable, a tiered software security rating system.”

The OpenSSF’s CII Best Practices badge project (noted earlier) specifically identifies best practices for OSS development, and is already tiered (passing, silver, and gold). Over 3,800 projects currently participate.

There are also a number of projects that relate to measuring security and/or broader quality:

Conclusion

The Linux Foundation (LF) has long been working to help improve the security of open source software (OSS), which powers systems worldwide. We couldn’t do this without the many contributions of time, money, and other resources from numerous companies and individuals; we gratefully thank them all.  We are always delighted to work with anyone to improve the development and deployment of open source software, which is important to us all.

David A. Wheeler, Director of Open Source Supply Chain Security at the Linux Foundation

  • Participation by the fortune 1 enterprise brings technical leadership and unprecedented scale to LFN projects across Network Management & Automation
  • Koby Avital, EVP of Technology Platforms, Walmart Global Tech, joins the Governing Board as LFN Platinum member
  • Community Growth signals ecosystem commitment to leverage open source for collaborative network transformation across Cloud, Enterprise and Service Provider Ecosystems.

SAN FRANCISCO– March 31, 2021 – LF Networking (LFN), the de-facto collaboration ecosystem for Open Source Networking projects, today announced that Walmart has joined as a Platinum member. Walmart is the first retail member of LFN and joins 21 other global organizations as Platinum members all working to accelerate open source networking.  

“We are thrilled to welcome Walmart to the LF Networking community,” said Arpit Joshipura, general manager, Networking, Edge and IoT, at the Linux Foundation. “As the world’s largest retailer, Walmart brings expertise across a broad swath of areas, including retail point of sale networking, enterprise IT, and hybrid cloud deployments.  We look forward to collaborative efforts that accelerate the open source networking community.”

“I’m excited to join the Linux Foundation Networking Governing Board on behalf of Walmart,” said Koby Avital, Executive Vice President, Walmart Global Tech. “By joining LFN, Walmart has the opportunity to contribute, influence the cloud growth and better support the enterprise and service provider communities by open-sourcing innovative technologies across its retail infrastructure.”

Join the LF Networking community October 11-12 for Open Networking and Edge Summit (ONES), the industry’s premier open networking event, expanded to comprehensively cover Edge Computing, Edge Cloud & IoT. ONES North America enables collaborative development and innovation across enterprises, service providers/telcos and cloud providers to shape the future of networking and edge computing. Details here: https://events.linuxfoundation.org/open-networking-edge-summit-north-america/.

About the Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

# # #

In mid-February, the Linux Foundation announced it had signed a collaboration agreement with the Defense Advanced Research Projects Agency (DARPA), enabling US Government suppliers to collaborate on a common open source platform that will enable the adoption of 5G wireless and edge technologies by the government. Governments face similar issues to enterprise end-users — if all their suppliers deliver incompatible solutions, the integration burden escalates exponentially.  

The first collaboration, Open Programmable Secure 5G (OPS-5G), currently in the formative stages, will be used to create open source software and systems enabling end-to-end 5G and follow-on mobile networks. 

The road to open source influencing 5G: The First, Second, and Third Waves of Open Source

If we examine the history of open source, it is informative to observe it from the perspective of evolutionary waves. Many open-source projects began as single technical projects, with specific objectives, such as building an operating system kernel or an application. This isolated, single project approach can be viewed as the first wave of open source.

We can view the second wave of open source as creating platforms seeking to address a broad horizontal solution, such as a cloud or networking stack or a machine learning and data platform.

The third wave of open source collaboration goes beyond isolated projects and integrates them for a common platform for a specific industry vertical. Additionally, the third wave often focuses on reducing fragmentation — you commonly will see a conformance program or a specification or standard that anyone in the industry can cite in procurement contracts.

Industry conformance becomes important as specific solutions are taken to market and how cross-industry solutions are being built — especially now that we have technologies requiring cross-industry interaction, such as end-to-end 5G, the edge, or even cloud-native applications and environments that span any industry vertical. 

The third wave of open source also seeks to provide comprehensive end-to-end solutions for enterprises and verticals, large institutional organizations, and government agencies. In this case, the community of government suppliers will be building an open source 5G stack used in enterprise networking applications. The end-to-end open source integration and collaboration supported by commercial investment with innovative products, services, and solutions accelerate the technology adoption and transformation.

Why DARPA chose to partner with the Linux Foundation

DARPA at the US Department of Defense has tens of thousands of contractors supplying networking solutions for government facilities and remote locations. However, it doesn’t want dozens, hundreds, or thousands of unique and incompatible hardware and software solutions originating from its large contractor and supplier ecosystem. Instead, it desires a portable and open access standard to provide transparency to enable advanced software tools and systems to be applied to a common code base various groups in the government could build on. The goal is to have a common framework that decouples hardware and software requirements and enabling adoption by more groups within the government.

Naturally, as a large end-user, the government wants its suppliers to focus on delivering secure solutions. A common framework can ideally decrease the security complexity versus having disparate, fragmented systems. 

The Linux Foundation is also the home of nearly all the important open source projects in the 5G and networking space. Out of the $54B of the Linux Foundation community software projects that have been valued using the COCOMO2 model, the open source projects assisting with building a 5G stack are estimated to be worth about $25B in shared technology investment. The LF Networking projects have been valued at $7.4B just by themselves. 

The support programs at Linux Foundation provide the key foundations for a shared community innovations pool. These programs include IP structure and legal frameworks, an open and transparent development process, neutral governance, conformance, and DevOps infrastructure for end-to-end project lifecycle and code management. Therefore, it is uniquely suited to be the home for a community-driven effort to define an open source 5G end-to-end architecture, create and run the open source projects that embody that architecture, and support its integration for scaling-out and accelerating adoption.

The foundations of a complete open source 5G stack

The Linux Foundation worked in the telecommunications industry early on in its existence, starting with the Carrier Grade Linux initiatives to identify requirements and building features to enable the Linux kernel to address telco requirements. In 2013, The Linux Foundation’s open source networking platform started with bespoke projects such as OpenDaylight, the software-defined networking controller. OPNFV (now Anuket), the network function virtualization stack, was introduced in 2014-2015, followed by the first release of Tungsten Fabric, the automated software-defined networking stack. FD.io, the secure networking data plane, was announced in 2016, a sister project of the Data Plane Development Kit (DPDK) released into open source in 2010.


Linux Foundation & Other Open Source Component Projects for 5G

At the time, the telecom/network and wireless carrier industry sought to commoditize and accelerate innovation across a specific piece of the stack as software-defined networking became part of their digital transformation. Since the introduction of these projects at LFN, the industry has seen heavy adoption and significant community contribution by the largest telecom carriers and service providers worldwide. This history is chronicled in detail in our whitepaper, Software-Defined Vertical Industries: Transformation Through Open Source.

The work that the member companies will focus on will require robust frameworks for ensuring changes to these projects are contributed back upstream into the source projects. Upstreaming, which is a key benefit to open source collaboration, allows the contributions specific to this 5G effort to roll back into their originating projects, thus improving the software for every end-user and effort that uses them.

The Linux Foundation networking stack continues to evolve and expand into additional projects due to an increased desire to innovate and commoditize across key technology areas through shared investments among its members. In February of 2021, Facebook contributed the Magma project, which transcends platform infrastructure such as the others listed above. Instead, it is a network function application that is core to 5G network operations. 

The E2E 5G Super Blueprint is being developed by the LFN Demo working group. This is an open collaboration and we encourage you to join us. Learn more here.

Building through organic growth and cross-pollination of the open source networking and cloud community

Tier 2 operators, rural operators, and governments worldwide want to reap the benefits of economic innovation as well as potential cost-savings from 5G. How is this accomplished?

With this joint announcement and its DARPA supplier community collaboration, the Linux Foundation’s existing projects can help serve the requirements of other large end-users. Open source communities are advancing and innovating some of the most important and exciting technologies of our time. It’s always interesting to have an opportunity to apply the results of these communities to new use cases. 

The Linux Foundation understands the critical dynamic of cross-pollination between community-driven open source projects needed to help make an ecosystem successful. Its proven governance model has demonstrated the ability to maintain and mature open source projects over time and make them all work together in one single, cohesive ecosystem. 

As a broad set of contributors work on components of an open source stack for 5G, there will be cross-community interactions. For example, that means that Project EVE, the cloud-native edge computing platform, will potentially be working with Project Zephyr, the scalable real-time operating system (RTOS) kernel, so that Eve can potentially orchestrate Zephyr devices. It’s all based on contributors’ self-interests and motivations to contribute functionality that enables these projects to work together. Similarly, ONAP, the network automation/orchestration platform, is tightly integrated with Akraino so that it has architectural deployment templates built around network edge clouds and multi-edge clouds. 

An open source platform has implications not just for new business opportunities for government suppliers but also for other institutions. The projects within an open source platform have open interfaces that can be integrated and used with other software so that other large end-users like the World Bank, can have validated and tested architectural blueprints, with which can go ahead and deploy effective 5G solutions in the marketplace in many host countries, providing them a turnkey stack. This will enable them to encourage providers through competition or challenges native to their in-country commercial ecosystem to implement those networks. 

This is a true solutions-oriented open source for 5G stack for enterprises, governments, and the world.